Guide
Bun Package Manager Replacement - Implementation Summary
Read More
CI Status for PR #179 - OpenRouter and Axum Fix
Read More
Cloudflare Pages Deployment for Terraphim AI Documentation
Read More
Conare AI vs Terraphim: Implementation Summary
Read More
LLM Markdown Linter Design for Terraphim KG Schemas
Read More
LLM Markdown Linter Implementation Plan
Read More
OpenRouter Integration Testing Plan - Implementation Complete
Read More
Terraphim AI Release Process
Read More
Ripgrep Tag Filtering Documentation
Read More
Tauri Signing Keys - 1Password Integration
Read More
Untitled
Read More
Atomic Client Feature Flag Documentation
Read More
Terraphim Agent Auto-Update System
Read More
Terraphim AI Component Architecture
Read More
Conare AI vs Terraphim: Context Engineering Comparison
Read More
Context Collections Management
Read More
Context Engineering with Terraphim: Quick Start
Read More
Terraphim AI Deployment Guide
Read More
Duplicate Handling in Terraphim AI
Read More
GitHub Actions Issues and Proposed Fixes
Read More
GitHub Actions Release Workflow Fix Implementation Plan
Read More
GitHub Secrets Setup Guide
Read More
Terraphim AI Installation and Deployment Guide
Read More
knowledge-graph
Read More
LLM Proxy Configuration Guide
Read More
MCP File Context Tools
Read More
Perplexity Integration for Terraphim AI
Read More
Platform-Specific Installation Guide
Read More
Terraphim TUI Features
Read More
Terraphim Terminal User Interface (TUI)
Read More
context-library
Context Library
Read More
examples
Terraphim AI Examples & Integration Guide
Read More
specifications
Chat & Session History - Quick Reference
Read More
Chat and Session History Specification
Read More
Terraphim Agent Session Search - Architecture Document
Read More
Terraphim Agent Session Search - Feature Specification
Read More
Terraphim Agent Session Search - Implementation Tasks
Read More
Terraphim-Based Codebase Evaluation Check
Read More
Terraphim Desktop Application - Technical Specification
Read More
src
Terraphim AI Architecture
Read More
Code of Conduct
Read More
Contributing to Terraphim AI
Read More
Using Terraphim Desktop with Claude via MCP
Read More
Design Decisions
Read More
Introduction
Read More
Terraphim documentation
Read More
Summary
Read More
Use cases for Terraphim AI
Read More
Terraphim AI Agent Evolution System Architecture
Read More
5 AI Agent Workflows for Consistent Results (with Code) | Data Science Collective
Read More
Terraphim AI Agent Evolution System - API Reference
Read More
Atomic Server Integration
Read More
Automata Paragraph Extraction
Read More
Branch Protection and Security
Read More
Code Assistant Implementation (PR #277)
Read More
Terraphim Crates Overview
Read More
Development Setup Guide
Read More
Graph Connectivity Check for Matched Terms
Read More
Haystack Configuration with Extra Parameters
Read More
Homebrew Formula for Terraphim AI
Read More
Knowledge Graph Bug Reporting Enhancement
Read More
MCP Integration
Read More
OpenRouter AI-Powered Article Summarization
Read More
Release Process for Terraphim AI
Read More
Test KG Auto-linking Demo
Read More
Relationship between Aircraft and Crew
Read More
Terraphim AI Agent Evolution System - Testing Matrix
Read More
TypeScript Bindings with tsify
Read More
Terraphim TUI
Read More
Terraphim AI Agent Workflow Patterns Guide
Read More
src/components
Terraphim Atomic Client
Read More
Terraphim Automata
Read More
Terraphim Service
Read More
src/guides/setup
