mirror of
https://github.com/larksuite/cli.git
synced 2026-07-03 22:24:31 +08:00
feat/sidecar-remote-https
37 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
99e314fe0b |
feat(errs): typed envelope contract for auth-domain errors (#1135)
Every failure on the authentication, authorization, and configuration
path now surfaces as a typed structured error instead of an ad-hoc
envelope. Users and scripts that consume CLI output get:
- a fixed nine-category taxonomy on the wire, each mapped to a
stable shell exit code (authentication/authorization/config = 3,
network = 4, internal = 5, policy = 6, confirmation = 10)
- identity-aware detail fields (missing_scopes, requested_scopes,
granted_scopes, console_url, log_id, retryable, hint) carried
uniformly on the envelope
- a single canonical policy envelope at exit 6; the legacy
auth_error carve-out is retired
- per-subtype canonical message + hint that preserves Lark's
diagnostic phrasing and routes recovery to the right actor:
app developer (app_scope_not_applied), user (missing_scope,
token_scope_insufficient, user_unauthorized), or tenant admin
(app_unavailable, app_disabled)
- wrong app credentials classify as config/invalid_client whether
surfaced by the Open API endpoint (99991543) or the tenant
access-token mint endpoint (10003 / 10014), instead of
collapsing to a transport error or api/unknown
- local shortcut scope preflight emits the same
authorization/missing_scope envelope (identity + deterministic
missing-scope set) used by the post-call permission path, so AI
consumers read the same structured shape from precheck and from
server-returned permission denial
- streaming download/upload failures keep the same network subtype
split (timeout / TLS / DNS / transport) as the non-stream path
instead of collapsing every cause to a generic transport failure
- console_url is carried only on the bot-perspective
app_scope_not_applied envelope (where the recovery action is
"developer applies the scope at the developer console"); the
user-perspective missing_scope envelope drops the field, since
the only actionable user recovery is `lark-cli auth login --scope`
and pointing an end user at a console they cannot modify is
misleading
- bind workflows (Hermes / OpenClaw / lark-channel) flatten dynamic
Type tags to wire 'config' with the original module name kept
as a metric label
All 10 typed errors are cause-bearing, nil-safe on .Error() and
.Unwrap(), and defensively clone slice setter inputs. Four lint
rules (CheckNilSafeError / CheckBuilderImmutable / CheckUnwrapSymmetry
/ CheckBuildAPIErrorArms) lock these invariants on migrated paths.
|
||
|
|
3b770558e5 | feat: decouple --lang preference from TUI display language (#1132) | ||
|
|
bbef3cbfb1 |
feat(mail): HTML lint library + Larksuite-native autofix + lark-mail … (#1019)
* feat(mail): HTML lint library + Larksuite-native autofix + lark-mail skill 为 lark-cli mail 域写信链路引入 HTML lint 能力,提升邮件 HTML 的兼容性、 安全性与 Larksuite-native 格式适配。 lint 库(shortcuts/mail/lint/): - 四档分类:pass / native-autofix / warn-autofix / error-strip - 安全规则覆盖 script / iframe / on* 事件处理器 / javascript: 及其它 危险 URL scheme 等 XSS 向量,未知 scheme 一律删除并归 error - Larksuite-native 格式自动修复:双层 div 段落、原生多级列表结构、 灰边引用、Larksuite 蓝链接 - cleaned_html 输出确定性稳定(位置索引派生 data-ol-id),便于 golden-file 测试与缓存 +lint-html 独立预检 shortcut: - 只读、不调 API、不建草稿,供 AI / 用户 / CI 在写信前预览 lint 结果 写入路径内置 lint(6 个 compose shortcut): - +send / +draft-create / +draft-edit / +reply / +reply-all / +forward 在 emlbuilder 之前强制 lint 净化 HTML - 默认 envelope 对 lint 改动透明(无 lint 字段),保持小巧供 AI 消费; --show-lint-details 显式取证返回 lint_applied[] / original_blocked[] - --body-file 支持从文件读取 body(32MB 上限),与 --body 互斥 预制 HTML 邮件模板(skills/lark-mail/assets/templates/): - 资讯周报 / 个人周报 / 团队周报 / 调研报告 / 求职简历 5 套 - 按 Larksuite mail-editor 原生格式编写,含正确的多级列表嵌套结构 lark-mail skill 文档: - references/lark-mail-html.md:邮件 HTML 写法指南(24 个格式 section + 颜色调色盘 + URL scheme + 官方模板套用流程) - references/lark-mail-lint-html.md:+lint-html 用法 - SKILL.md 顶部 CRITICAL 引导 * fix(mail): remove unused readAttr func and apply gofmt Drop the unused `readAttr` helper in shortcuts/mail/lint/linter.go that was flagged by golangci-lint (unused linter). Apply gofmt to linter.go and rules.go which had minor formatting issues. * fix(mail): address compose lint and guidance |
||
|
|
ab94ee9f54 |
feat(mail): add +draft-send shortcut for batch draft sending (#1017)
Add `lark-cli mail +draft-send` shortcut that takes one or more existing
draft IDs and sends each via POST /drafts/:draft_id/send sequentially.
Per-draft failures are isolated and aggregated into a structured output;
fatal failures (auth, permission, network, mailbox quota) abort the
entire batch immediately while recoverable failures honor --stop-on-error.
Also extend internal/output with six mail-send-specific errno constants
(LarkErrMailboxNotFound=4013, LarkErrMailSendQuota{User,UserExt,TenantExt},
LarkErrMailQuota, LarkErrTenantStorageLimit) consumed by isFatalSendErr.
Risk is "high-risk-write" so the framework's --yes gate applies; the
shortcut declares only the minimal mail:user_mailbox.message:send scope
to avoid asking users for permissions it does not need.
|
||
|
|
fe72e41fb2 |
feat(errs): add structured CLI error contract (#984)
Introduce a typed error contract framework for lark-cli so in-process
Go callers can branch via errors.As(&errs.XxxError{}) and shell scripts,
AI agents, and protocol adapters can branch on stable JSON type/subtype
fields instead of regex-parsing free-form messages.
Adds:
- Canonical taxonomy under errs/ (9 categories + typed Error structs
embedding a shared Problem, RFC 7807-aligned)
- Centralized Lark code metadata + identity-aware BuildAPIError dispatch
- Typed JSON envelope writer alongside the legacy envelope writer
- MCP / OAuth (RFC 6750 Bearer) projection adapters
- Five CI lint guards preventing ad-hoc taxonomy drift
Backward compatibility: legacy *output.ExitError producers (ErrAPI,
ErrWithHint, Errorf, ErrBare) and business shortcuts that use them
continue to render the legacy envelope unchanged. SecurityPolicyError
wire format and exit code are preserved via a carve-out; taxonomy
migration is deferred to PR 2. Domain-specific business migration is
staged across PR 3+.
Framework-direct paths now return typed *errs.*Error: ErrAuth /
ErrValidation / ErrNetwork emit category literals on the wire
(authentication / validation / network), *core.ConfigError is promoted
at the cmd/root boundary with exit code aligned from 2 to 3, and Lark
API permission denials classified by BuildAPIError exit 3.
At the SDK boundary, WrapDoAPIError preserves any already-classified
error (legacy *output.ExitError or typed *errs.*) so output.ErrAuth
from missing credentials surfaces with the auth category and exit 3
intact instead of being downgraded to a network error. Policy responses
classified by BuildAPIError (codes 21000 / 21001) extract challenge_url
and the canonical hint from the response body, matching what the
auth transport already surfaces at the HTTP layer; non-https
challenge URLs are dropped.
First PR in the feat/error-contract-* series.
|
||
|
|
708cbc2b31 |
fix: use ErrValidation instead of fmt.Errorf in Validate paths (#1001)
Replace 8 bare fmt.Errorf calls with output.ErrValidation across 3 files so validation errors consistently return structured JSON (type: validation, exit 2) matching the rest of the codebase. Affected functions: validateExpectedFlag (sheets), validateSendTime, validateComposeInlineAndAttachments, validateEventFlags (mail), validateSignatureWithPlainText (mail) Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> |
||
|
|
0e70b056f8 |
feat(mail): bot+mailbox=me validation and dynamic --as help tests (#895)
* feat(mail): bot+mailbox=me validation and dynamic --as help tests Add validateBotMailboxNotMe helper to shortcuts/mail/helpers.go and wire it as a Validate callback into +message, +messages, +thread and +triage, so bot identity combined with the default --mailbox me is rejected early with a clear fixup hint instead of a late opaque API error. The --as help text was already dynamic via AddShortcutIdentityFlag; add TC-10/TC-11 tests in internal/cmdutil/identity_flag_test.go to pin that behaviour, and TC-1 through TC-9 in shortcuts/mail/mail_shortcut_validation_test.go to cover the new Validate callbacks. +watch is excluded: its AuthTypes is ["user"], so bot is never valid. sprint: S2 * test(cmdutil): add Hidden and DefValue assertions to identity flag tests * fix(mail): add bot+mailbox=me validation to +template-create and +template-update * fix(mail): add bot+mailbox=me validation to +template-update * fix(mail): gofmt mail_template_create.go * fix(mail): gofmt mail_template_update.go * fix(mail): skip bot+mailbox=me check for print-patch-template local path |
||
|
|
e511404065 |
feat(mail): expose draft priority in --inspect projection and document --set-priority (#779)
Add a Priority field to DraftProjection populated from the EML header pair X-Cli-Priority (CLI/OAPI primary) → X-Priority (RFC fallback for IMAP-回灌 historical drafts), with case-insensitive lookup via the existing headerValue helper and a local mapping table aligned with the backend gopkg/mail_priority.PriorityValueToType vocabulary. When neither header is present (the symmetric read of --set-priority normal=remove_header) the projection emits "unknown" so agents have a stable read-side surface. Append one notes entry to buildDraftEditPatchTemplate documenting the --set-priority flag and the X-Cli-Priority translation contract. The write-side (--set-priority flag, parsePriority helper, translation branch in mail_draft_edit.go, EML header target) is unchanged — already shipped on master. sprint: S4 |
||
|
|
1180baac61 |
feat(mail): add unknown-flag fuzzy-match for lark-cli mail domain (#806)
Adds shortcuts/mail/flag_suggest.go (~120 LOC) implementing a cobra
FlagErrorFunc hook for the mail subcommand tree. On 'unknown flag: --X'
or 'unknown shorthand flag: "X" in -X', it collects flags from the
current command via cmd.Flags().VisitAll, runs bidirectional prefix
match + Levenshtein DP (threshold=max(1,len/3+1), cap 4), and returns
top-5 candidates inside the existing ErrorEnvelope JSON:
error.type = "unknown_flag"
error.detail.{unknown, command_path, candidates}
error.detail.candidates[*] = {flag, shorthand, distance, reason}
Exit code stays 1 (ExitAPI), not ExitValidation - no breaking change for
CI/agent scripts that check non-zero exit. stderr switches from plain
'Error: unknown flag: --X' to JSON envelope, aligning with the existing
'errors = JSON envelope on stderr' convention; mail unknown-flag was the
last gap.
Scope is strictly the mail subcommand tree: shortcuts/register.go gains
a single 'if service == "mail" { mail.InstallOnMail(svc) }' branch
after the existing Mount loop. Other domains (calendar / im / api /
auth / ...) keep cobra's default FlagErrorFunc and unchanged plain-text
stderr behavior.
Covers:
- shortcuts/mail/flag_suggest.go (new, ~120 LOC)
- shortcuts/mail/flag_suggest_test.go (new, 12 table-driven tests)
- shortcuts/register.go (+3 lines after mail Mount loop)
No changes to cmd/root.go or internal/output/* - ErrDetail.Detail is
already interface{}, handleRootError already routes *ExitError via
WriteErrorEnvelope.
|
||
|
|
dce2beb91c |
feat(mail): support calendar events in emails (#646)
* feat(ics): add RFC 5545 iCalendar generator and parser Add shortcuts/mail/ics package: - builder.go: generates METHOD:REQUEST ICS with VEVENT, ORGANIZER, ATTENDEE, DTSTART/DTEND with timezone, UID, and X-LARK-MAIL-DRAFT - parser.go: parses ICS into ParsedEvent struct, detects IsLarkDraft - Handles CN quoting, control-char sanitization, email validation, line folding per RFC 5545, and TZID edge cases Change-Id: I01d13285a57a5a4de50891c54d655efa8423c3c1 * feat(mail): support calendar events in emails - Add --event-summary/start/end/location flags to +send, +reply, +reply-all, +forward, +draft-create - Build ICS and embed as text/calendar in multipart/alternative - Validate event time range and enforce --event/--send-time mutual exclusion (extracted into validateEventSendTimeExclusion) - CalendarBody() in emlbuilder places ICS correctly - Exclude BCC from ATTENDEE list Change-Id: Icf9e49ababebc4e8fcf36760ab613c64938c2744 * feat(mail): X-LARK-MAIL-DRAFT and read-only calendar guard - ics.Build() writes X-LARK-MAIL-DRAFT:TRUE so Feishu client recognizes CLI-created calendar events as editable - ics.ParseEvent() detects IsLarkDraft field - +draft-edit rejects --set-event-* on calendars without X-LARK-MAIL-DRAFT marker (read-only after send) - Export FindPartByMediaType from draft package for cross-package use - Add set_calendar/remove_calendar patch ops with full test coverage Change-Id: I7d547a4b40880e8d4ee3fecf68864d6ea89e66cd * feat(mail): forward preserves original calendar ICS When forwarding an email that contains a calendar event (body_calendar), pass through the original ICS bytes as text/calendar part if no new --event-* flags are specified. Change-Id: I67d2e82604eaf969cee8c7e0bedcf32198d12d57 * docs(mail): document calendar invitation feature - Add --event-* params to +send, +reply, +reply-all, +forward, +draft-create, +draft-edit reference docs - Add calendar_event output section to +message reference - Add calendar invitation workflow to skill-template/domains/mail.md - Regenerate SKILL.md via gen-skills Change-Id: Iccacd06990d91e1cf3beb896d5b772d27e5e29ff * fix(mail): reject --set-event-start/end/location without --set-event-summary Change-Id: Icb651ff28ede526ff96b22e7b304b7bdea86d01f Co-Authored-By: AI * fix(mail): include --event-location in validateEventFlags; fix stale comment Change-Id: I2f47016b6bfa11957dfe2c8c499cf36737efba53 Co-Authored-By: AI * fix(mail): clear stale headers when wrapping single-leaf body in multipart/alternative Change-Id: I29fe883c9151570f7939d372523b128cbea0b1ed Co-Authored-By: AI * fix(mail): add method=REQUEST to text/calendar MIME part created by set_calendar Change-Id: I4d23674e20e4c42adab36385ff5ee8bb6d97625d Co-Authored-By: AI * fix(mail): use post-edit recipients for ICS attendees when --set-to combined with --set-event-* Change-Id: I659e06635dd043f798d2f2e90d7dbca6e13d7f3d Co-Authored-By: AI * fix(mail): cover add_recipient/remove_recipient in ICS attendee resolution Extract effectiveRecipients() to replay all three recipient op types (set_recipients, add_recipient, remove_recipient) before building the ICS for set_calendar, so patch-file recipient changes are reflected in ATTENDEE metadata. Change-Id: I3a7a55f96df8fac7d924a4dbeedd5b3d0d9d443c Co-Authored-By: AI * fix(mail): derive method= from ICS body in writeCalendarPart instead of hardcoding REQUEST Passthrough ICS (e.g. forwarded METHOD:CANCEL) previously emitted a Content-Type with method=REQUEST, disagreeing with the body. Now extractICSMethod() scans the ICS for METHOD: and falls back to REQUEST when absent, keeping existing behavior for our own generated ICS. Change-Id: I4bf6c3755a189a436c2d26b082372d9f838f4051 Co-Authored-By: AI * fix(mail): normalize calendar_event start/end to UTC in output Callers expect RFC 3339 UTC strings; source ICS with TZID offsets previously emitted +08:00 instead of Z. Change-Id: I88bd4b925f8fc3b4f569e41712ae58ab50d94a2f Co-Authored-By: AI * fix(mail): make ICS parser case-insensitive and handle parameterized property names RFC 5545 §3.1 allows any case and optional parameters on all property names. Unify UID/SUMMARY/LOCATION/DTSTART/etc. to compare via strings.ToUpper(name) and add HasPrefix checks for the NAME; form, consistent with how ORGANIZER and ATTENDEE were already handled. Change-Id: I7dc642dd210a3256f2189a901a2d9518ea284815 Co-Authored-By: AI |
||
|
|
af2398d636 |
feat(mail): add email template management + --template-id on compose (#642)
- `mail +template-create` / `mail +template-update` — manage personal
email templates (name, subject, body, recipients, attachments,
inline images).
- `--template-id` on `+send` / `+draft-create` / `+reply` /
`+reply-all` / `+forward` — apply a saved template when composing.
