Apply saved sort/group/view preferences to a fresh App. Reads
~/.purple/preferences, restores sort/group/view modes, clears stale
group keys, and re-runs apply_sort plus select_first_host so the
first row visible after startup matches the saved sort order.
Pre-flight Proton Pass login. If the askpass source is proton: and the
CLI is installed but the user is not authenticated, prompt for a Personal
Access Token on stdin and run pass-cli login.
Test seam for ensure_proton_login. Inject the status check and the PAT
prompt so the routing logic can be exercised without a real pass-cli or a
real stdin tty.
Check and renew Vault SSH certificate if the host has a vault role configured.
Writes the cert file to ~/.purple/certs/ AND sets CertificateFile on the host
block when it is empty, so ssh actually uses the freshly signed cert.
Expand ~/, ${HOME}/ and $HOME/ prefixes against the user’s home
directory. MCPB clients (e.g. Claude Desktop) do not always substitute
${HOME} before passing CLI args, so the binary must handle it.
First-launch initialization: create ~/.purple/ and back up the original SSH config.
Returns Some(has_backup) if this was a first launch, or None if already initialized.
Footer status that surfaces in-flight providers as the batch progresses.
While a sync is running the line is ⠋ Syncing AWS, Hetzner · 1/3 (+12 ~3 -1),
where the leading char is a braille spinner frame rotated by
event_loop::handle_tick and the names are the providers that have not yet
reported back. Once every provider in the batch has resolved the line
becomes Synced 5/5 · AWS, DO, Vultr, Hetzner, Linode (+12 ~3 -1) and the
batch state resets. Persists sync_history.tsv on completion.
Decide whether to write a CertificateFile directive after a successful
Vault SSH signing. Only write when the host has no existing
CertificateFile. A user-set custom path must never be silently
overwritten with purple’s default cert path. Whitespace-only values count
as empty.