fix: use op whoami instead of op account list for auth check (#9)

jack-nsheaps[bot] · web-flow · commit 98cce0874d48 · 2026-03-30T16:13:59.000-04:00
op account list doesn't work with service account tokens
(OP_SERVICE_ACCOUNT_TOKEN) — it returns non-zero because service
accounts don't have "accounts" in the traditional sense. This causes
op-exec to fail after a system restart when only the service account
token is available.

op whoami works with both interactive sessions and service account
tokens, making it the correct auth check.

Co-authored-by: jack-nsheaps[bot] &lt;254347511+jack-nsheaps[bot]@users.noreply.github.com&gt;
diff --git a/bin/op-exec b/bin/op-exec
@@ -197,9 +197,10 @@ main() {
   command -v op >/dev/null 2>&1 || fatal "1Password CLI (op) not found"
   command -v jq >/dev/null 2>&1 || fatal "jq not found"
 
-  # Check if signed in
-  if ! op account list >/dev/null 2>&1; then
-    fatal "Not signed in to 1Password. Run 'op signin' first."
+  # Check if signed in (use whoami, not account list — account list
+  # doesn't work with service account tokens)
+  if ! op whoami >/dev/null 2>&1; then
+    fatal "Not signed in to 1Password. Run 'op signin' first, or set OP_SERVICE_ACCOUNT_TOKEN."
   fi
 
   # Parse reference
