Skip to content

feat: add item_get, item_edit, item_list, note_create, and item_archive tools#7

Closed
u2giants wants to merge 5 commits into
CakeRepository:masterfrom
u2giants:feat/item-get-edit-list
Closed

feat: add item_get, item_edit, item_list, note_create, and item_archive tools#7
u2giants wants to merge 5 commits into
CakeRepository:masterfrom
u2giants:feat/item-get-edit-list

Conversation

@u2giants

Copy link
Copy Markdown
Contributor

Motivation

The server can create, read, and delete passwords, but AI agents cannot
yet read a full item, edit an item after creation, or enumerate
a vault's items
. These three tools close that gap so agents can manage
items end-to-end (e.g. add a note or custom field to a freshly created
login, or discover item IDs without a title search).

All changes are additive — no existing tool behavior is altered.

New tools

item_get

Retrieve a full item via vaultId + itemId or a secretReference
(op://vault/item/field). Returns title, category, tags, notes,
sections, websites, and all fields (id, title, type,
section, value).

  • Inputs: secretReference?, vaultId?, itemId?, reveal? (default false)
  • Conceal-by-default: Concealed field values are replaced with
    [concealed] unless reveal: true, mirroring password_read.

item_edit

Edit an existing item; the item is fetched, changes applied immutably,
then written back via items.put. Unreferenced fields are left untouched
and field values are never logged.

  • Inputs: vaultId, itemId, and any of: title, notes, tags
    (replace), url, fields ({idOrTitle, type:'text'|'concealed', value, section?} upsert), removeFields (ids/titles to delete).
  • Notes create/edit/delete: passing notes: "" clears notes; omitting
    notes preserves them.

item_list

  • Input: vaultId
  • Returns [{ id, title, category, tags, updatedAt }] for every item in
    the vault. Metadata only — no secret values are read or emitted.

Security

  • Conceal-by-default; secrets revealed only when explicitly requested
    (reveal / returnSecret semantics consistent with existing tools).
  • No field values written to stdout or logs (item_edit logs only change
    counts/flags).
  • All errors flow through errorResult(); all logging via log()/logError().

Implementation notes

  • TypeScript strict, no any — uses @1password/sdk types (Item,
    ItemField, ItemOverview, ItemFieldType, AutofillBehavior) with
    no casts in the new files.
  • One file per tool under src/tools/, each exporting a register<Name>
    fn wired into registerAllTools().

Tests

  • Added tests for each new tool in tests/tools.test.ts (conceal vs
    reveal, secret-reference resolution, field upsert/remove + unreferenced-
    field preservation, notes-clear vs notes-preserve, list metadata leakage
    guard, error paths). SDK client is fully mocked — no real tokens or
    vault data.
  • npm run build && npm test green locally; CI runs lint+build+test on
    Node 18, 20, and 22.

Follow-ups (not in this PR, to keep it focused)

  • note_create (Secure Note item) and item_archive (the SDK exposes
    items.archive) — happy to add in a follow-up PR.

Contributions licensed under Apache-2.0.

u2giants and others added 3 commits June 22, 2026 10:42
Retrieve a full 1Password item (title, category, tags, notes, and all
fields with id/title/type/section) via vault+item ID or a secret
reference. Concealed field values are hidden behind a placeholder unless
the caller passes reveal=true, mirroring password_read's conceal pattern.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Edit an existing item after creation: title, notes (empty string clears
notes — the create/edit/delete-notes capability), tags, website URL, and
field upserts/removals. The item is fetched, changes are applied
immutably, and written back via items.put; unreferenced fields are left
untouched and field values are never logged.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
List every item in a vault, returning id, title, category, tags, and
updatedAt for each. Returns metadata only — no secret values are read or
emitted. Also documents item_get/item_edit/item_list in the README tools
table.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
u2giants and others added 2 commits June 22, 2026 13:18
Create a Secure Note item (ItemCategory.SecureNote) with a title, note
body, optional tags, and optional custom text/concealed fields. Mirrors
password_create conventions (items.create, errorResult, log/logError) and
never logs field values. Closes CakeRepository#8.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Archive an item via the SDK's items.archive(vaultId, itemId), moving it
to the archive instead of permanently deleting it. Guards with a
capability check (like item_delete) so older SDKs return a clean
errorResult. Closes CakeRepository#9.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@u2giants u2giants changed the title feat: add item_get, item_edit (notes + fields), and item_list tools feat: add item_get, item_edit, item_list, note_create, and item_archive tools Jun 22, 2026
@u2giants

Copy link
Copy Markdown
Contributor Author

Expanded this PR with two more item-management tools (originally tracked as follow-ups #8 and #9):

  • note_create — create a Secure Note item with optional tags and custom fields.
  • item_archive — archive an item via the SDK's items.archive (soft-delete) instead of permanent deletion.

