perplexity-user-mcp 0.8.42 → 0.8.44

package/dist/checks/network.d.ts

@@ -1,71 +1,13 @@
-import { lookup } from 'node:dns/promises';
-import { request } from 'node:https';
-
-const CATEGORY = "network";
-const DEFAULT_HOST = "www.perplexity.ai";
-
-function httpsHead(url, { timeoutMs = 5000 } = {}) {
-  return new Promise((resolve, reject) => {
-    const req = request(url, { method: "HEAD", timeout: timeoutMs }, (res) => {
-      resolve({ statusCode: res.statusCode, headers: res.headers });
-      res.resume();
-    });
-    req.on("timeout", () => { req.destroy(new Error("HTTPS HEAD timeout")); });
-    req.on("error", reject);
-    req.end();
-  });
-}
-
-async function run(opts = {}) {
-  const results = [];
-  const host = opts.host ?? DEFAULT_HOST;
-  const dns = opts.dnsLookupOverride ?? lookup;
-  const head = opts.httpsHeadOverride ?? ((u) => httpsHead(u));
-
-  let addr = null;
-  try {
-    addr = await dns(host);
-    results.push({ category: CATEGORY, name: "dns", status: "pass", message: `${host} -> ${addr.address}` });
-  } catch (err) {
-    results.push({
-      category: CATEGORY,
-      name: "dns",
-      status: "fail",
-      message: `DNS lookup failed: ${err.message}`,
-      hint: "Check internet connection / proxy / VPN.",
-    });
-    return results;
-  }
-
-  let headRes;
-  try {
-    headRes = await head(`https://${host}${process.env.PERPLEXITY_LOGIN_PATH || "/account"}`);
-    results.push({ category: CATEGORY, name: "https", status: "pass", message: `HEAD / status ${headRes.statusCode}` });
-  } catch (err) {
-    results.push({
-      category: CATEGORY,
-      name: "https",
-      status: "fail",
-      message: `HTTPS failed: ${err.message}`,
-      hint: "TLS/MITM proxy? Corporate firewall?",
-    });
-    return results;
-  }
-
-  const isCf = String(headRes.headers?.server ?? "").toLowerCase().includes("cloudflare") && headRes.statusCode === 503;
-  if (isCf) {
-    results.push({
-      category: CATEGORY,
-      name: "cf-challenge",
-      status: "warn",
-      message: "Cloudflare challenge active — logins may need manual captcha.",
-      hint: "Try login --mode manual if auto mode fails.",
-    });
-  } else {
-    results.push({ category: CATEGORY, name: "cf-challenge", status: "pass", message: "no challenge detected" });
-  }
-
-  return results;
-}
-
-export { run };
+export function run(opts?: {}): Promise<({
+    category: string;
+    name: string;
+    status: string;
+    message: string;
+    hint?: undefined;
+} | {
+    category: string;
+    name: string;
+    status: string;
+    message: string;
+    hint: string;
+})[]>;

