palmier 1.0.2 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -57,7 +57,7 @@ Palmier exposes an [MCP](https://modelcontextprotocol.io) server at `http://loca
57
57
  | `notify` | Send a push notification to the user's device |
58
58
  | `request-input` | Request input from the user (blocks until response) |
59
59
  | `request-confirmation` | Request confirmation from the user (blocks until response) |
60
- | `fill-password` | Fill a saved password into the active browser session, prompting the user if unknown (the password is never revealed to the agent) |
60
+ | `fill-password` | Fill a saved password or PIN into the active browser session, prompting the user if unknown (the secret is never revealed to the agent) |
61
61
  | `device-geolocation` | Get GPS location of the user's mobile device |
62
62
  | `read-contacts` | Read the contact list from the user's device |
63
63
  | `create-contact` | Create a new contact on the user's device |
@@ -156,9 +156,9 @@ Revoking the linked device also clears the host's linked-device record; device c
156
156
 
157
157
  ### Saved Passwords
158
158
 
159
- Palmier can store website passwords like a browser's password manager so agents can sign in to sites without ever seeing the credentials. When an agent driving a browser (via the `playwright-cli` skill) reaches a login form, it calls the `fill-password` tool with the page URL, the username, and the password field's element ref. Palmier matches the saved password by **origin** and fills it directly into the live browser session. If no password is saved for that `(origin, username)`, Palmier prompts you in the app with a masked password dialog. The dialog has a "Save this password" checkbox (on by default): leave it checked to store the password for next time, or uncheck it to fill it just this once without saving. Either way the password is filled into the page. The plaintext password is never returned to the agent and is never written to task history.
159
+ Palmier can store website passwords and PINs like a browser's password manager so agents can sign in to sites without ever seeing the credentials. When an agent driving a browser (via the `playwright-cli` skill) reaches a login or PIN field, it calls the `fill-password` tool with the page URL, the username, and the field's element ref. Palmier matches the saved secret by **origin** and fills it directly into the live browser session. If nothing is saved for that `(origin, username)`, Palmier prompts you in the app with a masked dialog. The dialog has a "Save for next time" checkbox (on by default): leave it checked to store the secret for reuse, or uncheck it to fill it just this once without saving. Either way it is filled into the page. The plaintext secret is never returned to the agent and is never written to task history.
160
160
 
161
- Passwords are encrypted at rest with AES-256-GCM under a host-local key, both stored in `~/.config/palmier/` (`passwords.enc` and `password-key`). Manage them from the host:
161
+ Saved passwords and PINs are encrypted at rest with AES-256-GCM under a host-local key, both stored in `~/.config/palmier/` (`passwords.enc` and `password-key`). Manage them from the host:
162
162
 
163
163
  ```bash
164
164
  # List saved passwords (origin and username only — never the password)
package/dist/mcp-tools.js CHANGED
@@ -182,11 +182,11 @@ const requestConfirmationTool = {
182
182
  const fillPasswordTool = {
183
183
  name: "fill-password",
184
184
  description: [
185
- "Fill the user's saved password into a password field in the active playwright-cli browser session.",
186
- "Use this instead of typing a password yourself — the password is never revealed to you.",
187
- "Provide the page URL, the username/login identifier, and the playwright-cli ref of the password field (and the session name if you opened a named session).",
188
- "If a password for this (site, username) is already saved it is filled directly; otherwise the user is prompted to enter it, it is saved, then filled.",
189
- 'Response: `{"ok": true}` on success, or `{"aborted": true}` if the user declines to provide the password.',
185
+ "Fill the user's saved password or PIN into a credential field in the active playwright-cli browser session.",
186
+ "Use this instead of typing a password or PIN yourself — the secret is never revealed to you.",
187
+ "Provide the page URL, the username/login identifier, and the playwright-cli ref of the field (and the session name if you opened a named session).",
188
+ "If a secret for this (site, username) is already saved it is filled directly; otherwise the user is prompted to enter it, it is saved, then filled.",
189
+ 'Response: `{"ok": true}` on success, or `{"aborted": true}` if the user declines to provide it.',
190
190
  ],
191
191
  inputSchema: {
192
192
  type: "object",
@@ -205,8 +205,8 @@ const fillPasswordTool = {
205
205
  const origin = normalizeOrigin(url);
206
206
  let password = lookupPassword(origin, username);
207
207
  if (password === undefined) {
208
- const question = `Password for ${username} on ${origin}`;
209
- const description = `Enter the password to sign in as ${username} on ${origin}.`;
208
+ const question = `Password or PIN for ${username} on ${origin}`;
209
+ const description = `Enter the password or PIN to sign in as ${username} on ${origin}.`;
210
210
  const pendingPromise = registerPending(ctx.sessionId, "input", [question], {
211
211
  session_id: ctx.sessionId,
212
212
  session_name: ctx.agentName,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "palmier",
3
- "version": "1.0.2",
3
+ "version": "1.0.3",
4
4
  "description": "Palmier host CLI - provisions, executes tasks, and serves NATS RPC",
5
5
  "license": "Apache-2.0",
6
6
  "author": "Hongxu Cai",