social-autoposter 1.6.64 → 1.6.66

package/mcp/dist/index.js

@@ -20,7 +20,7 @@ import fs from "node:fs";
 import { repoDir, runPython, run, readPlan, writePlan, planPath, } from "./repo.js";
 import { applySetup, resolveProject, hasReadyProject, listManagedProjectStatus, REQUIRED_FIELDS, RECOMMENDED_FIELDS, configPath, } from "./setup.js";
 import { xStatus, xConnect, xDetectSources, xScanProfile, summarizeXAuth } from "./twitterAuth.js";
-import { startProvisioning, isProvisioning, readProgress, runtimeReady, readRuntime, resolvePython, } from "./runtime.js";
+import { startProvisioning, isProvisioning, readProgress, runtimeReady, readRuntime, resolvePython, resolveChrome, } from "./runtime.js";
 import { VERSION, versionStatus, latestPublishedVersion } from "./version.js";
 import { registerAppTool, registerAppResource, RESOURCE_MIME_TYPE, getUiCapability, } from "@modelcontextprotocol/ext-apps/server";
 import { fileURLToPath } from "node:url";
@@ -47,8 +47,38 @@ const LAUNCHD_PATH = [
     "/usr/sbin",
     "/sbin",
 ].join(":");
+// Bin dirs the pipeline must resolve FIRST: the owned uv venv (so the scripts'
+// bare `python3` hits the provisioned interpreter with pipeline deps, not the
+// user's system python) and ~/.local/bin (so `browser-harness`, the CDP scan
+// engine, resolves). resolvePython() is dynamic, so this re-derives per call.
+function ownedBinDirs() {
+    const dirs = [];
+    const py = resolvePython();
+    if (path.isAbsolute(py))
+        dirs.push(path.dirname(py));
+    dirs.push(path.join(os.homedir(), ".local", "bin"));
+    return dirs;
+}
+// PATH for an interactively-spawned pipeline run (draft_cycle): owned bins
+// first, then whatever PATH the MCP server inherited.
+function pipelinePath() {
+    return [...ownedBinDirs(), process.env.PATH || LAUNCHD_PATH].join(":");
+}
+// PATH baked into launchd plists (autopilot/cron): owned bins first, then the
+// sane launchd default (launchd starts with a bare PATH).
+function launchdPath() {
+    return [...ownedBinDirs(), LAUNCHD_PATH].join(":");
+}
 function plistXml(opts) {
     const args = opts.programArgs.map((a) => `\t\t<string>${a}</string>`).join("\n");
+    // Background (cron/autopilot) runs get the same Chrome the interactive cycle
+    // uses, so a no-sudo ~/Applications install (which the shell's own resolver
+    // doesn't scan) is still found off-screen. Omitted when Chrome resolves via
+    // PATH, so the shell's _resolve_chrome_bin stays the fallback.
+    const chrome = resolveChrome();
+    const chromeEnv = chrome
+        ? `\n\t\t<key>BH_CHROME_BIN</key>\n\t\t<string>${chrome}</string>`
+        : "";
     return `<?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
@@ -68,13 +98,13 @@ ${args}
 \t<key>EnvironmentVariables</key>
 \t<dict>
 \t\t<key>PATH</key>
-\t\t<string>${LAUNCHD_PATH}</string>
+\t\t<string>${launchdPath()}</string>
 \t\t<key>HOME</key>
 \t\t<string>${os.homedir()}</string>
 \t\t<key>SAPS_REPO_DIR</key>
 \t\t<string>${repoDir()}</string>
 \t\t<key>SAPS_PYTHON</key>
-\t\t<string>${resolvePython()}</string>
+\t\t<string>${resolvePython()}</string>${chromeEnv}
 \t</dict>
 \t<key>RunAtLoad</key>
 \t<${opts.runAtLoad ? "true" : "false"}/>
@@ -256,6 +286,12 @@ async function produceDrafts(project, onProgress) {
     const env = {
         DRAFT_ONLY: "1",
         TWITTER_PAGE_GEN_RATE: "0",
+        // Point the cycle at the resolved repo (a bare .mcpb materializes it under
+        // the state dir, NOT ~/social-autoposter); run-twitter-cycle.sh honors
+        // SAPS_REPO_DIR for its REPO_DIR. And put the owned runtime + ~/.local/bin
+        // first on PATH so the script's bare `python3` and `browser-harness` resolve.
+        SAPS_REPO_DIR: repoDir(),
+        PATH: pipelinePath(),
         // Interactive draft_cycle: launch the harness Chrome ON-SCREEN so the user
         // can watch the scan/scrape happen live. Cron/autopilot do NOT set these, so
         // background runs keep the off-screen default in twitter-backend.sh and don't
@@ -266,6 +302,14 @@ async function produceDrafts(project, onProgress) {
     };
     if (project)
         env.SAPS_FORCE_PROJECT = project;
+    // Point the harness at the Chrome the runtime detected/installed. The cycle's
+    // own _resolve_chrome_bin doesn't scan ~/Applications (our no-sudo fallback
+    // install target), so without this a non-admin .mcpb install would have Chrome
+    // on disk yet still report "no Chrome/Chromium binary found." Only set when
+    // resolved; otherwise let the shell resolve Chrome from its own probe list.
+    const chrome = resolveChrome();
+    if (chrome)
+        env.BH_CHROME_BIN = chrome;
     // Bring the on-screen overlay up alongside the live harness window so the user
     // watching the scan/scrape sees status + queued drafts. Idempotent + detached.
     await ensureOverlayWatch();
@@ -594,7 +638,17 @@ tool("setup", {
                     "cookies from your everyday browser (Chrome/Arc/Brave/Edge, auto-detected) into it, and " +
                     "(3) verify you're logged in. No other site's cookies are read, and your passwords are never " +
                     "seen. If it can't import a valid session, a Chrome window will open for you to sign in once.",
-                how_to_proceed: "Tell the user the above in your own words and ask if that's OK. If yes, call setup again with " +
+                keychain_prompt: "Reading the saved session requires macOS to unlock the browser's encrypted cookie store, so " +
+                    "one or more keychain prompts will appear (\u201c... wants to use your confidential information " +
+                    "stored in '... Safe Storage' in your keychain\u201d). This is expected. The user enters their Mac " +
+                    "login password and clicks Allow (or Always Allow to avoid repeats). If they use more than one " +
+                    "browser, the prompt can appear a few times, once per browser.",
+                say_to_user: "Heads up: your Mac will pop up a keychain prompt asking to use your browser's Safe Storage. " +
+                    "That's just us reading your saved X login, nothing else. Type your Mac login password and click " +
+                    "Allow (or Always Allow). If you use more than one browser you may see it a couple of times, " +
+                    "once per browser.",
+                how_to_proceed: "Tell the user what_will_happen in your own words, then relay the say_to_user line so they know " +
+                    "the keychain prompt is coming and what to click. Ask if that's OK. If yes, call setup again with " +
                     "action:'connect_x', confirm:true (optionally x_source:'arc:Default' etc. if they use a non-Chrome browser).",
             });
         }