Recipients / subject / body / attachments merge into the draft;
explicit user flags take precedence.
|
||
|
|
2e7a11a8e8 |
feat(mail): support sharing emails to IM chats (#637)
* feat(mail): add +share-to-chat shortcut to share emails as IM cards Two-step API (create share token → send card) wrapped in a single shortcut. Supports message-id/thread-id, five receive-id-type variants (chat_id, open_id, user_id, union_id, email), and dry-run mode. Change-Id: Ic7b8c01c0d25fef262f35be92555f1fd019bd679 Co-Authored-By: AI * fix(mail): regenerate SKILL.md from skill-template instead of manual edit Add missing safety rule 8 (draft link rule) to skill-template/domains/mail.md so it survives regeneration. SKILL.md is now produced by `make gen-skills` in the registry repo rather than hand-edited. Change-Id: I9cf3605deae8b6de2042e40819fedc304967e78e Co-Authored-By: AI * fix(mail): add docstrings and use real validation path in tests - Add Go doc comments to exported symbols for docstring coverage - Rewrite tests to exercise MailShareToChat.Validate via RuntimeContext instead of duplicating validation logic - Replace hand-rolled containsStr with strings.Contains - Add httpmock stubs for execute and error path tests Change-Id: Ic781494f61e9e844224185844bce7b0c48e8e200 Co-Authored-By: AI * test(mail): add dry-run E2E test for +share-to-chat Validate request shape (method, URL, mailbox path) under --dry-run with fake credentials. Covers message-id, thread-id, and custom mailbox variants. Change-Id: Iae87bf141cbe4f312d3e9b1fca4ba175052c5c35 Co-Authored-By: AI * fix(mail): include request body and params in dry-run output DryRun now mirrors Execute: the share-token POST shows message_id or thread_id, and the send POST shows receive_id_type and receive_id. E2E test updated to assert these fields. Also fix strconv.Itoa usage. Change-Id: I00f8770fd5a12b7354986c5e5077f97cfe5d6653 * style(mail): gofmt dry-run test file Change-Id: I47dc6a9a47252dcfb7853737f88dfdaef65a0ae7 * test(mail): assert exact API call count in dry-run test Change-Id: I9f4a1a183b55d03f5248eb4adddfddb08037ca95 |
||
|
|
d92f0a2204 |
feat(mail): add read receipt support (--request-receipt, +send-receipt, +decline-receipt)
End-to-end RFC 3798 Message Disposition Notification support, covering
both sides of the receipt flow — requesting a receipt when composing, and
responding to one (send or decline) when reading.
Request side (compose)
- New --request-receipt flag on +send / +reply / +reply-all / +forward /
+draft-create / +draft-edit. When set, the outgoing EML carries a
Disposition-Notification-To header (RFC 3798) addressed to the resolved
sender. Recipient mail clients may prompt the user, auto-send a receipt,
or silently ignore — delivery is not guaranteed.
- requireSenderForRequestReceipt gates the flag against a controlled
sender address resolved BEFORE the orig.headTo fallback in +reply /
+reply-all / +forward, so the DNT cannot silently land on someone else
in CC / shared-mailbox flows.
Response side
- +send-receipt: build a system-templated reply for messages carrying the
READ_RECEIPT_REQUEST label (-607). Subject / recipient / sent / read
time layout matches the Lark client; body is non-customizable — receipt
bodies are system templates by industry convention; free-form notes
belong in +reply. Risk:"high-risk-write" + --yes required.
- +decline-receipt: clear READ_RECEIPT_REQUEST without sending anything
(mirrors the client's "不发送" / "Don't send" button). Idempotent on
re-run; Risk:"write" — no --yes needed.
Read-path hints
- +message / +messages / +thread emit a stderr hint when surfacing a
mail carrying READ_RECEIPT_REQUEST, exposing BOTH response paths
(+send-receipt --yes / +decline-receipt) so agents present a real
choice to the user instead of silently auto-sending.
Guard rails
- +send / +reply / +reply-all / +forward stay draft-by-default and
require --confirm-send to send, gated by a dynamic scope check for
mail:user_mailbox.message:send (absent from the default scope set so
draft-only flows don't need the sensitive permission).
- All header-bound user input (sender / display name / recipient /
subject) goes through CR/LF rejection plus Bidi / zero-width / line-
separator guards, mirroring emlbuilder.validateHeaderValue, to block
header injection and visual spoofing.
- Hint output strips terminal control characters (CR, LF) from any
untrusted field embedded into the user-visible suggestion.
Backend coupling
- Outgoing receipt EML carries the private header
X-Lark-Read-Receipt-Mail: 1. The data-access backend parses it into
BodyExtra.IsReadReceiptMail; DraftSend then applies READ_RECEIPT_SENT
(-608) and clears READ_RECEIPT_REQUEST (-607) from the original
message, closing the client-side banner.
- en receipts require backend TCC SubjectPrefixListForAdvancedSearch to
include "Read Receipt:" for conversation-view aggregation; zh prefix
("已读回执:") is already configured.
Docs: new reference pages for +send-receipt / +decline-receipt;
--request-receipt noted on each compose-side reference; SKILL.md
workflow (section 9) describes the full privacy-safe decision tree on
both sides.
Tests cover emlbuilder DispositionNotificationTo / IsReadReceiptMail
helpers, receiptMetaLabels (zh / en), buildReceiptSubject, text and HTML
body generators (with HTML escaping and Bidi guards), header-injection
defenses, sender-resolution gating (CC-only / shared-mailbox regression),
hint emission paths, and the full +send-receipt / +decline-receipt happy
+ idempotent paths via httpmock.
|
||
|
|
c13644a247 |
feat(mail): support large email attachments (#537)
* feat(mail): add large attachment support via medias/upload API When attachments would cause the EML to exceed the 25MB limit, they are automatically uploaded to the mail attachment storage (medias/upload_all with parent_type="email") and a download-link card is injected into the HTML body, matching the desktop client's exportLargeFileArea style. Key changes: - Add classifyAttachments: EML-size-based splitting of normal vs oversized - Add uploadLargeAttachments: upload via medias API with email MountPoint - Add buildLargeAttachmentHTML: desktop-aligned card with CDN icons - Add processLargeAttachments: unified entry point for all compose shortcuts - Add LargeAttachmentHTML to emlbuilder.Builder for HTML block injection - Fix 7bit line folding: use RFC 5322 limit (998) instead of incorrect 76 - Integrate into +draft-create, +forward, +reply, +reply-all Known limitation: recipient access to large attachment links requires backend support to register tokens with the draft (see progress doc). Change-Id: If8d5938015cac8bc82de3ea3ff41022950f2571e Co-Authored-By: AI * refactor(mail): remove legacy size check, add 3GB limit, integrate +send - Remove checkAttachmentSizeLimit (replaced by processLargeAttachments) - Remove 25MB pre-check from validateComposeInlineAndAttachments so that large files reach Execute where they are uploaded as large attachments - Integrate processLargeAttachments into +send shortcut - Add 3GB single file limit aligned with desktop client - Clean up unused imports from helpers.go and helpers_test.go Change-Id: Ie590ad2b58263c075f48b338959b8f5b3f912f85 Co-Authored-By: AI * feat(mail): quote-aware HTML insertion, +draft-edit support, cleanup emlbuilder - Add insertBeforeQuoteOrAppend: insert large attachment HTML before the quote block (lark-mail-quote) instead of appending to body end, matching desktop's exportLargeFileArea placement logic - Add preprocessLargeAttachmentsForDraftEdit: intercept add_attachment patch ops before draft.Apply, upload oversized files, inject HTML into snapshot's HTML body Part directly. No changes to draft sub-package. - Remove LargeAttachmentHTML field/setter/logic from emlbuilder — it was business logic (quote-aware insertion) that doesn't belong in a generic EML builder. processLargeAttachments now sets the full HTML body via bld.HTMLBody() after merging the large attachment card at the right position. - All compose shortcuts pass htmlBody to processLargeAttachments for quote-aware insertion (composedHTMLBody for reply/forward, body for others). Change-Id: If6e7ed7e77989ab9a8a41a93758f686d72ccf497 Co-Authored-By: AI * fix(mail): align large attachment HTML IDs with desktop client - Container ID: lark-mail-large-file-container → large-file-area (matching desktop's MAIL_LARGE_FILE_CONTAINER constant) - Item ID: lark-mail-large-file-item → large-file-item (matching desktop's MAIL_LARGE_FILE_ITEM constant) - Timestamp: truncate to 9 digits (matching TIMESTAMP_CUT_OUT_ID = 9) - Refactor HTML generation to use template constants for readability These IDs are used by the desktop client's BigAttachmentPlugin ([id^=large-file-area]) and the server's LargeFileRule to identify and remove the HTML block when rendering the attachment card UI. Change-Id: Ib5a77a1a3d60eeb3a05c585f2af0a5ddaacf887b Co-Authored-By: AI * docs(mail): document large attachment behavior in skill references Update --attach parameter descriptions across all compose shortcuts (+send, +reply, +reply-all, +forward, +draft-create, +draft-edit) to describe automatic large attachment handling when EML exceeds 25 MB. Change-Id: I8c30e390c127ea1119cb8c4b83ec636e41fbaf66 Co-Authored-By: AI * fix(mail): pass signature-injected HTML to processLargeAttachments When both --signature-id and large attachments are used, the htmlBody passed to processLargeAttachments must include the already-injected signature. Previously mail_send and mail_draft_create passed the original body, causing processLargeAttachments to overwrite the signature-injected HTML body when inserting the large attachment card. Use composedHTMLBody variable (same pattern as reply/forward) to capture the full processed HTML including signature. Change-Id: I6be330776abca704b10cc3b8bfd5e20838e6e538 Co-Authored-By: AI * fix(mail): skip draft.Apply when all ops consumed by large attachment preprocessing When all patch ops are add_attachment targeting oversized files, preprocessLargeAttachmentsForDraftEdit uploads them and removes the ops from the patch. The resulting empty patch caused draft.Apply to fail with "patch ops is required". Now skip Apply when no ops remain. Change-Id: I8067a54b5f849fa519e8344a7eb10c48f58e54b8 Co-Authored-By: AI * fix(mail): add X-Lms-Large-Attachment-Ids header in draft-edit large attachment flow draft-edit's preprocessLargeAttachmentsForDraftEdit uploaded oversized files and injected HTML cards but never wrote the X-Lms-Large-Attachment-Ids header into the snapshot, so the mail server could not associate the attachments with the draft. Merge new token IDs with any existing ones already in the snapshot. Also extract the duplicated largeAttID struct and header name string into package-level declarations. Change-Id: Id256d948ec07e86296157436feefa3c2052af721 Co-Authored-By: AI * fix(mail): i18n large attachment HTML text aligned with desktop client Parameterize title and download text in large attachment HTML templates. Chinese lang uses "来自Lark邮箱的超大附件"/"下载", others use "Large file from Lark Mail"/"Download", matching desktop's i18n keys Mail_Attachment_AttachmentFromFeishuMail and Mail_Attachment_Download. Change-Id: I2aada8d52af41ae77dd7001d24d14e333f12066e Co-Authored-By: AI * fix(mail): insert large attachment card before quote wrapper, not inside nested quote insertBeforeQuoteOrAppend matched id="lark-mail-quote" which can appear deeply nested inside quoted content from previous replies in a thread. This caused the card to be placed inside the quote area instead of before it. Switch to matching the "history-quote-wrapper" class which is the outermost quote container generated by the CLI. Change-Id: I720b6d62d719613b411b7ed4b7820a1535bf14bd Co-Authored-By: AI * feat(mail): unify large attachment handling in +draft-edit with normal attachments Extend +draft-edit so that large attachments behave like normal attachments from the user's perspective: survive body edits, are listed in inspect output, and are removed via the same remove_attachment op. Code-wise: - remove_attachment target now accepts token (for large attachments) in addition to part_id / cid; priority part_id > cid > token. - setBody / setReplyBody auto-preserve the large attachment card in the HTML body, mirroring how normal attachments (MIME parts) survive body edits. Detection checks only the user-authored region of the value so cards inside an appended quote block (from the original quoted message) are not mistaken for user-supplied cards. - --inspect returns large_attachments_summary (token, filename, size) by parsing the X-Lms-Large-Attachment-Ids header and the HTML card DOM. - Well-known Lark HTML/header constants (LargeAttachmentIDsHeader, LargeFileContainerIDPrefix, LargeFileItemID, LargeAttachmentTokenAttr) moved to the draft package alongside QuoteWrapperClass; the mail package consumes them. - Shared helpers FindHTMLBodyPart and InsertBeforeQuoteOrAppend exported from the draft package; mail package switched to consume them, removing local duplicates. Skill reference (lark-mail-draft-edit.md) updated: three locator fields by attachment type, unified remove_attachment examples, set_body behavior. Change-Id: Ic064d1a8df0edf1cef6069cd44ec2a7534cd2182 Co-Authored-By: AI * fix(mail): place signature before large attachment card consistently When inserting a signature into a draft that already has a large attachment card, the signature was placed after the card, diverging from the compose-time layout where the order is [user][sig][card][quote]. Root cause: insertSignatureOp split only at the quote block, so the "user region" side inadvertently included the card. Centralize signature placement in draft.PlaceSignatureBeforeSystemTail, which splits at the earliest system-managed element (card or quote, whichever comes first). Both edit-time insertSignatureOp and compose-time injectSignatureIntoBody now share this single source of truth, removing the duplicated HTML splicing logic. Change-Id: I234bfebaaa31a32731ebbaa78c6596a72618b7c5 Co-Authored-By: AI * fix(mail): auto-preserve signature in set_body and set_reply_body Previously set_body / set_reply_body replaced the entire HTML body, silently dropping the signature block. The "replace whole body" semantic treated signature as user-authored content, which is inconsistent with how attachments (normal + large) and quote blocks survive body edits — signature is a system-managed element managed via insert_signature / remove_signature ops. Unify the mental model: body-edit ops replace user-authored content only; signature, large attachment card, normal attachments, and (for set_reply_body) quote block are all auto-preserved. Users can override by including equivalents in value, or explicitly delete via dedicated ops (remove_signature, remove_attachment). - Add ExtractSignatureBlock helper (symmetric to RemoveSignatureHTML). - Rename autoPreserveLargeAttachmentCard to autoPreserveSystemManagedRegions; extract and inject both sig and card from old body, respecting user-supplied equivalents in value's user-authored region. - Update skill doc and patch template notes to reflect the new semantics consistently. Change-Id: I96660d2ff06a6c9cdf1b86793c2d89cf9cb09ffe Co-Authored-By: AI * fix(mail): use brand-aware display name in large attachment card title The title "Large file from Lark Mail" / "来自Lark邮箱的超大附件" hard-coded "Lark" regardless of brand. The desktop client switches between "Feishu"/"飞书" and "Lark" based on the APP_DISPLAY_NAME i18n substitution. Add brandDisplayName(brand, lang) helper: - BrandLark → "Lark" - BrandFeishu → "飞书" (zh) / "Feishu" (en) Applied to title in buildLargeAttachmentHTML, aligning with the icon CDN and download URL, which already branch on brand. Change-Id: I06258b9982b6280a2230193d90a6a88884e10aa3 Co-Authored-By: AI * style(mail): apply gofmt CI fast-gate check flagged gofmt-unformatted files. Run gofmt -w on touched mail files only. Change-Id: Iec690dc63adfaa54b8f7c85ab5b3ca035476ddbd * fix(mail): address review feedback on large attachment PR - Strip <html><head><body> wrapper from xhtml.Render output in removeLargeFileItemFromHTML to avoid polluting the HTML body - Reject plain-text messages with oversized attachments instead of silently losing the body content - Fix attachment count limit in skill doc (100 → 250) - Remove unused fio/attachFlag params from validateComposeInlineAndAttachments - Add token escaping test for large attachment HTML builder Change-Id: Ie589a1f1d204b0aeebc4486b16bb435041793ceb Co-Authored-By: AI * fix(mail): recognize server-format X-Lark-Large-Attachment header in draft-edit When a draft with large attachments is created by the desktop client, the server returns X-Lark-Large-Attachment (with file_key/file_name/ file_size fields) instead of the CLI-written X-Lms-Large-Attachment-Ids. Previously CLI only recognized its own header, causing existing large attachments to be silently dropped when the draft was edited. - Parse both header formats via IsLargeAttachmentHeader and unified largeAttHeaderEntry struct - Convert server-format entries to CLI-format on save so the server can process the update - Fix inline attachment classification: require non-empty CID to classify as inline image (large attachments may have is_inline=true but no CID) Change-Id: Ie7def4fc5923d2cf3446eedfbca4fd8cae44bfac Co-Authored-By: AI * fix(mail): skip large attachments in forward URL validation Large attachments do not have download URLs since they are referenced by token, not embedded in the EML. Validate only normal attachments to avoid false "missing download URL" errors when forwarding messages that contain expired or token-based large attachments. Change-Id: Ibe3f45390cd3b3cbe6ddd15961dcda4f17aefe4f Co-Authored-By: AI * fix(mail): classify forwarded original attachments for large attachment upload Previously, all original attachments were unconditionally embedded in the EML before user attachments were processed for large attachment upload. When original + user attachments together exceeded the 25 MB EML limit, the build would fail. Now all attachments (original + user-added) are classified together via classifyAttachments. Original attachments that push the EML over the limit are re-uploaded as large attachments with download cards, matching the compose/reply flow behavior. Also refactors uploadLargeAttachmentBytes to reuse the shared common.UploadDriveMediaAll utility (via new Reader field on the config struct) instead of duplicating the upload logic, and replaces bare fmt.Errorf with output.ErrValidation for user input errors. Change-Id: I98d4ad8960cd68e38765b05c94f7786d6a8444c8 Co-Authored-By: AI * fix(mail): normalize large attachment header on draft edit to prevent loss Server returns X-Lark-Large-Attachment header on draft readback, but only recognizes X-Lms-Large-Attachment-Ids on write. Without normalization, editing a draft with existing large attachments (e.g. adding a small attachment) would send back the server-format header unchanged, causing the server to drop the large attachment association. Add normalizeLargeAttachmentHeader() at the entry of preprocessLargeAttachmentsForDraftEdit to convert server-format headers to CLI format before any processing or early return. Change-Id: Id99a46f29015a32921bfb72a003f766c397787e1 Co-Authored-By: AI * fix(mail): extract large attachment card from quote on forward When forwarding a message that contains large attachments, the original message's download card (large-file-area div) was left inside the forward quote block. Extract it and place it in the main body area (after signature, before quote), matching the desktop client behavior. Change-Id: Iebede35cdf4ed0f65b72bce28ffb18af21ddf668 Co-Authored-By: AI * fix(mail): use octet-stream for re-embedded attachments and file-based large upload on forward - Use application/octet-stream instead of original content type when re-embedding downloaded attachments in forward EML. Prevents the mail server from treating image/* attachments as inline parts. - Replace in-memory uploadLargeAttachmentBytes with temp-file-based uploadLargeAttachments for oversized original attachments. This enables multipart upload for files >20MB which the single-part API does not support. Change-Id: Ib02add5710e8b052e47b513ed3d9a688e0f98212 Co-Authored-By: AI * fix(mail): address PR review — blocked extension bypass, index-based op filtering, plain-text draft guard 1. Move CheckBlockedExtension into statAttachmentFiles so oversized attachments are validated before classification, covering compose, draft-edit, and forward paths. 2. Replace path-based oversized op filtering with SourceIndex-based filtering in preprocessLargeAttachmentsForDraftEdit to avoid incorrectly removing duplicate-path normal ops. 3. Add HTML body preflight in preprocessLargeAttachmentsForDraftEdit before uploading, so plain-text-only drafts fail early instead of silently producing a draft with tokens but no download card. Change-Id: Ib8771812f50a18f00a40e50149b028b8aaa101fe Co-Authored-By: AI * fix(mail): preserve original content type for normal forwarded attachments The octet-stream override was only needed for the large attachment upload path (to prevent image/* from being treated as inline by the drive API). Normal attachments embedded in the EML should retain their original MIME type so recipients can preview/open them correctly. Change-Id: Ie40b7c362524a3b82255b58e9bcfd770eacfe911 Co-Authored-By: AI * fix(mail): reconstruct missing large attachment HTML cards on draft edit The server strips HTML download cards from the EML body when storing drafts, so every draft read-back (regardless of creator) lacks them. Add ensureLargeAttachmentCards which runs before header normalization, compares server-format header tokens against existing HTML cards via data-mail-token, and rebuilds only the missing ones. This ensures external recipients see download links after draft-edit → send. Also exports ParseLargeAttachmentSummariesFromHeader and ParseLargeAttachmentItemsFromHTML from the draft package for cross-package use. Change-Id: I9cb0f47a9f4582909de24984d9a9f6e366521e62 Co-Authored-By: AI * feat(mail): support large attachments in plain-text emails Previously large attachments required an HTML body for the download card. Now plain-text emails (--plain-text or text/plain-only drafts) get download info appended as structured text (title + filename + size + URL), with i18n and brand awareness matching the HTML card. Changes: - Add buildLargeAttachmentPlainText and injectLargeAttachmentTextIntoSnapshot - Add FindTextBodyPart in draft/projection.go - Update processLargeAttachments to accept textBody parameter - Update ensureLargeAttachmentCards to handle text/plain body reconstruction - Update preprocessLargeAttachmentsForDraftEdit to allow text/plain drafts - Update all callers (send, draft-create, reply, reply-all, forward) Change-Id: I3b375e2ff34697eeb73a3768ace6d577d1bead3e Co-Authored-By: AI * fix(mail): FindBodyPart skips attachment-disposition parts; update skill docs FindHTMLBodyPart and FindTextBodyPart now skip parts with Content-Disposition: attachment, preventing .txt/.html file attachments from being mistakenly treated as the email body. Also update all lark-mail skill reference docs to reflect that large attachments now work in both HTML (download card) and plain-text (download link text) modes. Change-Id: I1e6da4fd614217dff61304212304b5fd80c8246c Co-Authored-By: AI * fix(mail): fix origIdx mismatch, predictable temp files, and attachment count on forward - Use SourceIndex instead of linear origIdx counter so classifyAttachments reordering does not cause content mismatch between normal/oversized loops - Use os.CreateTemp for temp files instead of predictable names in CWD - Include original large attachment count in totalCount limit check Change-Id: Ide5dce14b1efc672687800d77c3853f15dfc191b Co-Authored-By: AI * fix(mail): use composed body size and source inline bytes in EML size estimation estimateEMLBaseSize was using len(body) (raw --body flag) instead of the actual composed body (which includes quotes, signatures, forward headers). Source inline images downloaded from the original message were also not counted. This could cause borderline attachments to be misclassified. - Use len(composedHTMLBody) + len(composedTextBody) for body size - Return total downloaded bytes from addInlineImagesToBuilder and pass as extraBytes to estimateEMLBaseSize - Fix applied to all compose shortcuts: send, draft-create, reply, reply-all, forward Change-Id: Ibe6c44e22d40ac51f0a4652d279e66bd92330723 Co-Authored-By: AI * fix(mail): merge large attachment items into single container on draft edit When draft-edit had both set_body and add_attachment (oversized), the ensureLargeAttachmentCards and preprocessLargeAttachmentsForDraftEdit each created independent large-file-area containers. The subsequent set_body's autoPreserveSystemManagedRegions only captured the first container via SplitAtLargeAttachment, discarding the second one. Fix: injectLargeAttachmentHTMLIntoSnapshot now detects an existing large-file-area container and appends new items inside it instead of creating a new container, matching the desktop client's single-container behavior. Change-Id: I3d701683053842f1d7bdad34fc4b2ef26ede784e Co-Authored-By: AI * fix(mail): strip large attachment card from reply/reply-all quote Reply and reply-all should not carry over the original email's large attachment HTML card into the quoted block. Extract the shared stripLargeAttachmentCard helper (also used by forward) that removes the card from orig.bodyRaw before quote construction. - Reply/reply-all: card is discarded (not re-inserted) - Forward: card is moved to body area before the quote (unchanged) Change-Id: I5399bb901c120206c7c045bed107f7d68be23bb1 Co-Authored-By: AI * fix(mail): skip invalid attachments on forward instead of blocking When forwarding a message with deleted/expired attachments, the forward flow now automatically removes them instead of either blocking (normal attachments) or silently including dead references (large attachments). - Propagate failed_ids from fetchAttachmentURLs into composeSourceMessage - Skip failed attachments in the forward download loop with a warning - Remove corresponding large attachment HTML card items from the body - Extend itemContainsToken to match server-generated href?token= format Change-Id: I9c0096dcbe96f1d61caa0f6f0b2f8b738fdfa66b Co-Authored-By: AI * fix(mail): restore dry-run file preflight and reserve card overhead in classifier 1. Restore file existence and blocked-extension checks in validateComposeInlineAndAttachments so --dry-run surfaces local path errors before Execute. 2. Reserve 3KB per oversized file in classifyAttachments to account for the HTML card / plain-text block injected after classification. Change-Id: Ib48a75f86a50298413c1f9ab8226e583c0161a8c Co-Authored-By: AI * fix(mail): revert classifier overhead reserve for simplicity The 3KB-per-oversized-file reserve in classifyAttachments addressed a boundary case that is practically impossible to trigger (requires Normal attachments to fill to within a few KB of 25MB). Remove it to keep the classifier simple. Change-Id: I5148f14ecca1a0dee677a1a2c60ec4efab160ea8 Co-Authored-By: AI * style(mail): fix gofmt indentation in draft create tests Change-Id: Ib41aa22f94144f2d47b12675d444aa43cb333a88 Co-Authored-By: AI * fix(mail): remove temp files in forward, use in-memory upload instead Replace os.CreateTemp/os.WriteFile/os.Remove with in-memory Data field on attachmentFile, conforming to the project's forbidigo rule against temp files in shortcuts. Also remove dead uploadLargeAttachmentBytes. Change-Id: Ic26e4025eebfa1bac3948438ef185ff3e2f15abb Co-Authored-By: AI * test(mail): add tests for validateComposeInlineAndAttachments and fileTypeIcon Covers all branches: inline+plain-text conflict, inline+non-HTML body, missing file, blocked extension, valid pass-through, and all file type icon mappings. Change-Id: I8b81c1b34010a9ecb7153462a5524e3d7b171de2 Co-Authored-By: AI * test(mail): improve coverage for large attachment and draft edit functions Add tests for snapshotEMLBaseSize, flattenSnapshotParts, estimateEMLBaseSize, normalizeLargeAttachmentHeader, processLargeAttachments error paths, preprocessLargeAttachmentsForDraftEdit early-return paths, inject edge cases, buildLargeAttachmentItems, statAttachmentFiles edge cases, and prettyDraftAddresses. Change-Id: Ie661e6ebea63512864d97e20135dd89cb9e9304e Co-Authored-By: AI |
||
|
|
cb301a3d1a |
feat(mail): add draft preview URL to draft operations (#438)
* feat(mail): add draft preview URL to draft operations - Add draftPreviewURL helpers for send-preview link generation - Integrate preview_url output in +draft-create, +draft-edit, +reply, +forward, +reply-all shortcuts - Add unit tests (7 test cases, all passing) Change-Id: Ie3cbb8f96b308aae225bc69f4c3fc2226af0c230 * fix(mail): derive draft preview url from meta service Change-Id: Ibd10767bf4e4de7f453fff72487fe25090e14605 * fix: streamline mail draft and send outputs Change-Id: I75a969af29fa862bdf94947a3aa775d6eebee812 * fix(mail): keep draft reference on create and update Change-Id: Ie5787cf255ec2347c49f0a271209c1a2e4008fe3 * docs: refine mail draft link guidance for skills Change-Id: Ieaa5afef310edd5253f07eef06678b7a5db38fc0 * fix(mail): return draft reference for save flows Change-Id: Ied6031a05bdefecdcf60b09f66c5d3947d849f83 * refactor(mail): unify draft save output handling Change-Id: I400b8f9df97d614b33da3cbdde410ef615444741 * fix(mail): surface automation disable reason Change-Id: I23293fe6c2febf248c58ea14c87c05dde49872a1 * feat: flatten mail automation send disable output Change-Id: I747bf54bc3251387b05d94f87fe61da958d78104 * fix(mail): address review feedback for draft docs and tests Change-Id: I690df5612f36681c1690645d375c5c5e3ef9ca60 * test(mail): reuse upstream send-scope test factory Change-Id: I7f73956696c5405d8eb81fcd2128f0e9898ea539 * refactor(mail): merge recall fields into send output helper Change-Id: I5af612d70b05a3c0d8abbc9561fe76bb83b5b359 * fix(mail): omit raw recall status from send output Change-Id: I2918226a0eb68a45f6cc4ea997e1c941d8c16d52 * style(mail): format send output tests Change-Id: I8e0ec37aac48bcda6b5ad948f397d184a2a4d81d * test(mail): cover draft reference output flows Change-Id: Idd8abdb84613727a24e3fccb7b329e69566bc890 |
||
|
|
6212513c43 |
feat(mail): add email priority support for compose and read (#538)
* feat(mail): add email priority support for compose and read Write: all compose shortcuts (+send, +reply, +reply-all, +forward, +draft-create) accept --priority (high/normal/low) which sets the X-Cli-Priority EML header. +draft-edit accepts --set-priority. Read: normalizeMessage now infers priority from label_ids (HIGH_PRIORITY/LOW_PRIORITY), with priority_type as fallback. Change-Id: Ib5bc4e99331c6ce0d3850865825fcd1ff2183f0c Co-Authored-By: AI * docs(mail): add --priority and --set-priority to skill references Update 6 skill reference docs: +send, +reply, +reply-all, +forward, +draft-create add --priority param; +draft-edit adds --set-priority. Change-Id: I75d13fbf6a5ca4dfbf76e84fe39e4ee55b689751 Co-Authored-By: AI * test(mail): add unit and integration tests for --priority - helpers_test.go: cover parsePriority (valid/invalid/case/whitespace) and applyPriority (empty vs non-empty) end-to-end via EML builder - mail_draft_create_test.go: verify --priority propagates to X-Cli-Priority header in the built EML, and no header when priority is empty Change-Id: I62ca96b3e296b5898798cfa681f5efd4f101cb40 Co-Authored-By: AI * test(mail): cover buildDraftEditPatch --set-priority and label-based priority - helpers_test.go: TestBuildMessageOutput_PriorityFromLabels verifies HIGH_PRIORITY/LOW_PRIORITY labels map to priority_type_text, and that label values override the priority_type fallback field - mail_draft_edit_test.go (new): cover --set-priority high/low/normal (set_header vs remove_header), invalid value rejection, and absence of priority op when the flag is unused Change-Id: Idd5ace2fb812cf3eb329c79eeab3c8b9808fcf0b Co-Authored-By: AI * fix(mail): write priority_type to output when inferred from label_ids buildMessageOutput only wrote priority_type_text but not priority_type when priority was inferred from HIGH_PRIORITY/LOW_PRIORITY labels. Also covers the case where label overrides an explicit priority_type field. Change-Id: I7879976d21235b8006b5c8ebe6a413e2815354e1 * fix(mail): validate --priority in Validate so invalid values fail before dry-run/Execute Change-Id: Ic277ab683967c47f28c892d3512b0ab745bd86f6 * test(mail): add TestValidatePriorityFlag to cover invalid --priority rejected in Validate Change-Id: I7f12c0a0b0d15c491c28fdcb8729f2f648ba0244 |
||
|
|
be79485fe3 |
feat: mail support scheduled send (#534)
feat: mail support scheduled send (#534) |
||
|
|
03ba542a60 |
Revert "feat: mail support scheduled send (#449)" (#492)
This reverts commit
|
||
|
|
5fa68ccaa0 |
feat(mail): add email signature support (#485)
* feat(mail): add signature foundation, draft exports, and +signature shortcut - Add signature data model, API provider, and template variable interpolation with tests (shortcuts/mail/signature/) - Export signature-related symbols from draft package (SignatureWrapperClass, BuildSignatureHTML, FindMatchingCloseDiv, SplitAtQuote, RemoveSignatureHTML, SignatureSpacing, SignatureImage) for use by compose shortcuts - Add +signature shortcut for listing and viewing email signatures - Add signature reference documentation Change-Id: I62525e7b475692ada9ec8590b6d0252cf5afcdbc Co-Authored-By: AI * feat(mail): add --signature-id to all compose shortcuts - Add --signature-id flag to +draft-create, +send, +reply, +reply-all, +forward for inserting a signature into the email body - Add signature image download with SSRF protection (https enforcement, no token leak, context timeout, size limit) - Add signature HTML insertion with quote-aware placement - Update compose shortcut reference docs Change-Id: Ic5606bab7826a20364084898ad1714778e5a8bd0 Co-Authored-By: AI * feat(mail): add signature insert/remove ops for +draft-edit - Add insert_signature and remove_signature patch operations with old-signature MIME cleanup and case-insensitive CID matching - Expose signature ops in supported_ops flat list - Update SKILL.md and draft-edit reference docs Change-Id: I74affbf555e32351520f610ef42195f399a265d9 Co-Authored-By: AI * test(mail): add unit tests for signature patch operations Test insert_signature and remove_signature ops: - Insert into basic HTML body - Insert before quote block (reply/forward) - Replace existing signature - Error on plain-text-only draft - Remove existing signature - Error when no signature present Change-Id: Icd713552b130d6eb461ef1cabca61e82327f4f0b Co-Authored-By: AI * fix(mail): address reviewer findings on signature PR - Remove --device flag and device field from docs (not exposed in CLI) - Fix signature interpolation to match --from alias address in send_as list, instead of always using the primary mailbox address - Update lark-mail-signature.md reference doc Change-Id: I65f41a029cd33b17785e2355a99d042063962d23 Co-Authored-By: AI * fix(mail): resolve lint issues — remove unused code, fix gofmt - Remove unused cidSrcRe, collectSignatureCIDs, isCIDReferencedInHTML from signature_html.go (CID logic lives in draft/patch.go) - Remove unused strings import - Run gofmt on all affected files Change-Id: Ie142744a7ab17acf440dc69a5a78cefb3ce6c341 Co-Authored-By: AI * fix(mail): use draft From address for signature interpolation in +draft-edit Moved signature resolution after draft fetch+parse so insert_signature reads the From header from the existing draft. This ensures alias and shared-mailbox senders get correct template variable values (B-NAME, B-ENTERPRISE-EMAIL) instead of falling back to the primary address. Change-Id: I917016b17176090124814f30e8e15c67f1604de0 Co-Authored-By: AI |
||
|
|
44e7b5b477 |
feat: mail support scheduled send (#449)
feat: mail support scheduled send |
||
|
|
162c25527b |
feat(mail): support recall sent email (#481)
- Add buildSendResult helper that includes recall_available/recall_tip when backend returns recall_status in send response - Update +send, +reply, +reply-all, +forward to use buildSendResult - Add "Recall Email" section to mail skill template with recall and get_recall_detail command examples - Regenerate SKILL.md Change-Id: I44317ead8f8a65db81e874cfc3529ffeb21e1384 Co-Authored-By: AI |
||
|
|
815db0c866 |
fix(mail): add missing scopes for mail +watch shortcut (#357)
