social-autoposter 1.6.38 → 1.6.40

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/bin/cli.js +6 -23
  2. package/package.json +1 -1
  3. package/scripts/setup_twitter_auth.py +9 -0
package/bin/cli.js CHANGED
@@ -26,20 +26,6 @@ const COPY_TARGETS = [
26
26
  'mcp',
27
27
  ];
28
28
 
29
- const ENV_TEMPLATE = `# social-autoposter environment variables
30
- # Fill in your values below.
31
-
32
- # Moltbook API key (required for Moltbook posting/scanning)
33
- # Get it from: https://www.moltbook.com/settings/api
34
- MOLTBOOK_API_KEY=
35
-
36
- # s4l.ai HTTP API. The pipelines read and write all state through this API
37
- # (no Postgres required). Defaults to https://s4l.ai when unset; set
38
- # AUTOPOSTER_API_KEY only if your install uses a bearer token.
39
- # AUTOPOSTER_API_BASE=https://s4l.ai
40
- # AUTOPOSTER_API_KEY=
41
- `;
42
-
43
29
  // Never overwrite these user files during update
44
30
  const USER_FILES = new Set(['config.json', '.env', 'SKILL.md']);
45
31
 
@@ -843,15 +829,12 @@ function init() {
843
829
  console.log(' config.json exists — skipping');
844
830
  }
845
831
 
846
- // .env only if it doesn't exist. Written from an in-package template so
847
- // the NPM tarball no longer ships a credential-bearing .env.example file.
848
- const envDest = path.join(DEST, '.env');
849
- if (!fs.existsSync(envDest)) {
850
- fs.writeFileSync(envDest, ENV_TEMPLATE);
851
- console.log(' created .env from template (fill in MOLTBOOK_API_KEY; AUTOPOSTER_API_KEY only if your install uses one)');
852
- } else {
853
- console.log(' .env exists — skipping');
854
- }
832
+ // No .env is created. X/Twitter and the rest of the pipeline run with zero
833
+ // keys state syncs through the s4l.ai HTTP API and the browser session
834
+ // lives in the harness Chrome profile. Optional integrations read their keys
835
+ // straight from the environment when set (MOLTBOOK_API_KEY for Moltbook,
836
+ // AUTOPOSTER_API_KEY only if your s4l.ai install uses a bearer token); every
837
+ // script guards `.env` with `[ -f .env ]`, so its absence is a no-op.
855
838
 
856
839
  installPythonDeps();
857
840
  removeLegacyEngagementStylesSidecar();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "social-autoposter",
3
- "version": "1.6.38",
3
+ "version": "1.6.40",
4
4
  "description": "Automated social posting pipeline for Reddit, X/Twitter, LinkedIn, and Moltbook. Install as a Claude Code agent skill.",
5
5
  "bin": {
6
6
  "social-autoposter": "bin/cli.js"
package/scripts/setup_twitter_auth.py CHANGED
@@ -172,6 +172,15 @@ def _launch_chrome() -> bool:
172
172
  f"--user-data-dir={PROFILE_DIR}",
173
173
  "--no-first-run",
174
174
  "--no-default-browser-check",
175
+ # Encrypt the cookie store with Chrome's fixed obfuscation key instead of
176
+ # the macOS Keychain ("Chrome Safe Storage"). Without this, a keychain
177
+ # lock/re-lock leaves Chrome unable to decrypt its Cookies SQLite on the
178
+ # next launch and the imported session is discarded. Must match the cycle
179
+ # launcher (skill/lib/twitter-backend.sh) so the session connected here
180
+ # actually survives the pipeline's later relaunches. (Persistence fix,
181
+ # 2026-06-02.)
182
+ "--password-store=basic",
183
+ "--use-mock-keychain",
175
184
  "--disable-features=ChromeWhatsNewUI",
176
185
  ]
177
186
  is_linux = sys.platform.startswith("linux")