palmier 1.0.2 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/dist/mcp-tools.js +7 -7
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -57,7 +57,7 @@ Palmier exposes an [MCP](https://modelcontextprotocol.io) server at `http://loca
|
|
|
57
57
|
| `notify` | Send a push notification to the user's device |
|
|
58
58
|
| `request-input` | Request input from the user (blocks until response) |
|
|
59
59
|
| `request-confirmation` | Request confirmation from the user (blocks until response) |
|
|
60
|
-
| `fill-password` | Fill a saved password into the active browser session, prompting the user if unknown (the
|
|
60
|
+
| `fill-password` | Fill a saved password or PIN into the active browser session, prompting the user if unknown (the secret is never revealed to the agent) |
|
|
61
61
|
| `device-geolocation` | Get GPS location of the user's mobile device |
|
|
62
62
|
| `read-contacts` | Read the contact list from the user's device |
|
|
63
63
|
| `create-contact` | Create a new contact on the user's device |
|
|
@@ -156,9 +156,9 @@ Revoking the linked device also clears the host's linked-device record; device c
|
|
|
156
156
|
|
|
157
157
|
### Saved Passwords
|
|
158
158
|
|
|
159
|
-
Palmier can store website passwords like a browser's password manager so agents can sign in to sites without ever seeing the credentials. When an agent driving a browser (via the `playwright-cli` skill) reaches a login
|
|
159
|
+
Palmier can store website passwords and PINs like a browser's password manager so agents can sign in to sites without ever seeing the credentials. When an agent driving a browser (via the `playwright-cli` skill) reaches a login or PIN field, it calls the `fill-password` tool with the page URL, the username, and the field's element ref. Palmier matches the saved secret by **origin** and fills it directly into the live browser session. If nothing is saved for that `(origin, username)`, Palmier prompts you in the app with a masked dialog. The dialog has a "Save for next time" checkbox (on by default): leave it checked to store the secret for reuse, or uncheck it to fill it just this once without saving. Either way it is filled into the page. The plaintext secret is never returned to the agent and is never written to task history.
|
|
160
160
|
|
|
161
|
-
|
|
161
|
+
Saved passwords and PINs are encrypted at rest with AES-256-GCM under a host-local key, both stored in `~/.config/palmier/` (`passwords.enc` and `password-key`). Manage them from the host:
|
|
162
162
|
|
|
163
163
|
```bash
|
|
164
164
|
# List saved passwords (origin and username only — never the password)
|
package/dist/mcp-tools.js
CHANGED
|
@@ -182,11 +182,11 @@ const requestConfirmationTool = {
|
|
|
182
182
|
const fillPasswordTool = {
|
|
183
183
|
name: "fill-password",
|
|
184
184
|
description: [
|
|
185
|
-
"Fill the user's saved password into a
|
|
186
|
-
"Use this instead of typing a password yourself — the
|
|
187
|
-
"Provide the page URL, the username/login identifier, and the playwright-cli ref of the
|
|
188
|
-
"If a
|
|
189
|
-
'Response: `{"ok": true}` on success, or `{"aborted": true}` if the user declines to provide
|
|
185
|
+
"Fill the user's saved password or PIN into a credential field in the active playwright-cli browser session.",
|
|
186
|
+
"Use this instead of typing a password or PIN yourself — the secret is never revealed to you.",
|
|
187
|
+
"Provide the page URL, the username/login identifier, and the playwright-cli ref of the field (and the session name if you opened a named session).",
|
|
188
|
+
"If a secret for this (site, username) is already saved it is filled directly; otherwise the user is prompted to enter it, it is saved, then filled.",
|
|
189
|
+
'Response: `{"ok": true}` on success, or `{"aborted": true}` if the user declines to provide it.',
|
|
190
190
|
],
|
|
191
191
|
inputSchema: {
|
|
192
192
|
type: "object",
|
|
@@ -205,8 +205,8 @@ const fillPasswordTool = {
|
|
|
205
205
|
const origin = normalizeOrigin(url);
|
|
206
206
|
let password = lookupPassword(origin, username);
|
|
207
207
|
if (password === undefined) {
|
|
208
|
-
const question = `Password for ${username} on ${origin}`;
|
|
209
|
-
const description = `Enter the password to sign in as ${username} on ${origin}.`;
|
|
208
|
+
const question = `Password or PIN for ${username} on ${origin}`;
|
|
209
|
+
const description = `Enter the password or PIN to sign in as ${username} on ${origin}.`;
|
|
210
210
|
const pendingPromise = registerPending(ctx.sessionId, "input", [question], {
|
|
211
211
|
session_id: ctx.sessionId,
|
|
212
212
|
session_name: ctx.agentName,
|