package/dist/checks/probe.d.ts

@@ -1,93 +1,21 @@
-const CATEGORY = "probe";
-
-async function defaultSearch({ timeoutMs }) {
-  const { PerplexityClient } = await import('../client.d.ts');
-  const client = new PerplexityClient();
-  // Force the headless-only path so the probe never opens a visible browser
-  // window. The headed Cloudflare bootstrap was leaving Chrome windows
-  // dangling on every Deep check / probe re-run when init() or close() failed
-  // mid-flight; the probe is a smoke test for the headless search path that
-  // tools actually use, so skipping the headed phase is the right scope. The
-  // env var is restored in a finally so concurrent tool-call clients aren't
-  // affected.
-  const HEADLESS_KEY = "PERPLEXITY_HEADLESS_ONLY";
-  const prevHeadlessOnly = process.env[HEADLESS_KEY];
-  process.env[HEADLESS_KEY] = "1";
-  const t0 = Date.now();
-  try {
-    // init() is INSIDE the try so the finally always runs shutdown(), even
-    // when init throws (browser launch failure, CF timeout, etc.). Previously
-    // a failed init left both the persistent context AND the freshly-spawned
-    // chrome.exe dangling, which is how visible browser windows were piling
-    // up across repeated Deep check clicks.
-    await client.init();
-    const authenticated = client.authenticated;
-    const result = await client.search({
-      query: "What is the capital of France? Cite at least one web source.",
-      modelPreference: "turbo",
-      mode: "concise",
-      sources: ["web"],
-      language: "en-US",
-    });
-    const elapsedMs = Date.now() - t0;
-    return {
-      answer: result.answer ?? "",
-      sources: result.sources ?? [],
-      elapsedMs,
-      authenticated,
-      threadUrl: result.threadUrl ?? null,
+export function run(opts?: {}): Promise<{
+    category: string;
+    name: string;
+    status: string;
+    message: string;
+}[] | {
+    category: string;
+    name: string;
+    status: string;
+    message: string;
+    hint: string;
+}[] | {
+    category: string;
+    name: string;
+    status: string;
+    message: string;
+    detail: {
+        latencyMs: any;
+        sourceCount: any;
     };
-  } finally {
-    await client.shutdown().catch(() => {});
-    if (prevHeadlessOnly === undefined) delete process.env[HEADLESS_KEY];
-    else process.env[HEADLESS_KEY] = prevHeadlessOnly;
-  }
-}
-
-async function run(opts = {}) {
-  if (!opts.probe) {
-    return [{ category: CATEGORY, name: "probe-search", status: "skip", message: "skipped (pass --probe to enable)" }];
-  }
-  const timeoutMs = opts.timeoutMs ?? 10_000;
-  const search = opts.searchOverride ?? defaultSearch;
-  try {
-    const result = await search({ timeoutMs });
-    if (!result.sources || result.sources.length === 0) {
-      if (result.authenticated && (result.answer?.trim() || result.threadUrl)) {
-        return [{
-          category: CATEGORY,
-          name: "probe-search",
-          status: "warn",
-          message: `probe search completed without citations (latency ${result.elapsedMs}ms)`,
-          hint: "Session appears authenticated, but Perplexity returned no sources for the probe query. Retry once before treating this as an auth failure.",
-        }];
-      }
-      return [{
-        category: CATEGORY,
-        name: "probe-search",
-        status: "fail",
-        message: `probe returned no sources (latency ${result.elapsedMs}ms)`,
-        hint: result.authenticated
-          ? "Perplexity returned no citations for the probe query. Retry once; if it persists, inspect the extension logs."
-          : "Session may be anonymous — run login, then --probe again.",
-      }];
-    }
-    return [{
-      category: CATEGORY,
-      name: "probe-search",
-      status: "pass",
-      message: `live search returned ${result.sources.length} source(s) in ${result.elapsedMs}ms`,
-      detail: { latencyMs: result.elapsedMs, sourceCount: result.sources.length },
-    }];
-  } catch (err) {
-    return [{
-      category: CATEGORY,
-      name: "probe-search",
-      status: "fail",
-      message: `probe failed: ${err.message}`,
-      hint: "Check network / auth — run `doctor` without --probe to see which category regressed.",
-    }];
-  }
-}
-
-export { run };
+}[]>;

