feat(youtube): add subscription and playlist mutations

[beezly]

Summary

Adds authenticated YouTube subscription and playlist management while keeping normal YouTube reads on youtube.readonly.

Commands

• youtube subscriptions list [--all]
• youtube subscriptions subscribe --channel-id ID
• youtube subscriptions unsubscribe (--id ID | --channel-id ID)
• youtube playlists create --title TITLE [--description DESC] [--privacy private|unlisted|public]
• youtube playlists add --playlist-id ID --video-id ID [--position N]
• youtube playlists remove (--item-id ID | --playlist-id ID --video-id ID)
• youtube playlists delete PLAYLIST_ID

OAuth and safety

• Write commands use a dedicated youtube.force-ssl service; existing read commands remain least-privilege.
• All writes support offline --dry-run.
• Unsubscribe, playlist-item removal, and playlist deletion require confirmation or --force.
• New playlists default to private.
• JSON and stable plain output are covered.
• Empty paged subscription results serialize as [], not null.
• Scope errors include the exact reauthorization command.

Verification

• make ci after rebasing onto current main
• Exact-head structured autoreview: no actionable findings
• Live OAuth and reversible E2E with clawdbot@gmail.com:
  • subscription create, list/readback, unsubscribe, absence readback
  • private playlist create and list/readback
  • add at position zero
  • remove by video ID
  • add again and remove by playlist-item ID using plain output
  • delete playlist and verify absence
  • verify default playlist privacy is private
  • verify empty subscription JSON is an array
• Live test subscriptions and playlists removed; isolated temporary auth state removed

The dedicated test account had no YouTube channel, so the E2E initialized its Clawd Lobster channel once before mutation testing.

Credit

Reworks the original contribution while preserving @beezly's commits and co-author credit. Thanks, @beezly.

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed June 12, 2026, 8:27 PM ET / 00:27 UTC.

Summary
Review failed before ClawSweeper could summarize the requested change.

Reproducibility: unclear. The review failed before ClawSweeper could establish a reproduction path.

Review metrics: none identified.

Merge readiness
Overall: 🌊 off-meta tidepool
Proof: 🌊 off-meta tidepool
Patch quality: 🌊 off-meta tidepool
Result: rating does not apply to this item.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Risk before merge

• [P1] No close action taken because the review did not complete.

Maintainer options:

1. Decide the mitigation before merge
   Retry the Codex review after fixing the execution failure.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

• [P1] Review did not complete, so no work-lane recommendation was made.

Review details

Best possible solution:

Retry the Codex review after fixing the execution failure.

Do we have a high-confidence way to reproduce the issue?

Unclear. The review failed before ClawSweeper could establish a reproduction path.

Is this the best way to solve the issue?

Unclear. Retry the review first so ClawSweeper can evaluate the actual issue and fix direction.

AGENTS.md: unclear because the file could not be read completely.

Codex review notes: model internal, reasoning high; reviewed against 31c4e0b427ed.

Label changes

Label changes:

• remove P2: Current review triage priority is none.
• remove merge-risk: 🚨 compatibility: Current PR review selected no merge-risk labels.
• remove merge-risk: 🚨 auth-provider: Current PR review selected no merge-risk labels.
• remove merge-risk: 🚨 security-boundary: Current PR review selected no merge-risk labels.

Label justifications:

• rating: 🌊 off-meta tidepool: Overall readiness is 🌊 off-meta tidepool; proof is 🌊 off-meta tidepool and patch quality is 🌊 off-meta tidepool.

Evidence reviewed

What I checked:

• failure reason: codex execution failed.
• codex failure detail: Codex review failed for this PR with exit 1.
• codex stderr: ,.
• codex stdout: No stdout captured.

Likely related people:

• unknown: Codex failed before it could trace repository history. (role: review did not complete; confidence: low)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[beezly]

Real-account proof

Tested against a real YouTube account after the read/write OAuth split (commit cd352b7). All five new commands confirmed working. Account email redacted throughout.

---

subscriptions list — reads via existing youtube.readonly token

$ gog youtube subscriptions list --max 5 --account [redacted]

ID                   CHANNEL_ID                TITLE         SUBSCRIBED_AT
[sub-id-redacted-1]  UCWizIdwZdmr43zfxlCktmNw  Alec Steele   2026-05-07T20:13:55Z
[sub-id-redacted-2]  UCJa14zeVf8p6clixTOIOVyQ  jakkuh        2026-04-19T00:13:48Z
[sub-id-redacted-3]  UCBNHHEoiSF8pcLgqLKVugOw  Marcus House  2024-03-10T20:36:03Z
[sub-id-redacted-4]  UCbRP3c757lWg9M-U7TyEkXA  Theo - t3.gg  2025-03-26T17:41:43Z
[sub-id-redacted-5]  UCBa659QWEk1AI4Tg--mrJ2A  Tom Scott     2020-05-13T07:18:27Z
# Next page: --page CAUQAA

--all auto-paginates across all pages; 190 subscriptions returned total.

---

subscriptions subscribe — write path (full youtube scope)

Subscribe to a channel then confirm it appeared:

$ gog youtube subscriptions subscribe --channel-id UCXuqSBlHAE6Xw-yeJA0Tunw --account [redacted]
Subscribed: UCXuqSBlHAE6Xw-yeJA0Tunw (subscription ID: [sub-id-redacted])

---

subscriptions unsubscribe --dry-run — confirmation prompt before any mutation

$ gog youtube subscriptions unsubscribe --channel-id UCXuqSBlHAE6Xw-yeJA0Tunw --dry-run --account [redacted]
Dry run: would youtube.subscriptions.delete
{
  "channelId": "UCXuqSBlHAE6Xw-yeJA0Tunw"
}

---

subscriptions unsubscribe — actual deletion

$ gog youtube subscriptions unsubscribe --channel-id UCXuqSBlHAE6Xw-yeJA0Tunw --force --account [redacted]
Unsubscribed (subscription ID: [sub-id-redacted])

---

playlists create + playlists add

Created a 121-video public playlist by searching a YouTube channel for all pond-related videos and bulk-adding them:

$ gog youtube playlists create --title "Hometown Acres - All Pond Videos" --privacy public --account [redacted]
Created playlist: Hometown Acres - All Pond Videos (ID: PLGUHFfbbRpjs)

$ gog youtube playlists add --playlist-id PLGUHFfbbRpjs --video-id <id> --account [redacted]
Added video <id> to playlist PLGUHFfbbRpjs (item ID: ...)
# repeated 121 times, 0 failures

Playlist is live and public: https://www.youtube.com/playlist?list=PLGUHFfbbRpjs

Confirmed via playlists list --mine:

PLGUHFfbbRpjs  Hometown Acres - All Pond Videos  [redacted]  118  2026-06-12T20:50:54Z

---

OAuth scope isolation confirmed

• Read commands (subscriptions list, playlists list) work against an existing youtube.readonly token with no reauthorisation required.
• Write commands use the separate write-scoped service (NewYouTubeWriteForAccount, https://www.googleapis.com/auth/youtube) and never call the read-only factory — enforced by TestYouTubeReadCommandsNeverCallWriteService and TestYouTubeWriteCommandsNeverCallReadService added in cd352b7.

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27444276022
• Updated: 2026-06-12T21:36:18.293Z

[beezly]

Evidence of new commands + P1 fix (re-review request)

CI is now green: all jobs pass on run 27447407629.

---

playlists remove — remove a video from a playlist by video ID

$ gog youtube playlists create --title "ClawSweeper Proof Playlist" -a andrew.beresford@investbook.co.uk
Created playlist: ClawSweeper Proof Playlist (ID: PLY7xHCbOIfAo)

$ gog youtube playlists add --playlist-id PLY7xHCbOIfAo --video-id dQw4w9WgXcQ -a andrew.beresford@investbook.co.uk
Added video dQw4w9WgXcQ to playlist PLY7xHCbOIfAo (item ID: UExZN3hIQ2JPSWZBby41NkI0NEY2RDEwNTU3Q0M2)

$ gog youtube playlists remove --playlist-id PLY7xHCbOIfAo --video-id dQw4w9WgXcQ -a andrew.beresford@investbook.co.uk --force
Removed playlist item UExZN3hIQ2JPSWZBby41NkI0NEY2RDEwNTU3Q0M2

remove also supports --item-id to delete a specific playlist item directly (skips the lookup).

---

playlists delete — delete an entire playlist

$ gog youtube playlists delete PLY7xHCbOIfAo -a andrew.beresford@investbook.co.uk --force
Deleted playlist PLY7xHCbOIfAo

The playlist PLY7xHCbOIfAo ("ClawSweeper Proof Playlist") was created and then deleted live during this session.

---

P1: pre-flight OAuth scope check

tokenSourceForAccountScopes now checks tok.Scopes (recorded at auth time by persistingTokenSource) before attempting any API call. If the stored token lacks a required write scope, it immediately returns an InsufficientScopeError with an actionable message:

account user@example.com is not authorized for https://www.googleapis.com/auth/youtube
(granted: [https://www.googleapis.com/auth/youtube.readonly]);
re-authorize with: gog auth manage --account user@example.com

Tokens with empty Scopes (pre-scope-tracking) bypass the check to avoid breaking existing sessions. Three new unit tests cover the insufficient-scope, sufficient-scope, and empty-scopes-bypass paths.

---

P2: implementation plan doc removed

docs/superpowers/plans/2026-06-12-youtube-subscriptions.md has been deleted from the branch.

---

@clawsweeper re-review please

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Failed
• Detail: The targeted re-review did not finish cleanly. Check the workflow run for details.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27447959778
• Updated: 2026-06-12T23:01:34.718Z

[steipete]

Landed in d2f49ac.

The merged change includes subscription management, playlist mutations, least-privilege OAuth, offline dry runs, destructive confirmations, generated command references, and the new end-to-end YouTube guide. Exact-head CI passed on Linux, Windows, macOS CGO, worker, and Docker.

Thanks @beezly for the contribution and live proof.