From 6eeb6313f8591c92f63a2a623737b0ced894f9f8 Mon Sep 17 00:00:00 2001 From: Theo Ephraim Date: Tue, 7 Apr 2026 11:49:31 -0700 Subject: [PATCH 1/3] pass through USER/HOME to op cli --- .changeset/bold-trees-relate.md | 5 +++++ packages/plugins/1password/src/cli-helper.ts | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 .changeset/bold-trees-relate.md diff --git a/.changeset/bold-trees-relate.md b/.changeset/bold-trees-relate.md new file mode 100644 index 00000000..89c57f65 --- /dev/null +++ b/.changeset/bold-trees-relate.md @@ -0,0 +1,5 @@ +--- +"@varlock/1password-plugin": patch +--- + +pass through USER and HOME to op cli calls diff --git a/packages/plugins/1password/src/cli-helper.ts b/packages/plugins/1password/src/cli-helper.ts index ab34224d..b9363608 100644 --- a/packages/plugins/1password/src/cli-helper.ts +++ b/packages/plugins/1password/src/cli-helper.ts @@ -202,9 +202,11 @@ async function executeReadBatch(batchToExecute: NonNullable) // because otherwise we'll have trouble dealing with values that contain newlines await spawnAsync('op', `run --no-masking ${lockCliToOpAccount ? `--account ${lockCliToOpAccount} ` : ''}-- env -0`.split(' '), { env: { - // have to pass through at least path so it can find `op`, but might need other items too? + // have to pass through at least path so it can find `op` + // and in some scenarios we need USER/HOME (homebrew on multi-user system) PATH: process.env.PATH!, - // ...process.env as any, + USER: process.env.USER, + HOME: process.env.HOME, ...envMap, }, }) From f66ba0927bdfdc2a8361518b31c5fb833adb904e Mon Sep 17 00:00:00 2001 From: Theo Ephraim Date: Wed, 8 Apr 2026 15:12:47 -0700 Subject: [PATCH 2/3] pass through xdg home too --- packages/plugins/1password/src/cli-helper.ts | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/packages/plugins/1password/src/cli-helper.ts b/packages/plugins/1password/src/cli-helper.ts index b9363608..3ae96bf7 100644 --- a/packages/plugins/1password/src/cli-helper.ts +++ b/packages/plugins/1password/src/cli-helper.ts @@ -202,11 +202,12 @@ async function executeReadBatch(batchToExecute: NonNullable) // because otherwise we'll have trouble dealing with values that contain newlines await spawnAsync('op', `run --no-masking ${lockCliToOpAccount ? `--account ${lockCliToOpAccount} ` : ''}-- env -0`.split(' '), { env: { - // have to pass through at least path so it can find `op` - // and in some scenarios we need USER/HOME (homebrew on multi-user system) + // have to pass a few things through at least path so it can find `op` and related config files + // (encountered some errors on a homebrew multi-user system) PATH: process.env.PATH!, - USER: process.env.USER, - HOME: process.env.HOME, + ...process.env.USER && { USER: process.env.USER }, + ...process.env.HOME && { HOME: process.env.HOME }, + ...process.env.XDG_CONFIG_HOME && { XDG_CONFIG_HOME: process.env.XDG_CONFIG_HOME }, ...envMap, }, }) From 2d2e44a71b7bc82f5da8630ec1e2605cfbc2a6a6 Mon Sep 17 00:00:00 2001 From: Theo Ephraim Date: Thu, 9 Apr 2026 15:25:42 -0700 Subject: [PATCH 3/3] explicitly enable OP_BIOMETRIC_UNLOCK_ENABLED --- packages/plugins/1password/src/cli-helper.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/plugins/1password/src/cli-helper.ts b/packages/plugins/1password/src/cli-helper.ts index 3ae96bf7..571668f1 100644 --- a/packages/plugins/1password/src/cli-helper.ts +++ b/packages/plugins/1password/src/cli-helper.ts @@ -203,11 +203,13 @@ async function executeReadBatch(batchToExecute: NonNullable) await spawnAsync('op', `run --no-masking ${lockCliToOpAccount ? `--account ${lockCliToOpAccount} ` : ''}-- env -0`.split(' '), { env: { // have to pass a few things through at least path so it can find `op` and related config files - // (encountered some errors on a homebrew multi-user system) PATH: process.env.PATH!, ...process.env.USER && { USER: process.env.USER }, ...process.env.HOME && { HOME: process.env.HOME }, ...process.env.XDG_CONFIG_HOME && { XDG_CONFIG_HOME: process.env.XDG_CONFIG_HOME }, + // this setting actually just enables the CLI + Desktop App integration + // which in some cases op has a hard time detecting via app setting + OP_BIOMETRIC_UNLOCK_ENABLED: 'true', ...envMap, }, })