The open source social autoposter that drives your real browser, not platform APIs (April 2026)

Because the SERP for the unqualified phrase is dominated by tools that have been around for years (Postiz, Mixpost, dlvr.it, the politsturm PHP repo, the justaman045 Python desktop app, the wordpress.org Bit Social plugin). They are mature, but they all share one architectural choice: they publish through platform OAuth or write to APIs. As of April 2026 there is still no widely-indexed open source autoposter that drives your real browser through Playwright MCP, scoped per platform, with a battle-tested lock primitive for the case when a session pins a profile. S4L is that one. The 'April 2026' qualifier is honest: this is what's true about the space right now, and you can verify it on a clean SERP.

Three reasons. First, no OAuth approval. X (Twitter) ended free API access in 2023 and the cheapest paid tier in April 2026 is still $200/month. LinkedIn's Community Manager API requires a partner application review. Reddit's script app flow is the easiest of the three but still requires a registered token, scopes, and refresh handling. Browser-side, you already have a cookie because you logged in like a human. Second, you stay inside human rate limits, not API quotas, because you are literally typing into the same text boxes a human would. Third, every platform UI change becomes a Playwright snapshot/selector update instead of an API contract you have to wait for the vendor to ship.

skill/lock.sh tags 'twitter-browser', 'reddit-browser', and 'linkedin-browser' as platform-browser locks via a case statement. The acquire_lock loop checks the lock directory's mtime every 10 seconds. If lock_age > 600 (ten minutes) and the holder is still 'alive', the script reads the PID from $lock_dir/pid, finds the process group via ps -o pgid=, sends kill -TERM to the negated PGID (which kills the whole tree: shell, claude, npx MCP, Chrome), runs pkill -TERM -P on direct children, sleeps 2 seconds, then escalates to kill -KILL on the same set. Then it removes the lock dir. Then, after the next acquire_lock call succeeds, it runs pkill -f "user-data-dir=.*browser-profiles/${platform}" to sweep any orphaned Chromium that reparented to PID 1 when its parent MCP died. The whole rescue takes about 3 seconds.

Because the comment in skill/lock.sh says it directly: 'Bare kill -TERM $pid only kills the shell; its Claude/MCP children get reparented to init and keep holding the MCP-hook lock for minutes, blocking the next pipeline.' A run-twitter-cycle.sh launches bash -> claude -p -> npx @playwright/mcp -> chromium. If you only kill the bash, every descendant survives. The fix is to grab the PGID once with ps -o pgid=, then kill -TERM -$pgid (the negative sign tells kill to target the entire process group). pkill -P $pid is a belt-and-suspenders pass over direct children in case any of them set their own pgid.

Two reasons. One, cookie hygiene: a single Chromium profile that signs into Twitter, Reddit, and LinkedIn at once accumulates cross-site state that Twitter's anti-automation sees and dings. Three profiles under ~/.claude/browser-profiles/{twitter,reddit,linkedin} look like three normal users on three normal devices. Two, fault isolation: a wedged Reddit MCP can never block a Twitter post. Each lock is per-profile, each MCP child is spawned with --strict-mcp-config pointing at exactly one of browser-agent-configs/{twitter,reddit,linkedin}-agent-mcp.json, so the children are mechanically incapable of reaching into another platform's session.

Run jobs (twitter-cycle every 1800s, reddit-search every 1800s, reddit-threads on calendar, linkedin, moltbook, github), audit jobs (audit-twitter, audit-reddit, audit-reddit-resurrect, audit-linkedin, audit-moltbook, audit-dm-staleness), engagement jobs (engage.sh, engage-twitter, engage-linkedin, github-engage), DM outreach (dm-outreach-{twitter,reddit,linkedin}), DM reply scanning (dm-replies-{twitter,reddit,linkedin}, scan-{reddit,moltbook}-replies), stats jobs per platform (stats-{twitter,reddit,linkedin,moltbook}), link-edit jobs (link-edit-{twitter,reddit,linkedin,moltbook,github}), octolens (octolens, octolens-{twitter,reddit,linkedin}), SEO jobs (gsc-seo, serp-seo), plus precompute-stats, daily-report, deploy-status. Each gets its own .plist with its own StartInterval or StartCalendarInterval so a slow audit run never delays a 30-minute Twitter cycle.

The Python and JS helpers in scripts/ and the lock primitive in skill/lock.sh are POSIX bash and run anywhere with bash, mkdir, ps, pkill, kill. The launchd plists are mac-only by design (the README links to setup/SKILL.md Step 7 for the cron snippets). On Linux you replace launchd with cron or systemd timers and keep the rest verbatim. The Playwright MCP profile dirs work on Linux Chromium too. There's no macOS API in the hot path.

Posts, replies, candidates, batches, projects, and stats all live in your DATABASE_URL. The schema is in schema-postgres.sql and you apply it once. Neon is the recommended host because the free tier is generous and the connection string is just a URL, but anything that speaks Postgres (RDS, Supabase, a docker container) works. Dedup queries (SELECT thread_url FROM posts) and feedback queries (the avg-upvotes ranker that conditions the writer) all assume Postgres syntax. There is no vendor lock-in on the data.

Clone the source: git clone https://github.com/m13v/social-autoposter (or npx social-autoposter init for the installed copy). Then: 'ls launchd/*.plist | wc -l' returns 40 today. 'sed -n 67,90p skill/lock.sh' shows the force-kill block exactly as quoted on this page. 'sed -n 116,122p skill/lock.sh' shows the orphan Chrome sweep. 'cat browser-agent-configs/twitter-agent.json' shows the userDataDir pointing at ~/.claude/browser-profiles/twitter. 'grep --strict-mcp-config skill/run-*.sh' shows every run script spawning a child Claude with one platform's MCP. The page is built around facts you can verify in five commands.