perplexity-user-mcp 0.8.42 → 0.8.47

package/dist/checks/runtime.d.ts

@@ -1,89 +1,24 @@
-import { readFileSync, existsSync } from 'node:fs';
-import { fileURLToPath } from 'node:url';
-import { spawn } from 'node:child_process';
-import { join } from 'node:path';
-
-const CATEGORY = "runtime";
-
-function parseMajor(v) {
-  const m = /^v?(\d+)\./.exec(v);
-  return m ? Number(m[1]) : NaN;
-}
-
-function defaultGitShaResolver(cwd) {
-  return new Promise((resolve) => {
-    const child = spawn("git", ["rev-parse", "--short", "HEAD"], { cwd, timeout: 2000 });
-    let out = "";
-    child.stdout?.on("data", (d) => { out += d.toString(); });
-    child.on("close", (code) => resolve(code === 0 ? out.trim() : null));
-    child.on("error", () => resolve(null));
-  });
-}
-
-function getPackageJsonCandidates(baseDir) {
-  const candidates = [];
-  if (baseDir) {
-    candidates.push(join(baseDir, "mcp", "package.json"));
-    candidates.push(join(baseDir, "package.json"));
-  }
-  const metaUrl = import.meta.url ?? null;
-  if (metaUrl) {
-    try {
-      candidates.push(fileURLToPath(new URL("../../package.json", metaUrl)));
-    } catch {}
-    try {
-      candidates.push(fileURLToPath(new URL("../package.json", metaUrl)));
-    } catch {}
-  }
-  return candidates;
-}
-
-async function run(opts = {}) {
-  const results = [];
-  const nodeVersion = opts.nodeVersionOverride ?? process.version;
-  const major = parseMajor(nodeVersion);
-  results.push({
-    category: CATEGORY,
-    name: "node-version",
-    status: major >= 20 ? "pass" : "fail",
-    message: `Node.js ${nodeVersion}`,
-    hint: major >= 20 ? undefined : "Upgrade to Node 20 or later (https://nodejs.org).",
-  });
-  results.push({ category: CATEGORY, name: "platform", status: "pass", message: `${process.platform} ${process.arch}` });
-  results.push({ category: CATEGORY, name: "arch", status: "pass", message: process.arch });
-
-  let version = "0.0.0";
-  for (const pkgPath of getPackageJsonCandidates(opts.baseDir)) {
-    try {
-      const pkg = JSON.parse(readFileSync(pkgPath, "utf8"));
-      if (pkg.name === "perplexity-user-mcp" && pkg.version) {
-        version = pkg.version;
-        break;
-      }
-    } catch {}
-  }
-  results.push({
-    category: CATEGORY,
-    name: "package-version",
-    status: "pass",
-    message: `perplexity-user-mcp ${version}`,
-    detail: { version },
-  });
-
-  const gitDir = opts.gitDirOverride ?? join(process.cwd(), ".git");
-  const resolver = opts.gitShaResolverOverride ?? defaultGitShaResolver;
-  if (!existsSync(gitDir)) {
-    results.push({ category: CATEGORY, name: "git-sha", status: "skip", message: "not a git checkout" });
-  } else {
-    const sha = await resolver(process.cwd());
-    if (sha) {
-      results.push({ category: CATEGORY, name: "git-sha", status: "pass", message: sha });
-    } else {
-      results.push({ category: CATEGORY, name: "git-sha", status: "skip", message: "git not on PATH" });
-    }
-  }
-
-  return results;
-}
-
-export { run };
+export function run(opts?: {}): Promise<({
+    category: string;
+    name: string;
+    status: string;
+    message: string;
+    hint: string | undefined;
+    detail?: undefined;
+} | {
+    category: string;
+    name: string;
+    status: string;
+    message: string;
+    detail: {
+        version: string;
+    };
+    hint?: undefined;
+} | {
+    category: string;
+    name: string;
+    status: string;
+    message: any;
+    hint?: undefined;
+    detail?: undefined;
+})[]>;

