feat(#daemonSync): live daemon↔UI auth status sync

- shared: add DaemonAuthStatus + daemonAuth field on AccountSnapshot
- profiles.js: add daemonStatus + loginBrowserData to ProfilePaths (impl + .d.ts)
- client.ts: writeDaemonStatus() after every init/reinit/shutdown; fix bare throw→throw err
- session.ts: read daemon-status.json into AccountSnapshot
- DashboardProvider: FSWatcher on daemon-status.json with 300ms debounce + dispose cleanup; dashboard:refresh touches .reinit when daemon is anonymous with stored login
- views.tsx: daemonAuth status dot in hero panel (ok/warn; hidden in stdio mode)
- logout.js: clear loginBrowserData on softLogout so next login starts fresh
- checks/profiles.js: daemon-status.json auth/tier report + loginBrowserData presence note

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: A.R.

packages/extension/src/auth/session.ts

@@ -1,5 +1,5 @@
 import { existsSync, readFileSync, statSync } from "node:fs";
-import type { AccountSnapshot, ModelsConfigSource, RefreshTier } from "@perplexity-user-mcp/shared";
+import type { AccountSnapshot, DaemonAuthStatus, ModelsConfigSource, RefreshTier } from "@perplexity-user-mcp/shared";
 import { MODELS_FALLBACK, MODELS_FALLBACK_CAPTURED_AT } from "@perplexity-user-mcp/shared";
 import { getConfigDir, getProfilePaths, getActiveName } from "perplexity-user-mcp/profiles";
 import type { AccountInfo } from "../browser/runtime.js";
@@ -91,6 +91,9 @@ export function getAccountSnapshot(): AccountSnapshot {
 
   const speedBoost = getImpitStatus();
 
+  // Read live daemon auth state — null when file absent (stdio mode / first run).
+  const daemonAuth = readJsonFile<DaemonAuthStatus>(paths.daemonStatus);
+
   return {
     loggedIn,
     userId: null,
@@ -109,6 +112,7 @@ export function getAccountSnapshot(): AccountSnapshot {
       installedAt: speedBoost.installedAt,
       runtimeDir: speedBoost.runtimeDir,
     },
+    daemonAuth,
   };
 }
 

packages/extension/src/webview/DashboardProvider.ts

@@ -1,4 +1,5 @@
 import * as crypto from "node:crypto";
+import * as fs from "node:fs";
 import * as os from "node:os";
 import * as path from "node:path";
 import * as vscode from "vscode";
@@ -55,6 +56,7 @@ import {
 import {
   listProfiles,
   getActiveName,
+  getProfilePaths,
   setActive,
   createProfile,
   deleteProfile,
@@ -119,6 +121,7 @@ export class DashboardProvider implements vscode.WebviewViewProvider {
   private otpResolvers = new Map<string, (s: string | null) => void>();
   private onMcpServerDefinitionsChanged?: () => void;
   private daemonEventsAbort: AbortController | null = null;
+  private daemonStatusWatcher: fs.FSWatcher | null = null;
   // v0.8.5: deps factory injected from extension.ts so the auto-regen hook
   // on `postStaleness` can reuse the live ApplyIdeConfigDeps without pulling
   // the daemon runtime singletons into the webview module.
@@ -231,6 +234,7 @@ export class DashboardProvider implements vscode.WebviewViewProvider {
 
     const disposeHook = (webviewView as vscode.WebviewView & { onDidDispose?: (listener: () => void) => vscode.Disposable }).onDidDispose?.(() => {
       this.stopDaemonEventStream();
+      this.stopDaemonStatusWatch();
     });
     if (disposeHook) {
       this.context.subscriptions.push(disposeHook);
@@ -249,8 +253,16 @@ export class DashboardProvider implements vscode.WebviewViewProvider {
       try {
         switch (message.type) {
           case "ready":
+            debug("Handling ready");
+            await this.refresh();
+            break;
           case "dashboard:refresh":
-            debug("Handling refresh/ready");
+            debug("Handling refresh");
+            // If the daemon is reporting anonymous but the profile has stored
+            // credentials, touch .reinit so the daemon re-runs init() and
+            // re-checks auth. The daemon-status.json watcher picks up the
+            // result and calls refresh() automatically when it completes.
+            this.triggerDaemonReinitIfStale();
             await this.refresh();
             break;
           case "auth:login":
@@ -1583,6 +1595,8 @@ export class DashboardProvider implements vscode.WebviewViewProvider {
       return;
     }
 