1Password Integration for Terraphim AI\n\n## Overview\n\nThis document describes the comprehensive 1Password integration for Terraphim AI, providing enterprise-grade secret management across all components including backend services, desktop applications, and CI/CD pipelines.\n\n## Architecture\n\n### Three-Vault Strategy\n\n- **`Terraphim-Dev`**: Development environment secrets\n- **`Terraphim-Prod`**: Production environment secrets \n- **`Terraphim-Shared`**: Shared secrets across environments (signing keys, monitoring)\n\n### Integration Methods\n\n#### Method 1: Process Memory Injection (Recommended)\n```bash\n# Secrets are injected directly into process memory\nop run --env-file=\".env.terraphim\" -- cargo run\n```\n\n#### Method 2: Secure File Injection\n```bash\n# Secrets are written to secure temporary files\nop inject -i templates/settings.toml.template -o settings.toml\ncargo run\n```\n\n## Setup Instructions\n\n### 1. Install 1Password CLI\n\n**macOS:**\n```bash\nbrew install 1password-cli\n```\n\n**Linux:**\n```bash\ncurl -sS https://downloads.1password.com/linux/keys/1password.asc | gpg --import\nwget https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb\nsudo dpkg -i 1password-cli-amd64-latest.deb\n```\n\n### 2. Initialize 1Password Integration\n\n```bash\n# Run the setup script to create vaults and secret structure\n./scripts/setup-1password-terraphim.sh dev\n\n# For production setup\n./scripts/setup-1password-terraphim.sh prod\n\n# For complete setup\n./scripts/setup-1password-terraphim.sh all\n```\n\n### 3. Populate Secrets\n\nAfter running the setup script, you'll need to update the placeholder values in 1Password with actual secrets:\n\n1. Open 1Password and navigate to the appropriate vault\n2. Update each secret item with real values\n3. Ensure all `op://` references in templates are valid\n\n## Usage\n\n### Backend Services\n\n#### Option 1: Direct 1Password Integration\n```rust\nuse terraphim_settings::DeviceSettings;\n\n#[tokio::main]\nasync fn main() -> Result<(), Box> {\n // Load settings with 1Password integration\n let settings = DeviceSettings::load_with_onepassword(None).await?;\n println!(\"Loaded settings with resolved secrets\");\n Ok(())\n}\n```\n\n#### Option 2: Template-based Configuration\n```bash\n# Generate configuration from template\nop inject -i templates/settings.toml.template -o settings.toml\n\n# Run application with resolved configuration\ncargo run\n```\n\n### Desktop Application\n\nThe Tauri desktop application includes built-in 1Password commands:\n\n```typescript\nimport { invoke } from '@tauri-apps/api/tauri';\n\n// Check 1Password status\nconst status = await invoke('onepassword_status');\nconsole.log('1Password available:', status.available);\nconsole.log('1Password authenticated:', status.authenticated);\n\n// Resolve a secret reference\nconst secret = await invoke('onepassword_resolve_secret', {\n request: { reference: 'op://Terraphim-Dev/OpenRouter/API_KEY' }\n});\n\n// Process configuration with 1Password\nconst config = await invoke('onepassword_process_config', {\n request: { config: 'api_key = \"op://Terraphim-Dev/OpenRouter/API_KEY\"' }\n});\n```\n\n### CI/CD Integration\n\nUse the enhanced GitHub Actions workflow with 1Password service accounts:\n\n```yaml\n# .github/workflows/ci-1password.yml\nname: CI with 1Password\n\nenv:\n OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}\n\njobs:\n build:\n steps:\n - name: Install 1Password CLI\n uses: 1password/install-cli-action@v1\n \n - name: Generate configuration\n run: |\n op inject -i templates/env.terraphim.template -o .env.terraphim\n \n - name: Build