Both follow existing conventions (no any, errorResult/log/logError, capability guards), include tests with a mocked client, and keep the conceal-by-default / no-secrets-in-logs behavior. README tools table updated to 13. npm run build && npm test green (77 tests).

u2giants added a commit to u2giants/1Password-MCP that referenced this pull request Jun 23, 2026
Renamed publish/u2giants-scope -> main (now the default and only working
branch); deleted master and stale copilot/* branches. feat/item-get-edit-list
is kept (backs upstream PR CakeRepository#7).

- Update branch references (publish/u2giants-scope, master) to main across
  AGENTS.md, CLAUDE.md, PUBLISHING.md, CONTRIBUTING.md, CHANGELOG.md, and
  scripts/bump-version.mjs; rewrite the "two package names across branches"
  quirk for main vs feat/item-get-edit-list.
- ci.yml: trigger on main (was master) so CI actually runs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@CakeRepository CakeRepository requested a review from Copilot July 3, 2026 22:06

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds new MCP tools to expand item management beyond create/read/delete by enabling full item retrieval, editing, vault-wide enumeration, secure note creation, and item archiving. This fits into the existing src/tools/* tool registry pattern and extends the server’s 1Password automation surface area.

Changes:

  • Added new tools: item_get, item_edit, item_list, note_create, item_archive, and wired them into registerAllTools().
  • Extended test coverage in tests/tools.test.ts to validate new tool behaviors (conceal vs reveal, upsert/remove, list metadata leakage guard, etc.).
  • Updated README tool list/count to reflect the expanded toolset.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
tests/tools.test.ts Adds/updates unit tests to cover registration count and new tool behaviors.
src/tools/item-get.ts Implements full item retrieval with conceal-by-default behavior and secret reference resolution path.
src/tools/item-edit.ts Implements immutable item editing via items.get + items.put, including field upsert/remove.
src/tools/item-list.ts Implements vault item listing that returns metadata only (no secret values).
src/tools/note-create.ts Implements Secure Note creation with optional tags and custom fields.
src/tools/item-archive.ts Implements item archiving via items.archive.
src/tools/index.ts Registers the new tools in registerAllTools().
README.md Updates documented tool count and adds the new tools to the list.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/tools/item-get.ts
export function registerItemGet(server: McpServer): void {
server.tool(
"item_get",
"Retrieve a full 1Password item — title, category, tags, notes, and all fields (id, title, type, section). Concealed field values are hidden unless reveal is true. Accepts a secret reference (op://vault/item) or vault ID + item ID.",
Comment thread src/tools/item-get.ts
Comment on lines +48 to +50
.describe(
"Secret reference in op://vault/item format. If provided, vaultId and itemId are ignored.",
),
Comment thread README.md
Comment on lines +21 to +26
| `item_list` | List all items in a vault (id, title, category, tags, updatedAt) |
| `item_get` | Retrieve a full item (title, category, tags, notes, fields); conceals secret values unless `reveal` is true |
| `item_edit` | Edit an item's title, notes, tags, URL, and fields (upsert/remove); empty `notes` clears notes |
| `item_delete` | Delete an item from a vault |
| `item_archive` | Archive an item (move to archive instead of permanently deleting) |
| `note_create` | Create a Secure Note item with optional tags and custom fields |
Comment thread src/tools/note-create.ts
Comment on lines +19 to +23
idOrTitle: z
.string()
.min(1)
.describe("Field id and title to create."),
type: z
@CakeRepository

Copy link
Copy Markdown
Owner

Closing because all these changes (along with the follow-up note_create and item_archive tools) have already been merged into master via PR #11.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants