Tier A Update

integrations/1password/README.md

@@ -1,6 +1,6 @@
 # <img src="https://provider-logos.metorial-cdn.com/1password.png" height="20"> 1password
 
-Manage passwords, secrets, and sensitive credentials stored in encrypted vaults. Retrieve secrets using reference URIs, create/read/update/delete vault items including API keys, passwords, SSH keys, and file attachments. Generate passwords with configurable recipes. Share items securely with expiration and recipient controls. Manage vaults, users, and groups with permissions. Monitor account activity through audit events, item usage events, and sign-in attempt events for SIEM integration.
+Manage passwords, secrets, and sensitive credentials stored in encrypted vaults through the 1Password Connect Server API. Create, read, update, delete, list, and search vault items; inspect vault metadata; download item file attachments as Slate attachments; generate passwords; check Connect server health; and monitor account activity through audit, item usage, and sign-in events.
 
 ## Tools
 
@@ -12,22 +12,46 @@ Create a new item in a 1Password vault. Supports creating logins, passwords, API
 
 Delete an item from a 1Password vault. This permanently removes the item and cannot be undone. To archive an item instead, use the Update Item tool with a patch operation to set the state.
 
+### Get File Metadata
+
+Retrieve metadata for a specific file attachment on a 1Password item without downloading file bytes.
+
 ### Generate Password
 
 Generate a secure password using 1Password's password generator. Creates a temporary PASSWORD item in the specified vault with a generated password field, retrieves the generated value, then deletes the temporary item. Supports configuring length, character sets, and excluded characters.
 
 ### Get File Content
 
-Retrieve the content of a file attachment stored on a 1Password item. Use the Get Item tool first to discover file IDs and names attached to an item. Returns the file content as text.
+Download the content of a file attachment stored on a 1Password item. Use Get Item or List Files first to discover file IDs and names attached to an item. Returns file bytes through a Slate attachment and keeps structured output to metadata.
 
 ### Get Item
 
 Retrieve the full details of a specific item from a vault, including all fields, sections, files, and metadata. Use this to read passwords, API keys, notes, and other secrets stored in 1Password.
 
+### Get Prometheus Metrics
+
+Retrieve Prometheus metrics from the 1Password Connect server. Returns metrics text through a Slate attachment.
+
+### Get Server Heartbeat
+
+Ping the 1Password Connect server heartbeat endpoint to verify the server is reachable.
+
 ### Get Server Health
 
 Check the health and status of the 1Password Connect server, including its version and the status of dependent services. Useful for verifying connectivity and diagnosing issues.
 
+### Get Vault
+
+Retrieve metadata for a specific vault accessible to the Connect token.
+
+### List API Activity
+
+List recent API activity recorded by the 1Password Connect server, including action, result, actor, and affected resource metadata.
+
+### List Files
+
+List file attachments on a 1Password item. Returns metadata only.
+
 ### List Items
 
 List items stored in a specific vault. Returns item summaries including titles, categories, tags, and URLs. Use the filter parameter to search by title or tag. For full item details including field values, use the Get Item tool.

integrations/1password/docs/SPEC.md

@@ -18,6 +18,7 @@ Each service account has a service account token that you can provide as an envi
 - Service account permissions, vault access, and Environment access are immutable. To change them, you must create a new service account.
 - Service accounts can't access your built-in Personal, Private, or Employee vault.
 - Created via 1Password.com (Developer > Directory) or via 1Password CLI.
+- 1Password service accounts are exposed through the 1Password CLI and SDKs, not the Connect REST endpoints used by this integration's item, vault, file, and server tools. Those tools require the Connect Server Token auth method and a Connect server URL.
 
 ### Connect Server Token (Connect REST API)
 
@@ -45,29 +46,29 @@ Retrieve individual secret values stored in 1Password using secret reference URI
 
 ### Item Management
 
-Full programmatic access to 1Password items, including creating, reading, updating, deleting, listing, and sharing information stored in vaults. Supported field types include API Keys, Passwords, Concealed fields, Text fields, Notes, SSH private keys, One-time passwords, URLs, Credit card numbers, Emails, File attachments, Document items, Passkeys, and more. Items can also be archived.
+Programmatic access to 1Password Connect vault items, including creating, reading, replacing, patching, deleting, listing, and searching items stored in accessible vaults. Supported field types include passwords, concealed fields, text fields, notes, one-time passwords, URLs, emails, and other Connect item fields. Items can be modified with JSON Patch operations where the Connect API supports them.
 
 ### Item Sharing
 
-Securely share items with anyone, whether or not they have a 1Password account. Creates shareable links with configurable expiration (1 hour to 30 days), optional recipient restrictions by email/domain, and one-time view settings. If you have a 1Password Business account, it will also validate the settings against the item sharing policy set by your account owner or administrator.
+1Password service accounts and SDKs support item sharing, but the Connect REST API does not expose item sharing. This integration does not currently provide an item sharing tool.
 
 ### Password Generation
 
 Generate passwords using a PIN, Random, or Memorable password recipe. PIN codes have configurable length. Random passwords can include/exclude digits and symbols with configurable length. Memorable passwords support configurable separators (spaces, hyphens, underscores, periods, commas) and can use full words or random syllables.
 
 ### Vault Management
 
-Manage your team's vaults and the permissions groups have in them. Operations include retrieving, creating, updating, deleting, and listing vaults, as well as managing group vault permissions and user vault permissions.
+Retrieve and list vaults accessible to the Connect token. Creating, updating, deleting, and permission management for vaults are service-account/SDK or CLI workflows and are not exposed by this Connect-focused integration.
 
 ### User and Group Management
 
-Provision users, retrieve users, list users, suspend users, retrieve groups, list groups, create groups, and update group membership.
+1Password SDKs list user and group capabilities, but these are not exposed through the Connect REST API tools in this integration.
 
 - These operations typically require desktop app authentication rather than service account authentication.
 
 ### File Management
 
-Store and retrieve file attachments and document items in vaults. Files can be attached to items and shared via item sharing links.
+List file attachments on items, retrieve file metadata, and download file contents through Slate attachments. Connect exposes existing file attachments but does not provide an upload endpoint.
 
 ### Events Reporting
 

integrations/1password/package.json

@@ -4,15 +4,19 @@
   "type": "module",
   "scripts": {
     "build": "bunx @vercel/ncc build src/index.ts -o dist -m -s",
+    "test": "vitest run --config vitest.config.ts --passWithNoTests",
     "typecheck": "tsc --noEmit"
   },
   "dependencies": {
+    "@lowerdeck/error": "^1.1.0",
     "@types/node": "^20",
-    "slates": "1.0.0-rc.14",
+    "slates": "1.0.0-rc.15",
     "zod": "^4.2"
   },
   "devDependencies": {
-    "typescript": "^5"
+    "@slates/test": "1.0.0-rc.9",
+    "typescript": "^5",
+    "vitest": "^3.1.2"
   },
-  "version": "0.2.0-rc.5"
+  "version": "0.2.0-rc.7"
 }

integrations/1password/slate.json

@@ -1,15 +1,13 @@
 {
   "name": "@metorial/1password",
-  "description": "Manage passwords, secrets, and sensitive credentials stored in encrypted vaults. Retrieve secrets using reference URIs, create/read/update/delete vault items including API keys, passwords, SSH keys, and file attachments. Generate passwords with configurable recipes. Share items securely with expiration and recipient controls. Manage vaults, users, and groups with permissions. Monitor account activity through audit events, item usage events, and sign-in attempt events for SIEM integration.",
+  "description": "Manage passwords, secrets, and sensitive credentials stored in encrypted vaults through 1Password Connect. Create, read, update, delete, list, and search vault items; inspect vault metadata; retrieve file attachments through Slate attachments; generate passwords; check Connect server health; and monitor audit, item usage, and sign-in events.",
   "categories": ["apis-and-http-requests", "security"],
   "skills": [
-    "resolve secrets by reference",
     "manage vault items",
+    "inspect vault metadata",
     "generate passwords",
-    "share items securely",
-    "manage vaults and permissions",
-    "manage users and groups",
-    "store and retrieve files",
+    "download file attachments",
+    "monitor connect server health",
     "monitor audit events",
     "track sign-in attempts",
     "track item usage events"

integrations/1password/src/index.ts

@@ -5,8 +5,14 @@ import {
   deleteItem,
   generatePassword,
   getFileContent,
+  getFileMetadata,
   getItem,
+  getPrometheusMetrics,
   getServerHealth,
+  getServerHeartbeat,
+  getVault,
+  listApiActivity,
+  listFiles,
   listItems,
   listVaults,
   searchItems,
@@ -23,15 +29,21 @@ export let provider = Slate.create({
   spec,
   tools: [
     listVaults,
+    getVault,
     listItems,
     searchItems,
     getItem,
     createItem,
     updateItem,
     deleteItem,
     generatePassword,
+    listFiles,
+    getFileMetadata,
     getFileContent,
-    getServerHealth
+    listApiActivity,
+    getServerHeartbeat,
+    getServerHealth,
+    getPrometheusMetrics
   ],
   triggers: [
     inboundWebhook,