rtk-ai/rtk

Feature request: rtk wrapper for 1Password CLI (op item / op read / op vault)

Open

#1,738 创建于 2026年5月6日

在 GitHub 查看
 (1 评论) (0 反应) (0 负责人)Rust (2,914 fork)batch import
area:cliarea:securityenhancementhelp wantedpriority:medium

仓库指标

Star
 (48,085 star)
PR 合并指标
 (平均合并 11天 1小时) (30 天内合并 45 个 PR)

描述

Use case

The 1Password CLI (op) is a high-frequency command in security-sensitive workflows where developers retrieve secrets at runtime via op:// references. Currently op calls bypass rtk (no wrapper exists), missing both invocation tracking and output filtering.

Frequency observed

From a single dev workstation running rtk discover (rtk 0.38.0):

TOP UNHANDLED COMMANDS
─────────────────────────────────────────
op read     194x    VTOKEN=$(op read "op://HQ-Dev/yonatan-hq-dev/...")
op item     185x    op item list --vault HQ-Dev
─────────────────────────────────────────
                    379x combined, no rtk handle

op ranks above pgrep, grep and others that already have wrappers.

Suggested filter shape

Subcommand Filtering opportunity
op item list Table compaction (strip ANSI, header rows)
op item get JSON keys-only by default; full output with -v
op item create Strip preamble + show only {id, title, vault}
op vault list Compact table
op read Already minimal output, but track invocations for adoption telemetry and rtk discover
op signin / op whoami Pass-through with brief status

Sensitivity considerations

  • op read output IS the secret. Filter must NEVER cache or log the value — tee mode should be disabled for op subcommands by default, or selectively skipped.
  • This wrapper would need explicit tee_disabled = true semantics.

Why not exclude_commands?

op is opted-in to rtk: developers WANT the invocation tracking (compliance, audit, knowing which env vars resolve from which vault). They just don't want output captured.

Telemetry impact

Adoption from our session: ~22-58% of commands route through rtk; the unhandled op invocations are a meaningful slice of the gap.

cc: this came out of an audit prompted by the pytest -q summary regression we hit in 0.28.2 (fixed in 0.36.0 commit 57502a5 — thanks). After upgrading to 0.38.0, rtk discover surfaced this as the next highest-leverage gap.

贡献者指南