* fix(mail): add missing event scope for mail watch The mail +watch shortcut requires scope mail:user_mailbox.event.mail_address:read to receive the mail_address field in WebSocket event payloads, but this scope was neither declared in the shortcut's Scopes list nor included in the auto-approve (recommend.allow) set. Without this scope, +watch events arrive without the mail_address field, which breaks mailbox filtering and fetch-mailbox resolution. - Add scope to mail +watch Scopes declaration - Add scope to scope_overrides.json recommend.allow list so that auth login --recommend requests it automatically * fix(mail): add missing mailbox profile scope for mail watch The +watch shortcut calls fetchMailboxPrimaryEmail (GET user_mailboxes/me/profile) to resolve the mailbox address for event filtering, which requires scope mail:user_mailbox:readonly. All other mail shortcuts that call this API (send, reply, forward, draft-create, draft-edit) already declare this scope, but +watch did not. * fix(mail): remove event scope from scope_overrides.json The mail:user_mailbox.event.mail_address:read scope only needs to be declared in the +watch shortcut's Scopes list, not in the global recommend.allow set. |
||
|
|
dc0d92708b |
fix(mail): restrict --output-dir to current working directory (#376)
* fix(mail): restrict --output-dir to current working directory Previously, mail +watch --output-dir accepted absolute paths (e.g. /etc, /tmp) and home directory paths (~/), allowing writes to arbitrary locations. Since mail content is sender-controlled, this posed a risk of writing attacker-influenced data to sensitive system directories. Now all --output-dir values go through validate.SafeOutputPath which: - Rejects absolute paths and ~ expansion - Resolves .. and symlinks - Enforces the result stays under CWD * fix(mail): reject tilde paths in --output-dir explicitly SafeOutputPath treats ~/x as a literal relative path, silently creating a directory named "~" under CWD. Reject ~ prefixed paths with a clear error message instead. * fix(mail): reject all tilde-prefixed paths and use ErrValidation - Broaden ~ check from "~ || ~/" to "~" prefix, covering ~user/path forms - Use output.ErrValidation for consistent error type (exit code 2) * fix(mail): add post-mkdir EvalSymlinks + CWD re-verification (TOCTOU) SafeOutputPath validates before MkdirAll, but an attacker could replace the newly created directory with a symlink between mkdir and the first write. Add EvalSymlinks after MkdirAll and re-verify the resolved path is still under CWD. Also broaden ~ rejection to all tilde-prefixed paths (~user/path) and use output.ErrValidation for consistent error types. * fix(mail): use validate.SafeOutputPath for post-mkdir TOCTOU check Replace direct os.Getwd and filepath.EvalSymlinks calls with a second SafeOutputPath call after MkdirAll. This satisfies the forbidigo lint rule (no direct os/filepath calls in shortcuts/) while maintaining the same TOCTOU protection. * fix(mail): use original relative path for post-mkdir re-validation SafeOutputPath rejects absolute paths, but after the first call outputDir was already resolved to an absolute path. Pass the original relative path to the second SafeOutputPath call so it can properly re-validate after MkdirAll. * fix(mail): remove redundant post-mkdir SafeOutputPath call The second SafeOutputPath call after MkdirAll provided no real TOCTOU protection: mail +watch is long-running, so the directory could be replaced at any point during the session, not just between mkdir and the check. The first SafeOutputPath already validates and resolves the path; one call is sufficient. |
||
|
|
c16a021ac6 |
fix(mail): replace os.Exit with graceful shutdown in mail watch (#350)
* fix(mail): replace os.Exit with graceful shutdown in mail watch The signal handler in mail +watch called os.Exit(0), which bypassed all deferred cleanup functions, made the code path untestable, and did not follow Go's idiomatic context cancellation pattern. Key changes: - Remove os.Exit(0) and use context.WithCancel to propagate shutdown - Run cli.Start in a separate goroutine so the main goroutine can return immediately on signal receipt (the Lark WebSocket SDK does not return promptly after context cancellation) - Extract handleMailWatchSignal as a testable standalone function - Use sync.Once + defer for idempotent cleanup on all exit paths - Fix eventCount data race with atomic.Int64 - Add signal.Reset to support forced termination via a second Ctrl+C Closes #268 * docs: add docstrings to handleMailWatchSignal test functions * fix(mail): cancel watch context on signal handler panic If handleMailWatchSignal panics, the recover block now calls cancelWatch() to unblock the main select. Without this, a panic would leave shutdownBySignal unclosed and watchCtx uncancelled, causing the process to hang. * fix(mail): use triggerShutdown to unblock main select on signal handler panic The previous panic recovery only called cancelWatch(), but since the WebSocket SDK does not return promptly after context cancellation, the main select could still hang waiting on startErrCh. Introduce triggerShutdown() that closes shutdownBySignal (via sync.Once) and cancels the watch context, used by both the normal signal path and the panic recovery path. This ensures the main select unblocks immediately regardless of how the signal goroutine exits. Add regression test that forces a panic and asserts shutdownBySignal is closed promptly. |
||
|
|
fd9ee6afd6 |
feat(mail): add --page-token and --page-size to mail +triage (#301)
* feat(mail): add --page-token and --page-size pagination support to mail +triage Support external pagination for mail +triage with two new flags: - --page-token: resume from a previous response's page token - --page-size: alias for --max Token carries a "search:" or "list:" prefix to identify the API path, with strict validation: conflicting parameters (e.g. list: token with --query) fail fast, and bare tokens without prefix are rejected. JSON/data output now returns an object with messages, total, has_more, and page_token fields. Table output shows next-page hint on stderr. * fix(mail): address PR review — keep data format as array, fix whitespace query edge case - --format data preserves backward-compatible flat array output - --format json returns the new envelope object with pagination fields - Align search: prefix guard with TrimSpace(query) to match usesTriageSearchPath * fix(mail): simplify page-token format and fix page-size change data loss - Remove page_size encoding from token (search:abc → not search:5:abc) The search API token is a session cursor; page_size only controls how many items to return, not the cursor position. Encoding page_size caused data loss when users changed --page-size between requests. - Token format is now simply "search:<raw>" / "list:<raw>" - Add parseTriagePageToken/encodeTriagePageToken helpers for clean token handling with proper validation - next page hint in table output now includes --query and --filter for easy copy-paste continuation * docs(mail): update triage skill doc for json/data format split and search pagination note - Separate --format json (object with pagination) and --format data (array) examples - Update table next-page hint example to show --query/--filter inclusion - Add search pagination caveat about cross-session result ordering * fix(mail): make --format data include pagination fields same as json * fix(mail): address remaining PR review comments - Reject empty prefixed tokens (search: / list:) in parseTriagePageToken - Shell-escape query/filter in next-page hint to handle single quotes - Fix doc caption mismatch (data → json/data) and add language tag to code block - Fix test comment for TestResolveTriagePageSizeDefaultMax * fix(mail): rename total to count in triage pagination output total was misleading — it represented the current page count, not the global total. Renamed to count to match len(messages) semantics. * fix(mail): improve dry-run desc when using --page-token |
||
|
|
e64d24580a |
refactor: migrate mail shortcuts to FileIO (#356)
* refactor: migrate mail shortcuts to FileIO - DraftSnapshot.FIO: inject FileIO into draft snapshot for patch ops (addAttachment, loadAndAttachInline, replaceInline) - emlbuilder.Builder.fio: inject via WithFileIO(), readFile uses FileIO.Open - mail_draft_edit: loadPatchFile uses runtime.FileIO().Open - helpers: checkAttachmentSizeLimit takes fio param, uses FileIO.Stat - validateComposeInlineAndAttachments: pass fio through to size check - All mail entry points (send/reply/reply_all/forward/draft_create): pass runtime.FileIO() to builder and size limit checks |
||
|
|
284e5b6606 |
feat(mail): add send_as alias support, mailbox/sender discovery APIs, and mail rules API
New capabilities:
1. Alias (send_as) sending for all compose shortcuts (+send, +reply, +reply-all,
+forward, +draft-create, +draft-edit):
- New --mailbox flag separates mailbox routing from sender identity, enabling
alias sending where --mailbox specifies the owning mailbox and --from
specifies the alias address in the From header.
- Example: --mailbox me --from alias@example.com --to bob@example.com
- --mailbox priority: --mailbox > --from > "me"
- --from priority: --from > --mailbox > profile("me")
2. Discovery APIs for available mailboxes and sender addresses:
- accessible_mailboxes: lists all mailboxes the user can access (primary + shared)
- send_as: lists available sender addresses for a mailbox (primary, aliases, mailing lists)
3. Mail rules API:
- user_mailbox.rules resource: create, delete, list, reorder, update
4. Reply-all self-exclusion improvement:
fetchSelfEmailSet now also excludes the --from alias address, preventing the
sender from appearing in the recipient list when replying via an alias.
No breaking changes — omitting --mailbox preserves existing behavior.