package/dist/checks/vault.d.ts

@@ -1,142 +1,13 @@
-import { existsSync } from 'node:fs';
-import { join } from 'node:path';
-
-const CATEGORY = "vault";
-
-async function tryKeychain() {
-  try {
-    const mod = await import('keytar');
-    const keytar = mod.default ?? mod;
-    const hex = await keytar.getPassword("perplexity-user-mcp", "vault-master-key");
-    return { available: true, hasKey: !!hex };
-  } catch {
-    return { available: false, hasKey: false };
-  }
-}
-
-function keychainExpected() {
-  return process.platform === "win32" || process.platform === "darwin" ||
-    (process.platform === "linux" && !process.env.CI);
-}
-
-async function run(opts = {}) {
-  const results = [];
-  const dir = opts.configDir;
-  const profile = opts.profile ?? "default";
-  const enc = join(dir, "profiles", profile, "vault.enc");
-  const plain = join(dir, "profiles", profile, "vault.json");
-  const envPass = process.env.PERPLEXITY_VAULT_PASSPHRASE;
-  const kc = await tryKeychain();
-
-  // Encryption mode (separate from unseal path so plaintext opt-out is always a warn, not a skip).
-  if (existsSync(plain)) {
-    results.push({
-      category: CATEGORY,
-      name: "encryption",
-      status: "warn",
-      message: "plaintext vault.json (security.encryptCookies=false)",
-      hint: "Re-run login without --plain-cookies to enable AES-256-GCM at rest.",
-    });
-  } else if (existsSync(enc)) {
-    results.push({ category: CATEGORY, name: "encryption", status: "pass", message: "AES-256-GCM (vault.enc)" });
-  } else {
-    results.push({ category: CATEGORY, name: "encryption", status: "skip", message: "no vault yet" });
-  }
-
-  // Unseal path resolution, matching vault.js getMasterKey() priority.
-  if (kc.hasKey) {
-    results.push({ category: CATEGORY, name: "unseal-path", status: "pass", message: "OS keychain holds master key" });
-    if (envPass) {
-      results.push({
-        category: CATEGORY,
-        name: "keychain-preferred",
-        status: "warn",
-        message: "PERPLEXITY_VAULT_PASSPHRASE is also set — keychain wins, but consider removing the env var",
-      });
-    }
-  } else if (envPass) {
-    const hasKc = kc.available;
-    results.push({
-      category: CATEGORY,
-      name: "unseal-path",
-      status: "pass",
-      message: `env var ${hasKc ? "(keychain available but empty)" : "(keychain unavailable — expected on headless Linux)"}`,
-    });
-    if (hasKc) {
-      results.push({
-        category: CATEGORY,
-        name: "keychain-preferred",
-        status: "warn",
-        message: "keychain is available — moving the master key there would remove the passphrase from IDE config files",
-        hint: "Run `npx perplexity-user-mcp login` once with the env var unset; the key will be written to keychain.",
-      });
-    } else {
-      results.push({ category: CATEGORY, name: "keychain-preferred", status: "skip", message: "keychain not applicable" });
-    }
-  } else {
-    // No keychain, no env var.
-    if (!existsSync(enc) && !existsSync(plain)) {
-      results.push({ category: CATEGORY, name: "unseal-path", status: "skip", message: "no vault to unseal yet" });
-    } else if (existsSync(plain)) {
-      results.push({ category: CATEGORY, name: "unseal-path", status: "pass", message: "plaintext — no key required" });
-    } else {
-      const ttyLikely = process.stdin?.isTTY === true;
-      results.push({
-        category: CATEGORY,
-        name: "unseal-path",
-        status: ttyLikely ? "warn" : "fail",
-        message: ttyLikely
-          ? "no keychain, no env var — TTY prompt will be required on next use"
-          : "vault locked: no keychain, no env var, no TTY",
-        hint: keychainExpected()
-          ? "Install libsecret+gnome-keyring (Linux), or set PERPLEXITY_VAULT_PASSPHRASE."
-          : "Set PERPLEXITY_VAULT_PASSPHRASE in your MCP config env.",
-      });
-    }
-  }
-
-  // Active-decrypt verification — only when an encrypted vault.enc actually
-  // exists. This catches the "user has both keychain + passphrase set, but
-  // vault.enc was written with one and the read path now prefers the other"
-  // failure mode that surfaces as "Vault decrypt failed: wrong passphrase
-  // or corrupted ciphertext" mid-login. A status check that just reports
-  // "OS keychain holds master key" is misleading if the key can't actually
-  // open the on-disk blob.
-  if (existsSync(enc) && (kc.hasKey || envPass)) {
-    try {
-      const { Vault, __resetKeyCache } = await import('../vault.d-BSJWDLhp.d.ts');
-      // Use a fresh resolution context so the doctor's verification doesn't
-      // pollute the cached unseal material for the rest of the process.
-      __resetKeyCache();
-      // Vault.get returns null for absent keys without throwing; only a
-      // genuine decrypt failure throws.
-      await new Vault().get(profile, "cookies");
-      results.push({
-        category: CATEGORY,
-        name: "unseal-verify",
-        status: "pass",
-        message: "vault.enc decrypts cleanly with the active unseal material",
-      });
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      const isDecryptFailure = /wrong passphrase or corrupted ciphertext|Vault decrypt failed/.test(msg);
-      results.push({
-        category: CATEGORY,
-        name: "unseal-verify",
-        status: "fail",
-        message: isDecryptFailure
-          ? "vault.enc cannot be decrypted with any available unseal material"
-          : `vault.enc unreadable: ${msg}`,
-        hint: isDecryptFailure
-          ? (kc.hasKey && envPass
-              ? "Both keychain and PERPLEXITY_VAULT_PASSPHRASE are set, but neither matches the blob. The blob was likely written under a since-rotated passphrase or a different keychain key. Run 'perplexity-user-mcp logout --purge' on this profile and log in again to write a fresh vault."
-              : "The unseal material has changed since this blob was written. Restore the original passphrase, or run 'perplexity-user-mcp logout --purge' on this profile and log in again.")
-          : "Inspect the file at the path under 'profiles' check; consider restoring from backup or purging.",
-      });
-    }
-  }
-
-  return results;
-}
-
-export { run };
+export function run(opts?: {}): Promise<({
+    category: string;
+    name: string;
+    status: string;
+    message: string;
+    hint: string;
+} | {
+    category: string;
+    name: string;
+    status: string;
+    message: string;
+    hint?: undefined;
+})[]>;

package/dist/checks/vault.mjs

@@ -1,19 +1,14 @@
+import {
+  probeKeychainState
+} from "../chunk-C5I7KXHK.mjs";
+import "../chunk-MTDFKNXX.mjs";
+import "../chunk-E3GRJXXJ.mjs";
 import "../chunk-4UEJOM6W.mjs";
 
 // src/checks/vault.js
 import { existsSync } from "fs";
 import { join } from "path";
 var CATEGORY = "vault";
-async function tryKeychain() {
-  try {
-    const mod = await import("keytar");
-    const keytar = mod.default ?? mod;
-    const hex = await keytar.getPassword("perplexity-user-mcp", "vault-master-key");
-    return { available: true, hasKey: !!hex };
-  } catch {
-    return { available: false, hasKey: false };
-  }
-}
 function keychainExpected() {
   return process.platform === "win32" || process.platform === "darwin" || process.platform === "linux" && !process.env.CI;
 }
@@ -24,7 +19,7 @@ async function run(opts = {}) {
   const enc = join(dir, "profiles", profile, "vault.enc");
   const plain = join(dir, "profiles", profile, "vault.json");
   const envPass = process.env.PERPLEXITY_VAULT_PASSPHRASE;
-  const kc = await tryKeychain();
+  const kc = await probeKeychainState();
   if (existsSync(plain)) {
     results.push({
       category: CATEGORY,

package/dist/{chunk-WDIW33DA.mjs → chunk-3LUO5ATM.mjs}

@@ -1,7 +1,7 @@
 import {
   getConfigDir,
   getProfilePaths
-} from "./chunk-HJIXH6CL.mjs";
+} from "./chunk-E3GRJXXJ.mjs";
 
 // src/reinit-watcher.js
 import { existsSync, mkdirSync, watch } from "fs";

package/dist/{chunk-HNSPNCFH.mjs → chunk-6CAXNBDD.mjs}

@@ -1,6 +1,6 @@
 import {
   getConfigDir
-} from "./chunk-HJIXH6CL.mjs";
+} from "./chunk-E3GRJXXJ.mjs";
 import {
   __glob
 } from "./chunk-4UEJOM6W.mjs";

package/dist/{chunk-B65IJQZJ.mjs → chunk-6E6XTHTG.mjs}

@@ -1,7 +1,7 @@
 import {
   getActiveName,
   getProfilePaths
-} from "./chunk-HJIXH6CL.mjs";
+} from "./chunk-E3GRJXXJ.mjs";
 
 // src/history-store.js
 import { randomUUID } from "crypto";

package/dist/{chunk-S677V2JU.mjs → chunk-C5I7KXHK.mjs}

@@ -3,7 +3,7 @@ import {
 } from "./chunk-MTDFKNXX.mjs";
 import {
   getProfilePaths
-} from "./chunk-HJIXH6CL.mjs";
+} from "./chunk-E3GRJXXJ.mjs";
 
 // src/vault.js
 import { createCipheriv, createDecipheriv, randomBytes, hkdfSync, scrypt as nodeScrypt } from "crypto";
@@ -32,6 +32,7 @@ var V3_HEADER_FIXED_PREAMBLE = 4 + 1 + 1 + 1;
 var scryptAsync = promisify(nodeScrypt);
 var _kdfParamsOverride = null;
 var _kdfTestModeActive = false;
+var _keytarModuleCache = null;
 function __setKdfParamsForTest(params) {
   if (!params || typeof params.logN !== "number" || typeof params.r !== "number" || typeof params.p !== "number") {
     throw new Error("__setKdfParamsForTest requires {logN, r, p} numbers.");
@@ -197,17 +198,30 @@ var KEYTAR_SERVICE = "perplexity-user-mcp";
 var KEYTAR_ACCOUNT = "vault-master-key";
 var _keyCache = null;
 var _unsealMaterialCache = null;
+function isKeychainDisabled() {
+  return process.env.PERPLEXITY_DISABLE_KEYCHAIN === "1";
+}
 function __resetKeyCache() {
   _keyCache = null;
   _unsealMaterialCache = null;
   _kdfParamsOverride = null;
   _kdfTestModeActive = false;
+  _keytarModuleCache = null;
 }
 async function tryKeytar() {
+  if (isKeychainDisabled()) return null;
+  if (_keytarModuleCache !== null) return _keytarModuleCache;
   try {
     const mod = await import("keytar");
-    return mod.default ?? mod;
+    const keytar = mod.default ?? mod;
+    if (!keytar || typeof keytar.getPassword !== "function") {
+      _keytarModuleCache = false;
+      return null;
+    }
+    _keytarModuleCache = keytar;
+    return keytar;
   } catch {
+    _keytarModuleCache = false;
     return null;
   }
 }
@@ -228,6 +242,21 @@ async function keyFromKeychain() {
     return null;
   }
 }
+async function probeKeychainState() {
+  if (isKeychainDisabled()) {
+    return { available: false, hasKey: false };
+  }
+  const keytar = await tryKeytar();
+  if (!keytar || typeof keytar.getPassword !== "function") {
+    return { available: false, hasKey: false };
+  }
+  try {
+    const hex = await keytar.getPassword(KEYTAR_SERVICE, KEYTAR_ACCOUNT);
+    return { available: true, hasKey: !!hex };
+  } catch {
+    return { available: true, hasKey: false };
+  }
+}
 function isStdioServerMode() {
   return process.env.PERPLEXITY_MCP_STDIO === "1" || process.stdin && process.stdin.isTTY === false;
 }
@@ -383,6 +412,7 @@ export {
   encryptBlob,
   decryptBlob,
   __resetKeyCache,
+  probeKeychainState,
   getUnsealMaterial,
   getAllUnsealMaterials,
   getMasterKey,

package/dist/{chunk-RK4EBZJ3.mjs → chunk-D2ZQGKHM.mjs}

@@ -1,7 +1,7 @@
 import {
   getTunnelProvider,
   readTunnelSettings
-} from "./chunk-XTRJSV72.mjs";
+} from "./chunk-LGH5BSUY.mjs";
 import {
   acquire,
   getLockfilePath,
@@ -9,27 +9,27 @@ import {
   read,
   release,
   replace
-} from "./chunk-KJFX2ZXR.mjs";
+} from "./chunk-NMKNEEZB.mjs";
 import {
   getPackageVersion,
   startDaemonServer
-} from "./chunk-T6ARJK2P.mjs";
+} from "./chunk-P6YOLJ5T.mjs";
 import {
   ensureToken,
   getTokenPath,
   readToken
-} from "./chunk-TDXETAQT.mjs";
+} from "./chunk-DKEJZ4FI.mjs";
 import {
   watchActiveProfile,
   watchReinit
-} from "./chunk-WDIW33DA.mjs";
+} from "./chunk-3LUO5ATM.mjs";
 import {
   PerplexityClient
-} from "./chunk-C3HPFFTD.mjs";
+} from "./chunk-GBHPJ7I7.mjs";
 import {
   getActiveName,
   getConfigDir
-} from "./chunk-HJIXH6CL.mjs";
+} from "./chunk-E3GRJXXJ.mjs";
 
