@mkterswingman/5mghost-yonder 0.0.21 → 0.0.23

package/README.md

@@ -21,6 +21,8 @@ The bootstrap installer:
 - first tries a headless YouTube cookie import from your local Chrome/Edge session
 - only asks to open a visible browser for YouTube login if the headless import fails
 - in unattended installs, defaults to OAuth auth mode and defaults to headed cookie setup after the prompt timeout
+- in installer mode, OAuth waits up to `180s` and prints PAT fallback commands before waiting
+- if auth is still incomplete after `setup`, the installer stops before smoke tests and YouTube cookie setup instead of pretending the install fully passed
 - runs a subtitle smoke check immediately after cookies are available
 
 If you are working inside the repo instead of using the hosted installer:

package/dist/auth/oauthFlow.d.ts

@@ -1,4 +1,7 @@
-export declare function runOAuthFlow(authUrl: string): Promise<{
+export interface OAuthFlowOptions {
+    timeoutMs?: number;
+}
+export declare function runOAuthFlow(authUrl: string, options?: OAuthFlowOptions): Promise<{
     accessToken: string;
     refreshToken: string;
     expiresIn: number;

package/dist/auth/oauthFlow.js

@@ -1,6 +1,7 @@
 import { createServer } from "node:http";
 import { randomBytes, createHash } from "node:crypto";
 import { URL } from "node:url";
+import { buildBrowserOpenCommand } from "../utils/browserLaunch.js";
 function base64url(buf) {
     return buf
         .toString("base64")
@@ -8,7 +9,7 @@ function base64url(buf) {
         .replace(/\//g, "_")
         .replace(/=+$/, "");
 }
-export async function runOAuthFlow(authUrl) {
+export async function runOAuthFlow(authUrl, options = {}) {
     // 1. Generate PKCE + state
     const codeVerifier = base64url(randomBytes(32));
     const codeChallenge = base64url(createHash("sha256").update(codeVerifier).digest());
@@ -43,10 +44,11 @@ export async function runOAuthFlow(authUrl) {
     }
     // 4. Wait for OAuth callback
     return new Promise((resolve, reject) => {
+        const timeoutMs = options.timeoutMs ?? 5 * 60 * 1000;
         const timeout = setTimeout(() => {
             httpServer.close();
-            reject(new Error("OAuth flow timed out after 5 minutes"));
-        }, 5 * 60 * 1000);
+            reject(new Error(`OAuth flow timed out after ${Math.round(timeoutMs / 1000)}s`));
+        }, timeoutMs);
         function cleanup() {
             clearTimeout(timeout);
             httpServer.close();
@@ -124,11 +126,9 @@ export async function runOAuthFlow(authUrl) {
         const authorizeUrl = `${authUrl}/oauth/authorize?response_type=code&client_id=${encodeURIComponent(clientId)}&redirect_uri=${encodeURIComponent(redirectUri)}&code_challenge=${encodeURIComponent(codeChallenge)}&code_challenge_method=S256&state=${encodeURIComponent(state)}`;
         console.log("\n\x1b[1mOpen this URL in your browser to authorize:\x1b[0m");
         console.log(`\n  ${authorizeUrl}\n`);
-        import("node:child_process").then(({ exec }) => {
-            const cmd = process.platform === "darwin" ? "open" :
-                process.platform === "win32" ? "start" :
-                    "xdg-open";
-            exec(`${cmd} "${authorizeUrl}"`);
+        import("node:child_process").then(({ execFile }) => {
+            const command = buildBrowserOpenCommand(authorizeUrl);
+            execFile(command.file, command.args);
         }).catch(() => {
             // ignore — user can open manually
         });