|
||
|
|
c54a1354a0 |
feat(mail): auto-resolve local image paths in all draft entry points (#205)
All draft-related shortcuts now support <img src="./local.png"> in --body,automatically resolving relative paths into cid: inline MIME parts. Only relative paths are supported; absolute paths are rejected. Previously only +draft-edit supported this; now extended to +draft-create, +send, +reply, +reply-all, and +forward. |
||
|
|
8db4528269 |
feat: add strict mode identity filter, profile management and credential extension (#252)
* feat: add strict mode identity filter, profile management and credential extension Port changes from feat/strict-mode-identity-filter_3 branch: - Add strict mode for identity filtering and configuration - Add profile management commands (add/list/remove/rename/use) - Add credential extension framework (registry, env provider) - Add VFS abstraction layer - Refactor factory default and client options - Update shortcuts to use new credential and validation patterns Change-Id: I8c104c6b147e1901d94aefcefe35a174932c742b Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: go mod tidy Change-Id: I0f610ccea6bc874248e84c24770944a3071dcc57 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: fix test failures from credential provider migration - Remove unused TAT stub registrations in api and service tests (CredentialProvider manages tokens, SDK no longer calls TAT endpoint) - Update strict mode integration test: +chat-create now supports user identity, so it should succeed under strict mode user Change-Id: Iab51c2e12a97995e0b95dcd71df212d2d1f76570 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * refactor: migrate remaining os calls to internal/vfs Replace direct os.Stat/Open/MkdirAll/OpenFile/Remove/ReadDir/UserHomeDir with vfs equivalents in shortcuts/minutes, shortcuts/drive, and internal/keychain. Add ReadDir to the vfs interface and OsFs implementation. Change-Id: I8f97e5fb3e1731b4684d276644fcb10fae823067 * fix: resolve gofmt and goimports formatting issues Change-Id: If61578631f5698f7ca2d9a946ca59753651463fb * feat: add Flag.Input support for @file and stdin input sources Add framework-level support for reading flag values from files (@path) or stdin (-), solving the fundamental problem of passing complex text (markdown, multi-line content) via CLI arguments where shell escaping breaks content. Closes #239, fixes #163. - Add File/Stdin constants and Input field to Flag struct - Add resolveInputFlags() in runner pipeline (pre-Validate) - Support @@ escape for literal @ prefix - Guard against multiple stdin consumers - Auto-append "(supports @file, - for stdin)" to help text - Apply to: docs +create/+update --markdown, im +messages-send/+reply --text/--markdown/--content, task +comment --content, drive +add-comment --content Change-Id: I305a326d972417542aeadd70f37b74ea456461ef Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: fix pre-existing test failures in task, minutes, and registry - task/minutes: remove unused tenant_access_token httpmock stubs (TestFactory's testDefaultToken provides tokens directly, so the HTTP stub was never consumed and failed verification) - registry: fix hasEmbeddedData() to check for actual services instead of just byte length (meta_data_default.json has empty services array) Change-Id: Ic7b5fc7f9de09137a7254fe1ddf47d24ade40587 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: suppress nilerr lint for intentional nil returns Both cases intentionally return nil on error for graceful degradation: - profile list: show friendly message when config is not initialized - service: skip scope check when token resolution fails Change-Id: I7285c37277c9b0361a421ab00359244c2cd150b3 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: address CodeRabbit review feedback - runner.go: fail fast when Input is used on non-string flags - remote_test.go: rename hasEmbeddedData → hasEmbeddedServices - profile/list.go: add omitempty to optional JSON fields - service.go: surface context cancellation errors in scope check Change-Id: I7072d41f8c711b4b37c542e32dfd8150f42b13c0 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: tighten credential resolution and profile flows Change-Id: I83f6d424540eab9b1708944b9b6e26e8477cc60d * refactor: centralize identity hint resolution Change-Id: I38d5f98160b92adb62dc929ae73697ae5b3d64f8 * fix: surface unverified extension identities Change-Id: Ia86d9bd19add9010176339ec4cc89deb033f5b4f * fix: honor runtime credential sources in config views Change-Id: I40b2ffedc5c1db5e08e86b9472ea2b84fa02bb29 * fix: prefer runtime values in config show commands Change-Id: I5663a53e147577f0f1f533f67d12bea504e6b839 * Revert "fix: prefer runtime values in config show commands" This reverts commit |
||
|
|
30dba35c77 |
fix(mail): restore CID validation and stale PartID lookup lost in revert (#230)
* fix(mail): restore CID validation and stale PartID lookup lost in revert (#199)
The revert of PR #81 (
|
||
|
|
6a4dd8dc1b |
fix(mail): use in-memory keyring in mail scope tests to avoid macOS keychain popups (#212)
Mail scope tests (TestConfirmSendMissingScope*) were calling auth.SetStoredToken/RemoveStoredToken which accessed the real macOS keychain via go-keyring, causing persistent popup dialogs when the master key was missing. Add keyring.MockInit() to swap in an in-memory backend during tests. |
||
|
|
f68a41163e |
fix(mail): on-demand scope checks and watch event filtering (#198)
* fix(mail): on-demand scope checks, event filtering, and watch lifecycle - Remove mail:user_mailbox.folder:read from watch's static Scopes; add validateFolderReadScope and validateLabelReadScope that check permissions on-demand when listMailboxFolders/listMailboxLabels is called (same pattern as validateConfirmSendScope). - Resolve --mailbox me to real email address via profile API for event filtering, preventing other users' mail events from being processed. Block startup if resolution fails, with proper error type distinction. - Add unsubscribe cleanup (guarded by sync.Once) on all exit paths: SIGINT/SIGTERM, profile resolution failure, and WebSocket failure. - Remove bot from AuthTypes since bot tokens cannot subscribe. - Include profile lookup in dry-run output and update tests. - Update fetchMailboxPrimaryEmail to return error for diagnostics. - Update documentation for on-demand scope requirements. * fix(mail): preserve original error in enhanceProfileError fallback Return the original error directly for non-permission failures instead of wrapping with fmt.Errorf, so structured exit codes (ExitNetwork, ExitAPI) are preserved for scripting. |
||
|
|
eda2b9cd85 |
revert: undo auto-resolve local image paths in draft body HTML (#199)
* Revert "fix(mail): clarify that file path flags only accept relative paths (#141)" This reverts commit |
||
|
|
70c72a2c02 |
feat(mail): auto-resolve local image paths in draft body HTML (#81) (#139)
* feat(mail): auto-resolve local image paths in draft body HTML (#81)
Allow <img src="./local/path.png" /> in set_body/set_reply_body HTML.
Local file paths are automatically resolved into inline MIME parts with
generated CIDs, eliminating the need to manually pair add_inline with
set_body. Removing or replacing an <img> tag in the body automatically
cleans up or replaces the corresponding MIME inline part.
- Add postProcessInlineImages to unify resolve, validate, and orphan
cleanup into a single post-processing step
- Extract loadAndAttachInline shared helper to deduplicate addInline
and resolveLocalImgSrc logic
- Cache resolved paths so the same file is only attached once
- Use whitelist URI scheme detection instead of blacklist
- Remove dead validateInlineCIDAfterApply and
validateOrphanedInlineCIDAfterApply functions
Closes #81
* fix(mail): harden inline image CID handling
1. Fix imgSrcRegexp to skip attribute names like data-src/x-src that
contain "src" as a suffix — only match the real src attribute.
2. Sanitize cidFromFileName to replace whitespace with hyphens,
producing RFC-safe CID tokens (e.g. "my logo.png" → "my-logo").
3. Add CID validation in newInlinePart to reject spaces, tabs, angle
brackets, and parentheses — fail fast instead of silently producing
broken inline images in the sent email.
* refactor(mail): use UUID for auto-generated inline CIDs
Replace filename-derived CID generation (cidFromFileName + uniqueCID)
with UUID-based generation. UUIDs contain only [0-9a-f-] characters,
eliminating all RFC compliance risks from special characters, Unicode,
or filename collisions. Same-file deduplication via pathToCID cache
is preserved — multiple <img> tags referencing the same file still
share one MIME part and one CID.
* fix(mail): avoid panic in generateCID by using uuid.NewRandom
uuid.New() calls Must(NewRandom()) which panics if the random source
fails. Replace with uuid.NewRandom() and propagate the error through
resolveLocalImgSrc, so the CLI returns a clear error instead of
crashing in extreme environments.
* fix(mail): restore quote block hint in set_reply_body template description
The auto-resolve PR accidentally dropped "the quote block is
re-appended automatically" from the set_reply_body shape description.
Restore it alongside the new local-path support note.
* fix(mail): add orphan invariant comment and expand regex test coverage
- Add comment in postProcessInlineImages explaining that partially
attached inline parts on error are cleaned up by the next Apply.
- Add regex test cases: single-quoted src, multiple spaces before src,
and newline before src.
* fix(mail): use consistent inline predicate and safer HTML part lookup
1. removeOrphanedInlineParts: change condition from
ContentDisposition=="inline" && ContentID!="" to
isInlinePart(child) && ContentID!="", matching the predicate used
elsewhere — parts with only a ContentID (no Content-Disposition)
are now correctly cleaned up.
2. postProcessInlineImages: use findPrimaryBodyPart instead of
findPart(snapshot.Body, PrimaryHTMLPartID) to avoid stale PartID
after ops restructure the MIME tree.
* fix(mail): revert orphan cleanup to ContentDisposition check to protect HTML body
The previous change (
|
||
|
|
1ffe870dc8 | fix(mail): clarify that file path flags only accept relative paths (#141) | ||
|
|
ecf3209c52 |
fix: remove sensitive send scope from reply and forward shortcuts (#92)
* fix: remove sensitive send scope from reply and forward shortcuts Remove mail:user_mailbox.message:send from the required scopes of +reply, +reply-all, and +forward shortcuts. This scope is sensitive and may not be granted, while these shortcuts default to saving drafts and do not strictly require it. * fix: validate send scope dynamically when --confirm-send is set Add validateConfirmSendScope() to check mail:user_mailbox.message:send in the Validate phase when --confirm-send is used, preventing the "draft created but send failed" scenario. Add regression tests for +reply, +reply-all, and +forward. |
||
|
|
83dfb068ad |
feat: open-source lark-cli — the official CLI for Lark/Feishu
Change-Id: I113d9cdb5403cec347efe4595415e34a18b7decf |