repositories
loading repo index
repositories
loading repo index
repository
loading code, commits, and activity
public Clawd ADK gateway launch mirror
stars
latest
clone command
git clone gitlawb://did:key:z6Mkq5mY...iFZ5/my-project-publ...git clone gitlawb://did:key:z6Mkq5mY.../my-project-publ...2fa351d6docs: add automaton and perps launch sources16d ago| #1 | --- |
| #2 | name: 1password |
| #3 | description: Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op. |
| #4 | homepage: https://developer.1password.com/docs/cli/get-started/ |
| #5 | metadata: {"clawdbot":{"emoji":"🔐","requires":{"bins":["op"]},"install":[{"id":"brew","kind":"brew","formula":"1password-cli","bins":["op"],"label":"Install 1Password CLI (brew)"}]}} |
| #6 | --- |
| #7 | |
| #8 | # 1Password CLI |
| #9 | |
| #10 | Follow the official CLI get-started steps. Don't guess install commands. |
| #11 | |
| #12 | ## References |
| #13 | |
| #14 | - `references/get-started.md` (install + app integration + sign-in flow) |
| #15 | - `references/cli-examples.md` (real `op` examples) |
| #16 | |
| #17 | ## Workflow |
| #18 | |
| #19 | 1. Check OS + shell. |
| #20 | 2. Verify CLI present: `op --version`. |
| #21 | 3. Confirm desktop app integration is enabled (per get-started) and the app is unlocked. |
| #22 | 4. REQUIRED: create a fresh tmux session for all `op` commands (no direct `op` calls outside tmux). |
| #23 | 5. Sign in / authorize inside tmux: `op signin` (expect app prompt). |
| #24 | 6. Verify access inside tmux: `op whoami` (must succeed before any secret read). |
| #25 | 7. If multiple accounts: use `--account` or `OP_ACCOUNT`. |
| #26 | |
| #27 | ## REQUIRED tmux session (T-Max) |
| #28 | |
| #29 | The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run `op` inside a dedicated tmux session with a fresh socket/session name. |
| #30 | |
| #31 | Example (see `tmux` skill for socket conventions, do not reuse old session names): |
| #32 | |
| #33 | ```bash |
| #34 | SOCKET_DIR="${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/clawdbot-tmux-sockets}" |
| #35 | mkdir -p "$SOCKET_DIR" |
| #36 | SOCKET="$SOCKET_DIR/clawdbot-op.sock" |
| #37 | SESSION="op-auth-$(date +%Y%m%d-%H%M%S)" |
| #38 | |
| #39 | tmux -S "$SOCKET" new -d -s "$SESSION" -n shell |
| #40 | tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter |
| #41 | tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter |
| #42 | tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter |
| #43 | tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200 |
| #44 | tmux -S "$SOCKET" kill-session -t "$SESSION" |
| #45 | ``` |
| #46 | |
| #47 | ## Guardrails |
| #48 | |
| #49 | - Never paste secrets into logs, chat, or code. |
| #50 | - Prefer `op run` / `op inject` over writing secrets to disk. |
| #51 | - If sign-in without app integration is needed, use `op account add`. |
| #52 | - If a command returns "account is not signed in", re-run `op signin` inside tmux and authorize in the app. |
| #53 | - Do not run `op` outside tmux; stop and ask if tmux is unavailable. |
| #54 |