social-autoposter 1.6.21 → 1.6.23

package/mcp/dist/index.js

@@ -242,7 +242,12 @@ async function postApproved(batchId, plan) {
         return { attempted: 0, exit_code: 0, summary: "nothing approved" };
     const approvedBatch = `${batchId}_approved`;
     writePlan(approvedBatch, { ...plan, candidates: approved });
-    const res = await runPython("scripts/twitter_post_plan.py", ["--plan", planPath(approvedBatch)], { timeoutMs: 900_000 });
+    // SAPS_SKIP_CAMPAIGN_SUFFIX=1: manual/reviewed posts from this MCP draft_cycle
+    // never get the active-campaign suffix (e.g. " written with ai") appended.
+    // twitter_browser.py's reply handler reads this env (inherited through
+    // twitter_post_plan.py's subprocess). The cron pipeline doesn't set it, so the
+    // A/B disclosure experiment keeps running on autopilot/cron and on Reddit.
+    const res = await runPython("scripts/twitter_post_plan.py", ["--plan", planPath(approvedBatch)], { timeoutMs: 900_000, env: { SAPS_SKIP_CAMPAIGN_SUFFIX: "1" } });
     let summary = res.stdout.trim();
     try {
         const lines = res.stdout.trim().split("\n");

package/mcp-servers/browser-harness/server.py

@@ -261,17 +261,62 @@ def ensure_chrome() -> dict:
     }
 
 
+def _port_owner_pids() -> list[int]:
+    """PIDs LISTENing on our debug PORT, via lsof. Lets stop_chrome reap a Chrome
+    that another launcher (e.g. setup_twitter_auth.py's connect_x) started without
+    writing PID_FILE, instead of stranding an un-reapable orphan that makes
+    bh_start keep reporting 'already_running'. Returns [] if lsof is unavailable."""
+    try:
+        out = subprocess.run(
+            ["lsof", "-ti", f"tcp:{PORT}", "-sTCP:LISTEN"],
+            capture_output=True, text=True, timeout=5,
+        )
+    except (OSError, subprocess.SubprocessError):
+        return []
+    pids = []
+    for tok in (out.stdout or "").split():
+        try:
+            pids.append(int(tok))
+        except ValueError:
+            pass
+    return pids
+
+
+def _terminate(pid: int, grace: float = 5.0) -> None:
+    """SIGTERM, then SIGKILL only if still alive after `grace` seconds. The wait
+    gives Chrome time to flush its in-memory cookie store to the on-disk profile,
+    so a stop->start restart preserves the X session instead of coming back
+    logged out (the failure the setup agent hit after a hard kill)."""
+    try:
+        os.kill(pid, 15)
+    except OSError:
+        return
+    deadline = time.time() + grace
+    while time.time() < deadline:
+        if not _pid_alive(pid):
+            return
+        time.sleep(0.2)
+    try:
+        os.kill(pid, 9)
+    except OSError:
+        pass
+
+
 def stop_chrome() -> dict:
-    """Kill the managed Chrome instance, if any."""
+    """Gracefully stop the managed Chrome — the tracked process AND any orphan
+    still LISTENing on the debug port — so connect_x-launched Chromes can't
+    strand the port. SIGTERM-with-grace lets Chrome persist cookies to disk."""
+    targets: list[int] = []
     pid = _read_pid()
     if pid and _pid_alive(pid):
-        try:
-            os.kill(pid, 15)
-            time.sleep(0.6)
-            if _pid_alive(pid):
-                os.kill(pid, 9)
-        except OSError as e:
-            return {"status": "error", "error": str(e), "pid": pid}
+        targets.append(pid)
+    for owner in _port_owner_pids():
+        if owner not in targets and _pid_alive(owner):
+            targets.append(owner)
+
+    for t in targets:
+        _terminate(t)
+
     try:
         PID_FILE.unlink()
     except FileNotFoundError:
@@ -281,7 +326,7 @@ def stop_chrome() -> dict:
             os.unlink(stale)
         except FileNotFoundError:
             pass
-    return {"status": "stopped", "pid": pid}
+    return {"status": "stopped", "reaped": targets, "tracked_pid": pid}
 
 
 # --- browser-harness exec wrapper ---
@@ -375,12 +420,16 @@ def bh_run(script: str, timeout: int = EXEC_TIMEOUT_SEC) -> str:
 def bh_status() -> str:
     """Report whether the managed Chrome is alive and where it lives."""
     pid = _read_pid()
+    owners = _port_owner_pids()
     return json.dumps(
         {
             "cdp_url": CDP_URL,
             "cdp_alive": _cdp_alive(),
             "chrome_pid": pid,
-            "chrome_alive": pid is not None and _pid_alive(pid),
+            "chrome_alive": (pid is not None and _pid_alive(pid)) or _cdp_alive(),
+            # Untracked Chromes (e.g. launched by connect_x) show up here even
+            # when chrome_pid is null — that's the orphan that bh_stop now reaps.
+            "port_owner_pids": owners,
             "profile_dir": str(PROFILE_DIR),
             "log_file": str(LOG_FILE),
             "harness_bin": BROWSER_HARNESS_BIN,
@@ -400,10 +449,26 @@ def bh_start() -> str:
 
 @mcp.tool()
 def bh_stop() -> str:
-    """Kill the managed Chrome instance. Cookies/profile data persist on disk."""
+    """Kill the managed Chrome instance. Cookies/profile data persist on disk.
+
+    Reaps both the tracked process and any orphan still holding the debug port,
+    using a graceful SIGTERM-with-grace so cookies flush to disk first."""
     return json.dumps(stop_chrome(), indent=2)
 
 
+@mcp.tool()
+def bh_restart() -> str:
+    """Flush + restart the managed Chrome in one step. Gracefully stops it (so
+    Chrome persists the cookie store to disk and any port-orphan is reaped), then
+    starts a fresh instance that loads the just-flushed session from disk. Use
+    this instead of killing Chrome by hand — a hard kill drops the in-memory X
+    session before it is written, which is what forces a re-login."""
+    stopped = stop_chrome()
+    time.sleep(0.5)
+    started = ensure_chrome()
+    return json.dumps({"status": "restarted", "stopped": stopped, "started": started}, indent=2)
+
+
 @mcp.tool()
 def bh_seed_cookies(source: str = "chrome:Default", domains: str | None = None) -> str:
     """Import cookies from a local browser profile into the managed Chrome.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "social-autoposter",
-  "version": "1.6.21",
+  "version": "1.6.23",
   "description": "Automated social posting pipeline for Reddit, X/Twitter, LinkedIn, and Moltbook. Install as a Claude Code agent skill.",
   "bin": {
     "social-autoposter": "bin/cli.js"

package/scripts/setup_twitter_auth.py

@@ -63,12 +63,27 @@ except ImportError:
     )
     sys.exit(0)
 
+# Optional server-side session-cookie store (best-effort). Lets connect_x persist
+# the validated X cookies so restore_twitter_session.py can auto-re-inject them
+# after any logout. Guarded so a missing dep or offline API never breaks setup.
+sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
+try:
+    from http_api import api_post  # noqa: E402
+    from twitter_account import resolve_handle  # noqa: E402
+except Exception:
+    api_post = None
+    resolve_handle = None
+
 # --- Config -----------------------------------------------------------------
 
 # Same managed Chrome the twitter-harness pipeline uses (skill/lib/twitter-backend.sh).
 CDP = os.environ.get("SAPS_TWITTER_CDP_URL", os.environ.get("TWITTER_CDP_URL", "http://127.0.0.1:9555")).rstrip("/")
 PORT = int(CDP.rsplit(":", 1)[-1]) if CDP.rsplit(":", 1)[-1].isdigit() else 9555
 PROFILE_DIR = Path.home() / ".claude" / "browser-profiles" / "browser-harness"
+# Same PID file server.py (the twitter-harness MCP) writes, so a Chrome launched
+# here is tracked and reapable by bh_stop instead of becoming an orphan that
+# strands the debug port.
+PID_FILE = Path.home() / ".claude" / "browser-profiles" / "browser-harness.chrome.pid"
 
 # Browsers ai_browser_profile.cookies can read from, in auto-detect priority.
 AUTO_SOURCES = ["chrome:Default", "arc:Default", "brave:Default", "edge:Default"]
@@ -163,7 +178,11 @@ def _launch_chrome() -> bool:
         cmd += ["--window-position=80,80", "--window-size=1100,900"]
     cmd.append("about:blank")
     PROFILE_DIR.mkdir(parents=True, exist_ok=True)
-    subprocess.Popen(cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
+    proc = subprocess.Popen(cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
+    try:
+        PID_FILE.write_text(str(proc.pid))
+    except OSError:
+        pass
     for _ in range(15):
         if _cdp_alive():
             return True
@@ -258,6 +277,50 @@ def _has_session_quick() -> bool:
             pass
 
 
+def _save_session_to_store() -> None:
+    """Best-effort: persist the live x.com cookies to the server-side session
+    store (social_accounts.session_cookies, via POST /api/v1/twitter/session-cookies)
+    so restore_twitter_session.py can auto-re-inject them on the next preflight
+    after ANY logout — hard kill, crash, or AppMaker VM reseed. Non-fatal: the
+    local session is already valid; this only enables future auto-recovery.
+    Without it the restore rail has nothing to read and every logout needs a
+    manual connect_x."""
+    if api_post is None or resolve_handle is None:
+        return
+    try:
+        handle = resolve_handle()
+    except Exception:
+        handle = None
+    if not handle:
+        return
+    try:
+        ws, send = _attach()
+    except Exception:
+        return
+    try:
+        send("Network.enable")
+        r = send("Network.getAllCookies")
+        cks = r.get("result", {}).get("cookies", []) or []
+        wanted = tuple(d.strip() for d in DOMAINS.split(",") if d.strip())
+        cookies = [c for c in cks if any(w in (c.get("domain") or "") for w in wanted)]
+        if not cookies:
+            return
+        api_post("/api/v1/twitter/session-cookies", {"handle": handle, "cookies": cookies})
+        print(f"setup_twitter_auth: saved {len(cookies)} session cookies for @{handle} "
+              "(auto-restore enabled)", file=sys.stderr)
+    # api_post raises SystemExit (BaseException, NOT Exception) on a 4xx/5xx —
+    # e.g. "no social_accounts row" on a persistent machine that never registered
+    # this handle. The save is best-effort and must never abort connect_x, so
+    # catch SystemExit too.
+    except (Exception, SystemExit) as e:
+        print(f"setup_twitter_auth: session-store save skipped ({e})", file=sys.stderr)
+    finally:
+        try:
+            ws.close()
+        except Exception:
+            pass
+
+
 def _show_window_and_open_login() -> bool:
     """Make the managed Chrome window VISIBLE + focused and land it on the X login
     page, so the user can sign in by hand (the manual-login fallback).
@@ -387,6 +450,7 @@ def cmd_connect(args) -> dict:
     # 1. Already logged in? Nothing to import.
     try:
         if _is_session_valid():
+            _save_session_to_store()
             return {
                 "ok": True,
                 "connected": True,
@@ -410,6 +474,7 @@ def cmd_connect(args) -> dict:
         # 3. Re-validate after this source.
         try:
             if _is_session_valid():
+                _save_session_to_store()
                 return {
                     "ok": True,
                     "connected": True,

package/scripts/twitter_browser.py

@@ -2072,7 +2072,14 @@ def main():
                 file=sys.stderr,
             )
             sys.exit(1)
-        result = reply_to_tweet(sys.argv[2], sys.argv[3])
+        # SAPS_SKIP_CAMPAIGN_SUFFIX=1 opts this reply out of active-campaign
+        # suffixes (e.g. " written with ai"). Set ONLY by the MCP draft_cycle
+        # post path (mcp/src/index.ts::postApproved) so manual/reviewed posts
+        # land clean; the cron pipeline never sets it, so the A/B experiment
+        # keeps running there and on Reddit. Reuses the existing apply_campaigns
+        # plumbing (same flag the self-reply path uses below).
+        _skip_camp = os.environ.get("SAPS_SKIP_CAMPAIGN_SUFFIX", "").strip().lower() in ("1", "true", "yes")
+        result = reply_to_tweet(sys.argv[2], sys.argv[3], apply_campaigns=not _skip_camp)
         print(json.dumps(result, indent=2))
 
     elif cmd == "like":