package/dist/checks/profiles.d.ts

@@ -1,99 +1,13 @@
-import { existsSync, readdirSync, readFileSync, statSync } from 'node:fs';
-import { join } from 'node:path';
-
-const CATEGORY = "profiles";
-const STALE_CACHE_DAYS = 7;
-
-async function run(opts = {}) {
-  const dir = opts.configDir;
-  const results = [];
-  const profilesDir = join(dir, "profiles");
-
-  if (!existsSync(profilesDir)) {
-    results.push({ category: CATEGORY, name: "profile-count", status: "warn", message: "No profiles dir." });
-    return results;
-  }
-
-  const listing = readdirSync(profilesDir, { withFileTypes: true }).filter((d) => d.isDirectory()).map((d) => d.name);
-  const names = opts.allProfiles
-    ? listing
-    : opts.profile
-      ? [opts.profile]
-      : listing;
-
-  if (names.length === 0) {
-    results.push({
-      category: CATEGORY,
-      name: "profile-count",
-      status: "warn",
-      message: "No profiles found. Run `login` to create one.",
-    });
-    return results;
-  }
-  results.push({
-    category: CATEGORY,
-    name: "profile-count",
-    status: "pass",
-    message: `${names.length} profile(s): ${names.join(", ")}`,
-  });
-
-  for (const name of names) {
-    const pdir = join(profilesDir, name);
-    const meta = join(pdir, "meta.json");
-    try {
-      JSON.parse(readFileSync(meta, "utf8"));
-      results.push({ category: CATEGORY, name: `${name}/meta`, status: "pass", message: "valid" });
-    } catch {
-      results.push({
-        category: CATEGORY,
-        name: `${name}/meta`,
-        status: "fail",
-        message: `${name}/meta.json missing or corrupt`,
-        hint: `Delete and re-run login for profile '${name}'.`,
-      });
-    }
-
-    const enc = join(pdir, "vault.enc");
-    const plain = join(pdir, "vault.json");
-    if (existsSync(enc)) {
-      results.push({ category: CATEGORY, name: `${name}/vault`, status: "pass", message: "encrypted" });
-    } else if (existsSync(plain)) {
-      results.push({
-        category: CATEGORY,
-        name: `${name}/vault`,
-        status: "warn",
-        message: "plaintext opt-out (security.encryptCookies=false)",
-        hint: "Consider re-running login without --plain-cookies for encrypted storage.",
-      });
-    } else {
-      results.push({
-        category: CATEGORY,
-        name: `${name}/vault`,
-        status: "warn",
-        message: "no vault file — profile never logged in",
-      });
-    }
-
-    const cache = join(pdir, "models-cache.json");
-    if (!existsSync(cache)) {
-      results.push({ category: CATEGORY, name: `${name}/models-cache`, status: "skip", message: "no cache yet" });
-    } else {
-      const ageDays = (Date.now() - statSync(cache).mtime.getTime()) / (24 * 3600 * 1000);
-      if (ageDays > STALE_CACHE_DAYS) {
-        results.push({
-          category: CATEGORY,
-          name: `${name}/models-cache`,
-          status: "warn",
-          message: `models cache is ${Math.round(ageDays)} days old`,
-          hint: "Open the dashboard and click 'Fetch live' to refresh.",
-        });
-      } else {
-        results.push({ category: CATEGORY, name: `${name}/models-cache`, status: "pass", message: `${Math.round(ageDays)}d old` });
-      }
-    }
-  }
-
-  return results;
-}
-
-export { run };
+export function run(opts?: {}): Promise<({
+    category: string;
+    name: string;
+    status: string;
+    message: string;
+    hint?: undefined;
+} | {
+    category: string;
+    name: string;
+    status: string;
+    message: string;
+    hint: string;
+})[]>;

package/dist/checks/profiles.mjs

@@ -82,6 +82,41 @@ async function run(opts = {}) {
         results.push({ category: CATEGORY, name: `${name}/models-cache`, status: "pass", message: `${Math.round(ageDays)}d old` });
       }
     }
+    const daemonStatusPath = join(pdir, "daemon-status.json");
+    if (!existsSync(daemonStatusPath)) {
+      results.push({ category: CATEGORY, name: `${name}/daemon-status`, status: "skip", message: "no daemon status file (stdio-only or not yet started)" });
+    } else {
+      try {
+        const ds = JSON.parse(readFileSync(daemonStatusPath, "utf8"));
+        if (!ds.authenticated) {
+          results.push({
+            category: CATEGORY,
+            name: `${name}/daemon-status`,
+            status: "warn",
+            message: `daemon last init: ${ds.lastInit} \u2014 authenticated: false (tier: ${ds.tier})${ds.error ? `, error: ${ds.error}` : ""}`,
+            hint: "Open the extension dashboard and click 'Refresh state' to trigger a daemon reinit."
+          });
+        } else {
+          results.push({
+            category: CATEGORY,
+            name: `${name}/daemon-status`,
+            status: "pass",
+            message: `authenticated as ${ds.tier}, last init: ${ds.lastInit} (${ds.initDurationMs}ms)`
+          });
+        }
+      } catch {
+        results.push({ category: CATEGORY, name: `${name}/daemon-status`, status: "warn", message: "daemon-status.json is corrupt or unreadable" });
+      }
+    }
+    const loginBrowserDataPath = join(pdir, "login-browser-data");
+    if (existsSync(loginBrowserDataPath)) {
+      results.push({
+        category: CATEGORY,
+        name: `${name}/login-browser-data`,
+        status: "info",
+        message: "login-browser-data directory present (leftover from a past login session; safe to ignore)"
+      });
+    }
   }
   return results;
 }

package/dist/checks/runtime.d.ts

@@ -1,89 +1,24 @@
-import { readFileSync, existsSync } from 'node:fs';
-import { fileURLToPath } from 'node:url';
-import { spawn } from 'node:child_process';
-import { join } from 'node:path';
-
-const CATEGORY = "runtime";
-
-function parseMajor(v) {
-  const m = /^v?(\d+)\./.exec(v);
-  return m ? Number(m[1]) : NaN;
-}
-
-function defaultGitShaResolver(cwd) {
-  return new Promise((resolve) => {
-    const child = spawn("git", ["rev-parse", "--short", "HEAD"], { cwd, timeout: 2000 });
-    let out = "";
-    child.stdout?.on("data", (d) => { out += d.toString(); });
-    child.on("close", (code) => resolve(code === 0 ? out.trim() : null));
-    child.on("error", () => resolve(null));
-  });
-}
-
-function getPackageJsonCandidates(baseDir) {
-  const candidates = [];
-  if (baseDir) {
-    candidates.push(join(baseDir, "mcp", "package.json"));
-    candidates.push(join(baseDir, "package.json"));
-  }
-  const metaUrl = import.meta.url ?? null;
-  if (metaUrl) {
-    try {
-      candidates.push(fileURLToPath(new URL("../../package.json", metaUrl)));
-    } catch {}
-    try {
-      candidates.push(fileURLToPath(new URL("../package.json", metaUrl)));
-    } catch {}
-  }
-  return candidates;
-}
-
-async function run(opts = {}) {
-  const results = [];
-  const nodeVersion = opts.nodeVersionOverride ?? process.version;
-  const major = parseMajor(nodeVersion);
-  results.push({
-    category: CATEGORY,
-    name: "node-version",
-    status: major >= 20 ? "pass" : "fail",
-    message: `Node.js ${nodeVersion}`,
-    hint: major >= 20 ? undefined : "Upgrade to Node 20 or later (https://nodejs.org).",
-  });
-  results.push({ category: CATEGORY, name: "platform", status: "pass", message: `${process.platform} ${process.arch}` });
-  results.push({ category: CATEGORY, name: "arch", status: "pass", message: process.arch });
-
-  let version = "0.0.0";
-  for (const pkgPath of getPackageJsonCandidates(opts.baseDir)) {
-    try {
-      const pkg = JSON.parse(readFileSync(pkgPath, "utf8"));
-      if (pkg.name === "perplexity-user-mcp" && pkg.version) {
-        version = pkg.version;
-        break;
-      }
-    } catch {}
-  }
-  results.push({
-    category: CATEGORY,
-    name: "package-version",
-    status: "pass",
-    message: `perplexity-user-mcp ${version}`,
-    detail: { version },
-  });
-
-  const gitDir = opts.gitDirOverride ?? join(process.cwd(), ".git");
-  const resolver = opts.gitShaResolverOverride ?? defaultGitShaResolver;
-  if (!existsSync(gitDir)) {
-    results.push({ category: CATEGORY, name: "git-sha", status: "skip", message: "not a git checkout" });
-  } else {
-    const sha = await resolver(process.cwd());
-    if (sha) {
-      results.push({ category: CATEGORY, name: "git-sha", status: "pass", message: sha });
-    } else {
-      results.push({ category: CATEGORY, name: "git-sha", status: "skip", message: "git not on PATH" });
-    }
-  }
-
-  return results;
-}
-
-export { run };
+export function run(opts?: {}): Promise<({
+    category: string;
+    name: string;
+    status: string;
+    message: string;
+    hint: string | undefined;
+    detail?: undefined;
+} | {
+    category: string;
+    name: string;
+    status: string;
+    message: string;
+    detail: {
+        version: string;
+    };
+    hint?: undefined;
+} | {
+    category: string;
+    name: string;
+    status: string;
+    message: any;
+    hint?: undefined;
+    detail?: undefined;
+})[]>;