package/dist/cli/setup.d.ts

@@ -22,6 +22,9 @@ export interface PromptWithDefaultOptions {
     log?: (message: string) => void;
     questionFn?: PromptQuestionFn;
 }
+export declare const INSTALLER_OAUTH_TIMEOUT_MS = 180000;
+export declare function getOAuthRecoveryHint(authUrl: string): string[];
+export declare function getCookieSetupRecoveryHint(): string[];
 export declare function promptWithDefault(question: string, options: PromptWithDefaultOptions): Promise<string>;
 export declare function getNoBrowserSessionNotice(): string;
 export declare function getNoBrowserPatHint(authUrl: string): string[];

package/dist/cli/setup.js

@@ -1,10 +1,12 @@
-import { execFileSync, execSync } from "node:child_process";
+import { execFileSync } from "node:child_process";
+import { existsSync } from "node:fs";
 import { createInterface } from "node:readline/promises";
 import { loadConfig, saveConfig, PATHS, ensureConfigDir } from "../utils/config.js";
 import { TokenManager } from "../auth/tokenManager.js";
 import { runOAuthFlow } from "../auth/oauthFlow.js";
 import { hasSIDCookies } from "../utils/cookies.js";
 import { buildLauncherCommand, writeLauncherFile } from "../utils/launcher.js";
+import { buildBrowserOpenCommand } from "../utils/browserLaunch.js";
 import { checkAll } from "../runtime/installers.js";
 import { runInstallSkills } from "./installSkills.js";
 import { getOpenClawConfigPath, isOpenClawInstallLikelyInstalled, writeOpenClawConfig, } from "../utils/openClaw.js";
@@ -84,15 +86,29 @@ function canOpenBrowser() {
 }
 function openUrl(url) {
     try {
-        const cmd = process.platform === "darwin" ? `open "${url}"` :
-            process.platform === "win32" ? `start "${url}"` :
-                `xdg-open "${url}"`;
-        execSync(cmd, { stdio: "ignore" });
+        const command = buildBrowserOpenCommand(url);
+        execFileSync(command.file, command.args, { stdio: "ignore" });
     }
     catch {
         // Can't open — user will see the URL in console
     }
 }
+export const INSTALLER_OAUTH_TIMEOUT_MS = 180_000;
+export function getOAuthRecoveryHint(authUrl) {
+    return [
+        "  如果浏览器没有出现，或你之后想改用 PAT，可直接继续：",
+        `  PAT 登录页：${authUrl}/pat/login`,
+        "  macOS / Linux: YT_MCP_TOKEN='pat_xxx' yt-mcp setup",
+        "  Windows: $env:YT_MCP_TOKEN='pat_xxx'; yt-mcp setup",
+    ];
+}
+export function getCookieSetupRecoveryHint() {
+    return [
+        "  如果浏览器没有出现，或这次没完成 YouTube 登录，可稍后继续：",
+        "  重新执行：yt-mcp setup-cookies",
+        "  验证字幕：yt-mcp smoke --subtitles",
+    ];
+}
 function createPromptQuestionFn() {
     return async (question, signal) => {
         const rl = createInterface({ input: process.stdin, output: process.stdout });
@@ -237,12 +253,17 @@ export async function runSetup() {
         }
         else {
             // User chose OAuth (default)
+            const oauthTimeoutMs = installerMode ? INSTALLER_OAUTH_TIMEOUT_MS : 5 * 60 * 1000;
             console.log("");
             console.log("  🌐 Opening browser for OAuth login...");
             console.log("  ⚠️  如果你在云桌面上运行，请在云桌面的浏览器中完成登录！");
             console.log("     在本地电脑打开链接将无法完成回调。");
+            for (const line of getOAuthRecoveryHint(config.auth_url)) {
+                console.log(line);
+            }
+            console.log(`  OAuth 等待上限：${Math.round(oauthTimeoutMs / 1000)}s`);
             try {
-                const tokens = await runOAuthFlow(config.auth_url);
+                const tokens = await runOAuthFlow(config.auth_url, { timeoutMs: oauthTimeoutMs });
                 await tokenManager.saveTokens(tokens.accessToken, tokens.refreshToken, tokens.expiresIn, tokens.clientId);
                 console.log("  ✅ OAuth login successful");
                 console.log("  ℹ️  Other first-party local MCPs on this machine can reuse this login.");
@@ -250,12 +271,20 @@ export async function runSetup() {
             catch (err) {
                 // OAuth failed — auto fallback to PAT
                 console.log(`  ⚠️  OAuth failed: ${err instanceof Error ? err.message : String(err)}`);
-                console.log("");
-                console.log("  📋 Falling back to PAT login...");
-                const patUrl = `${config.auth_url}/pat/login`;
-                console.log(`  🔗 Opening PAT login page: ${patUrl}`);
-                openUrl(patUrl);
-                console.log("");
+                for (const line of getOAuthRecoveryHint(config.auth_url)) {
+                    console.log(line);
+                }
+                if (process.stdin.isTTY) {
+                    console.log("");
+                    console.log("  📋 Falling back to PAT login...");
+                    const patUrl = `${config.auth_url}/pat/login`;
+                    console.log(`  🔗 Opening PAT login page: ${patUrl}`);
+                    openUrl(patUrl);
+                    console.log("");
+                }
+                else {
+                    console.log("  ℹ️  当前安装会话无交互输入，请拿到 PAT 后直接带 YT_MCP_TOKEN 重跑。");
+                }
                 const patInput = process.stdin.isTTY
                     ? await promptWithDefault("  粘贴你的 PAT token (pat_xxx), 或直接回车跳过: ", {
                         defaultValue: "",
@@ -293,9 +322,13 @@ export async function runSetup() {
             console.log('     "env": { "YT_MCP_TOKEN": "pat_xxx" }');
         }
     }
+    const hasSharedAuth = Boolean(pat) || existsSync(PATHS.sharedAuthJson);
     // ── Step 4: YouTube Cookies ──
     console.log("Step 4/5: YouTube cookies...");
-    if (skipCookieStep) {
+    if (!hasSharedAuth) {
+        console.log("  ℹ️  Deferred because authentication is not complete yet");
+    }
+    else if (skipCookieStep) {
         console.log("  ℹ️  Deferred to installer cookie flow");
     }
     else if (!hasBrowser) {

package/dist/cli/setupCookies.d.ts

@@ -53,6 +53,7 @@ export interface SetupCookiesDeps {
 }
 export interface SetupCookiesOptions {
     importOnly?: boolean;
+    headed?: boolean;
 }
 type SetupCookiesChromium = Awaited<ReturnType<SetupCookiesDeps["loadChromium"]>>;
 interface CdpCookie {

package/dist/cli/setupCookies.js

@@ -3,6 +3,7 @@ import { writeFileSync } from "node:fs";
 import { createServer } from "node:net";
 import { PATHS, ensureConfigDir } from "../utils/config.js";
 import { cookiesToNetscape } from "../utils/cookies.js";
+import { getCookieSetupRecoveryHint } from "./setup.js";
 import { cleanupImportedBrowserWorkspace, findImportableBrowserProfileCandidates, prepareImportedBrowserWorkspace, } from "../utils/browserProfileImport.js";
 /**
  * Detect which browser channel is available on the system.
@@ -341,10 +342,17 @@ export async function runManualCookieSetup(chromium, deps) {
     const LOGIN_TIMEOUT_MS = 2 * 60 * 1000;
     deps.log("⏳ Waiting for login (up to 2 minutes)...");
     deps.log("   Login will be detected automatically once you sign in.\n");
+    for (const line of getCookieSetupRecoveryHint()) {
+        deps.log(line);
+    }
+    deps.log("");
     const finalCookies = await deps.waitForLogin(context, () => browserClosed, LOGIN_TIMEOUT_MS);
     if (browserClosed) {
         deps.log("\n⚠️  Browser was closed before login completed.");
-        deps.log("   Run again: npx @mkterswingman/5mghost-yonder setup-cookies\n");
+        for (const line of getCookieSetupRecoveryHint()) {
+            deps.log(line);
+        }
+        deps.log("");
         return;
     }
     if (!finalCookies) {
@@ -353,7 +361,10 @@ export async function runManualCookieSetup(chromium, deps) {
         }
         catch { /* already closed */ }
         deps.log("\n⏰ Login timed out (2 minutes).");
-        deps.log("   Run again: npx @mkterswingman/5mghost-yonder setup-cookies\n");
+        for (const line of getCookieSetupRecoveryHint()) {
+            deps.log(line);
+        }
+        deps.log("");
         return;
     }
     await deps.saveCookiesAndClose(context, finalCookies);
@@ -364,6 +375,7 @@ export async function runManualCookieSetup(chromium, deps) {
 export function parseSetupCookiesArgs(argv) {
     return {
         importOnly: argv.includes("--import-only"),
+        headed: argv.includes("--headed"),
     };
 }
 export async function runSetupCookies(overrides = {}, options = {}) {
@@ -377,11 +389,13 @@ export async function runSetupCookies(overrides = {}, options = {}) {
     catch {
         throw new Error("Playwright runtime is not installed.\nRun: yt-mcp runtime install");
     }
-    const imported = await deps.tryImportBrowserCookies(chromium, deps);
-    if (imported) {
-        return;
+    if (!options.headed) {
+        const imported = await deps.tryImportBrowserCookies(chromium, deps);
+        if (imported) {
+            return;
+        }
     }
-    if (options.importOnly) {
+    if (options.importOnly && !options.headed) {
         throw new Error("No reusable YouTube session found in local Chrome/Edge profiles");
     }
     await deps.runManualCookieSetup(chromium, deps);

package/dist/server.js

@@ -35,11 +35,9 @@ export async function createServer(config, tokenManager, downloadJobManager = ne
             const patUrl = `${config.auth_url}/pat/login`;
             let opened = false;
             try {
-                const { exec } = await import("node:child_process");
-                const cmd = process.platform === "darwin" ? `open "${patUrl}"` :
-                    process.platform === "win32" ? `start "${patUrl}"` :
-                        `xdg-open "${patUrl}"`;
-                exec(cmd);
+                const { execFile } = await import("node:child_process");
+                const command = buildBrowserOpenCommand(patUrl);
+                execFile(command.file, command.args);
                 opened = true;
             }
             catch { /* can't open browser, fall through */ }
@@ -80,3 +78,4 @@ export async function createServer(config, tokenManager, downloadJobManager = ne
     registerRemoteTools(server, config, tokenManager);
     return server;
 }
+import { buildBrowserOpenCommand } from "./utils/browserLaunch.js";

package/dist/utils/browserLaunch.d.ts

@@ -0,0 +1,5 @@
+export interface BrowserOpenCommand {
+    file: string;
+    args: string[];
+}
+export declare function buildBrowserOpenCommand(url: string, platform?: NodeJS.Platform): BrowserOpenCommand;

package/dist/utils/browserLaunch.js

@@ -0,0 +1,22 @@
+function escapePowerShellSingleQuoted(value) {
+    return value.replace(/'/g, "''");
+}
+export function buildBrowserOpenCommand(url, platform = process.platform) {
+    if (platform === "darwin") {
+        return { file: "open", args: [url] };
+    }
+    if (platform === "win32") {
+        return {
+            file: "powershell",
+            args: [
+                "-NoProfile",
+                "-NonInteractive",
+                "-ExecutionPolicy",
+                "Bypass",
+                "-Command",
+                `Start-Process '${escapePowerShellSingleQuoted(url)}'`,
+            ],
+        };
+    }
+    return { file: "xdg-open", args: [url] };
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mkterswingman/5mghost-yonder",
-  "version": "0.0.21",
+  "version": "0.0.23",
   "description": "Internal MCP client with local data tools and remote API proxy",
   "type": "module",
   "bin": {