Metadata-Version: 2.4
Name: wslop
Version: 0.1.0
Summary: WSL wrapper for 1Password CLI with stdout/stderr secret redaction
Project-URL: Repository, https://github.com/frohoff/wslop
Project-URL: Issues, https://github.com/frohoff/wslop/issues
Author-email: Chris Frohoff <chris@frohoff.org>
License-Expression: MIT
License-File: LICENSE
Keywords: 1password,cli,op,secrets,wsl
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: POSIX :: Linux
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Requires-Python: >=3.10
Requires-Dist: ptyprocess>=0.7
Requires-Dist: python-dotenv>=1.2.2
Description-Content-Type: text/markdown

# wslop

A drop-in replacement for the [1Password CLI](https://developer.1password.com/docs/cli/)'s `op` in [WSL (Windows Subsystem for Linux)](https://learn.microsoft.com/en-us/windows/wsl/), backed by the analogous Windows `op.exe` and the 1Password desktop app — no separate Linux sign-in required. Inspired by [oprun.sh](https://github.com/MykalMachon/oprun.sh).


wslop's `op run` resolves secrets by invoking Windows' `op.exe inject` via [WSL's interop layer](https://learn.microsoft.com/en-us/windows/wsl/interop) and then runs your command normally as a Linux process with secrets injected and redacted from stdout/stderr. All other subcommands transparently pass through to `op.exe` with WSL-to-Windows path translation.

## Installation

```bash
uv tool install wslop  # or
pipx install wslop     # or
pip install wslop
```

Usually `uv`/`pipx` installs `op` to `~/.local/bin`. Ensure that `op` appears before any `op.exe` entry in your `PATH` (it typically will by default in WSL).

## Usage

```bash
# op run — secrets resolved, injected into executed Linux process, redacted from output
op run --env-file .env -- python script.py
op run --no-masking --env-file .env -- python script.py   # disable redaction
op run --debug --env-file .env -- python script.py        # show debug output

# op:// references already in the environment are resolved automatically
DATABASE_URL=op://vault/item/field op run -- python script.py

# Everything else passes through to op.exe transparently
op whoami
op item get "My Secret"
op document get "secret.pdf" --out-file /mnt/c/Downloads/secret.pdf
op inject -i /mnt/c/template.txt -o /mnt/c/output.txt
```

## `op run` Flags

| Flag | Description |
|------|-------------|
| `--env-file <path>` / `-e <path>` | Load secret references from a file (repeatable; later files override earlier) |
| `--account <account>` | Target a specific 1Password account for secret resolution |
| `--no-masking` | Disable secret redaction from output |
| `--debug` | Show debug output from both wslop and op.exe |

`op://` references already set in the environment are also resolved automatically, matching native `op run` behaviour. `--env-file` overrides the same key from the process environment.

Flags accept both space-separated (`--env-file .env`) and equals (`--env-file=.env`) forms.

Note that any unrecognized flags cause the full invocation to fall back to `op.exe run`, which spawns a Windows process rather than a Linux one.

## Path Translation

File path arguments are automatically translated from WSL paths to Windows paths for `op.exe` passthrough subcommands. Translation is command-aware and only the specific flags and positional positions that take file paths are translated, not arbitrary arguments. Paths don't need to exist and translation is purely string-based.

| Subcommand | Translated arguments |
|------------|---------------------|
| `inject` | `-i`/`--in-file`, `-o`/`--out-file` |
| `read` | `-o`/`--out-file` |
| `document get` | `-o`/`--out-file` |
| `document create` | positional file argument |
| `document edit` | positional file argument (second positional, after item name) |
| `item create` | `--template` |
| `item edit` | `--template` |
| `item template get` | `-o`/`--out-file` |
| `update` | `--directory` |

Path translation is handled by `wslpath -w`.

Note that wslop doesn't do anything special with line-endings so behavior will depend on underlying `op.exe` behavior. wslop supports `--env-file` files with either line-endings.

## Env File Format

```bash
# Comments are supported
DATABASE_URL=op://vault-name/item-name/field-name
API_KEY="op://vault-name/item-name/field-name"
PLAIN_VAR=some-non-secret-value
```

## Development

```bash
uv sync --group dev
uv run poe test                # unit tests
uv run poe test-live           # + integration tests (requires op.exe and 1Password session)
                               #   create op://Automation/wslop-test/password = wslop-s3cr3t-v@lue-42
uv run poe lint
uv run poe typecheck
uv run poe release             # tag, GitHub release, and PyPI publish

uv tool install .              # install from local source
```

## Requirements

- WSL (Windows Subsystem for Linux)
- 1Password CLI (`op.exe`) installed on Windows and signed in via the desktop app
- Python 3.10+