package/dist/checks/vault.d.ts

@@ -1,142 +1,13 @@
-import { existsSync } from 'node:fs';
-import { join } from 'node:path';
-
-const CATEGORY = "vault";
-
-async function tryKeychain() {
-  try {
-    const mod = await import('keytar');
-    const keytar = mod.default ?? mod;
-    const hex = await keytar.getPassword("perplexity-user-mcp", "vault-master-key");
-    return { available: true, hasKey: !!hex };
-  } catch {
-    return { available: false, hasKey: false };
-  }
-}
-
-function keychainExpected() {
-  return process.platform === "win32" || process.platform === "darwin" ||
-    (process.platform === "linux" && !process.env.CI);
-}
-
-async function run(opts = {}) {
-  const results = [];
-  const dir = opts.configDir;
-  const profile = opts.profile ?? "default";
-  const enc = join(dir, "profiles", profile, "vault.enc");
-  const plain = join(dir, "profiles", profile, "vault.json");
-  const envPass = process.env.PERPLEXITY_VAULT_PASSPHRASE;
-  const kc = await tryKeychain();
-
-  // Encryption mode (separate from unseal path so plaintext opt-out is always a warn, not a skip).
-  if (existsSync(plain)) {
-    results.push({
-      category: CATEGORY,
-      name: "encryption",
-      status: "warn",
-      message: "plaintext vault.json (security.encryptCookies=false)",
-      hint: "Re-run login without --plain-cookies to enable AES-256-GCM at rest.",
-    });
-  } else if (existsSync(enc)) {
-    results.push({ category: CATEGORY, name: "encryption", status: "pass", message: "AES-256-GCM (vault.enc)" });
-  } else {
-    results.push({ category: CATEGORY, name: "encryption", status: "skip", message: "no vault yet" });
-  }
-
-  // Unseal path resolution, matching vault.js getMasterKey() priority.
-  if (kc.hasKey) {
-    results.push({ category: CATEGORY, name: "unseal-path", status: "pass", message: "OS keychain holds master key" });
-    if (envPass) {
-      results.push({
-        category: CATEGORY,
-        name: "keychain-preferred",
-        status: "warn",
-        message: "PERPLEXITY_VAULT_PASSPHRASE is also set — keychain wins, but consider removing the env var",
-      });
-    }
-  } else if (envPass) {
-    const hasKc = kc.available;
-    results.push({
-      category: CATEGORY,
-      name: "unseal-path",
-      status: "pass",
-      message: `env var ${hasKc ? "(keychain available but empty)" : "(keychain unavailable — expected on headless Linux)"}`,
-    });
-    if (hasKc) {
-      results.push({
-        category: CATEGORY,
-        name: "keychain-preferred",
-        status: "warn",
-        message: "keychain is available — moving the master key there would remove the passphrase from IDE config files",
-        hint: "Run `npx perplexity-user-mcp login` once with the env var unset; the key will be written to keychain.",
-      });
-    } else {
-      results.push({ category: CATEGORY, name: "keychain-preferred", status: "skip", message: "keychain not applicable" });
-    }
-  } else {
-    // No keychain, no env var.
-    if (!existsSync(enc) && !existsSync(plain)) {
-      results.push({ category: CATEGORY, name: "unseal-path", status: "skip", message: "no vault to unseal yet" });
-    } else if (existsSync(plain)) {
-      results.push({ category: CATEGORY, name: "unseal-path", status: "pass", message: "plaintext — no key required" });
-    } else {
-      const ttyLikely = process.stdin?.isTTY === true;
-      results.push({
-        category: CATEGORY,
-        name: "unseal-path",
-        status: ttyLikely ? "warn" : "fail",
-        message: ttyLikely
-          ? "no keychain, no env var — TTY prompt will be required on next use"
-          : "vault locked: no keychain, no env var, no TTY",
-        hint: keychainExpected()
-          ? "Install libsecret+gnome-keyring (Linux), or set PERPLEXITY_VAULT_PASSPHRASE."
-          : "Set PERPLEXITY_VAULT_PASSPHRASE in your MCP config env.",
-      });
-    }
-  }
-
-  // Active-decrypt verification — only when an encrypted vault.enc actually
-  // exists. This catches the "user has both keychain + passphrase set, but
-  // vault.enc was written with one and the read path now prefers the other"
-  // failure mode that surfaces as "Vault decrypt failed: wrong passphrase
-  // or corrupted ciphertext" mid-login. A status check that just reports
-  // "OS keychain holds master key" is misleading if the key can't actually
-  // open the on-disk blob.
-  if (existsSync(enc) && (kc.hasKey || envPass)) {
-    try {
-      const { Vault, __resetKeyCache } = await import('../vault.d-BSJWDLhp.d.ts');
-      // Use a fresh resolution context so the doctor's verification doesn't
-      // pollute the cached unseal material for the rest of the process.
-      __resetKeyCache();
-      // Vault.get returns null for absent keys without throwing; only a
-      // genuine decrypt failure throws.
-      await new Vault().get(profile, "cookies");
-      results.push({
-        category: CATEGORY,
-        name: "unseal-verify",
-        status: "pass",
-        message: "vault.enc decrypts cleanly with the active unseal material",
-      });
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      const isDecryptFailure = /wrong passphrase or corrupted ciphertext|Vault decrypt failed/.test(msg);
-      results.push({
-        category: CATEGORY,
-        name: "unseal-verify",
-        status: "fail",
-        message: isDecryptFailure
-          ? "vault.enc cannot be decrypted with any available unseal material"
-          : `vault.enc unreadable: ${msg}`,
-        hint: isDecryptFailure
-          ? (kc.hasKey && envPass
-              ? "Both keychain and PERPLEXITY_VAULT_PASSPHRASE are set, but neither matches the blob. The blob was likely written under a since-rotated passphrase or a different keychain key. Run 'perplexity-user-mcp logout --purge' on this profile and log in again to write a fresh vault."
-              : "The unseal material has changed since this blob was written. Restore the original passphrase, or run 'perplexity-user-mcp logout --purge' on this profile and log in again.")
-          : "Inspect the file at the path under 'profiles' check; consider restoring from backup or purging.",
-      });
-    }
-  }
-
-  return results;
-}
-
-export { run };
+export function run(opts?: {}): Promise<({
+    category: string;
+    name: string;
+    status: string;
+    message: string;
+    hint: string;
+} | {
+    category: string;
+    name: string;
+    status: string;
+    message: string;
+    hint?: undefined;
+})[]>;

