social-autoposter 1.6.52 → 1.6.54

package/bin/cli.js

@@ -520,31 +520,43 @@ function installBrowserHarness() {
   }
 
   // Step 2 + 3: clone + `uv tool install -e .` browser-harness.
+  //
+  // PINNED to a known-good upstream commit instead of tracking origin/HEAD.
+  // The installer used to fetch+reset --hard to HEAD on every run, so any
+  // upstream change shipped to users untested (this is how the two-blank-tab
+  // regression in upstream daemon.py attach behavior could reach users). Our
+  // launch-at-real-URL fix in server.py/twitter-backend.sh neutralizes that
+  // class of bug regardless, but pinning stops surprise upstream drift. Bump
+  // BROWSER_HARNESS_PIN deliberately after validating a newer upstream against
+  // the shipped server.py contract.
+  const BROWSER_HARNESS_PIN = '6d20866664ea3d9691b27bbf64f42ae097437dc3';
   const harnessDir = path.join(HOME, 'Developer', 'browser-harness');
+  const pinHarness = () => {
+    // Fetch the exact pinned commit (GitHub serves arbitrary SHAs) and hard-
+    // reset onto it. Works for a fresh clone and an existing checkout alike.
+    const fetch = spawnSync('git', ['-C', harnessDir, 'fetch', '--depth', '1', 'origin', BROWSER_HARNESS_PIN], { stdio: 'inherit' });
+    if (fetch.status !== 0) {
+      console.warn(`    WARNING: could not fetch pinned browser-harness commit ${BROWSER_HARNESS_PIN.slice(0, 9)}; using existing checkout.`);
+      return;
+    }
+    const reset = spawnSync('git', ['-C', harnessDir, 'reset', '--hard', 'FETCH_HEAD'], { stdio: 'inherit' });
+    if (reset.status !== 0) {
+      console.warn('    WARNING: could not reset browser-harness clone to pinned commit; using existing checkout.');
+    }
+  };
   if (!fs.existsSync(harnessDir)) {
     fs.mkdirSync(path.dirname(harnessDir), { recursive: true });
     console.log('    cloning browser-harness from GitHub...');
     const clone = spawnSync('git', ['clone', '--depth', '1', 'https://github.com/browser-use/browser-harness', harnessDir], { stdio: 'inherit' });
     if (clone.status !== 0) {
       console.warn('    WARNING: git clone failed; twitter-harness will not work until you clone manually.');
-    }
-  } else {
-    // Refresh the existing clone instead of silently reusing it. server.py
-    // invokes `browser-harness -c <script>`; a stale checkout that predates the
-    // `-c` interface (or otherwise drifted from upstream) makes every bh_run
-    // return the CLI usage string while looking "installed". fetch+reset --hard
-    // to current upstream so the installed CLI always matches the shipped
-    // server.py contract.
-    console.log(`    browser-harness clone exists -> ${harnessDir}; updating to latest...`);
-    const fetch = spawnSync('git', ['-C', harnessDir, 'fetch', '--depth', '1', 'origin', 'HEAD'], { stdio: 'inherit' });
-    if (fetch.status === 0) {
-      const reset = spawnSync('git', ['-C', harnessDir, 'reset', '--hard', 'FETCH_HEAD'], { stdio: 'inherit' });
-      if (reset.status !== 0) {
-        console.warn('    WARNING: could not reset browser-harness clone to latest; using existing checkout.');
-      }
     } else {
-      console.warn('    WARNING: could not fetch browser-harness updates; using existing checkout.');
+      console.log(`    pinning browser-harness to ${BROWSER_HARNESS_PIN.slice(0, 9)}...`);
+      pinHarness();
     }
+  } else {
+    console.log(`    browser-harness clone exists -> ${harnessDir}; pinning to ${BROWSER_HARNESS_PIN.slice(0, 9)}...`);
+    pinHarness();
   }
 
   if (uvBin && fs.existsSync(harnessDir)) {
@@ -1193,6 +1205,24 @@ function doctor() {
   }
 }
 
+// Provision the owned Python/Chromium runtime from the terminal. This is the
+// panel-free path: it runs the EXACT same provisioning logic the panel's
+// "Install runtime" button and the install_runtime MCP tool use (mcp/src/
+// runtime.ts -> dist/runtime.js), via the thin ESM wrapper mcp/install-runtime.mjs.
+// Use it when the UI panel can't render (Claude Code/Cowork), on a bare VM, or
+// when an agent wants to install head-less. Idempotent: re-running repairs.
+function installRuntime() {
+  const wrapper = path.join(__dirname, '..', 'mcp', 'install-runtime.mjs');
+  if (!fs.existsSync(wrapper)) {
+    console.error(`Cannot find ${wrapper}. Re-run \`npx social-autoposter update\` to repair the install.`);
+    process.exit(1);
+  }
+  // process.execPath is the Node already running this CLI, so we reuse it
+  // rather than hunting for a node on PATH.
+  const res = spawnSync(process.execPath, [wrapper], { stdio: 'inherit' });
+  process.exit(res.status == null ? 1 : res.status);
+}
+
 const cmd = process.argv[2];
 if (cmd === 'init') {
   init();
@@ -1202,6 +1232,8 @@ if (cmd === 'init') {
   doctor();
 } else if (cmd === 'bootstrap-vm') {
   bootstrapVm();
+} else if (cmd === 'install-runtime') {
+  installRuntime();
 } else if (cmd === 'export-cookies') {
   // Forward to cookie-helper with 'export' + remaining args
   process.argv = [process.argv[0], process.argv[1], 'export', ...process.argv.slice(3)];
@@ -1231,6 +1263,7 @@ if (cmd === 'init') {
   console.log('  npx social-autoposter update        update scripts, preserve config');
   console.log('  npx social-autoposter doctor        probe install health (#6, 1.6.34+)');
   console.log('  npx social-autoposter bootstrap-vm  AppMaker VM self-bootstrap (DB-driven)');
+  console.log('  npx social-autoposter install-runtime  provision owned Python + Chromium (panel-free)');
   console.log('  npx social-autoposter export-cookies [dir]  export browser cookies');
   console.log('  npx social-autoposter import-cookies [dir]  import browser cookies');
 }

