Unstuck screenpipe onboarding on corp-VDI (SAP CPIT DLP)
Unstuck screenpipe onboarding on corp-VDI
Symptom
Tauri app opens to "upgrading your memory" screen with ENGINE/AUDIO/VISION dots, never advances. Even though:
curl http://localhost:3030/healthreturns 200- Engine process is running (
Get-NetTCPConnection) - SQLite has valid
api_auth_keyinsecretstable
Root cause
Corp DLP endpoint agent (SAP CPIT on our machine) intercepts WebView2 IPC or filters localhost egress from the sandboxed webview. Engine → other-process curl works; engine → WebView2 within same app does not.
Fix — order of preference
1. Wait for the skip link
After 15s in live-feed state, a "skip — i'll show you later" link appears bottom-center. Click it. Fastest bypass, no data loss.
2. Restart the app
First-launch race between engine spawn + webview API-key initialisation. Kill Screenpipe.exe + relaunch. _apiKey in lib/api.ts gets 30 retries × 500ms = 15s window. Sometimes clears on a warm restart.
3. Clear the store
Remove-Item "$env:USERPROFILE\.screenpipe\store.bin" -ErrorAction SilentlyContinue
Remove-Item "$env:USERPROFILE\.screenpipe\auth.json" -ErrorAction SilentlyContinue
Then relaunch. Nukes onboarding state — you re-do it but the retry may succeed.
4. Env-var escape (needs our upstream PR merged first)
$env:SCREENPIPE_SKIP_ONBOARDING = "1"
Start-Process 'C:\Program Files\screenpipe\screenpipe.exe'
Filed upstream: screenpipe#TBD.
5. Sideload the Chrome extension separately
Extension install path is independent of the onboarding state:
- Open
chrome://extensions - Toggle Developer mode (top-right)
- Click Load unpacked
- Select folder:
C:\d\oriz\repos\frk\screenpipe\packages\browser-extension\dist
Corp Chrome policy verified permissive on our machine — blocklist has only one specific ID (Bypass Paywalls Clean), which screenpipe isn't.
How to retrieve your API key manually
If any tool needs the local engine auth key:
python -c "import sqlite3, base64; c=sqlite3.connect(r'$env:USERPROFILE\.screenpipe\db.sqlite'); v=c.execute(\"SELECT value FROM secrets WHERE key='api_auth_key'\").fetchone()[0]; print(base64.b64decode(v).decode())"
Sample output: sp-c1aa9d65. Use as Authorization: Bearer sp-c1aa9d65.
Verify engine is actually running
curl -si http://localhost:3030/health
Get-NetTCPConnection -LocalPort 3030 -State Listen
Both should succeed. If not, engine isn't running — that's a different problem (spawn error, permission denied, or engine crashed).
Upstream contributions filed
Session 2026-07-03:
- Issue #4850 — WebView2 → localhost blocked in corp DLP env
- PR: earlier skip button in onboarding (branch
feat/onboarding-early-skip-on-stuck) - PR: 401 detection + actionable copy (branch
fix/onboarding-401-detect) - PR: SCREENPIPE_SKIP_ONBOARDING env var (branch
feat/skip-onboarding-env)