mirror of
https://github.com/larksuite/cli.git
synced 2026-07-03 14:02:43 +08:00
feat(wiki): add +space-list / +node-list / +node-copy shortcuts (#392)
Introduce three new wiki shortcuts that wrap the corresponding raw APIs
with structured flags, formatted output, my_library alias handling, and
unified envelope shape, replacing the bare `lark-cli wiki spaces list`
/ `wiki nodes list` / `wiki nodes copy` flows for the common cases.
Shortcuts
- wiki +space-list (read, scopes: wiki:space:retrieve):
lists wiki spaces. Default fetches a single page; --page-all walks
every page capped by --page-limit (default 10, 0 = unlimited).
Supports --page-size / --page-token / --format json|pretty|table|csv|ndjson.
Output: {spaces, has_more, page_token} + Meta.Count. Pretty mode
distinguishes "no spaces" from "empty page with has_more" and hints
the caller to resume.
- wiki +node-list (read, scopes: wiki:node:retrieve):
lists nodes in a space or under a parent. Same pagination + format
story as +space-list. Accepts the my_library alias for --space-id
with --as user (resolved via a shared resolveMyLibrarySpaceID helper
extracted from +node-create); rejects my_library upfront for --as bot.
- wiki +node-copy (high-risk-write, scopes: wiki:node:copy):
copies a node into a target space or parent. --target-space-id and
--target-parent-node-token are mutually exclusive. Risk is marked
high-risk-write to match the upstream API's danger: true flag, so the
framework requires --yes. Source is preserved; subtree is copied.
Both list shortcuts pick the narrowest scope the upstream API accepts.
The framework's preflight (internal/auth/scope.go MissingScopes) does
exact-string scope matching, so declaring the broader wiki:wiki:readonly
form would wrongly reject tokens that carry only the per-API scope —
which the API itself accepts — and emit a misleading missing-scope hint.
Shared changes
- shortcuts/wiki/wiki_node_create.go: factor out resolveMyLibrarySpaceID
so +node-list and +node-create share one my_library resolution path.
- shortcuts/wiki/shortcuts.go: register the three new shortcuts.
- skills/lark-wiki/SKILL.md and references/lark-wiki-{space,node-list,
node-copy}.md: documentation for the new shortcuts.
Tooling
- scripts/check-doc-tokens.sh + Makefile gitleaks target:
pre-commit check that scans skill reference docs for realistic-looking
Lark token values without the _EXAMPLE_TOKEN placeholder convention,
preventing gitleaks false positives.
- .gitleaks.toml: allowlist tuning.
- .gitignore: ignore .tmp/.
Tests
- shortcuts/wiki/wiki_list_copy_test.go: unit tests covering registry
membership, declared-narrow-scope pinning, flag validation (page-size
range, page-limit >= 0, target flag exclusivity, my_library + bot
rejection), auto-pagination merging, --page-limit truncation
surfacing next cursor, --page-token single-page mode, empty-slice
serialisation, has_more hint pretty rendering, my_library user-path
resolution, +node-copy copy-to-space / copy-to-parent + body shape,
pretty rendering, and the high-risk-write --yes gate.
- tests/cli_e2e/wiki/wiki_shortcut_workflow_test.go: live end-to-end
workflow exercising the shortcut layer against a real tenant.
Reuses an existing my_library node as a host so the test never adds
to the top-layer quota; the copy is placed under the same host node.
- tests/cli_e2e/wiki/coverage.md: shortcut coverage entries added.
Minor cleanups
- skills/lark-doc/references/lark-doc-search.md and
skills/lark-minutes/references/lark-minutes-search.md: replace
realistic-looking example ou_ tokens with _EXAMPLE_ placeholders so
scripts/check-doc-tokens.sh passes.
Change-Id: I9efb0557f477d369d7f26a09c1e154d4ab15b253
Co-authored-by: liujinkun <liujinkun@bytedance.com>
This commit is contained in:
66
scripts/check-doc-tokens.sh
Executable file
66
scripts/check-doc-tokens.sh
Executable file
@@ -0,0 +1,66 @@
|
||||
#!/usr/bin/env bash
|
||||
# Copyright (c) 2026 Lark Technologies Pte. Ltd.
|
||||
# SPDX-License-Identifier: MIT
|
||||
#
|
||||
# check-doc-tokens.sh
|
||||
#
|
||||
# Scans skill reference docs for token-like values that look realistic but
|
||||
# are not using the required placeholder format (*_EXAMPLE_TOKEN or similar).
|
||||
#
|
||||
# Real token patterns (Lark API) often look like:
|
||||
# wikcnXXXXXXXXX doccnXXXXXXX shtcnXXX fldcnXXX ou_XXXX cli_XXXX
|
||||
#
|
||||
# Docs MUST use clearly fake placeholders, e.g.:
|
||||
# wikcn_EXAMPLE_TOKEN doccn_EXAMPLE_TOKEN <space_id> your_token_here
|
||||
#
|
||||
# If this check fails, replace the realistic-looking value with a placeholder
|
||||
# like `wikcn_EXAMPLE_TOKEN` so gitleaks CI won't flag it as a real secret.
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
SKILLS_DIR="${1:-skills}"
|
||||
ERRORS=0
|
||||
|
||||
# Patterns that indicate a realistic-looking Lark token value.
|
||||
# Three forms are detected:
|
||||
# 1. JSON-style quoted strings: "field": "token_value"
|
||||
# 2. Markdown backtick spans: `token_value`
|
||||
# 3. Bare tokens: --flag wikcnABC123 (e.g. inside fenced code blocks)
|
||||
#
|
||||
# Token prefixes used by Lark Open Platform:
|
||||
# wikcn doccn docx shtcn bascn fldcn vewcn tbln ou_ cli_ obcn flec
|
||||
#
|
||||
# Excluded (clearly fake, matched by PLACEHOLDER_RE below):
|
||||
# - Values containing EXAMPLE / _TOKEN / XXXX / your_ / _here
|
||||
# - Angle-bracket placeholders <your_token>
|
||||
# Require at least one digit in the suffix — real API tokens are always alphanumeric
|
||||
# with digits. Pure-letter suffixes (e.g. ou_manager, ou_director) are clearly fake names.
|
||||
PREFIXES='(wikcn|doccn|docx[a-z]|shtcn|bascn|fldcn|vewcn|tbln|obcn|flec|ou_|cli_)'
|
||||
TOKEN_BODY="${PREFIXES}"'[A-Za-z0-9]*[0-9][A-Za-z0-9]{3,}'
|
||||
REALISTIC_TOKEN_RE="\"${TOKEN_BODY}\"|\`${TOKEN_BODY}\`|\\b${TOKEN_BODY}\\b"
|
||||
PLACEHOLDER_RE='(EXAMPLE|_TOKEN|XXXX|xxxx|<|>|your_|_here)'
|
||||
|
||||
while IFS= read -r -d '' file; do
|
||||
# grep returns exit 1 when no match — use || true to avoid set -e killing us
|
||||
# Then filter out values that are clearly placeholders (EXAMPLE, XXXX, etc.)
|
||||
matches=$(grep -nEo "$REALISTIC_TOKEN_RE" "$file" 2>/dev/null | grep -vE "$PLACEHOLDER_RE" || true)
|
||||
if [[ -n "$matches" ]]; then
|
||||
echo ""
|
||||
echo "❌ $file"
|
||||
echo " Contains realistic-looking token values that may trigger gitleaks:"
|
||||
while IFS= read -r line; do
|
||||
echo " $line"
|
||||
done <<< "$matches"
|
||||
echo " → Replace with a placeholder, e.g.: wikcn_EXAMPLE_TOKEN, doccn_EXAMPLE_TOKEN"
|
||||
ERRORS=$((ERRORS + 1))
|
||||
fi
|
||||
done < <(find "$SKILLS_DIR" -path "*/references/*.md" -print0)
|
||||
|
||||
if [[ $ERRORS -gt 0 ]]; then
|
||||
echo ""
|
||||
echo "❌ check-doc-tokens: $ERRORS file(s) contain realistic token values in reference docs."
|
||||
echo " Use _EXAMPLE_TOKEN placeholders to avoid false positives in gitleaks CI."
|
||||
exit 1
|
||||
else
|
||||
echo "✅ check-doc-tokens: all reference docs use safe placeholder tokens."
|
||||
fi
|
||||
Reference in New Issue
Block a user