 // src/daemon/launcher.ts
 import { spawn } from "child_process";
@@ -671,11 +671,14 @@ async function spawnDetachedDaemon(options) {
   if (options.tunnel) {
     args.push("--tunnel");
   }
+  const env = { ...process.env };
+  delete env.PERPLEXITY_HEADLESS_ONLY;
+  delete env.PERPLEXITY_NO_DAEMON;
   const child = spawn(process.execPath, args, {
     detached: true,
     stdio: "ignore",
     env: {
-      ...process.env,
+      ...env,
       PERPLEXITY_CONFIG_DIR: options.configDir
     }
   });

package/dist/{chunk-TDXETAQT.mjs → chunk-DKEJZ4FI.mjs}

@@ -3,7 +3,7 @@ import {
 } from "./chunk-MTDFKNXX.mjs";
 import {
   getConfigDir
-} from "./chunk-HJIXH6CL.mjs";
+} from "./chunk-E3GRJXXJ.mjs";
 
 // src/daemon/token.ts
 import { randomBytes } from "crypto";

package/dist/{chunk-U7QPUNRH.mjs → chunk-DXR6EEZH.mjs}

@@ -1,10 +1,10 @@
 import {
   Vault
-} from "./chunk-S677V2JU.mjs";
+} from "./chunk-C5I7KXHK.mjs";
 import {
   getActiveName,
   getProfilePaths
-} from "./chunk-HJIXH6CL.mjs";
+} from "./chunk-E3GRJXXJ.mjs";
 
 // src/config.ts
 import { existsSync } from "fs";
@@ -192,16 +192,35 @@ async function getSavedCookies() {
     }
     return cookies;
   }
-  const raw = await _vault.get(activeName(), "cookies").catch((err) => {
+  const profile = activeName();
+  let unsealFailed = false;
+  const raw = await _vault.get(profile, "cookies").catch((err) => {
+    unsealFailed = true;
     const msg = err instanceof Error ? err.message : String(err);
-    console.error(`[vault] getSavedCookies failed for profile ${activeName()}: ${msg}`);
+    console.error(`[vault] getSavedCookies failed for profile '${profile}': ${msg}`);
     return null;
   });
-  if (!raw) return [];
+  if (!raw) {
+    if (!unsealFailed) {
+      const paths = getProfilePaths(profile);
+      if (!existsSync(paths.vault)) {
+        console.error(`[vault] getSavedCookies: no vault.enc for profile '${profile}' \u2014 run login first`);
+      } else {
+        console.error(`[vault] getSavedCookies: vault.enc exists for profile '${profile}' but 'cookies' key is absent`);
+      }
+    }
+    return [];
+  }
   try {
     const parsed = JSON.parse(raw);
-    return Array.isArray(parsed) ? parsed : [];
-  } catch {
+    if (!Array.isArray(parsed)) {
+      console.error(`[vault] getSavedCookies: 'cookies' value for profile '${profile}' is not an array (${typeof parsed})`);
+      return [];
+    }
+    return parsed;
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    console.error(`[vault] getSavedCookies: JSON parse failed for profile '${profile}': ${msg}`);
     return [];
   }
 }

package/dist/{chunk-HJIXH6CL.mjs → chunk-E3GRJXXJ.mjs}

@@ -17,7 +17,9 @@ function getProfilePaths(name) {
     vault: join(dir, "vault.enc"),
     vaultPlain: join(dir, "vault.json"),
     browserData: join(dir, "browser-data"),
+    loginBrowserData: join(dir, "login-browser-data"),
     modelsCache: join(dir, "models-cache.json"),
+    daemonStatus: join(dir, "daemon-status.json"),
     history: join(dir, "history"),
     attachments: join(dir, "attachments"),
     researches: join(dir, "researches"),