DM Toolset

Source for toolset.deutschmark.online — a streamer dashboard that ships browser-source overlays, chat-driven widgets, and companion apps behind a single Twitch login.

This repo is a public transparency mirror. The build source lives in a private monorepo; this mirror is kept in sync so anyone can read the code that runs against their account.

Full setup walkthroughs and per-tool docs live at toolset.deutschmark.online/docs.

What's in here

Overlays (drop into OBS as a Browser Source)

• Music — Spotify now-playing widget plus !sr chat song requests, multiple skins, font picker.
• Stream scene — animated Starting / Ending screens with chat, generated planet, and brand color.
• BRB player — auto-rotating clip queue (Twitch clips, YouTube, Streamable, direct mp4) for breaks.
• Emote rain — cascade Twitch + BTTV + FFZ + 7TV emotes, hype triggers on bits / subs / raids.
• Video shout-out — !vso @user plays a clip from that channel on stream.
• Lurk peek — !lurk slides the chatter's avatar onto screen with a wave; tunable peek distance, wave angle, edge.
• Death counter — per-game on-stream death counter, dashboard ± controls.
• Clip play — !play <url> plays a YouTube / Twitch / Streamable clip on the stream, mod-gated.
• Chat Box — Twitch chat as an OBS browser source: badges, BTTV / FFZ / 7TV emotes, filters, animations, Google Fonts.
• Event List — recent subs, resubs, gift bombs, cheers, and raids in a tidy on-stream list.

Companion apps (linked from the dashboard)

• Collab Planner — schedule co-streams with friends, optional Discord webhook.
• Clipline — desktop tool to turn a Twitch VOD into shorts and longform.
• ForgetMeNot — local-first AI chat companion that remembers your viewers.
• Alert! Alert! — desktop tool to trim and crop short alert clips.

Auth and data

• Authentication is Twitch OAuth handled by a Cloudflare Worker at auth.deutschmark.online. The worker sets an httpOnly SSO cookie scoped to .deutschmark.online.
• All API calls go to that worker with the cookie attached via credentials: "include". Mutating requests include a CSRF token read from a dm_csrf cookie and forwarded as X-CSRF-Token.
• The Spotify integration uses per-user developer-app credentials, AES-GCM encrypted in Cloudflare KV.
• No tokens or user IDs appear in query parameters. Browser-source URLs use opaque read-only wid tokens that can be regenerated without re-pasting into OBS.

The auth worker is a separate repo and not included here.

Environment variables

Variable	Default	Purpose
NEXT_PUBLIC_TOOLSET_AUTH_URL	https://auth.deutschmark.online	Auth and API worker base URL
NEXT_PUBLIC_WIDGET_HOST_URL	https://toolset.deutschmark.online	Base URL for browser-source links

Both are public — no secrets are required to build or run this frontend.

Running locally

npm install
npm run dev

The app connects to the live auth worker by default. To point at a local worker, set NEXT_PUBLIC_TOOLSET_AUTH_URL in .env.local.

Building

npm run build

Outputs a static export to out/. Compatible with Cloudflare Pages or any static host.

Stack

• Next.js 16 (output: "export")
• React 19
• Tailwind CSS v4
• TypeScript

License

MIT — see LICENSE.