@mkterswingman/5mghost-yonder 0.0.27 → 0.0.29

package/dist/auth/oauthFlow.d.ts

@@ -0,0 +1,9 @@
+export interface OAuthFlowOptions {
+    timeoutMs?: number;
+}
+export declare function runOAuthFlow(authUrl: string, options?: OAuthFlowOptions): Promise<{
+    accessToken: string;
+    refreshToken: string;
+    expiresIn: number;
+    clientId: string;
+}>;

package/dist/auth/oauthFlow.js

@@ -0,0 +1,151 @@
+import { createServer } from "node:http";
+import { randomBytes, createHash } from "node:crypto";
+import { URL } from "node:url";
+import { buildBrowserOpenCommand } from "../utils/browserLaunch.js";
+function base64url(buf) {
+    return buf
+        .toString("base64")
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/, "");
+}
+export async function runOAuthFlow(authUrl, options = {}) {
+    // 1. Generate PKCE + state
+    const codeVerifier = base64url(randomBytes(32));
+    const codeChallenge = base64url(createHash("sha256").update(codeVerifier).digest());
+    const state = base64url(randomBytes(32));
+    // 2. Start temp HTTP server to get the actual port for redirect_uri
+    const { server: httpServer, port } = await startCallbackServer();
+    const redirectUri = `http://127.0.0.1:${port}`;
+    // 3. DCR register client with actual redirect_uri (including port)
+    let clientId;
+    let clientSecret;
+    try {
+        const dcrRes = await fetch(`${authUrl}/oauth/register`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+                client_name: "yt-mcp-cli",
+                redirect_uris: [redirectUri],
+            }),
+        });
+        if (!dcrRes.ok) {
+            const text = await dcrRes.text().catch(() => "");
+            httpServer.close();
+            throw new Error(`DCR registration failed: ${dcrRes.status} ${text}`);
+        }
+        const dcrBody = (await dcrRes.json());
+        clientId = dcrBody.client_id;
+        clientSecret = dcrBody.client_secret;
+    }
+    catch (err) {
+        httpServer.close();
+        throw err;
+    }
+    // 4. Wait for OAuth callback
+    return new Promise((resolve, reject) => {
+        const timeoutMs = options.timeoutMs ?? 5 * 60 * 1000;
+        const timeout = setTimeout(() => {
+            httpServer.close();
+            reject(new Error(`OAuth flow timed out after ${Math.round(timeoutMs / 1000)}s`));
+        }, timeoutMs);
+        function cleanup() {
+            clearTimeout(timeout);
+            httpServer.close();
+        }
+        httpServer.on("request", async (req, res) => {
+            try {
+                const url = new URL(req.url ?? "/", `http://127.0.0.1`);
+                const code = url.searchParams.get("code");
+                const error = url.searchParams.get("error");
+                const returnedState = url.searchParams.get("state");
+                if (error) {
+                    const safeError = error.replace(/[<>&"']/g, (c) => `&#${c.charCodeAt(0)};`);
+                    res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+                    res.end(`<h1>Authorization failed</h1><p>${safeError}</p>`);
+                    cleanup();
+                    reject(new Error(`OAuth error: ${error}`));
+                    return;
+                }
+                if (!code) {
+                    res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+                    res.end("<h1>Waiting for authorization...</h1>");
+                    return;
+                }
+                // Verify state to prevent CSRF
+                if (returnedState !== state) {
+                    res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+                    res.end("<h1>Authorization failed</h1><p>State mismatch — possible CSRF attack.</p>");
+                    cleanup();
+                    reject(new Error("OAuth state mismatch"));
+                    return;
+                }
+                // Exchange code for tokens
+                const tokenBody = {
+                    grant_type: "authorization_code",
+                    code,
+                    redirect_uri: redirectUri,
+                    client_id: clientId,
+                    code_verifier: codeVerifier,
+                };
+                if (clientSecret) {
+                    tokenBody.client_secret = clientSecret;
+                }
+                const tokenRes = await fetch(`${authUrl}/oauth/token`, {
+                    method: "POST",
+                    headers: { "Content-Type": "application/json" },
+                    body: JSON.stringify(tokenBody),
+                });
+                if (!tokenRes.ok) {
+                    const text = await tokenRes.text().catch(() => "");
+                    res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+                    res.end(`<h1>Token exchange failed</h1><p>${text}</p>`);
+                    cleanup();
+                    reject(new Error(`Token exchange failed: ${tokenRes.status} ${text}`));
+                    return;
+                }
+                const tokens = (await tokenRes.json());
+                res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+                res.end("<h1>Authorization successful!</h1><p>You can close this window.</p>");
+                cleanup();
+                resolve({
+                    accessToken: tokens.access_token,
+                    refreshToken: tokens.refresh_token,
+                    expiresIn: tokens.expires_in,
+                    clientId,
+                });
+            }
+            catch (err) {
+                res.writeHead(500);
+                res.end("Internal error");
+                cleanup();
+                reject(err);
+            }
+        });
+        // Open browser
+        const authorizeUrl = `${authUrl}/oauth/authorize?response_type=code&client_id=${encodeURIComponent(clientId)}&redirect_uri=${encodeURIComponent(redirectUri)}&code_challenge=${encodeURIComponent(codeChallenge)}&code_challenge_method=S256&state=${encodeURIComponent(state)}`;
+        console.log("\n\x1b[1mOpen this URL in your browser to authorize:\x1b[0m");
+        console.log(`\n  ${authorizeUrl}\n`);
+        import("node:child_process").then(({ execFile }) => {
+            const command = buildBrowserOpenCommand(authorizeUrl);
+            execFile(command.file, command.args);
+        }).catch(() => {
+            // ignore — user can open manually
+        });
+    });
+}
+/** Start an HTTP server on a random port and return the server + port. */
+async function startCallbackServer() {
+    const server = createServer();
+    return new Promise((resolve, reject) => {
+        server.listen(0, "127.0.0.1", () => {
+            const addr = server.address();
+            if (!addr || typeof addr === "string") {
+                server.close();
+                reject(new Error("Failed to start callback server"));
+                return;
+            }
+            resolve({ server, port: addr.port });
+        });
+    });
+}

