social-autoposter 1.6.34 → 1.6.35

package/bin/cli.js

@@ -1116,11 +1116,49 @@ function doctor() {
       `print(c.execute("SELECT COUNT(*) FROM cookies WHERE host_key LIKE '%x.com' OR host_key LIKE '%twitter.com'").fetchone()[0])`,
     ], { encoding: 'utf8', timeout: 10000 });
     const n = parseInt((r.stdout || '0').trim(), 10);
-    if (n > 0) return { ok: true, detail: `${n} rows persisted (durable across Chrome restart)` };
+    if (n > 0) return { ok: true, detail: `${n} rows persisted (Chrome's encrypted store)` };
     return {
       ok: false,
       detail: '0 x.com rows in SQLite',
-      fix: 'run setup_twitter_auth.py connect to import + auto-flush via #2 (1.6.34+)',
+      fix: 'run setup_twitter_auth.py connect to import (durability is backed by the cookie mirror below)',
+    };
+  });
+
+  // Gap B durability layer (1.6.35+): the keychain-independent local cookie
+  // mirror is what survives a re-locked keychain wiping Chrome's encrypted
+  // Cookies DB on relaunch. Read it directly (plaintext 0600 JSON).
+  const mirrorPath = path.join(HOME, '.claude', 'browser-profiles', 'browser-harness.x-cookies.json');
+  const mirrorCount = () => {
+    try {
+      const data = JSON.parse(fs.readFileSync(mirrorPath, 'utf8'));
+      return Array.isArray(data.cookies) ? data.cookies.length : 0;
+    } catch { return -1; }
+  };
+
+  add('X cookie mirror (durable across keychain re-lock)', () => {
+    const n = mirrorCount();
+    if (n > 0) return { ok: true, detail: `${n} cookies mirrored — cycle preflight auto-restores after a wipe` };
+    if (n === 0) return { ok: false, detail: 'mirror file present but empty', fix: 'run setup_twitter_auth.py connect to (re)populate the mirror' };
+    return { ok: false, detail: `no mirror at ${mirrorPath}`, fix: 'run setup_twitter_auth.py connect (1.6.35+) to create the durable cookie mirror' };
+  });
+
+  add('macOS Keychain: login keychain auto-lock', () => {
+    if (process.platform !== 'darwin') return { ok: true, detail: 'skipped (non-macOS)' };
+    const kc = path.join(HOME, 'Library', 'Keychains', 'login.keychain-db');
+    const r = spawnSync('security', ['show-keychain-info', kc], { encoding: 'utf8', timeout: 10000 });
+    const out = `${r.stdout || ''}${r.stderr || ''}`;
+    const m = out.match(/timeout=(\d+)s/);
+    if (!m) return { ok: true, detail: 'no auto-lock timeout (encrypted cookie store stays decryptable)' };
+    const secs = parseInt(m[1], 10);
+    // Only a real problem if the keychain re-locks AND the mirror isn't there to
+    // cover the resulting Cookies-DB wipe. With a populated mirror this is benign.
+    if (mirrorCount() > 0) {
+      return { ok: true, detail: `auto-locks after ${secs}s, but the cookie mirror covers the relaunch-wipe case` };
+    }
+    return {
+      ok: false,
+      detail: `auto-locks after ${secs}s — Chrome's encrypted cookie store can wipe on relaunch with no mirror to restore from`,
+      fix: `run connect_x to create the cookie mirror, or disable auto-lock: security set-keychain-settings "${kc}"`,
     };
   });
 

package/mcp-servers/browser-harness/server.py

@@ -128,6 +128,39 @@ def _log(msg: str) -> None:
 
 # --- Chrome lifecycle ---
 
+# Hardcoded fallbacks used only the very first time a profile launches (before
+# Chrome has written any window_placement to its Preferences).
+DEFAULT_WINDOW_POS = "3042,-1032"
+DEFAULT_WINDOW_SIZE = "1024,1013"
+
+
+def _persisted_window_geometry() -> tuple[str | None, str | None]:
+    """Read the window position+size Chrome last persisted for THIS profile.
+
+    Chrome writes the live window bounds to <profile>/Default/Preferences ->
+    browser.window_placement (left/top/right/bottom, in screen coords) whenever
+    the user moves/resizes the window. By reading that back and feeding it into
+    the launch flags, a user's manual placement survives SIGKILL+relaunch
+    instead of snapping back to the hardcoded default. Returns ("X,Y", "W,H")
+    or (None, None) when nothing usable is persisted yet.
+    """
+    pref = PROFILE_DIR / "Default" / "Preferences"
+    try:
+        wp = json.loads(pref.read_text()).get("browser", {}).get("window_placement")
+    except (FileNotFoundError, ValueError, OSError):
+        return (None, None)
+    if not isinstance(wp, dict) or wp.get("maximized"):
+        return (None, None)
+    try:
+        left, top = int(wp["left"]), int(wp["top"])
+        width, height = int(wp["right"]) - left, int(wp["bottom"]) - top
+    except (KeyError, TypeError, ValueError):
+        return (None, None)
+    if width <= 0 or height <= 0:
+        return (f"{left},{top}", None)
+    return (f"{left},{top}", f"{width},{height}")
+
+
 def _port_open(port: int) -> bool:
     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     s.settimeout(0.5)
@@ -187,12 +220,24 @@ def _build_chrome_cmd() -> list[str]:
         cmd.append("--no-sandbox")
         cmd.append("--disable-dev-shm-usage")
 
