Skip to content

bug: repeated macOS Keychain prompt for Chrome Safe Storage even after Always Allow #9

Open
Open
bug: repeated macOS Keychain prompt for Chrome Safe Storage even after Always Allow#9
@jssblck

Description

@jssblck
jssblck
opened on Feb 25, 2026

Summary

On macOS, pi-web-access repeatedly shows a system Keychain password prompt for Chrome cookie access:

security wants to use your confidential information stored in "Chrome Safe Storage" in your keychain.
To allow this, enter the "login" keychain password.

Even after entering the password and clicking "Always Allow", the same prompt keeps appearing on later tool calls.

Environment

  • pi version: 0.55.0
  • pi-web-access version: 0.10.2
  • OS: macOS 26.3 (25D125)
  • install: pi install npm:pi-web-access

Repro

  1. Install pi-web-access
  2. Keep ~/.pi/web-search.json without perplexityApiKey / geminiApiKey
  3. Run web_search(...) from Pi (provider auto/gemini path)
  4. Enter password in the Keychain popup and choose "Always Allow"
  5. Run web_search(...) again

Actual

The Keychain popup keeps reappearing, despite selecting "Always Allow".

Expected

Either:

  • "Always Allow" should persist and suppress future prompts, or
  • if there is no valid Chrome/Gemini auth session, skip prompting repeatedly and fail with a direct actionable message.

Extra context

In this repro, user was not signed into gemini.google.com in Chrome yet.

That may explain search failure, but it is still surprising to get repeated password prompts before any successful auth path is available.

README currently mentions first-time Keychain access may prompt once. This report is specifically about repeated prompts and "Always Allow" not sticking.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions