orangewolf · March 13, 2026 13:59
diff --git a/op_read.rb b/op_read.rb
 #!/usr/bin/env ruby
 # op_read.rb — OpenClaw external secrets exec provider for 1Password CLI
 #
 # Reads the OpenClaw exec provider protocol from stdin, resolves each id
 # via `op read op://<id>`, and returns the protocol response on stdout.
 #
 # Input (stdin):
 #   { "protocolVersion": 1, "provider": "op", "ids": ["Personal/OpenAI/apiKey", ...] }
 #
 # Output (stdout):
 #   {
 #     "protocolVersion": 1,
 #     "values": { "Personal/OpenAI/apiKey": "sk-..." },
 #     "errors": { "Personal/BadRef/password": { "message": "exit 1: [ERROR] ..." } }
 #   }
 #
 # Config example (openclaw.json):
 #   {
 #     "secrets": {
 #       "providers": {
 #         "op": {
 #           "source": "exec",
 #           "command": "/usr/bin/ruby",
 #           "args": ["/path/to/op_read.rb"],
 #           "passEnv": ["HOME", "PATH", "OP_SERVICE_ACCOUNT_TOKEN"],
 #           "jsonOnly": true
 #         }
 #       }
 #     }
 #   }

 require 'json'
 require 'open3'

 input = begin
  JSON.parse($stdin.read)
 rescue JSON::ParserError => e
  $stderr.puts "ERROR: Invalid input JSON: #{e.message}"
  exit 1
 end

 protocol_version = input["protocolVersion"]
 unless protocol_version == 1
  $stderr.puts "ERROR: Unsupported protocolVersion: #{protocol_version.inspect}"
  exit 1
 end

 ids = input["ids"]
 unless ids.is_a?(Array) && !ids.empty?
  $stderr.puts "ERROR: Input must have a non-empty \"ids\" array"
  exit 1
 end

 values = {}
 errors = {}

 ids.each do |id|
  ref = "op://#{id}"
  stdout, stderr, status = Open3.capture3("op", "read", ref)

  if status.success?
    values[id] = stdout.chomp
  else
    err_msg = "exit #{status.exitstatus}: #{stderr.strip}"
    $stderr.puts "WARN: Failed to read #{ref} — #{err_msg}"
    errors[id] = { "message" => err_msg }
  end
 end

 output = { "protocolVersion" => 1, "values" => values }
 output["errors"] = errors unless errors.empty?

 puts JSON.generate(output)
	#!/usr/bin/env ruby
	# op_read.rb — OpenClaw external secrets exec provider for 1Password CLI
	#
	# Reads the OpenClaw exec provider protocol from stdin, resolves each id
	# via `op read op://<id>`, and returns the protocol response on stdout.
	#
	# Input (stdin):
	# { "protocolVersion": 1, "provider": "op", "ids": ["Personal/OpenAI/apiKey", ...] }
	#
	# Output (stdout):
	# {
	# "protocolVersion": 1,
	# "values": { "Personal/OpenAI/apiKey": "sk-..." },
	# "errors": { "Personal/BadRef/password": { "message": "exit 1: [ERROR] ..." } }
	# }
	#
	# Config example (openclaw.json):
	# {
	# "secrets": {
	# "providers": {
	# "op": {
	# "source": "exec",
	# "command": "/usr/bin/ruby",
	# "args": ["/path/to/op_read.rb"],
	# "passEnv": ["HOME", "PATH", "OP_SERVICE_ACCOUNT_TOKEN"],
	# "jsonOnly": true
	# }
	# }
	# }
	# }

	require 'json'
	require 'open3'

	input = begin
	JSON.parse($stdin.read)
	rescue JSON::ParserError => e
	$stderr.puts "ERROR: Invalid input JSON: #{e.message}"
	exit 1
	end

	protocol_version = input["protocolVersion"]
	unless protocol_version == 1
	$stderr.puts "ERROR: Unsupported protocolVersion: #{protocol_version.inspect}"
	exit 1
	end

	ids = input["ids"]
	unless ids.is_a?(Array) && !ids.empty?
	$stderr.puts "ERROR: Input must have a non-empty \"ids\" array"
	exit 1
	end

	values = {}
	errors = {}

	ids.each do \|id\|
	ref = "op://#{id}"
	stdout, stderr, status = Open3.capture3("op", "read", ref)

	if status.success?
	values[id] = stdout.chomp
	else
	err_msg = "exit #{status.exitstatus}: #{stderr.strip}"
	$stderr.puts "WARN: Failed to read #{ref} — #{err_msg}"
	errors[id] = { "message" => err_msg }
	end
	end

	output = { "protocolVersion" => 1, "values" => values }
	output["errors"] = errors unless errors.empty?

	puts JSON.generate(output)
No results found