Skip to content

Windows: bundled keytar.node is a Linux ELF binary -> "Bad Image" 0xc000012f, vault never persists (login stuck Anonymous) #11

Description

@Don09877890

Summary

On Windows, the keytar native module shipped in the VSIX
(dist/node_modules/keytar/build/Release/keytar.node) is a Linux ELF binary,
not a Windows PE. Neither VS Code (Electron) nor the daemon can load it, so the
vault can never be sealed/unsealed and every login stays Anonymous.

Environment

  • OS: Windows 11 x64
  • Extension: nskha.perplexity-vscode 0.8.53
  • Runtimes affected: VS Code Electron (ELECTRON_RUN_AS_NODE) and standalone Node v22
  • Bundled keytar version: 7.9.0

Symptoms

  • Code.exe - Bad Image dialog:
    ...\dist\node_modules\keytar\build\Release\keytar.node is either not designed to run on Windows or it contains an error ... Error status 0xc000012f.
  • daemon.log: [vault] getSavedCookies failed ... Vault locked: no keychain, no env var, no TTY
  • daemon-status.json: authenticated: false, tier: Anonymous
  • Perplexity: Login runs but the vault is never persisted (or cannot be unsealed),
    so perplexity_reason / perplexity_research etc. return "requires an
    authenticated Pro account".

Root cause (verified by binary header inspection)

  • keytar.node starts with 7F 45 4C 46 (\x7FELF, Linux). A Windows binary
    must start with 4D 5A (MZ, PE). 0xc000012f = STATUS_IMAGE_CHECKSUM_MISMATCH,
    i.e. the OS loader rejects the wrong-platform image.
  • For contrast, the bundled ngrok native module IS packaged per-platform
    correctly (a valid ngrok.win32-x64-msvc.node with an MZ header exists in the
    same VSIX). Only keytar is Linux-only.

Workaround that fully resolves it

Swapping in the official Windows prebuild of the same keytar version fixes everything:

  1. Download keytar-v7.9.0-napi-v3-win32-x64.tar.gz from the atom/node-keytar
    releases and extract build/Release/keytar.node (valid Windows PE, N-API v3).
  2. Replace the ELF keytar.node in the extension with it.
  3. Restart the daemon and run Perplexity: Login.

After this, keytar loads under both standalone Node v22 and VS Code's Electron
runtime, the vault seals via Windows Credential Manager, and the daemon reports
tier: Pro. All tools work.

(The PERPLEXITY_DISABLE_KEYCHAIN + PERPLEXITY_VAULT_PASSPHRASE fallback is also a
valid workaround, but the packaging fix is the clean solution.)

Suggested fix

Bundle the correct per-platform keytar prebuild(s) in the VSIX (win32-x64 at
minimum; ideally win32-arm64 + darwin + linux), the same way ngrok is already
bundled. The current Windows package appears to contain only the Linux keytar build.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions