Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From 1p-flawless
This skill should be used when the user asks to "set up 1Password for this project", "wire 1p secrets", "create my .env template", "set up secret injection", "configure 1Password env vars", or wants to connect their project's environment variables to 1Password. Runs a two-phase workflow: autonomous discovery then interactive confirmation gates. Requires op CLI installed and authenticated.
npx claudepluginhub aventerica89/jb-claude-plugins --plugin 1p-flawlessHow this skill is triggered — by the user, by Claude, or both
Slash command
/1p-flawless:setupThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Sets up a complete 1Password-backed env var workflow for the current project.
Guides technical evaluation of code review feedback: read fully, restate for understanding, verify against codebase, respond with reasoning or pushback before implementing.
Share bugs, ideas, or general feedback.
Sets up a complete 1Password-backed env var workflow for the current project.
After setup:
npm run env:inject → generates .env.local from 1P via op injectnpm run dev:auth → starts dev server with secrets in-memory via op run (OAuth use case)Prerequisites: op CLI installed and authenticated (op vault list must succeed).
which op || echo "NOT INSTALLED"
op vault list 2>&1 | head -3
If op not installed: tell user to install from https://1password.com/downloads/mac/ then run op signin.
If vault list fails: tell user to run op signin first. Stop.
Launch the secrets-scanner agent. Do not proceed until the report is returned.
Present the scanner's vault recommendation and proposed item name. Ask:
"Use vault [recommended] and item name [slug]? Or pick a different vault / create a new one."
If user wants a new vault:
op vault create "<name>"
Store confirmed vault name and item slug — used in all op:// references.
Show the proposed fields (secrets only — skip PUBLIC vars). Ask:
"Any fields to remove, add, or change before I create the 1P item?"
Wait for confirmation or edits. Apply any changes to the list.
Ask which injection pattern(s) to wire up:
op inject → writes .env.local to disk (env:inject npm script)op run → in-memory at dev server start (dev:auth npm script, OAuth use case)After all three gates confirmed, execute in order:
Check if item already exists:
op item get "<slug>" --vault "<vault>" 2>/dev/null && echo "EXISTS" || echo "NEW"
If new — create item with all confirmed secret fields. See references/vault-ops.md for exact op item create syntax.
If exists — add any missing fields via op item edit. See references/vault-ops.md for field edit syntax.
If op inject selected — create .env.local.tpl:
# Generated by 1p-flawless — edit op:// references if field names change
FIELD_NAME={{ op://VaultName/slug/FIELD_NAME }}
Use {{ }} syntax. See references/naming.md for the critical syntax distinction.
If op run selected — create .env.local.dev.tpl:
FIELD_NAME=op://VaultName/slug/FIELD_NAME
Bare op:// — NO braces. See references/naming.md.
Check for !.env*.tpl. If missing, add it. Ensure .env.local remains ignored (not negated).
!.env*.tpl
If op inject selected — add:
"env:inject": "op inject -i .env.local.tpl -o .env.local"
If op run selected — read existing dev script and mirror it:
"dev:auth": "op run --env-file=.env.local.dev.tpl -- <existing dev command>"
Use Edit tool on package.json — do not overwrite the entire file.
grep -oE '^[A-Z_]+' .env.local.tpl 2>/dev/null | while read var; do
grep -q "^$var=" .env.local 2>/dev/null && echo "CONFLICT: $var also in .env.local"
done
Warn user if any conflicts found — values in .env.local take precedence.
# Test op inject resolves
op inject -i .env.local.tpl -o /tmp/1p-flawless-test.env 2>&1 && echo "INJECT OK" || echo "INJECT FAILED"
rm -f /tmp/1p-flawless-test.env
If INJECT FAILED, show the error and help the user fix the op:// references.
references/vault-ops.md — Exact op CLI syntax: vault create/list, item create/edit/get, common errorsreferences/naming.md — Slug rules, field naming, {{ }} vs bare op:// syntax distinction, comment caveatreferences/providers.md — OAuth provider env var names per framework (Better Auth, NextAuth v5)1p-flawless setup complete
Item: <slug> in <vault> (<N> fields)
Created: .env.local.tpl (<N> refs) [if op inject]
Created: .env.local.dev.tpl (<N> refs) [if op run]
Updated: package.json — env:inject / dev:auth
Updated: .gitignore — !.env*.tpl
Run:
npm run env:inject → generate .env.local
npm run dev:auth → dev server with OAuth secrets
Check status: /1p-status
Rotate a key: /1p-rotate