Commit Graph

11 Commits

Author SHA1 Message Date
Hani Koshaji
73241d39f6 fix(skills/1password): stop forcing tmux for desktop app auth (#52540) (#81825)
* fix(skills/1password): stop forcing tmux for desktop app auth (#52540)

The bundled skill currently mandates that every `op` invocation run inside
a fresh tmux session. That guidance is wrong on every desktop-app-integration
setup (macOS/Windows/Linux) because the 1Password app exposes the CLI over
a per-user Unix domain socket the gateway exec env can reach but tmux
subshells generally cannot — wrapping in tmux produces "1Password CLI
couldn't connect to the 1Password desktop app" failures.

Rewrite the skill to detect auth mode first and only use tmux for the one
case where it actually helps:

- Service account (`OP_SERVICE_ACCOUNT_TOKEN`): direct exec, no signin.
- Desktop app integration: direct exec, never tmux. Note the macOS socket
  location (`~/Library/Group Containers/2BUA8C4S2C.com.1password/t/`) so
  agents can recognize the failure mode.
- Standalone interactive signin: tmux is the right tool because it
  preserves the per-shell session token written by `op signin`.

Update Guardrails and the get-started reference accordingly. Drop the
blanket 'do not run op outside tmux' rule.

Fixes #52540

* fix(skills/1password): correct desktop-app IPC wording and signin example

Address PR #75090 review:

- Replace the blanket 'per-user Unix domain socket' description with
  per-platform wording: XPC via the 1Password Browser Helper on macOS,
  a Unix domain socket on Linux, a named pipe on Windows. Keep the macOS
  group-container path as a symptom indicator only, not as a transport
  claim. Mirror the same correction in the get-started reference and the
  changelog entry.
- Fix the standalone-signin tmux example: `op signin` was being sent as
  a plain command, so its eval-style export was printed but never applied.
  Subsequent `op whoami` and `op vault list` calls would fail because
  the OP_SESSION_* env var was never set. Wrap the call in
  `eval "$(op signin ...)"` so the session token is exported into the
  tmux pane environment as the surrounding text describes.

Same direct-exec direction; tighter and more accurate.

* docs(1password): clarify Windows standalone signin

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* fix(skills/1password): repair auth-mode guidance

---------

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com>
2026-06-19 08:26:56 +08:00
Peter Steinberger
decbd611a0 docs: refresh embedded skill guidance 2026-05-17 11:50:27 +01:00
Peter Steinberger
5867207521 docs: balance skill descriptions 2026-04-23 22:18:56 +01:00
Peter Steinberger
6b9915a106 refactor!: drop legacy CLAWDBOT env compatibility 2026-03-22 22:13:39 -07:00
cpojer
76b5208b11 chore: Also format scripts and skills. 2026-01-31 21:21:25 +09:00
Peter Steinberger
fd00d5688a chore: update openclaw naming 2026-01-30 21:03:11 +01:00
Peter Steinberger
9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Peter Steinberger
735aea9efa refactor: align skills and loaders with moltbot rename 2026-01-27 12:21:02 +00:00
Peter Steinberger
8c48220a60 docs: require tmux for 1password skill 2026-01-07 20:49:58 +01:00
Peter Steinberger
48d52d13f1 docs: clarify 1password tmux flow 2026-01-06 01:30:48 +01:00
Peter Steinberger
2ec9d75ac2 feat: add 1password skill 2026-01-06 00:26:58 +01:00