social-autoposter 1.6.13 → 1.6.15

package/README.md

@@ -4,7 +4,7 @@ Open-source repo behind **[S4L (s4lai)](https://s4l.ai)**: an automated social p
 
 > The hosted managed version is **S4L** (written `s4lai`, domain `s4l.ai`): done-for-you Reddit and Twitter brand-awareness, $1/1K impressions, $50/1K site visits. See https://s4l.ai.
 
-Posts are written to a Neon Postgres database via `DATABASE_URL` in `~/social-autoposter/.env`. Bring your own Neon DB and apply `schema-postgres.sql` once. Each platform drives its own persistent Playwright MCP browser profile, so logins survive across runs.
+Posts are written to a Postgres database via `DATABASE_URL` in `~/social-autoposter/.env`. Bring your own Postgres DB and apply `schema-postgres.sql` once. Each platform drives its own persistent Playwright MCP browser profile, so logins survive across runs.
 
 ## Prerequisites
 
@@ -14,7 +14,7 @@ A new machine needs all of these before the pipeline can run end to end:
 - **Node.js 16+** (for `npx`, the installer, and `@playwright/mcp` at runtime)
 - **Python 3.9+** with `pip3` (helper scripts; `psycopg2-binary` is auto-installed by the installer)
 - **Claude Code CLI** on `PATH` (the cron scripts shell out to `claude -p` with a per-platform MCP config)
-- **`psql`** on `PATH` (a few scripts query Neon directly)
+- **`psql`** on `PATH` (a few scripts query Postgres directly)
 - One Chromium install per platform (created on first run by `@playwright/mcp` against the persistent profile dirs)
 
 Optional:
@@ -48,7 +48,7 @@ npx social-autoposter update
 
 Tell your Claude Code agent: **"set up social autoposter"**. The interactive wizard in `setup/SKILL.md` walks through:
 
-1. Verifying the Neon connection
+1. Verifying the Postgres connection
 2. Filling in `~/social-autoposter/config.json` with handles for Reddit, Twitter, LinkedIn, optional Moltbook
 3. A 5-question interview to draft your `content_angle`
 4. Capturing `projects` with `topics` (used by the tiered reply strategy)
@@ -68,7 +68,7 @@ launchd  ──▶  skill/run-{platform}.sh  ──▶  claude -p  --strict-mcp-
                        ├──▶  scripts/find_threads.py, top_twitter_queries.py  (no browser, API + DB dedup)
                        ├──▶  scripts/pick_project.py            (weighted project rotation)
                        ├──▶  scripts/top_performers.py          (feedback report from past stats)
-                       └──▶  Neon Postgres                      (DATABASE_URL in .env)
+                       └──▶  Postgres                           (DATABASE_URL in .env)
 ```
 
 Each `skill/run-*.sh`:
@@ -104,7 +104,7 @@ launchctl load ~/Library/LaunchAgents/com.m13v.social-twitter-cycle.plist
 | `/social-autoposter engage` | Scan and reply to responses on our posts |
 | `/social-autoposter audit` | Full browser audit of all posts |
 
-View live stats at `https://s4l.ai/stats/<your-handle>` once posts start landing in Neon.
+View live stats at `https://s4l.ai/stats/<your-handle>` once posts start landing in Postgres.
 
 ## Repo layout
 
@@ -114,7 +114,7 @@ social-autoposter/
 ├── bin/cli.js                installer + dashboard launcher
 ├── browser-agent-configs/    Playwright MCP templates (twitter/reddit/linkedin)
 ├── config.example.json       config template
-├── schema-postgres.sql       Neon schema
+├── schema-postgres.sql       Postgres schema
 ├── setup/SKILL.md            interactive setup wizard skill (locked)
 ├── scripts/                  Python and JS helpers (no browser, no LLM)
 ├── skill/                    shell wrappers invoked by launchd

package/SKILL.md

@@ -41,7 +41,7 @@ Key fields you'll use throughout every workflow:
 - `subreddits` — list of subreddits to monitor and post in
 - `content_angle` — the user's unique perspective for writing authentic comments
 - `projects` — products/repos to mention naturally when relevant (each has `name`, `description`, `website`, `github`, `topics`)
-- `database` — unused (DB is Neon Postgres via `DATABASE_URL` in `.env`)
+- `database` — unused (DB is Postgres via `DATABASE_URL` in `.env`)
 
 Use these values everywhere below instead of any hardcoded names or links.
 
@@ -132,7 +132,7 @@ Set `engagement_style` to the style you chose for this post (e.g., 'critic', 'st
 
 Use the account value from `config.json` for `our_account`.
 
-Posts are written directly to the Neon Postgres database. No separate post-sync step is required.
+Posts are written directly to the Postgres database. No separate post-sync step is required.
 
 ---
 
@@ -229,7 +229,7 @@ Daily-cadence original Reddit threads across all products, automated via launchd
 python3 ~/social-autoposter/scripts/update_stats.py
 ```
 
-After running, view updated stats at `https://s4l.ai/stats/[handle]`. Stats are read from the same Neon Postgres database used by the posting pipeline. Changes appear on the website within ~5 minutes.
+After running, view updated stats at `https://s4l.ai/stats/[handle]`. Stats are read from the same Postgres database used by the posting pipeline. Changes appear on the website within ~5 minutes.
 
 ---
 

package/bin/cli.js

@@ -33,7 +33,7 @@ const ENV_TEMPLATE = `# social-autoposter environment variables
 # Get it from: https://www.moltbook.com/settings/api
 MOLTBOOK_API_KEY=
 
-# Neon Postgres connection string. Bring your own Neon DB — apply schema with:
+# Postgres connection string. Bring your own Postgres DB, apply schema with:
 #   psql "$DATABASE_URL" -f schema-postgres.sql
 # Format: postgresql://<user>:<password>@<host>/<db>?sslmode=require
 DATABASE_URL=
@@ -153,20 +153,20 @@ function isAppMakerVm() {
 // AppMaker-specific TWITTER_CDP_URL before its `${VAR:-default}` fallback hits.
 // Idempotent: rewrites the file every invocation so a config edit on the VM
 // can't drift away from what cli.js intends.
-function writeAppMakerEnvFile() {
+function writeAppMakerEnvFile(handleFromDb) {
   const envPath = path.join(HOME, '.social-autoposter-env');
-  // Preserve a previously-set AUTOPOSTER_TWITTER_HANDLE across rewrites. This
-  // is per-VM state (which @handle this sandbox posts as) and is NOT something
-  // the generic bootstrap knows — the operator sets it once after login, and
-  // the cycle + restore_twitter_session.py read it via twitter_account.resolve_handle().
-  // The sandbox's config.json (which also carries the handle) gets reseeded
-  // from /etc/skel-root on substitution, so the env var is the durable home.
-  let preservedHandle = '';
-  try {
-    const prev = fs.readFileSync(envPath, 'utf8');
-    const m = prev.match(/^\s*export\s+AUTOPOSTER_TWITTER_HANDLE=(.+)\s*$/m);
-    if (m) preservedHandle = m[1].trim();
-  } catch { /* no prior file */ }
+  // Source of truth for the handle is the DB (social_accounts.handle keyed by
+  // vm_session_key). bootstrap-vm passes it in. Fallback: preserve a previously
+  // set value across rewrites if no DB-sourced handle was provided (matters
+  // when this runs from `social-autoposter update` without a fresh DB fetch).
+  let preservedHandle = String(handleFromDb || '').trim().replace(/^@/, '');
+  if (!preservedHandle) {
+    try {
+      const prev = fs.readFileSync(envPath, 'utf8');
+      const m = prev.match(/^\s*export\s+AUTOPOSTER_TWITTER_HANDLE=(.+)\s*$/m);
+      if (m) preservedHandle = m[1].trim();
+    } catch { /* no prior file */ }
+  }
 
   const lines = [
     '# social-autoposter per-host env overrides',
@@ -290,6 +290,115 @@ function applyAppMakerMcpConfigOverrides() {
 // uv installed and broke Phase 1's Claude scan (the MCP server's `command:
 // /root/.local/bin/uv` resolved to ENOENT, Claude got no tools, returned an
 // empty envelope).
+// AppMaker VM self-bootstrap. Single entry point that the appmaker template
+// startup.sh calls on every fresh sandbox boot. Reads the stable sessionKey
+// from /run/mk0r-session.json (which the appmaker bridge rewrites on every
+// session bind, and which survives E2B sandbox substitution — only the
+// sandboxId changes), then asks the social-autoposter HTTP API which Twitter
+// account this VM is bound to (handle + stored login cookies, keyed by
+// social_accounts.vm_session_key). With that single DB answer it sets up
+// everything: env file (with the DB-sourced handle), profile symlink, MCP
+// config (BH_PORT=9222), uuid-runtime, then restores the Twitter login by
+// re-injecting the stored cookies via CDP.
+//
+// This is the "one proper fix" for sandbox substitution: the VM holds no
+// per-VM state on disk — the DB does, keyed by the stable sessionKey. So
+// any fresh sandbox can rebuild itself by reading /run/mk0r-session.json
+// and calling one route.
+function bootstrapVm() {
+  if (!isAppMakerVm()) {
+    console.error('bootstrap-vm: not an AppMaker VM (no /opt/startup.sh + CDP :9222). Use `init` or `update` on dev boxes.');
+    process.exit(2);
+  }
+  console.log('  AppMaker VM bootstrap: resolving identity from DB by sessionKey...');
+
+  let sessionKey;
+  try {
+    const raw = fs.readFileSync('/run/mk0r-session.json', 'utf8');
+    sessionKey = (JSON.parse(raw) || {}).sessionKey;
+  } catch (err) {
+    console.error(`bootstrap-vm: cannot read /run/mk0r-session.json: ${err.message}`);
+    process.exit(3);
+  }
+  if (!sessionKey) {
+    console.error('bootstrap-vm: /run/mk0r-session.json has no sessionKey');
+    process.exit(3);
+  }
+  console.log(`    sessionKey=${sessionKey}`);
+
+  // Get the X-Installation header via identity.py (same Python helper http_api.py
+  // uses, so auth stays single-sourced).
+  const identityPath = path.join(PKG_ROOT, 'scripts', 'identity.py');
+  const headerRes = spawnSync('/usr/bin/python3', [identityPath, 'header'], {
+    encoding: 'utf8',
+  });
+  if (headerRes.status !== 0) {
+    console.error(`bootstrap-vm: identity.py header failed: ${headerRes.stderr || headerRes.error}`);
+    process.exit(4);
+  }
+  const installHeader = (headerRes.stdout || '').trim();
+
+  const base = (process.env.AUTOPOSTER_API_BASE || 'https://s4l.ai').replace(/\/+$/, '');
+  const url = `${base}/api/v1/twitter/vm-session?session_key=${encodeURIComponent(sessionKey)}`;
+  console.log(`    GET ${url}`);
+
+  // Use curl (always present on the appmaker template) so we don't pull in
+  // a Node HTTP dep here.
+  const curl = spawnSync('curl', [
+    '-sS', '--max-time', '15',
+    '-H', `X-Installation: ${installHeader}`,
+    '-H', 'Content-Type: application/json',
+    url,
+  ], { encoding: 'utf8' });
+  if (curl.status !== 0) {
+    console.error(`bootstrap-vm: curl failed: ${curl.stderr || curl.error}`);
+    process.exit(5);
+  }
+  let payload;
+  try {
+    payload = JSON.parse(curl.stdout || '{}');
+  } catch (err) {
+    console.error(`bootstrap-vm: bad JSON from API: ${curl.stdout.slice(0, 300)}`);
+    process.exit(6);
+  }
+  if (!payload.ok || !payload.data) {
+    console.error(`bootstrap-vm: API error: ${JSON.stringify(payload).slice(0, 300)}`);
+    process.exit(7);
+  }
+  const { handle, cookies, vm_project_id } = payload.data;
+  if (!handle) {
+    console.error('bootstrap-vm: API returned no handle. social_accounts.vm_session_key may be unset for this VM.');
+    process.exit(8);
+  }
+  console.log(`    bound to @${handle} (vm_project_id=${vm_project_id || 'none'}, cookies=${(cookies || []).length})`);
+
+  // Write env file with DB-sourced handle (durable across `social-autoposter update`).
+  writeAppMakerEnvFile(handle);
+
+  // Existing setup steps. installBrowserHarness already installs uuid-runtime,
+  // symlinks the profile, and patches the MCP config — call it directly.
+  installBrowserHarness();
+
+  // Restore the Twitter login if we have stored cookies and the Chrome is
+  // up. No-op when Chrome isn't reachable yet (startup ordering); the cycle
+  // preflight will run restore_twitter_session.py on its next tick.
+  if ((cookies || []).length > 0) {
+    const restorePath = path.join(HOME, 'social-autoposter', 'scripts', 'restore_twitter_session.py');
+    if (fs.existsSync(restorePath)) {
+      console.log('    invoking restore_twitter_session.py to re-inject cookies...');
+      // Source the env file so AUTOPOSTER_TWITTER_HANDLE / TWITTER_CDP_URL are set.
+      const r = spawnSync('bash', ['-lc',
+        `source ${HOME}/.social-autoposter-env 2>/dev/null; /usr/bin/python3 ${restorePath} || true`,
+      ], { stdio: 'inherit' });
+      void r;
+    }
+  } else {
+    console.log('    no stored cookies; manual login still required this once.');
+  }
+
+  console.log('  bootstrap-vm: done.');
+}
+
 function installBrowserHarness() {
   const onAppMaker = isAppMakerVm();
   if (onAppMaker) {
@@ -604,7 +713,7 @@ function init() {
   console.log('  1. Edit ~/social-autoposter/config.json with your accounts');
   console.log('  2. Tell your Claude agent: "set up social autoposter"');
   console.log('     (uses the setup/SKILL.md wizard for browser login verification)');
-  console.log('  3. Posts are logged to the shared Neon DB (DATABASE_URL in .env)');
+  console.log('  3. Posts are logged to the shared Postgres DB (DATABASE_URL in .env)');
 }
 
 function update() {
@@ -745,6 +854,8 @@ if (cmd === 'init') {
   init();
 } else if (cmd === 'update') {
   update();
+} else if (cmd === 'bootstrap-vm') {
+  bootstrapVm();
 } else if (cmd === 'export-cookies') {
   // Forward to cookie-helper with 'export' + remaining args
   process.argv = [process.argv[0], process.argv[1], 'export', ...process.argv.slice(3)];
@@ -762,6 +873,7 @@ if (cmd === 'init') {
   console.log('  npx social-autoposter              open the dashboard');
   console.log('  npx social-autoposter init          first-time setup');
   console.log('  npx social-autoposter update        update scripts, preserve config');
+  console.log('  npx social-autoposter bootstrap-vm  AppMaker VM self-bootstrap (DB-driven)');
   console.log('  npx social-autoposter export-cookies [dir]  export browser cookies');
   console.log('  npx social-autoposter import-cookies [dir]  import browser cookies');
 }