-    # 2026-05-13: persistent window placement on macOS multi-monitor setups.
+    # Persistent window placement on macOS multi-monitor setups.
     # Skip on headless / Linux where positioning is meaningless and the
     # off-screen values would just hide the window on a single-monitor setup.
+    # Position priority (2026-06-02):
+    #   1. BH_WINDOW_POS / BH_WINDOW_SIZE env  (explicit hard override)
+    #   2. whatever Chrome last persisted for this profile (the user's own
+    #      manually-dragged position) -> so user placement survives relaunch
+    #   3. hardcoded default (first-ever launch only)
+    # We still pass an explicit --window-position flag (rather than letting
+    # Chrome restore on its own), so SIGKILL+relaunch can't cascade/drift the
+    # window: we control the exact value, but that value now tracks the user's
+    # last placement instead of a fixed constant.
     if not HEADLESS and not _IS_LINUX:
-        cmd.append(f"--window-position={os.environ.get('BH_WINDOW_POS', '3042,-1032')}")
-        cmd.append(f"--window-size={os.environ.get('BH_WINDOW_SIZE', '1024,1013')}")
+        saved_pos, saved_size = _persisted_window_geometry()
+        win_pos = os.environ.get("BH_WINDOW_POS") or saved_pos or DEFAULT_WINDOW_POS
+        win_size = os.environ.get("BH_WINDOW_SIZE") or saved_size or DEFAULT_WINDOW_SIZE
+        cmd.append(f"--window-position={win_pos}")
+        cmd.append(f"--window-size={win_size}")
 
     # Open a real tab so CDP has something to attach to immediately.
     cmd.append("about:blank")

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "social-autoposter",
-  "version": "1.6.34",
+  "version": "1.6.35",
   "description": "Automated social posting pipeline for Reddit, X/Twitter, LinkedIn, and Moltbook. Install as a Claude Code agent skill.",
   "bin": {
     "social-autoposter": "bin/cli.js"
@@ -19,6 +19,8 @@
     "!scripts/backfill_real_clicks.py",
     "!scripts/historical_engagement.py",
     "!scripts/style_length_report.py",
+    "!scripts/install_lane_monitor.py",
+    "!scripts/li_discover_insert.py",
     "!scripts/_dm_record_sent.sh",
     "!scripts/send_batch_dms.sh",
     "!scripts/mint_podlog_subpage_*.py",

package/scripts/restore_twitter_session.py

@@ -31,6 +31,14 @@ sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
 from http_api import api_get  # noqa: E402
 from twitter_account import resolve_handle  # noqa: E402
 
+# Local 0600 cookie mirror — the keychain-independent restore source for
+# persistent machines (Gap B). Tried before the server store. Stdlib-only;
+# guarded so a path quirk never breaks the cycle preflight.
+try:
+    import twitter_cookie_mirror  # noqa: E402
+except Exception:
+    twitter_cookie_mirror = None
+
 try:
     from websocket import create_connection
 except ImportError:
@@ -48,7 +56,12 @@ def _attach():
         new = json.load(urllib.request.urlopen(
             urllib.request.Request(f"{CDP}/json/new?about:blank", method="PUT"), timeout=10))
         page = new
-    ws = create_connection(page["webSocketDebuggerUrl"], timeout=20)
+    # suppress_origin: Chrome 111+ enforces CDP WebSocket origin checking and
+    # rejects the handshake with 403 unless Chrome was launched with
+    # --remote-allow-origins. The harness Chrome (twitter-backend.sh) is launched
+    # without that flag, so we must suppress the Origin header (localhost CDP is
+    # already privileged), matching setup_twitter_auth.py / copy_browser_cookies.py.
+    ws = create_connection(page["webSocketDebuggerUrl"], timeout=20, suppress_origin=True)
     state = {"id": 0}
 
     def send(method, params=None):
@@ -96,12 +109,50 @@ def _logged_in(send):
     return _has_auth_cookie(send)
 
 
-def main():
-    handle = resolve_handle()
-    if not handle:
-        print("restore_twitter_session: no handle configured; skipping", file=sys.stderr)
-        return 0
+def _inject(send, cookies) -> int:
+    """Inject CDP-shaped cookies via Network.setCookie. Returns accepted count."""
+    send("Network.enable")
+    ok_count = 0
+    for c in cookies:
+        params = {k: c[k] for k in (
+            "name", "value", "domain", "path", "secure", "httpOnly",
+            "sameSite", "expires") if k in c and c[k] is not None}
+        r = send("Network.setCookie", params)
+        if r.get("result", {}).get("success", True):
+            ok_count += 1
+    return ok_count
+
+
+def _stored_cookies():
+    """Return (cookies, source). Tries the LOCAL mirror first — it's the only
+    durable source on a persistent machine, where the server store is skipped
+    for lack of a social_accounts row — then falls back to the server store
+    (the durable source on hourly-reseeded AppMaker VMs)."""
+    if twitter_cookie_mirror is not None:
+        try:
+            mirrored = twitter_cookie_mirror.load_cookies()
+        except Exception:
+            mirrored = []
+        if mirrored:
+            return mirrored, f"local mirror ({twitter_cookie_mirror.MIRROR_PATH.name})"
 
