What is the threat model where an attacker gains access to your 1password vault in a way that gives them only a single OTP code and your password, and not the underlying symmetric TOTP key?

- using your password on a compromised desktop

- attacker looking over your shoulder as you enter your password

- Company mitm breaks open ssl encryption and reveals your password.

Obviously, if someone breaks into your 1Password it’s game over.

All of these aren’t related to your 1password vault. They all occur even if you’re using your phone as a totp device.

I think the point wasn't that 1password TOTP is more secure than separate TOTP device, probably even less secure than typical alternatives, but it is present, convenient, automatically backed up and safer than just a password.

Terminology clarification: The seed driving TOTP is a shared secret but NOT a symmetric key.