@mkterswingman/5mghost-yonder 0.0.33 → 0.0.35

package/README.md

@@ -18,8 +18,8 @@ The bootstrap installer:
 - installs required runtimes (`playwright`, `yt-dlp`, `ffmpeg`)
 - runs `yt-mcp setup`
 - runs `yt-mcp smoke` to verify MCP startup and authenticated remote access
-- first tries a headless YouTube cookie import from your local Chrome/Edge session
-- only asks to open a visible browser for YouTube login if the headless import fails
+- opens a dedicated Playwright browser profile for YouTube login
+- keeps cookie refresh inside the same dedicated profile (does not import system Chrome/Edge profiles)
 - in unattended installs, defaults to OAuth auth mode and defaults to headed cookie setup after the prompt timeout
 - in installer mode, OAuth waits up to `180s` and prints PAT fallback commands before waiting
 - if auth is still incomplete after `setup`, the installer stops before smoke tests and YouTube cookie setup instead of pretending the install fully passed
@@ -57,7 +57,7 @@ Media download runtime expectations:
 - `smoke` — run the installer smoke checks (`search_videos`, plus `validate_cookies` with `--subtitles`)
 - `runtime` — install, update, or check required runtimes
 - `check` — inspect shared auth, runtime status, and YouTube cookies
-- `setup-cookies` — first try importing an existing YouTube login from the most recently active local Chrome/Edge profile on macOS or Windows with a headless real-browser CDP probe, then fall back to manual browser login
+- `setup-cookies` — open a dedicated Playwright browser profile for manual YouTube login and save cookies locally
 - `uninstall` — remove MCP registrations and local `~/.yt-mcp` config
 - `update` — update the main package and required runtimes
 - `version` — print the installed version

package/dist/cli/index.js

@@ -92,7 +92,15 @@ async function main() {
         }
         case "setup-cookies": {
             const { runSetupCookies, parseSetupCookiesArgs } = await import("./setupCookies.js");
-            await runSetupCookies({}, parseSetupCookiesArgs(process.argv.slice(3)));
+            try {
+                parseSetupCookiesArgs(process.argv.slice(3));
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : String(err);
+                console.error(msg);
+                process.exit(1);
+            }
+            await runSetupCookies({});
             break;
         }
         case "uninstall": {

package/dist/cli/setupCookies.d.ts

@@ -51,10 +51,6 @@ export interface SetupCookiesDeps {
     runManualCookieSetup: typeof runManualCookieSetup;
     log: (message: string) => void;
 }
-export interface SetupCookiesOptions {
-    importOnly?: boolean;
-    headed?: boolean;
-}
 export declare class BrowserProfileLockedError extends Error {
     constructor(message?: string);
 }
@@ -83,6 +79,6 @@ export declare function runManualCookieSetup(chromium: SetupCookiesChromium, dep
 /**
  * Interactive cookie setup — opens a visible browser for user to log in.
  */
-export declare function parseSetupCookiesArgs(argv: string[]): SetupCookiesOptions;
-export declare function runSetupCookies(overrides?: Partial<SetupCookiesDeps>, options?: SetupCookiesOptions): Promise<void>;
+export declare function parseSetupCookiesArgs(argv: string[]): void;
+export declare function runSetupCookies(overrides?: Partial<SetupCookiesDeps>): Promise<void>;
 export {};

package/dist/cli/setupCookies.js

@@ -413,12 +413,11 @@ export async function runManualCookieSetup(chromium, deps) {
  * Interactive cookie setup — opens a visible browser for user to log in.
  */
 export function parseSetupCookiesArgs(argv) {
-    return {
-        importOnly: argv.includes("--import-only"),
-        headed: argv.includes("--headed"),
-    };
+    for (const arg of argv) {
+        throw new Error(`Unknown option for setup-cookies: ${arg}. setup-cookies accepts no options.`);
+    }
 }
-export async function runSetupCookies(overrides = {}, options = {}) {
+export async function runSetupCookies(overrides = {}) {
     const deps = buildSetupCookiesDeps(overrides);
     deps.log("\n🍪 YouTube Cookie Setup\n");
     deps.ensureConfigDir();
@@ -429,23 +428,5 @@ export async function runSetupCookies(overrides = {}, options = {}) {
     catch {
         throw new Error("Playwright runtime is not installed.\nRun: yt-mcp runtime install");
     }
-    if (!options.headed) {
-        let imported = false;
-        try {
-            imported = await deps.tryImportBrowserCookies(chromium, deps);
-        }
-        catch (err) {
-            if (!(err instanceof BrowserProfileLockedError) || options.importOnly) {
-                throw err;
-            }
-            deps.log(`${err.message}\n`);
-        }
-        if (imported) {
-            return;
-        }
-    }
-    if (options.importOnly && !options.headed) {
-        throw new Error("No reusable YouTube session found in local Chrome/Edge profiles");
-    }
     await deps.runManualCookieSetup(chromium, deps);
 }