+    this.ensureDaemonStatusWatch();
+
     await this.view.webview.postMessage({
       type: "dashboard:state",
       payload: this.buildState()
@@ -2056,6 +2070,82 @@ export class DashboardProvider implements vscode.WebviewViewProvider {
     this.daemonEventsAbort = null;
   }
 
+  // ── daemon-status.json watcher ────────────────────────────────────────────
+
+  /**
+   * Watch daemon-status.json for the active profile. When it changes (daemon
+   * finished init/reinit), push a fresh dashboard state to the webview so the
+   * daemonAuth indicator updates without the user manually clicking Refresh.
+   */
+  private startDaemonStatusWatch(): void {
+    this.stopDaemonStatusWatch();
+    const profile = getActiveName() ?? "default";
+    const statusFile = getProfilePaths(profile).daemonStatus;
+    let debounce: ReturnType<typeof setTimeout> | null = null;
+    try {
+      this.daemonStatusWatcher = fs.watch(statusFile, () => {
+        if (debounce) clearTimeout(debounce);
+        debounce = setTimeout(() => {
+          debounce = null;
+          void this.refresh();
+        }, 300);
+      });
+      this.daemonStatusWatcher.on("error", () => {
+        // File may not exist yet (daemon not started). Re-arm on next refresh.
+        this.stopDaemonStatusWatch();
+      });
+    } catch {
+      // daemon-status.json doesn't exist yet — watcher will be re-armed
+      // the next time refresh() is called (startDaemonStatusWatch is called
+      // from refresh() → ensureWatcher() path below).
+      this.daemonStatusWatcher = null;
+    }
+  }
+
+  private stopDaemonStatusWatch(): void {
+    this.daemonStatusWatcher?.close();
+    this.daemonStatusWatcher = null;
+  }
+
+  /**
+   * Called from refresh() to ensure the watcher is tracking the current
+   * active profile. Re-arms if the profile changed or the previous watch
+   * failed because the file didn't exist yet.
+   */
+  private ensureDaemonStatusWatch(): void {
+    const profile = getActiveName() ?? "default";
+    const statusFile = getProfilePaths(profile).daemonStatus;
+    // Re-arm if watcher is null (never started, file missing at last attempt,
+    // or profile changed). A live watcher needs no action.
+    if (!this.daemonStatusWatcher) {
+      if (fs.existsSync(statusFile)) {
+        this.startDaemonStatusWatch();
+      }
+    }
+  }
+
+  /**
+   * If the daemon's last-known auth state is anonymous while the profile has
+   * stored credentials, touch the .reinit sentinel to ask the daemon to
+   * re-run init() and re-check auth. The daemon-status.json watcher will
+   * pick up the result automatically.
+   */
+  private triggerDaemonReinitIfStale(): void {
+    try {
+      const snapshot = this.buildState().snapshot;
+      if (!snapshot.loggedIn) return;
+      if (!snapshot.daemonAuth) return;
+      if (snapshot.daemonAuth.authenticated) return;
+      // Stored login but daemon is anonymous → touch .reinit
+      const profile = getActiveName() ?? "default";
+      const reinitPath = getProfilePaths(profile).reinit;
+      fs.writeFileSync(reinitPath, String(Date.now()));
+      debug("[daemonStatusSync] Touched .reinit — daemon was anonymous with stored login");
+    } catch (err) {
+      debug(`[daemonStatusSync] triggerDaemonReinitIfStale error: ${(err as Error).message}`);
+    }
+  }
+
   private async readDaemonEvents(body: ReadableStream<Uint8Array>, controller: AbortController): Promise<void> {
     const reader = body.getReader();
     const decoder = new TextDecoder();

packages/mcp-server/src/checks/profiles.js

@@ -91,6 +91,43 @@ export async function run(opts = {}) {
         results.push({ category: CATEGORY, name: `${name}/models-cache`, status: "pass", message: `${Math.round(ageDays)}d old` });
       }
     }
+
+    const daemonStatusPath = join(pdir, "daemon-status.json");
+    if (!existsSync(daemonStatusPath)) {
+      results.push({ category: CATEGORY, name: `${name}/daemon-status`, status: "skip", message: "no daemon status file (stdio-only or not yet started)" });
+    } else {
+      try {
+        const ds = JSON.parse(readFileSync(daemonStatusPath, "utf8"));
+        if (!ds.authenticated) {
+          results.push({
+            category: CATEGORY,
+            name: `${name}/daemon-status`,
+            status: "warn",
+            message: `daemon last init: ${ds.lastInit} — authenticated: false (tier: ${ds.tier})${ds.error ? `, error: ${ds.error}` : ""}`,
+            hint: "Open the extension dashboard and click 'Refresh state' to trigger a daemon reinit.",
+          });
+        } else {
+          results.push({
+            category: CATEGORY,
+            name: `${name}/daemon-status`,
+            status: "pass",
+            message: `authenticated as ${ds.tier}, last init: ${ds.lastInit} (${ds.initDurationMs}ms)`,
+          });
+        }
+      } catch {
+        results.push({ category: CATEGORY, name: `${name}/daemon-status`, status: "warn", message: "daemon-status.json is corrupt or unreadable" });
+      }
+    }
+
+    const loginBrowserDataPath = join(pdir, "login-browser-data");
+    if (existsSync(loginBrowserDataPath)) {
+      results.push({
+        category: CATEGORY,
+        name: `${name}/login-browser-data`,
+        status: "info",
+        message: "login-browser-data directory present (leftover from a past login session; safe to ignore)",
+      });
+    }
   }
 
   return results;

packages/mcp-server/src/client.ts

@@ -33,6 +33,7 @@ import { isImpitAvailable, impitFetchJson } from "./refresh.js";
 import { writeFileSync, readFileSync, mkdirSync, existsSync } from "fs";
 import { join } from "path";
 import { getActiveName, getConfigDir, getProfilePaths } from "./profiles.js";
+import type { DaemonAuthStatus } from "@perplexity-user-mcp/shared";
 import { clearStaleSingletonLocks } from "./fs-utils.js";
 
 function getActiveProfileName(): string {
@@ -894,69 +895,77 @@ export class PerplexityClient {
    * Set env PERPLEXITY_HEADLESS_ONLY=1 to skip the headed phase (uses disk cache).
    */
   async init(): Promise<void> {
-    const activePaths = getActivePaths();
-    if (!existsSync(activePaths.browserData)) {
-      mkdirSync(activePaths.browserData, { recursive: true });
-    }
+    const _initAt = Date.now();
+    try {
+      const activePaths = getActivePaths();
+      if (!existsSync(activePaths.browserData)) {
+        mkdirSync(activePaths.browserData, { recursive: true });
+      }
 
-    // Fail fast with a readable message if no browser is installed at all.
-    const browser = await resolveBrowserExecutable();
-    console.error(`[perplexity-mcp] Using ${browser.source}: ${browser.path}`);
+      // Fail fast with a readable message if no browser is installed at all.
+      const browser = await resolveBrowserExecutable();
+      console.error(`[perplexity-mcp] Using ${browser.source}: ${browser.path}`);
 
-    // Phase 1: Headed session — solve CF challenge + fetch account info
-    const skipHeaded = process.env.PERPLEXITY_HEADLESS_ONLY === "1";
-    if (!skipHeaded) {
-      await this.headedBootstrap();
-    } else {
-      console.error("[perplexity-mcp] Skipping headed session (PERPLEXITY_HEADLESS_ONLY=1).");
-      this.loadCachedAccountInfo();
-    }
-
-    // Phase 2: Headless browser for search operations.
-    // Use the SAME persistent browserData directory as Phase 1 so that
-    // any cf_clearance cookie acquired during the headed bootstrap is
-    // already on disk and loaded automatically.  This fixes the bug where
-    // Phase 2 used a non-persistent context and only had stale vault
-    // cookies (issue #5).
-    console.error("[perplexity-mcp] Launching headless persistent browser...");
-    const launchOpts = buildLaunchOptions(true);
-    this.context = await chromium.launchPersistentContext(
-      activePaths.browserData,
-      launchOpts,
-    );
-    this.browser = this.context.browser();
-
-    // Inject vault cookies only for cookies not already present on disk.
-    // The headed bootstrap may have refreshed cf_clearance; we must not
-    // overwrite the fresh disk cookie with the stale vault copy.
-    const saved = await getSavedCookies();
-    if (saved.length > 0) {
-      const current = await this.context.cookies();
-      const currentNames = new Set(current.map((c) => c.name));
-      const toInject = saved.filter((c) => !currentNames.has(c.name));
-      if (toInject.length > 0) {
-        await this.context.addCookies(toInject);
-        console.error(`[perplexity-mcp] Injected ${toInject.length} missing cookies from vault.`);
+      // Phase 1: Headed session — solve CF challenge + fetch account info
+      const skipHeaded = process.env.PERPLEXITY_HEADLESS_ONLY === "1";
+      if (!skipHeaded) {
+        await this.headedBootstrap();
       } else {
-        console.error("[perplexity-mcp] All vault cookies already present on disk; skipping injection.");
+        console.error("[perplexity-mcp] Skipping headed session (PERPLEXITY_HEADLESS_ONLY=1).");
+        this.loadCachedAccountInfo();
       }
-    }
 
-    this.page = await this.context.newPage();
+      // Phase 2: Headless browser for search operations.
+      // Use the SAME persistent browserData directory as Phase 1 so that
+      // any cf_clearance cookie acquired during the headed bootstrap is
+      // already on disk and loaded automatically.  This fixes the bug where
+      // Phase 2 used a non-persistent context and only had stale vault
+      // cookies (issue #5).
+      console.error("[perplexity-mcp] Launching headless persistent browser...");
+      const launchOpts = buildLaunchOptions(true);
+      this.context = await chromium.launchPersistentContext(
+        activePaths.browserData,
+        launchOpts,
+      );
+      this.browser = this.context.browser();
+
+      // Inject vault cookies only for cookies not already present on disk.
+      // The headed bootstrap may have refreshed cf_clearance; we must not
+      // overwrite the fresh disk cookie with the stale vault copy.
+      const saved = await getSavedCookies();
+      if (saved.length > 0) {
+        const current = await this.context.cookies();
+        const currentNames = new Set(current.map((c) => c.name));
+        const toInject = saved.filter((c) => !currentNames.has(c.name));
+        if (toInject.length > 0) {
+          await this.context.addCookies(toInject);
+          console.error(`[perplexity-mcp] Injected ${toInject.length} missing cookies from vault.`);
+        } else {
+          console.error("[perplexity-mcp] All vault cookies already present on disk; skipping injection.");
+        }
+      }
 
-    // Navigate to Perplexity (headless — relies on fresh cf_clearance from headed phase)
-    try {
-      await this.page.goto(PERPLEXITY_URL, { waitUntil: "domcontentloaded", timeout: 30000 });
-      await this.page.waitForTimeout(2000);
-    } catch (err) {
-      console.error("[perplexity-mcp] Navigation warning:", (err as Error).message);
-    }
+      this.page = await this.context.newPage();
 
-    await this.checkAuth();
+      // Navigate to Perplexity (headless — relies on fresh cf_clearance from headed phase)
+      try {
+        await this.page.goto(PERPLEXITY_URL, { waitUntil: "domcontentloaded", timeout: 30000 });
+        await this.page.waitForTimeout(2000);
+      } catch (err) {
+        console.error("[perplexity-mcp] Navigation warning:", (err as Error).message);
+      }
+
+      await this.checkAuth();
 
-    // If headed phase was skipped or failed, try loading account info from headless
-    if (!this.accountInfo.modelsConfig) {
-      await this.loadAccountInfo();
+      // If headed phase was skipped or failed, try loading account info from headless
+      if (!this.accountInfo.modelsConfig) {
+        await this.loadAccountInfo();
+      }
+
+      this.writeDaemonStatus(_initAt, null);
+    } catch (err: unknown) {
+      this.writeDaemonStatus(_initAt, err instanceof Error ? err.message : String(err));
+      throw err;
     }
   }
 
@@ -2601,5 +2610,42 @@ export class PerplexityClient {
       await this.browser.close().catch(() => {});
       this.browser = null;
     }
+    this.authenticated = false;
+    this.userId = null;
+    this.writeDaemonStatus(Date.now(), null);
+  }
+
+  // ── Daemon status file ─────────────────────────────────────────────────────
+
+  private daemonTier(): DaemonAuthStatus["tier"] {
+    if (!this.authenticated) return "Anonymous";
+    if (this.accountInfo.isMax) return "Max";
+    if (this.accountInfo.isPro) return "Pro";
+    if (this.accountInfo.isEnterprise) return "Enterprise";
+    return "Authenticated";
+  }
+
+  /**
+   * Write daemon-status.json so the extension UI can show live auth state
+   * instead of relying on the stale models-cache.json snapshot.
+   * @param startedAt - Date.now() captured at the start of init/reinit
+   * @param error - error message if init threw, null on success or shutdown
+   */
+  private writeDaemonStatus(startedAt: number, error: string | null): void {
+    try {
+      const paths = getActivePaths();
+      const status: DaemonAuthStatus = {
+        authenticated: this.authenticated,
+        tier: this.daemonTier(),
+        userId: this.userId,
+        pid: process.pid,
+        lastInit: new Date().toISOString(),
+        initDurationMs: Date.now() - startedAt,
+        error,
+      };
+      writeFileSync(paths.daemonStatus, JSON.stringify(status, null, 2) + "\n");
+    } catch {
+      // Never let a status write crash the daemon.
+    }
   }
 }