package/dist/checks/vault.mjs

@@ -1,19 +1,14 @@
+import {
+  probeKeychainState
+} from "../chunk-C5I7KXHK.mjs";
+import "../chunk-MTDFKNXX.mjs";
+import "../chunk-E3GRJXXJ.mjs";
 import "../chunk-4UEJOM6W.mjs";
 
 // src/checks/vault.js
 import { existsSync } from "fs";
 import { join } from "path";
 var CATEGORY = "vault";
-async function tryKeychain() {
-  try {
-    const mod = await import("keytar");
-    const keytar = mod.default ?? mod;
-    const hex = await keytar.getPassword("perplexity-user-mcp", "vault-master-key");
-    return { available: true, hasKey: !!hex };
-  } catch {
-    return { available: false, hasKey: false };
-  }
-}
 function keychainExpected() {
   return process.platform === "win32" || process.platform === "darwin" || process.platform === "linux" && !process.env.CI;
 }
@@ -24,7 +19,7 @@ async function run(opts = {}) {
   const enc = join(dir, "profiles", profile, "vault.enc");
   const plain = join(dir, "profiles", profile, "vault.json");
   const envPass = process.env.PERPLEXITY_VAULT_PASSPHRASE;
-  const kc = await tryKeychain();
+  const kc = await probeKeychainState();
   if (existsSync(plain)) {
     results.push({
       category: CATEGORY,