npm - screenpipe-mcp - Versions diffs - 0.16.1 → 0.16.3 - Mend

screenpipe-mcp 0.16.1 → 0.16.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -53,25 +53,50 @@ for (let i = 0; i < args.length; i++) {
     }
 }
 const SCREENPIPE_API = `http://localhost:${port}`;
-// Discover API key: env var > screenpipe JS lib > npx via process.execPath > npx on PATH
+// Discover API key: env var > db.sqlite direct read > npx fallbacks
 function discoverApiKey() {
     const envKey = process.env.SCREENPIPE_LOCAL_API_KEY || process.env.SCREENPIPE_API_KEY;
     if (envKey)
         return envKey;
-    const { execFileSync, execSync } = require("child_process");
+    const os = require("os");
     const path = require("path");
-    // Use the screenpipe npm package's JS API — resolves the bundled native
-    // binary directly, no PATH dependency, no subprocess spawning of npx.
+    const fs = require("fs");
+    const { execFileSync, execSync } = require("child_process");
+    // Read api_auth_key directly from ~/.screenpipe/db.sqlite.
+    // The key may be stored as plaintext base64 (nonce=zeros, keychain unavailable)
+    // or encrypted (non-zero nonce, keychain was available at write time).
+    // If plaintext: decode and return. If encrypted: skip, fall through to CLI.
     try {
-        const { getApiKey } = require("screenpipe");
-        const token = getApiKey();
-        if (token)
-            return token;
+        const dbPath = path.join(os.homedir(), ".screenpipe", "db.sqlite");
+        if (fs.existsSync(dbPath)) {
+            const sqliteBin = process.platform === "win32" ? "sqlite3.exe" : "sqlite3";
+            // Check nonce — all zeros means plaintext base64, non-zero means encrypted
+            const row = execFileSync(sqliteBin, [
+                dbPath,
+                "SELECT hex(nonce), value FROM secrets WHERE key = 'api_auth_key';",
+            ], {
+                timeout: 5000,
+                encoding: "utf-8",
+                stdio: ["pipe", "pipe", "pipe"],
+            }).trim();
+            if (row) {
+                const sepIdx = row.indexOf("|");
+                const nonceHex = sepIdx >= 0 ? row.substring(0, sepIdx) : "";
+                const value = sepIdx >= 0 ? row.substring(sepIdx + 1) : row;
+                const isPlaintext = !nonceHex || /^0+$/.test(nonceHex);
+                if (isPlaintext && value) {
+                    const decoded = Buffer.from(value, "base64").toString("utf-8");
+                    if (decoded && decoded.startsWith("sp-"))
+                        return decoded;
+                    if (value.startsWith("sp-"))
+                        return value;
+                }
+                // Non-zero nonce = encrypted — fall through to CLI which can decrypt via keychain
+            }
+        }
     }
     catch { }
-    // Fallback: use the current Node binary to run npx (no PATH dependency).
-    // Claude Code and other MCP hosts may strip PATH, making bare `npx` unfindable.
-    // process.execPath is the absolute path to the Node binary running this MCP.
+    // Fallback: use the current Node binary to find npx (no PATH dependency)
     try {
         const npxPath = path.join(path.dirname(process.execPath), "npx");
         const token = execFileSync(npxPath, ["screenpipe@latest", "auth", "token"], {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "screenpipe-mcp",
-  "version": "0.16.1",
+  "version": "0.16.3",
   "description": "MCP server for screenpipe - search your screen recordings and audio transcriptions",
   "main": "dist/index.js",
   "bin": {

package/src/index.ts CHANGED Viewed

@@ -28,25 +28,49 @@ for (let i = 0; i < args.length; i++) {
 const SCREENPIPE_API = `http://localhost:${port}`;
-// Discover API key: env var > screenpipe JS lib > npx via process.execPath > npx on PATH
+// Discover API key: env var > db.sqlite direct read > npx fallbacks
 function discoverApiKey(): string {
   const envKey = process.env.SCREENPIPE_LOCAL_API_KEY || process.env.SCREENPIPE_API_KEY;
   if (envKey) return envKey;
-  const { execFileSync, execSync } = require("child_process");
+  const os = require("os");
   const path = require("path");
+  const fs = require("fs");
+  const { execFileSync, execSync } = require("child_process");
-  // Use the screenpipe npm package's JS API — resolves the bundled native
-  // binary directly, no PATH dependency, no subprocess spawning of npx.
+  // Read api_auth_key directly from ~/.screenpipe/db.sqlite.
+  // The key may be stored as plaintext base64 (nonce=zeros, keychain unavailable)
+  // or encrypted (non-zero nonce, keychain was available at write time).
+  // If plaintext: decode and return. If encrypted: skip, fall through to CLI.
   try {
-    const { getApiKey } = require("screenpipe");
-    const token = getApiKey();
-    if (token) return token;
+    const dbPath = path.join(os.homedir(), ".screenpipe", "db.sqlite");
+    if (fs.existsSync(dbPath)) {
+      const sqliteBin = process.platform === "win32" ? "sqlite3.exe" : "sqlite3";
+      // Check nonce — all zeros means plaintext base64, non-zero means encrypted
+      const row = execFileSync(sqliteBin, [
+        dbPath,
+        "SELECT hex(nonce), value FROM secrets WHERE key = 'api_auth_key';",
+      ], {
+        timeout: 5000,
+        encoding: "utf-8",
+        stdio: ["pipe", "pipe", "pipe"],
+      }).trim();
+      if (row) {
+        const sepIdx = row.indexOf("|");
+        const nonceHex = sepIdx >= 0 ? row.substring(0, sepIdx) : "";
+        const value = sepIdx >= 0 ? row.substring(sepIdx + 1) : row;
+        const isPlaintext = !nonceHex || /^0+$/.test(nonceHex);
+        if (isPlaintext && value) {
+          const decoded = Buffer.from(value, "base64").toString("utf-8");
+          if (decoded && decoded.startsWith("sp-")) return decoded;
+          if (value.startsWith("sp-")) return value;
+        }
+        // Non-zero nonce = encrypted — fall through to CLI which can decrypt via keychain
+      }
+    }
   } catch {}
-  // Fallback: use the current Node binary to run npx (no PATH dependency).
-  // Claude Code and other MCP hosts may strip PATH, making bare `npx` unfindable.
-  // process.execPath is the absolute path to the Node binary running this MCP.
+  // Fallback: use the current Node binary to find npx (no PATH dependency)
   try {
     const npxPath = path.join(path.dirname(process.execPath), "npx");
     const token = execFileSync(npxPath, ["screenpipe@latest", "auth", "token"], {