package/dist/auth/sharedAuth.d.ts

@@ -0,0 +1,10 @@
+export interface SharedAuthData {
+    type: "jwt" | "pat";
+    access_token?: string;
+    refresh_token?: string;
+    expires_at?: number;
+    client_id?: string;
+    pat?: string;
+}
+export declare function readSharedAuth(authPath: string): SharedAuthData | null;
+export declare function writeSharedAuth(authPath: string, data: SharedAuthData): void;

package/dist/auth/sharedAuth.js

@@ -0,0 +1,31 @@
+import { chmodSync, existsSync, mkdirSync, readFileSync, renameSync, writeFileSync } from "node:fs";
+import { dirname } from "node:path";
+export function readSharedAuth(authPath) {
+    if (!existsSync(authPath))
+        return null;
+    try {
+        return JSON.parse(readFileSync(authPath, "utf8"));
+    }
+    catch {
+        return null;
+    }
+}
+export function writeSharedAuth(authPath, data) {
+    const authDir = dirname(authPath);
+    mkdirSync(authDir, { recursive: true });
+    try {
+        chmodSync(authDir, 0o700);
+    }
+    catch {
+        // Why: best-effort hardening; Windows may ignore POSIX-style directory modes.
+    }
+    const tempPath = `${authPath}.tmp`;
+    writeFileSync(tempPath, JSON.stringify(data, null, 2), { encoding: "utf8", mode: 0o600 });
+    renameSync(tempPath, authPath);
+    try {
+        chmodSync(authPath, 0o600);
+    }
+    catch {
+        // Why: chmod is best-effort on Windows and should not block auth persistence.
+    }
+}

package/dist/auth/tokenManager.d.ts

@@ -0,0 +1,18 @@
+interface TokenManagerOptions {
+    authPath?: string;
+    env?: NodeJS.ProcessEnv;
+    fetchImpl?: typeof fetch;
+}
+export declare class TokenManager {
+    private authUrl;
+    private authPath;
+    private env;
+    private fetchImpl;
+    constructor(authUrl: string, options?: TokenManagerOptions);
+    getValidToken(): Promise<string | null>;
+    saveTokens(accessToken: string, refreshToken: string, expiresIn: number, clientId?: string): Promise<void>;
+    savePAT(pat: string): Promise<void>;
+    private readAuth;
+    private refreshTokens;
+}
+export {};

package/dist/auth/tokenManager.js

@@ -0,0 +1,92 @@
+import { PATHS } from "../utils/config.js";
+import { readSharedAuth, writeSharedAuth } from "./sharedAuth.js";
+export class TokenManager {
+    authUrl;
+    authPath;
+    env;
+    fetchImpl;
+    constructor(authUrl, options = {}) {
+        this.authUrl = authUrl;
+        this.authPath = options.authPath ?? PATHS.sharedAuthJson;
+        this.env = options.env ?? process.env;
+        this.fetchImpl = options.fetchImpl ?? fetch;
+    }
+    async getValidToken() {
+        // Check env var PAT first
+        const envPat = this.env.YT_MCP_TOKEN;
+        if (envPat)
+            return envPat;
+        const auth = this.readAuth();
+        if (!auth)
+            return null;
+        if (auth.type === "pat" && auth.pat) {
+            return auth.pat;
+        }
+        if (auth.type === "jwt") {
+            if (auth.access_token && auth.expires_at && Date.now() < auth.expires_at) {
+                return auth.access_token;
+            }
+            // Try refresh
+            if (auth.refresh_token) {
+                try {
+                    const refreshed = await this.refreshTokens(auth.refresh_token, auth.client_id);
+                    if (refreshed) {
+                        await this.saveTokens(refreshed.access_token, refreshed.refresh_token, refreshed.expires_in, auth.client_id);
+                        return refreshed.access_token;
+                    }
+                }
+                catch {
+                    // refresh failed → AUTH_EXPIRED
+                }
+            }
+            return null;
+        }
+        return null;
+    }
+    async saveTokens(accessToken, refreshToken, expiresIn, clientId) {
+        const data = {
+            type: "jwt",
+            access_token: accessToken,
+            refresh_token: refreshToken,
+            expires_at: Date.now() + expiresIn * 1000,
+            client_id: clientId,
+        };
+        writeSharedAuth(this.authPath, data);
+    }
+    async savePAT(pat) {
+        const data = {
+            type: "pat",
+            pat,
+        };
+        writeSharedAuth(this.authPath, data);
+    }
+    readAuth() {
+        return readSharedAuth(this.authPath);
+    }
+    async refreshTokens(refreshToken, clientId) {
+        const url = `${this.authUrl}/oauth/token`;
+        const body = {
+            grant_type: "refresh_token",
+            refresh_token: refreshToken,
+        };
+        if (clientId) {
+            body.client_id = clientId;
+        }
+        const res = await this.fetchImpl(url, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify(body),
+        });
+        if (!res.ok)
+            return null;
+        try {
+            const body = (await res.json());
+            if (!body.access_token)
+                return null;
+            return body;
+        }
+        catch {
+            return null;
+        }
+    }
+}

package/dist/cli/check.d.ts

@@ -0,0 +1,4 @@
+/**
+ * `yt-mcp check` — verify token, cookies, yt-dlp, and remote API connectivity.
+ */
+export declare function runCheck(): Promise<void>;

package/dist/cli/check.js

@@ -0,0 +1,90 @@
+import { existsSync } from "node:fs";
+import { PATHS, loadConfig } from "../utils/config.js";
+import { TokenManager } from "../auth/tokenManager.js";
+import { hasSIDCookies, areCookiesExpired } from "../utils/cookies.js";
+import { getYtDlpVersion } from "../utils/ytdlpPath.js";
+import { runRuntimeCommand } from "./runtime.js";
+/**
+ * `yt-mcp check` — verify token, cookies, yt-dlp, and remote API connectivity.
+ */
+export async function runCheck() {
+    const config = loadConfig();
+    const tm = new TokenManager(config.auth_url);
+    console.log("yt-mcp check\n");
+    // 1. Token
+    const token = await tm.getValidToken();
+    if (token) {
+        const masked = token.slice(0, 8) + "...";
+        const source = process.env.YT_MCP_TOKEN ? "env" : PATHS.sharedAuthJson;
+        console.log(`🔑 Shared auth: ✅ present (${masked}) [${source}]`);
+        // Server verification
+        try {
+            const res = await fetch(`${config.auth_url}/api/me`, {
+                headers: { Authorization: `Bearer ${token}` },
+                signal: AbortSignal.timeout(10_000),
+            });
+            if (res.ok) {
+                console.log("🔐 Server verification: ✅ active");
+            }
+            else {
+                console.log(`🔐 Server verification: ❌ ${res.status} ${res.statusText}`);
+                console.log("   Run `yt-mcp setup` to re-authenticate.");
+            }
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            console.log(`🔐 Server verification: ⚠️  unreachable (${msg})`);
+        }
+    }
+    else {
+        console.log("🔑 Shared auth: ❌ not configured");
+        console.log("   Run `yt-mcp setup` or set YT_MCP_TOKEN env var");
+    }
+    console.log("");
+    console.log(await runRuntimeCommand("check"));
+    // 2. Cookies
+    if (existsSync(PATHS.cookiesTxt)) {
+        const hasSID = hasSIDCookies(PATHS.cookiesTxt);
+        const expired = areCookiesExpired(PATHS.cookiesTxt);
+        if (hasSID && !expired) {
+            console.log("🍪 Cookies: ✅ valid (SID present, not expired)");
+        }
+        else if (hasSID && expired) {
+            console.log("🍪 Cookies: ❌ expired");
+            console.log("   Run `yt-mcp setup-cookies` to refresh");
+        }
+        else {
+            console.log("🍪 Cookies: ❌ no YouTube session cookies found");
+            console.log("   Run `yt-mcp setup-cookies`");
+        }
+    }
+    else {
+        console.log("🍪 Cookies: ❌ not found");
+        console.log("   Run `yt-mcp setup-cookies`");
+    }
+    // 3. yt-dlp
+    const ytdlp = getYtDlpVersion();
+    if (ytdlp) {
+        console.log(`🎬 yt-dlp: ✅ ${ytdlp.version} (${ytdlp.source})`);
+    }
+    else {
+        console.log("🎬 yt-dlp: ❌ not found");
+        console.log("   Install: brew install yt-dlp (or pip install yt-dlp)");
+    }
+    // 4. Remote API
+    try {
+        const res = await fetch(`${config.api_url}/healthz`, {
+            signal: AbortSignal.timeout(10_000),
+        });
+        if (res.ok) {
+            console.log(`🌐 Remote API: ✅ reachable (${config.api_url})`);
+        }
+        else {
+            console.log(`🌐 Remote API: ⚠️  ${res.status} ${res.statusText}`);
+        }
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        console.log(`🌐 Remote API: ❌ unreachable (${msg})`);
+    }
+}

package/dist/cli/index.d.ts

@@ -0,0 +1,18 @@
+#!/usr/bin/env node
+export declare function buildHelpText(version: string): string;
+export interface UnifiedUpdateDeps {
+    getCurrentVersion(): string;
+    getLatestVersion(): Promise<string>;
+    installLatestPackage(): Promise<void>;
+    updateRuntime(): Promise<import("../runtime/installers.js").RuntimeSummary>;
+    postUpdate?: () => Promise<void>;
+}
+export declare function compareVersions(currentVersion: string, latestVersion: string): number;
+export declare function runUnifiedUpdate(deps: UnifiedUpdateDeps): Promise<{
+    package: {
+        currentVersion: string;
+        latestVersion: string;
+        updated: boolean;
+    };
+    runtime: import("../runtime/installers.js").RuntimeSummary;
+}>;

package/dist/cli/index.js

@@ -0,0 +1,166 @@
+#!/usr/bin/env node
+import { execSync } from "node:child_process";
+import { readFileSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const pkgPath = join(__dirname, "..", "..", "package.json");
+function getVersion() {
+    try {
+        const pkg = JSON.parse(readFileSync(pkgPath, "utf8"));
+        return pkg.version ?? "unknown";
+    }
+    catch {
+        return "unknown";
+    }
+}
+export function buildHelpText(version) {
+    return `
+yt-mcp v${version}
+
+Usage: yt-mcp <command>
+
+Commands:
+  setup          Run first-time setup (OAuth + cookies + MCP registration)
+  serve          Start the MCP server (stdio transport)
+  smoke          Run installer smoke checks
+  install-skills Install the bundled yt-mcp analysis skill into supported AI clients
+  setup-cookies  Refresh YouTube cookies using browser login
+  runtime        Manage required runtimes
+  check          Check auth, runtime, cookies, and connectivity
+  uninstall      Remove MCP registrations and local yt-mcp config
+  update         Update the main package and required runtimes
+  version        Show current version
+
+Environment variables:
+  YT_MCP_TOKEN   Personal Access Token (skips OAuth)
+`;
+}
+export function compareVersions(currentVersion, latestVersion) {
+    const normalize = (value) => value.split(".").map((part) => Number.parseInt(part, 10)).map((part) => (Number.isFinite(part) ? part : 0));
+    const current = normalize(currentVersion);
+    const latest = normalize(latestVersion);
+    const max = Math.max(current.length, latest.length);
+    for (let index = 0; index < max; index += 1) {
+        const a = current[index] ?? 0;
+        const b = latest[index] ?? 0;
+        if (a === b)
+            continue;
+        return a < b ? -1 : 1;
+    }
+    return 0;
+}
+export async function runUnifiedUpdate(deps) {
+    const currentVersion = deps.getCurrentVersion();
+    const latestVersion = await deps.getLatestVersion();
+    let updated = false;
+    if (compareVersions(currentVersion, latestVersion) < 0) {
+        await deps.installLatestPackage();
+        updated = true;
+    }
+    const runtime = await deps.updateRuntime();
+    if (deps.postUpdate) {
+        await deps.postUpdate();
+    }
+    return {
+        package: { currentVersion, latestVersion, updated },
+        runtime,
+    };
+}
+const command = process.argv[2];
+async function main() {
+    switch (command) {
+        case "setup": {
+            const { runSetup } = await import("./setup.js");
+            await runSetup();
+            break;
+        }
+        case "serve": {
+            const { runServe } = await import("./serve.js");
+            await runServe();
+            break;
+        }
+        case "smoke": {
+            const { runSmoke } = await import("./smoke.js");
+            await runSmoke(process.argv.slice(3));
+            break;
+        }
+        case "install-skills": {
+            const { runInstallSkills } = await import("./installSkills.js");
+            await runInstallSkills();
+            break;
+        }
+        case "setup-cookies": {
+            const { runSetupCookies, parseSetupCookiesArgs } = await import("./setupCookies.js");
+            await runSetupCookies({}, parseSetupCookiesArgs(process.argv.slice(3)));
+            break;
+        }
+        case "uninstall": {
+            const { runUninstall } = await import("./uninstall.js");
+            await runUninstall();
+            break;
+        }
+        case "runtime": {
+            const { runRuntimeCli } = await import("./runtime.js");
+            await runRuntimeCli(process.argv[3]);
+            break;
+        }
+        case "check": {
+            const { runCheck } = await import("./check.js");
+            await runCheck();
+            break;
+        }
+        case "update": {
+            const current = getVersion();
+            console.log(`Current version: ${current}`);
+            console.log("Checking for updates...\n");
+            try {
+                const { updateAll } = await import("../runtime/installers.js");
+                const { runInstallSkills } = await import("./installSkills.js");
+                const summary = await runUnifiedUpdate({
+                    getCurrentVersion: getVersion,
+                    getLatestVersion: async () => execSync("npm view @mkterswingman/5mghost-yonder version", {
+                        encoding: "utf8",
+                        stdio: ["ignore", "pipe", "ignore"],
+                    }).trim(),
+                    installLatestPackage: async () => {
+                        execSync("npm install -g @mkterswingman/5mghost-yonder@latest", {
+                            stdio: "inherit",
+                        });
+                    },
+                    updateRuntime: updateAll,
+                    postUpdate: runInstallSkills,
+                });
+                if (summary.package.updated) {
+                    console.log(`\n✅ Updated package to ${summary.package.latestVersion}`);
+                }
+                else {
+                    console.log(`✅ Already on the latest version (${summary.package.currentVersion})`);
+                }
+                console.log("");
+                const { formatRuntimeSummary } = await import("./runtime.js");
+                console.log(formatRuntimeSummary(summary.runtime));
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : String(err);
+                console.error(`❌ Update failed: ${msg}`);
+                console.error("Try manually: npm install -g @mkterswingman/5mghost-yonder@latest");
+                process.exit(1);
+            }
+            break;
+        }
+        case "version":
+        case "--version":
+        case "-v": {
+            console.log(getVersion());
+            break;
+        }
+        default:
+            console.log(buildHelpText(getVersion()));
+            process.exit(command ? 1 : 0);
+    }
+}
+main().catch((err) => {
+    console.error("Fatal error:", err);
+    process.exit(1);
+});

package/dist/cli/installSkills.d.ts

@@ -0,0 +1 @@
+export declare function runInstallSkills(): Promise<void>;

package/dist/cli/installSkills.js

@@ -0,0 +1,39 @@
+import { fileURLToPath } from "node:url";
+import { dirname, join } from "node:path";
+import { execFileSync } from "node:child_process";
+import { buildSkillInstallPlan, installSkillTarget, } from "../utils/skills.js";
+function detectCli(name) {
+    try {
+        execFileSync(name, ["--version"], { stdio: "pipe" });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function resolvePackageRoot() {
+    return join(dirname(fileURLToPath(import.meta.url)), "..", "..");
+}
+export async function runInstallSkills() {
+    const packageRoot = resolvePackageRoot();
+    const availableCliNames = [
+        "claude-internal",
+        "claude",
+        "codex-internal",
+        "codex",
+        "gemini-internal",
+        "gemini",
+    ].filter(detectCli);
+    const plan = buildSkillInstallPlan(packageRoot, {
+        availableCliNames,
+        includeOpenClaw: process.env.YT_MCP_INSTALL_OPENCLAW_SKILL === "1",
+    });
+    if (plan.length === 0) {
+        console.log("[yt-mcp] No supported AI client detected for bundled skill install.");
+        return;
+    }
+    for (const target of plan) {
+        installSkillTarget(target);
+        console.log(`[yt-mcp] Installed bundled skill for ${target.label}: ${target.targetDir}`);
+    }
+}

package/dist/cli/runtime.d.ts

@@ -0,0 +1,9 @@
+import { type RuntimeSummary } from "../runtime/installers.js";
+export interface RuntimeCommandDeps {
+    installAll(): Promise<RuntimeSummary>;
+    updateAll(): Promise<RuntimeSummary>;
+    checkAll(): Promise<RuntimeSummary>;
+}
+export declare function formatRuntimeSummary(summary: RuntimeSummary): string;
+export declare function runRuntimeCommand(action: "install" | "update" | "check", deps?: RuntimeCommandDeps): Promise<string>;
+export declare function runRuntimeCli(action?: string): Promise<void>;