mirror of
https://github.com/openclaw/openclaw.git
synced 2026-06-30 06:23:38 +00:00
73241d39f6
* fix(skills/1password): stop forcing tmux for desktop app auth (#52540) The bundled skill currently mandates that every `op` invocation run inside a fresh tmux session. That guidance is wrong on every desktop-app-integration setup (macOS/Windows/Linux) because the 1Password app exposes the CLI over a per-user Unix domain socket the gateway exec env can reach but tmux subshells generally cannot — wrapping in tmux produces "1Password CLI couldn't connect to the 1Password desktop app" failures. Rewrite the skill to detect auth mode first and only use tmux for the one case where it actually helps: - Service account (`OP_SERVICE_ACCOUNT_TOKEN`): direct exec, no signin. - Desktop app integration: direct exec, never tmux. Note the macOS socket location (`~/Library/Group Containers/2BUA8C4S2C.com.1password/t/`) so agents can recognize the failure mode. - Standalone interactive signin: tmux is the right tool because it preserves the per-shell session token written by `op signin`. Update Guardrails and the get-started reference accordingly. Drop the blanket 'do not run op outside tmux' rule. Fixes #52540 * fix(skills/1password): correct desktop-app IPC wording and signin example Address PR #75090 review: - Replace the blanket 'per-user Unix domain socket' description with per-platform wording: XPC via the 1Password Browser Helper on macOS, a Unix domain socket on Linux, a named pipe on Windows. Keep the macOS group-container path as a symptom indicator only, not as a transport claim. Mirror the same correction in the get-started reference and the changelog entry. - Fix the standalone-signin tmux example: `op signin` was being sent as a plain command, so its eval-style export was printed but never applied. Subsequent `op whoami` and `op vault list` calls would fail because the OP_SESSION_* env var was never set. Wrap the call in `eval "$(op signin ...)"` so the session token is exported into the tmux pane environment as the surrounding text describes. Same direct-exec direction; tighter and more accurate. * docs(1password): clarify Windows standalone signin * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * fix(skills/1password): repair auth-mode guidance --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com>