+    handle = None
+    try:
+        handle = resolve_handle()
+    except Exception:
+        handle = None
+    if handle:
+        try:
+            resp = api_get("/api/v1/twitter/session-cookies", query={"handle": handle})
+            cookies = ((resp or {}).get("data") or {}).get("cookies") or []
+            if cookies:
+                return cookies, f"server store (@{handle})"
+        except Exception as e:
+            print(f"restore_twitter_session: server store fetch failed ({e})", file=sys.stderr)
+    return [], None
+
+
+def main():
     try:
         ws, send = _attach()
     except Exception as e:
@@ -110,34 +161,24 @@ def main():
 
     try:
         if _logged_in(send):
-            print(f"restore_twitter_session: already logged in as @{handle}; no-op")
+            print("restore_twitter_session: already logged in; no-op")
             return 0
 
-        print(f"restore_twitter_session: logged out, fetching stored cookies for @{handle}...")
-        resp = api_get("/api/v1/twitter/session-cookies", query={"handle": handle})
-        data = (resp or {}).get("data") or {}
-        cookies = data.get("cookies") or []
+        cookies, source = _stored_cookies()
         if not cookies:
-            print("restore_twitter_session: no stored cookies; manual re-login required", file=sys.stderr)
+            print("restore_twitter_session: no stored cookies (local mirror empty + no "
+                  "server store); manual connect_x required", file=sys.stderr)
             return 1
 
-        # CDP Network.setCookies wants url or domain/path. The stored cookies are
-        # already CDP-shaped (from Network.getAllCookies), so pass them straight.
-        send("Network.enable")
-        ok_count = 0
-        for c in cookies:
-            params = {k: c[k] for k in (
-                "name", "value", "domain", "path", "secure", "httpOnly",
-                "sameSite", "expires") if k in c and c[k] is not None}
-            r = send("Network.setCookie", params)
-            if r.get("result", {}).get("success", True):
-                ok_count += 1
+        print(f"restore_twitter_session: logged out, restoring from {source}...")
+        ok_count = _inject(send, cookies)
         print(f"restore_twitter_session: injected {ok_count}/{len(cookies)} cookies")
 
         if _logged_in(send):
-            print(f"restore_twitter_session: RESTORED @{handle} session")
+            print(f"restore_twitter_session: RESTORED session from {source}")
             return 0
-        print("restore_twitter_session: injection done but still logged out (cookies may be expired)", file=sys.stderr)
+        print("restore_twitter_session: injection done but still logged out "
+              "(cookies may be expired); manual connect_x required", file=sys.stderr)
         return 1
     finally:
         try:

package/scripts/setup_twitter_auth.py

@@ -74,6 +74,13 @@ except Exception:
     api_post = None
     resolve_handle = None
 
+# Local 0600 cookie mirror — the keychain-independent durability layer (Gap B).
+# Always importable (stdlib only); guarded so a path quirk never breaks setup.
+try:
+    import twitter_cookie_mirror  # noqa: E402
+except Exception:
+    twitter_cookie_mirror = None
+
 # --- Config -----------------------------------------------------------------
 
 # Same managed Chrome the twitter-harness pipeline uses (skill/lib/twitter-backend.sh).
@@ -277,48 +284,75 @@ def _has_session_quick() -> bool:
             pass
 
 
-def _save_session_to_store() -> None:
-    """Best-effort: persist the live x.com cookies to the server-side session
-    store (social_accounts.session_cookies, via POST /api/v1/twitter/session-cookies)
-    so restore_twitter_session.py can auto-re-inject them on the next preflight
-    after ANY logout — hard kill, crash, or AppMaker VM reseed. Non-fatal: the
-    local session is already valid; this only enables future auto-recovery.
-    Without it the restore rail has nothing to read and every logout needs a
-    manual connect_x."""
-    if api_post is None or resolve_handle is None:
-        return
-    try:
-        handle = resolve_handle()
-    except Exception:
-        handle = None
-    if not handle:
-        return
+def _collect_x_cookies(send) -> list:
+    """Read the live x.com/twitter.com cookies (CDP shape) from the managed
+    Chrome. Returns [] if none. Shared by the mirror + server-store writers."""
+    send("Network.enable")
+    r = send("Network.getAllCookies")
+    cks = r.get("result", {}).get("cookies", []) or []
+    wanted = tuple(d.strip() for d in DOMAINS.split(",") if d.strip())
+    return [c for c in cks if any(w in (c.get("domain") or "") for w in wanted)]
+
+
+def _persist_session() -> None:
+    """Persist the validated live X session for auto-restore after ANY logout
+    (hard kill, crash, keychain re-lock wiping Chrome's Cookies DB, or AppMaker
+    VM reseed). One CDP attach feeds two sinks:
+
+      1. LOCAL 0600 mirror (twitter_cookie_mirror) — ALWAYS written. This is the
+         keychain-independent durability layer that fixes Gap B on a persistent
+         machine: restore_twitter_session.py re-injects from it on the next cycle
+         preflight even after Chrome wiped its own encrypted store.
+      2. Server-side session store (POST /api/v1/twitter/session-cookies) —
+         best-effort. Enables VM auto-restore where the profile is reseeded
+         hourly. No-op on a persistent machine with no social_accounts row.
+
+    Non-fatal end-to-end: the local session is already valid; this only enables
+    future auto-recovery, so nothing here may abort connect_x."""
     try:
         ws, send = _attach()
     except Exception:
         return
     try:
-        send("Network.enable")
-        r = send("Network.getAllCookies")
-        cks = r.get("result", {}).get("cookies", []) or []
-        wanted = tuple(d.strip() for d in DOMAINS.split(",") if d.strip())
-        cookies = [c for c in cks if any(w in (c.get("domain") or "") for w in wanted)]
-        if not cookies:
-            return
-        api_post("/api/v1/twitter/session-cookies", {"handle": handle, "cookies": cookies})
-        print(f"setup_twitter_auth: saved {len(cookies)} session cookies for @{handle} "
-              "(auto-restore enabled)", file=sys.stderr)
-    # api_post raises SystemExit (BaseException, NOT Exception) on a 4xx/5xx —
-    # e.g. "no social_accounts row" on a persistent machine that never registered
-    # this handle. The save is best-effort and must never abort connect_x, so
-    # catch SystemExit too.
-    except (Exception, SystemExit) as e:
-        print(f"setup_twitter_auth: session-store save skipped ({e})", file=sys.stderr)
+        cookies = _collect_x_cookies(send)
+    except Exception:
+        cookies = []
     finally:
         try:
             ws.close()
         except Exception:
             pass
+    if not cookies:
+        return
+
+    handle = None
+    if resolve_handle is not None:
+        try:
+            handle = resolve_handle()
+        except Exception:
+            handle = None
+
+    # 1. Local mirror — always, keychain-independent.
+    if twitter_cookie_mirror is not None:
+        try:
+            n = twitter_cookie_mirror.save_cookies(cookies, handle=handle)
+            print(f"setup_twitter_auth: mirrored {n} x.com cookies to "
+                  f"{twitter_cookie_mirror.MIRROR_PATH} (survives keychain re-lock "
+                  "/ Cookies-DB wipe on relaunch)", file=sys.stderr)
+        except Exception as e:
+            print(f"setup_twitter_auth: local mirror save skipped ({e})", file=sys.stderr)
+
+    # 2. Server store — best-effort, only when a handle resolves.
+    if api_post is not None and handle:
+        try:
+            api_post("/api/v1/twitter/session-cookies", {"handle": handle, "cookies": cookies})
+            print(f"setup_twitter_auth: saved {len(cookies)} session cookies for @{handle} "
+                  "(server auto-restore enabled)", file=sys.stderr)
+        # api_post raises SystemExit (BaseException, NOT Exception) on a 4xx/5xx —
+        # e.g. "no social_accounts row" on a persistent machine that never
+        # registered this handle. Best-effort: must never abort connect_x.
+        except (Exception, SystemExit) as e:
+            print(f"setup_twitter_auth: session-store save skipped ({e})", file=sys.stderr)
 
 
 def _show_window_and_open_login() -> bool:
@@ -475,19 +509,76 @@ def _classify_import_error(detail: str | None) -> str:
     return "unknown"
 
 
-def _force_cookie_flush() -> tuple[bool, str]:
-    """Trigger Chrome's cookie-store flush via CDP Browser.close (#2).
+def _cookies_db_path() -> Path | None:
+    """Resolve the harness profile's on-disk Cookies SQLite. Newer Chrome nests
+    it under Default/Network/; older builds keep it at Default/. Returns whichever
+    exists (most-recently-modified wins if both linger), or None."""
+    candidates = [
+        PROFILE_DIR / "Default" / "Network" / "Cookies",
+        PROFILE_DIR / "Default" / "Cookies",
+    ]
+    existing = [p for p in candidates if p.exists()]
+    if not existing:
+        return None
+    return max(existing, key=lambda p: p.stat().st_mtime)
+
+
+def _count_x_cookies_on_disk() -> int:
+    """Count x.com/twitter.com rows committed to the on-disk Cookies SQLite.
+
+    Reads a temp COPY of the DB (+ -wal/-shm) so an in-flight write by the live
+    Chrome can't lock us out, and opens it read-write on the copy so WAL-resident
+    rows are visible (a read-only open would miss not-yet-checkpointed writes —
+    exactly the rows we are polling for). Returns the count, or -1 if the DB is
+    missing/unreadable."""
+    db = _cookies_db_path()
+    if not db:
+        return -1
+    import shutil
+    import sqlite3
+    import tempfile
+    tmpdir = None
+    try:
+        tmpdir = Path(tempfile.mkdtemp(prefix="saps_flushchk_"))
+        dst = tmpdir / "Cookies"
+        shutil.copy2(db, dst)
+        for suffix in ("-wal", "-shm"):
+            w = db.parent / (db.name + suffix)
+            if w.exists():
+                shutil.copy2(w, tmpdir / ("Cookies" + suffix))
+        conn = sqlite3.connect(str(dst))
+        try:
+            n = conn.execute(
+                "SELECT COUNT(*) FROM cookies "
+                "WHERE host_key LIKE '%x.com' OR host_key LIKE '%twitter.com'"
+            ).fetchone()[0]
+        finally:
+            conn.close()
+        return int(n)
+    except Exception:
+        return -1
+    finally:
+        if tmpdir is not None:
+            shutil.rmtree(tmpdir, ignore_errors=True)
 
-    Verified empirically on Chrome 148/macOS 26: Browser.close synchronously
-    commits the in-memory CookieMonster to the on-disk SQLite, but does NOT
-    actually terminate the process. We rely on the flush side-effect, so a
-    SIGKILL immediately after import no longer wipes the imported cookies.
 
-    Returns (ok, detail). ok=True if the RPC was issued cleanly; the process
-    still being alive afterwards is expected behavior, not a failure."""
+def _force_cookie_flush() -> tuple[bool, str]:
+    """Flush Chrome's in-memory cookie store to disk via CDP Browser.close, then
+    VERIFY the x.com cookies actually landed in the on-disk SQLite before
+    returning (Gap A, 2026-06-02).
+
+    The bug this fixes: Browser.close acks immediately, but Chrome commits the
+    CookieMonster -> SQLite write ASYNCHRONOUSLY (~0.5-5s under load). The old
+    code treated the RPC ack as proof of persistence and reported
+    flushed_to_disk=true while the disk was still empty, so a doctor run or a
+    SIGKILL in that window saw zero cookies. We now poll the on-disk row count
+    until the flush is observably durable (or a timeout proves it isn't).
+
+    Returns (ok, detail). ok=True only when x.com rows are confirmed on disk."""
     bh = Path.home() / ".local" / "bin" / "browser-harness"
     if not bh.exists():
         return False, f"browser-harness CLI missing at {bh}"
+    before = _count_x_cookies_on_disk()
     env = os.environ.copy()
     env["BU_CDP_URL"] = CDP
     env.setdefault("BU_NAME", "twitter-harness")
@@ -502,7 +593,23 @@ def _force_cookie_flush() -> tuple[bool, str]:
         return False, f"browser-harness invocation failed: {e}"
     if r.returncode != 0:
         return False, (r.stderr or r.stdout).strip()[:300]
-    return True, "Browser.close issued; cookie store flushed to SQLite"
+
+    # Poll the disk for the async commit to land. Accept as soon as we observe
+    # x.com rows on disk (and, if we had a baseline, that it didn't regress).
+    deadline = time.time() + 8.0
+    last = before
+    while time.time() < deadline:
+        n = _count_x_cookies_on_disk()
+        if n > 0 and (before <= 0 or n >= before):
+            return True, f"verified {n} x.com cookies committed to on-disk SQLite"
+        last = n
+        time.sleep(0.5)
+    if last > 0:
+        return True, f"verified {last} x.com cookies on disk (slow flush)"
+    return False, (
+        f"Browser.close issued but on-disk x.com cookie count is {last} after 8s "
+        "(flush not confirmed; relying on the local cookie mirror for durability)"
+    )
 
 
 # --- Commands ---------------------------------------------------------------
@@ -543,7 +650,7 @@ def cmd_connect(args) -> dict:
     # 1. Already logged in? Nothing to import.
     try:
         if _is_session_valid():
-            _save_session_to_store()
+            _persist_session()
             return {
                 "ok": True,
                 "connected": True,
@@ -609,13 +716,17 @@ def cmd_connect(args) -> dict:
         # 3. Re-validate after this source.
         try:
             if _is_session_valid():
-                _save_session_to_store()
+                _persist_session()
                 # #2: force a cookie-store flush via CDP Browser.close so the
                 # imported session survives any subsequent SIGKILL (e.g. the
                 # autoposter cron stopping Chrome with no grace window). Empty
                 # result on this build is success — Browser.close triggers the
                 # flush synchronously but doesn't actually terminate Chrome.
                 flush_ok, flush_detail = _force_cookie_flush()
+                mirror_count = (
+                    twitter_cookie_mirror.load_meta().get("count")
+                    if twitter_cookie_mirror is not None else None
+                )
                 return {
                     "ok": True,
                     "connected": True,
@@ -624,10 +735,16 @@ def cmd_connect(args) -> dict:
                     "attempts": attempts,
                     "flushed_to_disk": flush_ok,
                     "flush_detail": flush_detail,
+                    "mirrored_cookies": mirror_count,
                     "note": f"Imported your X session from {src} into the autoposter browser. "
-                            + ("Cookies flushed to disk (persists across Chrome restart)."
+                            + ("Cookies verified on disk AND mirrored locally; "
                                if flush_ok else
-                               "Cookies are in RAM; a clean stop_chrome (1.6.32+) will flush them."),
+                               "Chrome's encrypted store didn't confirm the flush, but ")
+                            + (f"{mirror_count} cookies are saved to a keychain-independent "
+                               "mirror, so the cycle preflight auto-restores the session even if "
+                               "Chrome re-launches logged out."
+                               if mirror_count else
+                               "the session is live in the running browser."),
                     "cdp": CDP,
                 }
         except Exception:

package/scripts/twitter_cookie_mirror.py

@@ -0,0 +1,121 @@
+#!/usr/bin/env python3
+"""twitter_cookie_mirror.py - local 0600 mirror of the managed X session cookies.
+
+Why this exists (Gap B, 2026-06-02)
+-----------------------------------
+On a persistent (non-VM) machine the server-side session store
+(social_accounts.session_cookies) is SKIPPED during connect_x because there is no
+social_accounts row to attach the cookies to. That left Chrome's own encrypted
+Cookies SQLite as the ONLY thing keeping the X session across a Chrome relaunch.
+
+That store is not durable on a headless / SSH box: macOS encrypts Chrome cookies
+with the per-app `Chrome Safe Storage` key, which lives in the login keychain.
+When the keychain re-locks (idle ~5 min) between the import and the next Chrome
+launch, the freshly-launched Chrome cannot read the Safe Storage key, cannot
+decrypt the existing blobs, and reinitializes the Cookies DB to an empty schema.
+The imported session silently evaporates between `connect_x` and the first cycle.
+
+This module is the keychain-independent durability layer. On a successful import
+connect_x writes the validated x.com/twitter.com cookies (CDP-shaped, straight
+from Network.getAllCookies) here as plaintext JSON, and the cycle preflight
+(restore_twitter_session.py, invoked from skill/lib/twitter-backend.sh) re-injects
+them via CDP whenever the live session comes up logged out. A keychain re-lock or
+a wiped Cookies DB is therefore no longer fatal — the next cycle restores.
+
+Security
+--------
+The file grants access to the X account: it is exactly as sensitive as the Chrome
+profile itself, and is written 0600 (owner read/write only). Treat it like a
+token. It is intentionally NOT encrypted — the whole point is to survive a locked
+keychain, so adding a keychain-derived key would reintroduce the dependency this
+file exists to remove. On a multi-user host, restrict the home directory.
+
+CLI (debug / doctor):
+    python3 twitter_cookie_mirror.py count   # prints the mirrored cookie count
+    python3 twitter_cookie_mirror.py path    # prints the mirror file path
+"""
+from __future__ import annotations
+
+import json
+import os
+import sys
+import time
+from pathlib import Path
+
+# Sibling of the harness profile dir, NOT inside it: a VM profile reseed wipes
+# the profile but a persistent machine keeps this file across Chrome relaunches.
+# (On a VM the server-side store is the durable path; the mirror just stays empty
+# there and restore_twitter_session falls through to the API.)
+MIRROR_PATH = (
+    Path.home() / ".claude" / "browser-profiles" / "browser-harness.x-cookies.json"
+)
+
+
+def save_cookies(cookies, handle: str | None = None) -> int:
+    """Write the given CDP-shaped cookies to the 0600 mirror. Returns count saved.
+
+    Atomic (temp file + os.replace) so a crash mid-write never leaves a partial
+    JSON that the reader would choke on. No-op (returns 0) on an empty list."""
+    clean = [c for c in (cookies or []) if isinstance(c, dict) and c.get("name")]
+    if not clean:
+        return 0
+    MIRROR_PATH.parent.mkdir(parents=True, exist_ok=True)
+    payload = {"handle": handle, "saved_at": int(time.time()), "cookies": clean}
+    tmp = MIRROR_PATH.with_name(MIRROR_PATH.name + ".tmp")
+    # Create with 0600 from the start so the secret is never briefly world-readable.
+    fd = os.open(str(tmp), os.O_WRONLY | os.O_CREAT | os.O_TRUNC, 0o600)
+    with os.fdopen(fd, "w") as f:
+        json.dump(payload, f)
+    os.replace(tmp, MIRROR_PATH)
+    try:
+        os.chmod(MIRROR_PATH, 0o600)
+    except OSError:
+        pass
+    return len(clean)
+
+
+def _read() -> dict:
+    try:
+        with open(MIRROR_PATH) as f:
+            data = json.load(f)
+    except (OSError, ValueError):
+        return {}
+    return data if isinstance(data, dict) else {}
+
+
+def load_cookies() -> list:
+    """Return the mirrored CDP-shaped cookies, or [] if no/invalid mirror."""
+    cks = _read().get("cookies")
+    return cks if isinstance(cks, list) else []
+
+
+def load_meta() -> dict:
+    """Return {handle, saved_at, count} for the mirror, or {} if absent."""
+    data = _read()
+    if not data:
+        return {}
+    return {
+        "handle": data.get("handle"),
+        "saved_at": data.get("saved_at"),
+        "count": len(data.get("cookies") or []),
+    }
+
+
+def _cli(argv: list[str] | None = None) -> int:
+    argv = argv if argv is not None else sys.argv[1:]
+    cmd = argv[0] if argv else "count"
+    if cmd == "path":
+        print(MIRROR_PATH)
+        return 0
+    if cmd == "count":
+        print(len(load_cookies()))
+        return 0
+    if cmd == "meta":
+        print(json.dumps(load_meta()))
+        return 0
+    print(f"usage: {Path(sys.argv[0]).name} [count|path|meta]", file=sys.stderr)
+    return 2
+
+
+if __name__ == "__main__":
+    sys.exit(_cli())

package/skill/lib/twitter-backend.sh

@@ -214,6 +214,15 @@ ensure_twitter_browser_for_backend() {
         fi
         echo "[$(date +%H:%M:%S)] Harness Chrome up on port 9555" >&2
     fi
+    # Re-inject the stored X session if the harness Chrome is logged out — e.g. a
+    # keychain re-lock wiped Chrome's encrypted Cookies SQLite on this launch
+    # (Gap B, 2026-06-02). restore_twitter_session.py reads the keychain-
+    # independent local cookie mirror (written by connect_x) and injects via CDP.
+    # No-op when already logged in; never blocks the cycle on failure. Runs on
+    # both the freshly-launched and already-up paths so a mid-life logout heals.
+    TWITTER_CDP_URL="http://127.0.0.1:9555" \
+        python3 "$HOME/social-autoposter/scripts/restore_twitter_session.py" 2>&1 \
+        | sed 's/^/[restore] /' >&2 || true
     # Always close leftover tabs from prior runs. Safe under acquire_lock
     # "twitter-browser" serialization (every caller of this function holds
     # that lock), so we will not race with another active twitter run.

