One page, one source of truth. Everything already wired is marked done; everything that still needs your hands is marked as your step. Nothing here posts, connects, or flips a gate on its own.
State verified 2026-07-15 evening · supersedes older TIKTOK_APP_SETUP.md / DESKTOP-SIGNIN-KIT.md claims where they disagree
:8191/su · threshold 2.5enabled:false on purposeVerified 2026-07-15 evening. Read this first, then jump to the numbered section that matches whichever line is your next move.
Clip Radar (yt_yaya_boggan), Daily Clip Drop (yt_zion_boggan), irl.rewind (yt_irlrewind), and Clip Vault (yt_euphoria_software, now the understand account) are all OAuth-granted, config.json-wired on every copy, and dry-run verified. Every one is enabled:false on purpose. Nothing left on this lane but profile art and the whenever-you-want enable-flips — see section 4.
Both wired today. TikTok is now unblocked (Postiz login fixed); Instagram is still waiting on your account conversion, not on backend work.
Backend Prisma connection-pool crash from a container recreate; fixed by raising the pool timeout. Backend binds cleanly now — login→cookie→authenticated-call chain verified end-to-end (200). Admin password was reset to a short one as part of this.
That's the credential boundary every TikTok/Instagram post script stops at — Postiz section, step 1 below, then Add Channel → TikTok as @Tried.that. YouTube needs no action from you right now beyond the optional profile-art + enable-flips.
Token granted and saved, but no channel/slot is assigned and nothing is wired. Parked until Zion decides where it goes — noted here so it isn't forgotten, not because it's blocking anything.
TikTok's official audit path is the slow one. Instagram and YouTube don't wait on anyone else — do those tonight.
wire_instagram_creds.sh are already ready and waiting.understand account) are all through OAuth and confirmed with a dry run. Only profile art and the deliberate enable-flip remain, whenever you want them — see section 4. None of this waited on TikTok/Instagram.SELF_ONLY), then manually flip the account to public and the video to "Everyone" after. The instant route: skip the pipeline entirely tonight and hand-upload a hero clip in the TikTok app — public immediately, zero ban risk, zero audit dependency.Self-hosted on CT236, already up and healthy. One key unlocks TikTok and Instagram posting both.
Done today — Postiz no longer has empty TikTok slots.
Root cause was a backend Prisma connection-pool crash, triggered by a container recreate. Fix: raised the pool timeout so the backend binds properly. The full chain — login → session cookie → authenticated API call — now returns 200.
https://postiz.lab.zionboggan.com/auth ONLY.Account clipengine-admin@lab.zionboggan.com — password: the short admin password (ask overseer / ADMIN_CREDS.txt), this page never prints it. The password was reset to a shorter one as part of the fix.
http://192.168.1.236:5000 in a browser.That origin isn't CORS-allowed and the session cookie is Secure-only, so plain-http always loops back to login. Always use the HTTPS domain above, never the bare IP.
Generating the key creates apikey.txt, which still does not exist yet — nothing posts without this file, it's the credential boundary every post script stops at. Then Add Channel → TikTok and authorize as @Tried.that — this unblocks the TikTok connect.
Direct Post through Postiz, forced SELF_ONLY until TikTok's audit clears — the account is unaudited, not the setup broken.
Container is healthy with the real values as of today.
Nothing below can happen until you can generate the Postiz API key.
developers.tiktok.com — confirm the app, then add @Tried.that as a sandbox target user: log in as @Tried.that and accept the Developer ToS prompt.
Do this from the White PC, in the same Chrome profile you already signed @Tried.that into.
The app can only Direct Post SELF_ONLY (private) until TikTok's review clears. @Tried.that itself must be a private account at the moment of posting. Afterward, you manually flip the account to public and that video's visibility to "Everyone" — this is TikTok's own sanctioned workaround, not a workaround of TikTok's rules.
Post a hero clip straight from the TikTok app on your phone. Instantly public, zero audit dependency, zero ban risk.
enabled:false → true.A separate, deliberate action in publish/config.json — never bundled with the OAuth connect.
Can run in parallel with TikTok right now — doesn't wait on anything above.
instagram.com → Settings → Account type, done from the account itself.
Get an App ID/Secret with instagram_content_publishing + Pages permissions — this is your Facebook identity, no one else can do it for you.
wire_instagram_creds.sh ready to run.No longer in progress — this is done and waiting on your App ID/Secret to hand to the overseer.
Once your App ID/Secret is in place, everything else runs the same night — Postiz login being down doesn't block your account-side steps (Professional conversion, Page link, Meta app) at all.
enabled:false → true when ready.Instagram's Graph API has no private/draft mode — a real publish is public immediately. The only safety net is the dry-run default, the enabled:false gate, and the Postiz API-key boundary. There is no visibility knob to hide behind, which is exactly why this flip is deliberate.