with secrets\n run: |\n source .env.terraphim\n cargo build --release\n```\n\n## Configuration Templates\n\n### Environment Variables Template\n```bash\n# templates/env.terraphim.template\nOPENROUTER_API_KEY=\"op://Terraphim-Dev/OpenRouter/API_KEY\"\nANTHROPIC_API_KEY=\"op://Terraphim-Dev/Anthropic/API_KEY\"\nATOMIC_SERVER_SECRET=\"op://Terraphim-Dev/AtomicServer/SECRET\"\n```\n\n### Settings Configuration Template\n```toml\n# templates/settings.toml.template\n[profiles.s3]\nbucket = \"op://Terraphim-Dev/AWS_S3/BUCKET_NAME\"\naccess_key_id = \"op://Terraphim-Dev/AWS_S3/ACCESS_KEY_ID\"\nsecret_access_key = \"op://Terraphim-Dev/AWS_S3/SECRET_ACCESS_KEY\"\n```\n\n### Application Configuration Template\n```json\n{\n \"llm\": {\n \"openrouter\": {\n \"api_key\": \"op://Terraphim-Dev/OpenRouter/API_KEY\"\n }\n }\n}\n```\n\n## Secret Categories\n\n### LLM API Keys\n- **OpenRouter**: `API_KEY`, `ORGANIZATION_ID`\n- **Anthropic**: `API_KEY`, `MODEL_NAME`\n- **Ollama**: `BASE_URL`, `MODEL_NAME`\n\n### Search Services\n- **Perplexity**: `API_KEY`\n- **Atomic Server**: `URL`, `SECRET`\n- **ClickUp**: `API_TOKEN`, `TEAM_ID`, `LIST_ID`\n\n### Cloud Storage\n- **AWS S3**: `ACCESS_KEY_ID`, `SECRET_ACCESS_KEY`, `BUCKET_NAME`, `REGION`\n- **Cloudflare R2**: `ACCOUNT_ID`, `ACCESS_KEY_ID`, `SECRET_ACCESS_KEY`\n\n### External APIs\n- **GitHub**: `TOKEN`, `ORGANIZATION`, `REPOSITORY`\n- **Discord**: `BOT_TOKEN`, `GUILD_ID`, `CHANNEL_ID`\n\n### Database Connections\n- **PostgreSQL**: `CONNECTION_STRING`, `USERNAME`, `PASSWORD`\n- **Redis**: `URL`, `PASSWORD`, `HOST`, `PORT`\n\n### Shared Secrets\n- **Tauri Signing**: `PRIVATE_KEY`, `PUBLIC_KEY`, `PASSPHRASE`\n- **Code Signing**: `CERTIFICATE_PATH`, `CERTIFICATE_PASSWORD`\n- **Monitoring**: `SENTRY_DSN`, `DATADOG_API_KEY`\n\n## Security Best Practices\n\n### 1. Vault Access Control\n- Use separate vaults for different environments\n- Implement least-privilege access policies\n- Regularly audit vault permissions\n\n### 2. Secret Rotation\n- Rotate API keys regularly\n- Update 1Password references when secrets change\n- Monitor for deprecated or expired secrets\n\n### 3. Template Security\n- Never include hardcoded secrets in templates\n- Use only `op://` references in configuration templates\n- Validate template format before deployment\n\n### 4. CI/CD Security\n- Use 1Password service accounts for automation\n- Limit service account permissions to specific vaults\n- Clean up generated configuration files after use\n\n## Troubleshooting\n\n### Common Issues\n\n#### 1Password CLI Not Authenticated\n```bash\n# Sign in to 1Password\nop signin\n\n# Verify authentication\nop vault list\n```\n\n#### Secret Reference Not Found\n```bash\n# Check vault contents\nop item list --vault=\"Terraphim-Dev\"\n\n# Verify specific item\nop item get \"OpenRouter\" --vault=\"Terraphim-Dev\"\n```\n\n#### Template Processing Failed\n```bash\n# Validate template syntax\nop inject -i templates/env.terraphim.template --dry-run\n\n# Check for malformed references\ngrep -n \"op://\" templates/env.terraphim.template\n```\n\n### Debug Commands\n\n```bash\n# Test 1Password integration\ncargo run --bin debug-onepassword\n\n# Validate configuration templates\n./scripts/validate-templates.sh\n\n# Check secret resolution\nop run --env-file=\".env.terraphim\" -- env | grep -E '^(OPENROUTER|ANTHROPIC)'\n```\n\n## Development Workflow\n\n### Local Development\n1. Install 1Password CLI and authenticate\n2. Run vault setup script: `./scripts/setup-1password-terraphim.sh dev`\n3. Populate development secrets