feat(1pass): add userSettingsJson target for secrets (#310)

* feat: add braintrust plugin and configure plugin settings

- Add braintrust plugin with README and manifest
- Update plugins.settings.yaml with braintrust config
- Update settings.json with plugin configuration
- Improve 1pass plugin settings and install script
- Enhance plugin-config-read.sh shared library

* chore: `just lint`

* chore: `just lint`

* chore: replace local braintrust plugin with upstream braintrustdata marketplace

- Remove plugins/braintrust/ (local stub)
- Add braintrustdata/braintrust-claude-plugin as extraKnownMarketplaces entry
- Enable braintrust@braintrust plugin in enabledPlugins

https://claude.ai/code/session_015AHLh1tFE1RGsYXH7WvKr1

* fix: enable trace-claude-code@braintrust instead of braintrust@braintrust

https://claude.ai/code/session_015AHLh1tFE1RGsYXH7WvKr1

* chore: `just lint`

* fix: use braintrust-claude-plugin as marketplace key for trace-claude-code

Fixes install failure - the CLI uses the marketplace's own name field
(braintrust-claude-plugin) not the alias (braintrust).

https://claude.ai/code/session_015AHLh1tFE1RGsYXH7WvKr1

* chore: rename braintrust marketplace key to poc-braintrust

https://claude.ai/code/session_015AHLh1tFE1RGsYXH7WvKr1

* chore: `mise run lint`

* Revert "chore: rename braintrust marketplace key to poc-braintrust"

This reverts commit f6ce578.

* feat: rename 1pass plugin to poc-1pass

https://claude.ai/code/session_015AHLh1tFE1RGsYXH7WvKr1

* feat: rename poc-1pass plugin back to 1pass

Reverts the poc- prefix added earlier. Updates all internal references
including plugin.json name, settings key, PLUGIN_NAME, README, skills,
and settings.json enabledPlugins entry.

Related to #299

https://claude.ai/code/session_015AHLh1tFE1RGsYXH7WvKr1

* chore: `mise run lint`

* chore: auto-bump plugin versions and update marketplace

* docs: improve 1pass secrets configuration documentation

Add detailed explanation of the secrets `target` field with a comparison
table, usage guidance for each target, and a multi-target example in the
README. Add valid target values as comments in the project-level
plugins.settings.yaml.

https://claude.ai/code/session_015AHLh1tFE1RGsYXH7WvKr1

* chore: `mise run lint`

* chore: format settings.json deny array

https://claude.ai/code/session_015AHLh1tFE1RGsYXH7WvKr1

* fix: validate and fix 1pass secrets injection (#309)

* fix: yq compatibility in plugin_get_config_json and correct vault reference

Two bugs prevented 1pass secrets injection from working:

1. _plugin_read_config_json used `yq -r -o=json` which is a mikefarah/yq
   (Go) flag. Python yq (jq wrapper) doesn't support -o=json and silently
   fails, causing inject_secrets to see 0 secrets. Fixed by falling back
   to `yq -r` when -o=json fails — Python yq outputs JSON by default.

2. The Braintrust secret reference used vault "heapsinfra" which the
   service account doesn't have access to. Changed to "AI-Jack" which
   is the vault available to the OP_SERVICE_ACCOUNT_TOKEN.

Bumps 1pass plugin to 0.1.13.

https://claude.ai/code/session_01Pr3ohqAFya5fPn3QXMq1Wy

* chore: `mise run lint`

---------

Co-authored-by: Claude <noreply@anthropic.com>

* feat(1pass): add userSettingsJson target for secrets injection

Adds a new `userSettingsJson` target that writes secrets to
~/.claude/settings.json env block. This is useful for API keys
(like BRAINTRUST_API_KEY) that should be available across all
projects for a user without being committed to any repo.

Also updates the project config to use this target for the
Braintrust API key.

https://claude.ai/code/session_018VyV8FnFEME5cSQpJkxoJA

* chore: `mise run lint`

* chore: auto-bump plugin versions and update marketplace

* fix(1pass): DRY up _write_secret() JSON settings cases

Collapse settingsJson, settingsLocalJson, and userSettingsJson into a
single case block — only the file path differs. Also fix doc comment
to include userSettingsJson in the target list.

Addresses review feedback on #310.

https://claude.ai/code/session_018VyV8FnFEME5cSQpJkxoJA

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: automation-nsheaps[bot] <251779498+automation-nsheaps[bot]@users.noreply.github.com>

Author: 3 people

.claude-plugin/marketplace.json

@@ -11,7 +11,7 @@
     {
       "name": "1pass",
       "description": "Install and manage 1Password CLI (op) and op-exec in Claude Code sessions. Provides session-start auto-install for web sessions and comprehensive workflow skills.",
-      "version": "0.1.11",
+      "version": "0.2.0",
       "author": {
         "name": "Nathan Heaps"
       },
@@ -68,7 +68,7 @@
     {
       "name": "common-sense",
       "description": "Common-sense rules for AI assistant behavior. On session start, symlinks bundled rules into the project's .claude/rules/common-sense directory so they are automatically loaded as context.",
-      "version": "1.3.12",
+      "version": "1.3.13",
       "author": {
         "name": "Nathan Heaps"
       },
@@ -194,7 +194,7 @@
     {
       "name": "git-spice",
       "description": "Skill for managing stacked Git branches with git-spice (gs) CLI tool",
-      "version": "0.2.6",
+      "version": "0.2.7",
       "author": {
         "name": "Nathan Heaps"
       },
@@ -214,7 +214,7 @@
     {
       "name": "github",
       "description": "GitHub CLI installation, authentication, and workflow skill for Claude Code sessions. Consolidates gh-tool and github-auth-skill into a single plugin.",
-      "version": "0.1.12",
+      "version": "0.1.13",
       "author": {
         "name": "Nathan Heaps"
       },
@@ -239,7 +239,7 @@
     {
       "name": "github-app",
       "description": "Automatic GitHub App token lifecycle for Claude Code sessions. Generates installation tokens on session start, monitors expiry via PreToolUse hook, and refreshes transparently before commands that need authentication.",
-      "version": "0.1.10",
+      "version": "0.1.11",
       "author": {
         "name": "Nathan Heaps"
       },
@@ -261,7 +261,7 @@
     {
       "name": "google-workspace-cli",
       "description": "Install and manage the Google Workspace CLI (gws) with per-service skills for Gmail, Calendar, Drive, Docs, Sheets, Slides, Chat, Tasks, Contacts, and Admin",
-      "version": "0.1.6",
+      "version": "0.1.7",
       "author": {
         "name": "Nathan Heaps"
       },
@@ -313,7 +313,7 @@
     {
       "name": "mise",
       "description": "Install and manage mise (tool version manager) in Claude Code sessions. Provides session-start auto-install for web sessions and comprehensive workflow skills.",
-      "version": "0.2.17",
+      "version": "0.2.18",
       "author": {
         "name": "Nathan Heaps"
       },
@@ -353,7 +353,7 @@
     {
       "name": "permissions-sync",
       "description": "Merge permission scopes from configurable source settings.json files into settings.local.json on session start. Supports project-level and user-level installation.",
-      "version": "0.1.11",
+      "version": "0.1.12",
       "author": {
         "name": "Nathan Heaps"
       },
@@ -478,7 +478,7 @@
     {
       "name": "sequential-thinking",
       "description": "Set up the sequential-thinking MCP server and auto-configure permissions for its tools on session start.",
-      "version": "0.1.10",
+      "version": "0.1.11",
       "author": {
         "name": "Nathan Heaps"
       },

.claude/plugins.settings.yaml

@@ -10,7 +10,7 @@ github:
 github-app:
   # Fetch all GitHub App secrets from a single 1Password item.
   # Uses bin/op-exec to render item fields as environment variables.
-  ref: 'op://heapsinfra/github-app--repo--ai-mktpl'
+  ref: 'op://AI-Jack/github-app--repo--ai-mktpl'
   # Item fields expected:
   #   GITHUB_APP_ID
   #   GITHUB_APP_CLIENT_ID
@@ -23,3 +23,21 @@ mise:
 
 edit-utils:
   formatter: 'prettier --write'
+
+1pass:
+  enabled: true
+  autoInstall: false
+  # Inject 1Password secrets as environment variables at session start.
+  # Requires OP_SERVICE_ACCOUNT_TOKEN to be set (e.g. via settings.local.json env block),
+  # or op to be signed in interactively on local sessions.
+  #
+  # Each entry: envVar (required), reference (required), target (optional, default: envFile)
+  # Valid targets:
+  #   envFile           — write to CLAUDE_ENV_FILE (session-scoped, not persisted, recommended)
+  #   settingsLocalJson — write to .claude/settings.local.json env block (persists, gitignored)
+  #   settingsJson      — write to .claude/settings.json env block (persists, COMMITTED to git)
+  #   userSettingsJson  — write to ~/.claude/settings.json env block (user-global, not committed)
+  secrets:
+    - envVar: BRAINTRUST_API_KEY
+      reference: 'op://AI-Jack/Braintrust/api-key'
+      target: userSettingsJson

.claude/settings.json

@@ -113,6 +113,7 @@
     ]
   },
   "enabledPlugins": {
+    "trace-claude-code@braintrust-claude-plugin": true,
     "agent-sdk-dev@claude-plugins-official": false,
     "code-review@claude-plugins-official": false,
     "plugin-dev@claude-plugins-official": true,
@@ -142,6 +143,12 @@
         "source": "github",
         "repo": "nsheaps/ai-mktpl"
       }
+    },
+    "braintrust-claude-plugin": {
+      "source": {
+        "source": "github",
+        "repo": "braintrustdata/braintrust-claude-plugin"
+      }
     }
   }
 }

plugins/1pass/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "1pass",
-  "version": "0.1.11",
+  "version": "0.2.0",
   "description": "Install and manage 1Password CLI (op) and op-exec in Claude Code sessions. Provides session-start auto-install for web sessions and comprehensive workflow skills.",
   "author": {
     "name": "Nathan Heaps",

plugins/1pass/1pass.settings.yaml

@@ -31,3 +31,26 @@
   # Specific op-exec version to install (default: latest)
   # opExecVersion: "1.0.0"
   opExecVersion: 'latest'
+
+  # Inject 1Password secrets as environment variables at session start.
+  # Requires op to be available and authenticated (OP_SERVICE_ACCOUNT_TOKEN set,
+  # or op signed in interactively on local sessions).
+  #
+  # Each entry has:
+  #   envVar:    (required) Environment variable name to set
+  #   reference: (required) 1Password secret reference (op://vault/item/field)
+  #   target:    (optional) Where to write the variable. One of:
+  #                envFile           — append to CLAUDE_ENV_FILE (session-scoped, default)
+  #                settingsJson      — write to .claude/settings.json env block (committed)
+  #                settingsLocalJson — write to .claude/settings.local.json env block (gitignored)
+  #                userSettingsJson  — write to ~/.claude/settings.json env block (user-global, not committed)
+  #
+  # Example:
+  #   secrets:
+  #     - envVar: BRAINTRUST_API_KEY
+  #       reference: "op://Personal/Braintrust/api-key"
+  #       target: envFile
+  #     - envVar: ANTHROPIC_API_KEY
+  #       reference: "op://Work/Claude API Key/credential"
+  #       target: envFile
+  secrets: []

plugins/1pass/README.md

@@ -40,6 +40,64 @@ Create or update `plugins.settings.yaml` at project or user level:
   opExecVersion: "latest" # Pin a specific op-exec version or use "latest"
 ```
 
+## Secrets Injection
+
+The plugin can inject 1Password secrets as environment variables at session start. This works on **all session types** (local and web), as long as `op` is available and authenticated.
+
+### Secrets Configuration
+
+Each secret entry has three fields:
+
+| Field       | Required | Description                                                  |
+| ----------- | -------- | ------------------------------------------------------------ |
+| `envVar`    | yes      | Environment variable name to set (e.g. `BRAINTRUST_API_KEY`) |
+| `reference` | yes      | 1Password secret reference in `op://vault/item/field` format |
+| `target`    | no       | Where to write the variable (default: `envFile`)             |
+
+### Target Options
+
+The `target` field controls where the resolved secret value is persisted:
+
+| Target              | File written                                | Scope                                       | Committed to git?                 |
+| ------------------- | ------------------------------------------- | ------------------------------------------- | --------------------------------- |
+| `envFile` (default) | `$CLAUDE_ENV_FILE`                          | Current session only — gone on next session | No                                |
+| `settingsJson`      | `.claude/settings.json` → `env` block       | Persists across sessions                    | **Yes** — visible in repo history |
+| `settingsLocalJson` | `.claude/settings.local.json` → `env` block | Persists across sessions                    | No — gitignored                   |
+| `userSettingsJson`  | `~/.claude/settings.json` → `env` block     | User-global, persists across all projects   | No — outside repo                 |
+
+**When to use which target:**
+
+- **`envFile`** — Best for most secrets. Session-scoped, no disk persistence, no git risk. Re-injected fresh each session from 1Password. This is the default and recommended target.
+- **`settingsLocalJson`** — Use when you need the secret to survive across sessions without re-injection (e.g. if `op` auth is only available during initial setup). The file is gitignored so secrets won't leak to the repo.
+- **`userSettingsJson`** — Use for secrets that should be available across all projects for a user. Writes to `~/.claude/settings.json` which is outside any repo. Good for API keys used across multiple projects (e.g. `BRAINTRUST_API_KEY`).
+- **`settingsJson`** — Use only for non-sensitive values you want committed. **Never use this for actual secrets** — the file is tracked by git.
+
+### Example
+
+```yaml
+1pass:
+  enabled: true
+  secrets:
+    # API key re-injected each session (recommended)
+    - envVar: BRAINTRUST_API_KEY
+      reference: "op://Personal/Braintrust/api-key"
+      target: envFile
+
+    # Persists locally between sessions (gitignored)
+    - envVar: DATABASE_URL
+      reference: "op://Work/Production DB/connection_string"
+      target: settingsLocalJson
+
+    # Non-secret config value committed to repo
+    - envVar: SENTRY_ORG
+      reference: "op://Work/Sentry/org-slug"
+      target: settingsJson
+
+    # target defaults to envFile when omitted
+    - envVar: ANTHROPIC_API_KEY
+      reference: "op://Work/Claude API Key/credential"
+```
+
 ## Authentication
 
 The op CLI requires authentication. Options: