Migrate from @1password/op-js to the 1Password JavaScript SDK#1
Draft
Tom Plant (pl4nty) wants to merge 5 commits into
Draft
Migrate from @1password/op-js to the 1Password JavaScript SDK#1Tom Plant (pl4nty) wants to merge 5 commits into
Tom Plant (pl4nty) wants to merge 5 commits into
Conversation
Replace the CLI-based @1password/op-js dependency with the native @1password/sdk (onepassword-sdk-js). The SDK authenticates against the 1Password desktop app via DesktopAuth (biometric unlock) instead of shelling out to the installed op CLI. Key changes: - Add a OnePassword client wrapper (src/client.ts) that lazily creates and reuses an SDK client, replacing the CLI validation wrapper (src/cli.ts). - Account setup now prompts for an account name/URL/UUID, since the SDK cannot enumerate accounts (no account.list/whoami). Vault selection uses client.vaults.list. - Items use client.items.get/create and client.items.list; secret references are constructed from vault/item/field IDs (the SDK doesn't return a reference string on fields). - Secret injection resolves op:// references via client.secrets.resolveAll and substitutes them, replacing inject.data. - Password generation uses Secrets.generatePassword with a parsed recipe. - Field types/categories map to the SDK's ItemFieldType/ItemCategory enums. - Hover auth check uses the SDK client; the Windows-only CLI workaround is removed and hover previews are enabled on all platforms. - Keep the SDK and its WebAssembly core external in the esbuild bundle and ship them in node_modules (the ~10MB wasm is loaded from disk at runtime). - The items.cacheValues setting is marked deprecated (the SDK has no cache). - Update tests, factories, and README to match.
Updated quick start guide for 1Password extension installation.
Signed-off-by: GitHub <noreply@github.com>
When the 1Password desktop app integration is disabled (or the app isn't running/unlocked), the SDK throws "Native library is not available." This previously surfaced as a raw message and, on quiet paths like hover, only went to the logs. Detect this specific error and show a clear notification explaining how to fix it (enable app integration in Settings -> Developer) with a "Learn more" link to the docs. The notification is shown even on otherwise-quiet paths, deduped so it appears only once until the account changes or a client connects. Add client tests covering the new behavior.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replaces the CLI-based
@1password/op-jsdependency with the native@1password/sdk(onepassword-sdk-js).The two libraries are architecturally very different:
op-jsshells out to the installedopCLI binary, while the SDK is a self-contained native client (with a ~10MB WebAssembly core) that authenticates against the 1Password desktop app viaDesktopAuth(biometric unlock). No CLI install is required anymore.Key changes
src/client.ts) —OnePasswordlazily creates and reuses an SDK client (createClient({ auth: new DesktopAuth(account), integrationName, integrationVersion })), replacing the CLI-validation wrapper (src/cli.ts). It also exposes aresolveItemhelper that resolves a vault/item reference (name or ID) to a full item, sinceclient.items.getrequires concrete IDs.src/setup.ts) — the SDK can't enumerate accounts (noaccount.list/whoami), so "Choose account" now prompts for an account name / sign-in address / UUID. Vault selection usesclient.vaults.list.src/items.ts) — usesclient.items.get/create/list. Secret references are constructed fromop://<vaultId>/<itemId>/<fieldId>(the SDK doesn't return areferencestring on fields). Password generation usesSecrets.generatePasswordwith a recipe parsed from the existing recipe string.src/injection.ts) — findsop://references in the document, resolves them in one batch viaclient.secrets.resolveAll, and substitutes the values, replacinginject.data.src/language-providers/hover.ts) — auth check uses the SDK client; the Windows-only CLI workaround (and the 1s delay) is removed, so hover previews are now enabled on all platforms (src/editor.ts).ItemFieldType/ItemCategoryenums (src/constants.ts,src/utils.ts).compile.ts,.vscodeignore) — the SDK and its wasm core are kept external in the esbuild bundle and shipped innode_modules, because the wasm is loaded from disk at runtime via__dirname.1password.items.cacheValuesis marked deprecated (the SDK has no cache).Behavioral changes to be aware of
cacheValuesno longer has any effect.Verification
tsc --noEmit✅eslint✅prettier --check✅jest— 179/179 passing ✅Secrets.generatePasswordworks in this environment ✅Note
I couldn't exercise the full interactive desktop-app auth flow (
DesktopAuth) in CI, since it requires a running, unlocked 1Password desktop app. That path should be manually verified before release.https://claude.ai/code/session_01TGpfBgZbebxze8uV5i2uv3
Generated by Claude Code