package/mcp/dist/index.js

@@ -19,6 +19,7 @@ import fs from "node:fs";
 import { REPO_DIR, runPython, run, readPlan, writePlan, planPath, } from "./repo.js";
 import { applySetup, resolveProject, hasReadyProject, listManagedProjectStatus, REQUIRED_FIELDS, RECOMMENDED_FIELDS, CONFIG_PATH, } from "./setup.js";
 import { xStatus, xConnect, summarizeXAuth } from "./twitterAuth.js";
+import { startProvisioning, isProvisioning, readProgress, runtimeReady, readRuntime, } from "./runtime.js";
 import { VERSION, versionStatus, latestPublishedVersion } from "./version.js";
 import { registerAppTool, registerAppResource, RESOURCE_MIME_TYPE, } from "@modelcontextprotocol/ext-apps/server";
 import { fileURLToPath } from "node:url";
@@ -526,6 +527,7 @@ server.registerTool("setup", {
             projects,
             x_connected: x.connected,
             x_state: x.state,
+            x_handle: x.handle ?? null,
             mcp_version: ver.installed,
             latest_version: ver.latest,
             update_available: ver.update_available,
@@ -950,6 +952,112 @@ server.registerTool("version", {
                 : "You are on the latest published version.",
     });
 });
+// ---- runtime installer ----------------------------------------------------
+// The pipeline runs Python locally. Rather than depend on the user's system
+// Python (the #1 source of install failures), the first run provisions a fully
+// OWNED uv runtime: standalone CPython + owned venv + deps + Chromium. These two
+// tools drive it. They are plain (non-UI) tools so EVERY host can install — the
+// panel's Install card is just a skin that calls install_runtime then polls
+// install_status. See runtime.ts for the provisioning + progress contract.
+function runtimeSnapshot() {
+    const rt = readRuntime();
+    const progress = readProgress();
+    return {
+        runtime_ready: runtimeReady(),
+        provisioning: isProvisioning(),
+        python: rt?.python ?? null,
+        python_version: rt?.python_version ?? null,
+        progress: progress ?? null,
+    };
+}
+server.registerTool("install_runtime", {
+    title: "Install the Python runtime",
+    description: "One-time setup that provisions the self-contained runtime the autoposter needs: a private " +
+        "Python (via uv, not your system Python), its dependencies, and the Chromium browser. Runs in " +
+        "the background and returns immediately; poll `install_status` for progress. Safe to call " +
+        "repeatedly; it resumes/repairs and is a no-op once everything is installed. Use this the " +
+        "first time the user sets up, or if other tools report the runtime isn't ready.",
+    inputSchema: {},
+}, async () => {
+    if (runtimeReady()) {
+        return jsonContent({ already_installed: true, ...runtimeSnapshot() });
+    }
+    const progress = startProvisioning();
+    return jsonContent({
+        started: true,
+        runtime_ready: false,
+        note: "Runtime install started. Poll install_status every ~1.5s for progress.",
+        progress,
+    });
+});
+server.registerTool("install_status", {
+    title: "Runtime install status",
+    description: "Report whether the self-contained Python/Chromium runtime is installed and, if an install is " +
+        "in progress, the per-step progress (uv, Python, venv, dependencies, Chromium). Poll this after " +
+        "install_runtime to follow the install to completion.",
+    inputSchema: {},
+}, async () => jsonContent(runtimeSnapshot()));
+// ---- config: read / edit the raw config.json ------------------------------
+// The panel renders the full config and lets the user edit it. Writing is
+// guarded: the new content must parse as JSON, and we always drop a timestamped
+// backup next to config.json before overwriting, so a bad paste is recoverable.
+server.registerTool("config", {
+    title: "View or edit config.json",
+    description: "Read or update the autoposter's config.json (the source of truth for every project, the X/" +
+        "Reddit/LinkedIn account handles, topics, and exclusions). action:'get' (default) returns the " +
+        "full raw JSON; action:'save' validates the supplied `content` as JSON, writes a timestamped " +
+        "backup, then overwrites config.json. Use when the user asks to see, edit, or fix their config.",
+    inputSchema: {
+        action: z.enum(["get", "save"]).optional(),
+        content: z.string().optional(),
+    },
+}, async (args) => {
+    const action = args.action || "get";
+    if (action === "get") {
+        try {
+            const content = fs.readFileSync(CONFIG_PATH, "utf-8");
+            return jsonContent({ ok: true, path: CONFIG_PATH, bytes: content.length, content });
+        }
+        catch (e) {
+            return jsonContent({ ok: false, path: CONFIG_PATH, error: String(e?.message || e) });
+        }
+    }
+    // save
+    const content = args.content;
+    if (typeof content !== "string" || content.trim() === "") {
+        return jsonContent({ ok: false, error: "Nothing to save: `content` was empty." });
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(content);
+    }
+    catch (e) {
+        // Don't write a config that won't parse — every pipeline reads this file.
+        return jsonContent({ ok: false, error: "Invalid JSON, not saved: " + String(e?.message || e) });
+    }
+    if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+        return jsonContent({ ok: false, error: "Top level of config.json must be a JSON object." });
+    }
+    try {
+        const stamp = new Date().toISOString().replace(/[:.]/g, "-");
+        const backup = `${CONFIG_PATH}.bak-panel-${stamp}`;
+        try {
+            fs.copyFileSync(CONFIG_PATH, backup);
+        }
+        catch {
+            /* first-write / missing original is non-fatal */
+        }
+        // Re-serialize the parsed object so what lands on disk is canonical,
+        // 2-space-indented JSON with a trailing newline (matches the Python
+        // writers), regardless of how the user formatted their paste.
+        const out = JSON.stringify(parsed, null, 2) + "\n";
+        fs.writeFileSync(CONFIG_PATH, out, "utf-8");
+        return jsonContent({ ok: true, path: CONFIG_PATH, bytes: out.length, backup });
+    }
+    catch (e) {
+        return jsonContent({ ok: false, error: "Write failed: " + String(e?.message || e) });
+    }
+});
 // ---- panel: MCP Apps control surface --------------------------------------
 // A self-contained HTML view rendered by hosts that support MCP Apps (Claude
 // desktop/web, etc.). It duplicates NO pipeline logic: each button calls one of
@@ -990,11 +1098,16 @@ async function buildSnapshot() {
         projects_ready: projects.filter((p) => p.ready).length,
         x_connected: !!x.connected,
         x_state: x.state || "",
+        x_handle: x.handle ?? null,
         autopilot_on: ap.autopilot_on,
         auto_update_on: ap.auto_update_on,
         version: ver.installed || VERSION,
         latest_version: ver.latest ?? null,
         update_available: !!ver.update_available,
+        // Runtime install gate: the panel shows the Install card (and disables the
+        // action buttons) until the owned Python/Chromium runtime is provisioned.
+        runtime_ready: runtimeReady(),
+        runtime_provisioning: isProvisioning(),
     };
 }
 registerAppTool(server, "panel", {