package/dist/download/downloader.js

@@ -34,11 +34,24 @@ export async function downloadOneItem(input) {
         await deps.rm(input.item.output_dir, { recursive: true, force: true });
         await deps.mkdir(input.item.output_dir, { recursive: true });
         await deps.mkdir(subtitlesDir, { recursive: true });
-        const metadata = await deps.fetchMetadata({
+        const metadataInput = {
             sourceUrl: input.item.source_url,
             videoId: input.item.video_id,
             title: input.item.title,
-        });
+        };
+        let metadata;
+        try {
+            metadata = await deps.fetchMetadata(metadataInput);
+        }
+        catch (error) {
+            const failureKind = classifyRefreshableFailure(error);
+            if (failureKind != null && failureKind !== "RATE_LIMITED" && await deps.refreshCookies()) {
+                metadata = await deps.fetchMetadata(metadataInput);
+            }
+            else {
+                throw error;
+            }
+        }
         const result = {
             video_file: null,
             metadata_file: metadataFile,
@@ -63,7 +76,7 @@ export async function downloadOneItem(input) {
                 });
             }
             catch (error) {
-                const failureKind = classifyVideoDownloadError(error);
+                const failureKind = classifyRefreshableFailure(error);
                 if (failureKind != null && failureKind !== "RATE_LIMITED" && await deps.refreshCookies()) {
                     result.video_file = await deps.downloadVideo({
                         sourceUrl: input.item.source_url,
@@ -311,7 +324,7 @@ function sortSubtitleFiles(files) {
         .sort(([left], [right]) => left.localeCompare(right))
         .map(([format, paths]) => [format, [...paths].sort()]));
 }
-function classifyVideoDownloadError(error) {
+function classifyRefreshableFailure(error) {
     const message = error instanceof Error ? error.message : String(error);
     return classifyYtDlpFailure(message);
 }

package/dist/utils/cookieRefresh.d.ts

@@ -1,19 +1,15 @@
 /**
- * Cookie auto-refresh with three-tier fallback.
+ * Cookie auto-refresh with two-tier fallback.
  *
  * Tier 1: Headless Playwright refresh using existing browser-profile.
  *   If Google session is still valid, cookies are extracted automatically.
  *
- * Tier 2: Re-import from system Chrome/Edge (headless, about:blank).
- *   Copies the real browser profile to a temp dir and reads cookies via CDP
- *   without making any network requests (avoids Google token rotation).
- *
- * Tier 3: Open a headed browser for manual user login.
+ * Tier 2: Open a headed browser for manual user login.
  *   Blocks the MCP tool call for up to ~2 minutes while the user logs in.
- *   Creates browser-profile so Tier 1 works next time.
+ *   Uses the dedicated yt-mcp profile so refresh never touches system profiles.
  */
 /**
- * Attempt to refresh YouTube cookies through a three-tier fallback chain.
+ * Attempt to refresh YouTube cookies through the dedicated two-tier fallback chain.
  *
  * @returns true if cookies were refreshed, false if all tiers failed.
  */

package/dist/utils/cookieRefresh.js

@@ -1,16 +1,12 @@
 /**
- * Cookie auto-refresh with three-tier fallback.
+ * Cookie auto-refresh with two-tier fallback.
  *
  * Tier 1: Headless Playwright refresh using existing browser-profile.
  *   If Google session is still valid, cookies are extracted automatically.
  *
- * Tier 2: Re-import from system Chrome/Edge (headless, about:blank).
- *   Copies the real browser profile to a temp dir and reads cookies via CDP
- *   without making any network requests (avoids Google token rotation).
- *
- * Tier 3: Open a headed browser for manual user login.
+ * Tier 2: Open a headed browser for manual user login.
  *   Blocks the MCP tool call for up to ~2 minutes while the user logs in.
- *   Creates browser-profile so Tier 1 works next time.
+ *   Uses the dedicated yt-mcp profile so refresh never touches system profiles.
  */
 import { existsSync } from "node:fs";
 import { PATHS, ensureConfigDir } from "./config.js";
@@ -18,7 +14,7 @@ import { detectBrowserChannel, hasYouTubeSession, saveCookiesToDisk, } from "../
 import { hasSIDCookies } from "./cookies.js";
 const HEADLESS_TIMEOUT_MS = 30_000;
 /**
- * Attempt to refresh YouTube cookies through a three-tier fallback chain.
+ * Attempt to refresh YouTube cookies through the dedicated two-tier fallback chain.
  *
  * @returns true if cookies were refreshed, false if all tiers failed.
  */
@@ -30,13 +26,8 @@ export async function tryHeadlessRefresh() {
         if (tier1)
             return true;
     }
-    // Tier 2: Re-import from system browser (headless, no network requests)
-    const tier2 = await tryReimportFromSystemBrowser();
-    if (tier2)
-        return true;
-    // Tier 3: Open headed browser for manual login
-    const tier3 = await tryHeadedManualLogin();
-    return tier3;
+    // Tier 2: Open headed browser for manual login
+    return tryHeadedManualLogin();
 }
 /**
  * Tier 1: Use existing browser-profile with Playwright to refresh cookies.
@@ -84,49 +75,15 @@ async function tryPlaywrightRefresh() {
     }
 }
 /**
- * Tier 2: Re-import cookies from the user's system Chrome/Edge.
- * Uses headless Chrome with about:blank to avoid triggering Google token rotation.
- */
-async function tryReimportFromSystemBrowser() {
-    try {
-        const pw = await import("playwright");
-        const { tryImportBrowserCookies, saveCookiesAndClose, readImportedBrowserCookies, } = await import("../cli/setupCookies.js");
-        const { findImportableBrowserProfileCandidates, prepareImportedBrowserWorkspace, cleanupImportedBrowserWorkspace, } = await import("./browserProfileImport.js");
-        const deps = {
-            ensureConfigDir,
-            loadChromium: async () => pw.chromium,
-            detectBrowserChannel,
-            hasYouTubeSession,
-            saveCookiesAndClose,
-            // Why: waitForLogin is unused in import path but required by SetupCookiesDeps type
-            waitForLogin: async () => null,
-            findImportableBrowserProfileCandidates,
-            prepareImportedBrowserWorkspace,
-            cleanupImportedBrowserWorkspace,
-            readImportedBrowserCookies,
-            tryImportBrowserCookies,
-            // Why: runManualCookieSetup is unused in import path but required by type
-            runManualCookieSetup: async () => { },
-            // Why: silent logging during auto-refresh — user doesn't see MCP server stdout
-            log: () => { },
-        };
-        return await tryImportBrowserCookies(pw.chromium, deps);
-    }
-    catch {
-        return false;
-    }
-}
-/**
- * Tier 3: Open a headed browser for the user to manually log in.
+ * Tier 2: Open a headed browser for the user to manually log in.
  * Blocks the MCP tool call for up to ~2 minutes.
- * Creates browser-profile so Tier 1 works for future refreshes.
+ * Uses the dedicated yt-mcp browser-profile for future Tier 1 refreshes.
  */
 async function tryHeadedManualLogin() {
     try {
-        // Why: runSetupCookies with { headed: true } skips import and goes straight
-        // to manual Playwright login, which creates browser-profile for future Tier 1 use.
+        // Why: setup-cookies now only supports the dedicated manual Playwright login flow.
         const { runSetupCookies } = await import("../cli/setupCookies.js");
-        await runSetupCookies({}, { headed: true });
+        await runSetupCookies({});
         return hasSIDCookies(PATHS.cookiesTxt);
     }
     catch {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mkterswingman/5mghost-yonder",
-  "version": "0.0.33",
+  "version": "0.0.35",
   "description": "Internal MCP client with local data tools and remote API proxy",
   "type": "module",
   "bin": {