in 1Password\n4. Generate configuration: `op inject -i templates/env.terraphim.template -o .env.terraphim`\n5. Run application: `source .env.terraphim && cargo run`\n\n### Testing\n1. Use separate test vault or test-specific items\n2. Generate test configuration with mock values\n3. Run tests with isolated secrets: `op run --env-file=\".env.test\" -- cargo test`\n\n### Production Deployment\n1. Use production vault and service accounts\n2. Validate all secret references before deployment\n3. Deploy using CI/CD pipeline with 1Password integration\n4. Monitor for secret-related errors and alerts\n\n## Migration Guide\n\n### From Environment Variables\n1. Identify current environment variables\n2. Create corresponding 1Password items\n3. Update configuration templates with `op://` references\n4. Test secret resolution in development\n5. Deploy with 1Password integration\n\n### From Configuration Files\n1. Extract sensitive values from configuration files\n2. Store values in 1Password vaults\n3. Replace sensitive values with `op://` references\n4. Use `op inject` to generate final configuration\n5. Update deployment scripts to use template injection\n\n## Support\n\nFor issues with 1Password integration:\n1. Check this documentation for common solutions\n2. Validate 1Password CLI installation and authentication\n3. Review secret references and vault permissions\n4. Test with minimal configuration first\n5. Contact the Terraphim team for additional support\n\n---\n\n**Next Steps:**\n- Set up your 1Password vaults using the setup script\n- Populate secrets with real values\n- Test integration in development environment\n- Deploy with 1Password-enhanced CI/CD pipeline
Read More
src/history
Lessons Learned
Read More
Progress Memories
Read More
Terraphim AI Project Memory
Read More
Current Work: Terraphim Multi-Role Agent System Testing & Production 🚀
Read More
Security Testing Lessons Learned (2025-10-07)
Read More
src/history/lessons-learned
Comprehensive Lessons Learned - Terraphim AI Development
Read More
Security Testing Patterns - Terraphim AI
Read More
src/history/plans
Terraphim Firecracker Project - Implementation Plan
Read More
Terraphim AI Security Testing Implementation - Complete
Read More
Terraphim AI Testing Infrastructure Improvement Plan
Read More
src/kg
Package Manager Replacement with Bun
Read More
API
Read More
Bug Reporting
Read More
Bun
Read More
bun install
Read More
Configuration
Read More
Database
Read More
Generated with Terraphim AI
Read More
Graph
Read More
Haystack
Read More
https://terraphim.ai
Read More
Issue Tracking
Read More
Terraphim Knowledge Graph System
Read More
Knowledge Graph
Read More
Middleware
Read More
noreply@terraphim.ai
Read More
Terraphim KG Schema Linter
Read More
Search
Read More
Service
Read More
System
Read More
Terraphim-graph
Read More
Terraphim AI
Read More
Thesaurus
Read More
src/scorers
Title-Scorer
Read More
BM25 Scorers
Read More
Terraphim Graph Embeddings vs Cleora
Read More
Terraphim Graph scorer
Read More
src/testing
Comprehensive Testing Strategies for Terraphim
Read More
Knowledge Graph Ranking Expansion Testing
Read More
MCP Integration Testing
Read More
Testing Overview
Read More
user-guide
Getting Started with Terraphim AI
Read More
Installation Guide
Read More
Quick Start Guide
Read More
Troubleshooting Guide
Read More
vibe-rules
Vibe-Rules
Read More
vibe-rules/global
Documentation Standards
Read More
Global Naming Conventions
Read More
vibe-rules/rust
Rust Async Programming Patterns
Read More
Rust Error Handling Patterns
Read More