package/scripts/install_lane_monitor.py

@@ -1,111 +0,0 @@
-#!/usr/bin/env python3
-"""Watch the install lane canary in real time.
-
-Run any time:
-    python3 scripts/install_lane_monitor.py
-
-Checks:
-  1. Heartbeat freshness — alerts if last beat > 30min old.
-  2. Install attribution coverage — % of replies created in the last 24h
-     for each platform that have install_id stamped (canary github should
-     trend to ~100%; the other 3 should stay at 0% until we flip them).
-  3. Stuck-in-processing — replies left in 'processing' > 30min are the
-     classic failure mode for the new lane (server claimed the row, then
-     a downstream step failed silently).
-  4. Recent install lane errors — scans launchd-heartbeat logs for FAIL.
-
-Exit code 0 if everything green, 1 if any check fails. Safe in cron.
-"""
-import os, sys, subprocess
-sys.path.insert(0, os.path.join(os.path.dirname(__file__)))
-from http_api import api_get, load_env
-
-load_env()
-_digest = (api_get("/api/v1/install-lane/digest", query={"within_hours": 24}).get("data") or {})
-
-OK   = "\033[32m✓\033[0m"
-WARN = "\033[33m!\033[0m"
-FAIL = "\033[31m✗\033[0m"
-status = 0
-
-print("=" * 64)
-HTTP_LANE_PLATFORMS = {"github", "reddit", "x", "linkedin", "moltbook"}
-print(f"INSTALL LANE CANARY (HTTP: {', '.join(sorted(HTTP_LANE_PLATFORMS))} / others SQL)")
-print("=" * 64)
-
-# 1. Heartbeat freshness
-rows = _digest.get("heartbeat") or []
-print("\n[1] HEARTBEAT")
-if not rows:
-    print(f"  {FAIL} no installations rows yet")
-    status = 1
-else:
-    head = rows[0]
-    age = head["age_sec"]
-    age_disp = f"{age}s" if age < 120 else f"{age // 60}m {age % 60}s"
-    flag = OK if age < 1800 else (WARN if age < 3600 else FAIL)
-    if age >= 1800:
-        status = 1
-    print(f"  {flag} latest beat {age_disp} ago")
-    print(f"     install_id  {head['install_id']}")
-    print(f"     hostname    {head['hostname']}")
-    print(f"     beats total {head['request_count']}")
-    print(f"     last_ip     {head['last_ip']} ({head['last_city'] or '?'} / {head['last_country'] or '?'})")
-    if len(rows) > 1:
-        print(f"     +{len(rows)-1} other install(s) seen recently")
-
-# 2. Per-platform attribution coverage (last 24h created replies)
-rows = _digest.get("platforms") or []
-print(f"\n[2] LAST 24H REPLIES BY PLATFORM (HTTP-lane: {', '.join(sorted(HTTP_LANE_PLATFORMS))})")
-print(f"     {'platform':<10} {'total':>5} {'attrib':>7} {'rep':>5} {'skp':>5} {'prc':>5} {'pnd':>5}  notes")
-for r in rows:
-    plat, total, attrib = r["platform"], r["total"], r["attributed"]
-    replied, skipped, proc, pend = r["replied"], r["skipped"], r["processing"], r["pending"]
-    pct = (attrib / total * 100) if total else 0
-    note = ""
-    if plat in HTTP_LANE_PLATFORMS:
-        if total == 0:
-            note = "(no traffic yet)"
-        elif pct < 80:
-            note = f"  {WARN} only {pct:.0f}% attributed; expected ~100%"
-            status = 1
-        else:
-            note = f"  {OK} {pct:.0f}% attributed"
-    else:
-        if attrib > 0:
-            note = f"  {WARN} {attrib} unexpected install_id rows on a SQL-lane platform"
-    print(f"     {plat:<10} {total:>5} {attrib:>7} {replied:>5} {skipped:>5} {proc:>5} {pend:>5}{note}")
-
-# 3. Stuck in 'processing' > 30min — the canonical failure mode of a new claim path
-rows = _digest.get("stuck") or []
-print("\n[3] STUCK IN 'processing' > 30min")
-if not rows:
-    print(f"  {OK} none")
-else:
-    print(f"  {WARN} {len(rows)} stuck rows (revert with: UPDATE replies SET status='pending' WHERE id IN (...))")
-    for r in rows:
-        rid, plat, iid, age = r["id"], r["platform"], r["install_id"], r["age_sec"]
-        age_disp = f"{age // 60}m" if age < 7200 else f"{age // 3600}h"
-        print(f"     id={rid:<6} {plat:<8} iid={(iid or '-')[:8]}  {age_disp} ago")
-
-# 4. Heartbeat log errors in the last 100 lines
-log_path = os.path.expanduser("~/social-autoposter/skill/logs/heartbeat.log")
-print("\n[4] HEARTBEAT LOG (recent FAILs)")
-if os.path.exists(log_path):
-    try:
-        out = subprocess.check_output(["tail", "-200", log_path], text=True, timeout=5)
-        fails = [ln for ln in out.splitlines() if "FAIL" in ln]
-        if not fails:
-            print(f"  {OK} no failures in last 200 lines")
-        else:
-            print(f"  {FAIL} {len(fails)} failures:")
-            for ln in fails[-5:]:
-                print(f"     {ln}")
-            status = 1
-    except Exception as e:
-        print(f"  {WARN} couldn't read log: {e}")
-else:
-    print(f"  {WARN} log not yet created at {log_path}")
-
-print()
-sys.exit(status)

package/scripts/li_discover_insert.py

@@ -1,183 +0,0 @@
-#!/usr/bin/env python3
-import json
-import os
-import sys
-import re
-
-sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
-from http_api import api_post
-
-EXCLUDED_AUTHORS = {"louis030195", "louis3195"}
-OWN_NAME = "Matthew Diakonov"
-OWN_HANDLES = {"m13v", "matthew-diakonov"}
-
-def load_existing_comment_ids():
-    s = set()
-    with open("/tmp/li_existing_comment_ids.txt") as f:
-        for line in f:
-            line = line.strip()
-            if line:
-                s.add(line)
-    return s
-
-def load_engaged_pairs():
-    s = set()
-    with open("/tmp/li_engaged_pairs.txt") as f:
-        for line in f:
-            line = line.strip()
-            if line:
-                s.add(line)
-    return s
-
-def load_posts():
-    """Build mapping by activity_id and ugc_id from our_url."""
-    by_id = {}
-    with open("/tmp/li_posts.txt") as f:
-        for line in f:
-            line = line.strip()
-            if not line:
-                continue
-            pid_str, _, our_url = line.partition("|")
-            try:
-                pid = int(pid_str)
-            except ValueError:
-                continue
-            ids = set()
-            for m in re.findall(r"urn:li:activity:(\d+)", our_url):
-                ids.add(("activity", m))
-            for m in re.findall(r"urn:li:ugcPost:(\d+)", our_url):
-                ids.add(("ugcPost", m))
-            for m in re.findall(r"/feed/update/urn:li:(activity|ugcPost):(\d+)", our_url):
-                ids.add((m[0], m[1]))
-            for m in re.findall(r"/posts/[^/?#]*?(\d{15,})", our_url):
-                ids.add(("any", m))
-            for m in re.findall(r"(\d{18,20})", our_url):
-                ids.add(("any", m))
-            for kind, urn_id in ids:
-                by_id.setdefault(urn_id, (pid, our_url))
-    return by_id
-
-def main():
-    existing = load_existing_comment_ids()
-    engaged = load_engaged_pairs()
-    posts_by_id = load_posts()
-
-    items = []
-    for fn in ("/tmp/li_notifications_batch1.json", "/tmp/li_notifications_batch2.json"):
-        with open(fn) as f:
-            items.extend(json.load(f))
-
-    counts = {
-        "discovered": 0,
-        "already_tracked": 0,
-        "author_already_engaged": 0,
-        "excluded": 0,
-        "own_account": 0,
-        "no_comment_urn": 0,
-        "post_not_found_skipped": 0,
-        "post_created": 0,
-    }
-
-    for it in items:
-        author = (it.get("author") or "").strip()
-        comment_urn = it.get("comment_urn")
-        href = it.get("href")
-        snippet = it.get("snippet") or ""
-        activity_id = it.get("activity_id")
-        ugc_id = it.get("ugc_id")
-
-        if not comment_urn or not (activity_id or ugc_id):
-            counts["no_comment_urn"] += 1
-            continue
-
-        if author == OWN_NAME or author.lower() in OWN_HANDLES:
-            counts["own_account"] += 1
-            continue
-
-        author_lower = author.lower()
-        if any(ex in author_lower for ex in EXCLUDED_AUTHORS):
-            counts["excluded"] += 1
-            continue
-
-        if comment_urn in existing:
-            counts["already_tracked"] += 1
-            continue
-
-        # Find post by activity_id first, then ugc_id
-        post_id = None
-        our_url = None
-        for candidate in (activity_id, ugc_id):
-            if candidate and candidate in posts_by_id:
-                post_id, our_url = posts_by_id[candidate]
-                break
-
-        if post_id is None:
-            # Need to insert a new post row
-            urn_for_url = activity_id or ugc_id
-            kind = "activity" if activity_id else "ugcPost"
-            our_url = f"https://www.linkedin.com/feed/update/urn:li:{kind}:{urn_for_url}/"
-            # thread_author: best signal we have is the notification author
-            # (the replier). It isn't the actual OP, but it's not us, so the
-            # dashboard "threads vs comments" filter (server.js /api/top)
-            # correctly classifies these as comments under someone else's post.
-            thread_author = author or "(unknown)"
-            resp = api_post(
-                "/api/v1/posts",
-                {
-                    "platform": "linkedin",
-                    "thread_url": our_url,
-                    "our_url": our_url,
-                    "our_content": "[discovered via notification, no original content tracked]",
-                    "project": "general",
-                    "thread_author": thread_author,
-                    "our_account": "Matthew Diakonov",
-                    "engagement_style": "discovered_via_notification",
-                    "status": "active",
-                },
-                ok_on_conflict=True,
-            )
-            if (resp.get("error") or {}).get("code") == "duplicate_thread":
-                # Post already exists in DB but wasn't in our /tmp/li_posts.txt
-                # local map; reuse the existing row instead of creating a dup.
-                post_id = (resp["error"].get("details") or {}).get("existing_post_id")
-            else:
-                post_id = ((resp.get("data") or {}).get("post") or {}).get("id")
-            if post_id is None:
-                counts["post_not_found_skipped"] += 1
-                continue
-            counts["post_created"] += 1
-            # Add to in-memory map so subsequent items in same loop reuse it
-            for cand in (activity_id, ugc_id):
-                if cand:
-                    posts_by_id[cand] = (post_id, our_url)
-
-        pair_key = f"{author}|||{our_url}"
-        if pair_key in engaged:
-            counts["author_already_engaged"] += 1
-            continue
-
-        # Insert reply (find-or-create; 409 duplicate is fine, the gate may
-        # also return 200 with reply:null which we treat as discovered-then-gated).
-        api_post(
-            "/api/v1/replies",
-            {
-                "platform": "linkedin",
-                "post_id": post_id,
-                "their_comment_id": comment_urn,
-                "their_author": author,
-                "their_content": snippet,
-                "their_comment_url": href,
-                "depth": 1,
-                "status": "pending",
-            },
-            ok_on_conflict=True,
-        )
-
-        existing.add(comment_urn)
-        engaged.add(pair_key)
-        counts["discovered"] += 1
-
-    print(json.dumps(counts, indent=2))
-
-if __name__ == "__main__":
-    main()