← knowledge.oriz.in

Unstuck screenpipe onboarding on corp-VDI (SAP CPIT DLP)

runbook screenpipecorp-vdidlpwebviewonboardingworkaround

Unstuck screenpipe onboarding on corp-VDI

Symptom

Tauri app opens to "upgrading your memory" screen with ENGINE/AUDIO/VISION dots, never advances. Even though:

Root cause

Corp DLP endpoint agent (SAP CPIT on our machine) intercepts WebView2 IPC or filters localhost egress from the sandboxed webview. Engine → other-process curl works; engine → WebView2 within same app does not.

Fix — order of preference

1. Wait for the skip link

After 15s in live-feed state, a "skip — i'll show you later" link appears bottom-center. Click it. Fastest bypass, no data loss.

2. Restart the app

First-launch race between engine spawn + webview API-key initialisation. Kill Screenpipe.exe + relaunch. _apiKey in lib/api.ts gets 30 retries × 500ms = 15s window. Sometimes clears on a warm restart.

3. Clear the store

Remove-Item "$env:USERPROFILE\.screenpipe\store.bin" -ErrorAction SilentlyContinue
Remove-Item "$env:USERPROFILE\.screenpipe\auth.json" -ErrorAction SilentlyContinue

Then relaunch. Nukes onboarding state — you re-do it but the retry may succeed.

4. Env-var escape (needs our upstream PR merged first)

$env:SCREENPIPE_SKIP_ONBOARDING = "1"
Start-Process 'C:\Program Files\screenpipe\screenpipe.exe'

Filed upstream: screenpipe#TBD.

5. Sideload the Chrome extension separately

Extension install path is independent of the onboarding state:

  1. Open chrome://extensions
  2. Toggle Developer mode (top-right)
  3. Click Load unpacked
  4. Select folder: C:\d\oriz\repos\frk\screenpipe\packages\browser-extension\dist

Corp Chrome policy verified permissive on our machine — blocklist has only one specific ID (Bypass Paywalls Clean), which screenpipe isn't.

How to retrieve your API key manually

If any tool needs the local engine auth key:

python -c "import sqlite3, base64; c=sqlite3.connect(r'$env:USERPROFILE\.screenpipe\db.sqlite'); v=c.execute(\"SELECT value FROM secrets WHERE key='api_auth_key'\").fetchone()[0]; print(base64.b64decode(v).decode())"

Sample output: sp-c1aa9d65. Use as Authorization: Bearer sp-c1aa9d65.

Verify engine is actually running

curl -si http://localhost:3030/health
Get-NetTCPConnection -LocalPort 3030 -State Listen

Both should succeed. If not, engine isn't running — that's a different problem (spawn error, permission denied, or engine crashed).

Upstream contributions filed

Session 2026-07-03:

Cross-refs