Each channel gets its own GCP project so its 10,000-unit daily quota never competes with the others. Same 7-step pattern every time, run independently on each — all four are through it now. Only profile art and the deliberate per-channel enable-flip remain.
client_secrets_path/token_path in config.json → dry-run yt_post.py → (whenever ready) flip that channel's enabled → true. All four below are wired and dry-run verified; none has been flipped to enabled:true yet — that's deliberate.Google account zionboggan@gmail.com. ✅ Wired: OAuth granted, token on the 3060, config.json wired both copies, dry-run verified. enabled:false is deliberate — flip + decorate whenever ready.
Google account zionboggan0@gmail.com. ✅ Wired: OAuth grant complete via grant_dailyclip.bat, config.json wired, dry-run verified. enabled:false deliberate.
Google account zccmediaagency@gmail.com. ✅ Wired: OAuth granted, config.json wired, dry-run verified. enabled:false deliberate.
understand account)Google account understandihadtodoittoem@gmail.com. ✅ Wired: this is the slot that used to be cut for "Euphoria Software" (no such account existed) — that GCP project and OAuth client were revived and re-pointed to this account instead. Slot name yt_euphoria_software is now permanently Clip Vault + the understand account — don't let the old slot name confuse a future read of this page. OAuth granted, config.json wired, dry-run verified. enabled:false deliberate.
Google account workyaya2018@gmail.com. Granted and token saved earlier, but no channel/slot is assigned — unused, parked until Zion decides where it goes. Not one of the 4 wired channels above.
Computer first for every platform — Postiz's OAuth connects have to happen there anyway. Then repeat each login inside the platform's own app on iPhone and iPad so the account is warm everywhere.
| Device | Address | Role |
|---|---|---|
| White PC (computer) | 192.168.1.73 | Primary — all browser sign-ins + every Postiz OAuth connect happens here first |
| iPhone 15 Pro Max | Tailscale 100.116.77.90 | Native app sign-in per platform (TikTok, Instagram, YouTube) after the computer |
| iPad | Tailscale 100.117.158.43 | Same native app sign-ins; useful second screen for the Postiz connect flow |
| 3060 GPU box | 192.168.1.74 | Do not log into any account here — reserved for render/Ollama work |
publish/config.json is enabled:false and stays false no matter what TikTok's audit says — flipping to true is always a separate, deliberate action you take per account.--dry-run is the default on every post script. A real network call requires explicitly opting out./opt/postiz/apikey.txt) is the credential boundary every post script stops at — it doesn't exist until you generate it in step 1.visibility: private even after enabled:true.Every profile below was re-checked against branding/ just now — file-by-file, not from an old note. The three irl.rewind profiles turned out to be fully populated (an earlier version of this page said their assets were "pending" — that was stale; they're done, with full copy-paste bio/name text in each PROFILE.md). Two packs are honestly orphaned; flagged as such, not hidden.
branding/irl_rewind/tiktok_triedthat/ — pfp_a.png, pfp_b.png (1024×1024), cover.png (1080×1920), PROFILE.mdbranding/irl_rewind/ig_bluecollar_solutions/ — pfp_a.png, pfp_b.png (1080×1080), cover.png (1080×1920), PROFILE.mdbranding/irl_rewind/yt_irlrewind/ — pfp_a.png, pfp_b.png, banner.png (800×800 / 2560×1440), PROFILE.mdyt_irlrewind) is now wired and dry-run verified too — apply anytime.branding/yt_yaya_boggan/ — pfp_option_a.png, pfp_option_b.png (800×800), banner.png (2560×1440)branding/yt_zion_boggan/ — pfp_option_a.png, pfp_option_b.png (800×800), banner.png (2560×1440)branding/yt_euphoria_software/ — pfp_option_a.png, pfp_option_b.png, banner.png, emerald/mint monogram system, full set present.understandihadtodoittoem@gmail.com — same emerald/mint Clip Vault brand, same yt_euphoria_software slot name, now live and wired. Apply anytime — doesn't block the enable-flip.branding/tiktok_acct1/ — pfp_option_a.png, pfp_option_b.png only. Legacy draft, not mapped to any current active profile (was proposed for @bestbluecollarsolutions before the irl.rewind pivot).branding/tiktok_acct2/ — pfp_option_a.png, pfp_option_b.png only. Superseded — this was the earlier draft for @Tried.that before "IRL Rewind" won; use the tiktok_triedthat pack above instead.branding/bluecollar_solutions/route1/ (banner + pfp_a + pfp_b) is the winning seed art, QA 9/9 SHIP — it's what all three IRL Rewind packs above were resized from.route2/ and route3/ are alternate design routes with the same 3 files each — present on disk, not currently used.