746 Commits

Author SHA1 Message Date
qianzhicheng95
1f3d9e0420 fix: use curl for binary download to support proxy and add npmmirror fallback (#226)
Node.js https.get() does not honor https_proxy/HTTP_PROXY env vars,
causing silent download failures behind firewalls. Switch to curl which
natively supports proxy settings, and add npmmirror.com as a fallback
mirror for regions where GitHub is slow or blocked.

Change-Id: If9ace1e467e46f2a3009610a808bce8d78259e78
2026-04-02 19:49:13 +08:00
zhaoshengmeng626
6692300468 add approve domain (#217) 2026-04-02 18:57:56 +08:00
MaxHuang22
7baba213bc feat: add --jq flag for filtering JSON output (#211)
* feat: add --jq flag for filtering JSON output across all command types

Add jq expression filtering (--jq / -q) to api, service, and shortcut
commands using gojq. Includes early expression validation, mutual
exclusion checks with --output and non-json --format, pagination+jq
aggregation path, and comprehensive test coverage.

* fix: correct gofmt alignment in jq_test.go struct literal


* fix: downgrade gojq to v0.12.17 to keep Go 1.23 compatibility

gojq v0.12.18 requires Go 1.24, which unnecessarily bumped the project
minimum version. v0.12.17 requires only Go 1.21 and provides the same
jq functionality needed.


* refactor: consolidate jq validation and pagination logic

Extract ValidateJqFlags() and PaginateWithJq() shared functions to
eliminate duplicated jq logic across api, service, and shortcut commands.

* fix: reject --jq for non-JSON responses and propagate shortcut jq errors

- HandleResponse now returns a validation error when --jq is used with
  a non-JSON Content-Type instead of silently falling through to binary save.
- Shortcut runtime jq errors are captured in RuntimeContext.outputErr
  and propagated as the command exit code, matching api/service behavior.
2026-04-02 18:36:59 +08:00
wittam-01
725a62879b docs: clarify docs search query usage (#221)
Change-Id: I3108efcaedfefc8c247b0d5d0a97e59695bde11d
2026-04-02 18:36:45 +08:00
iyaozhen
112dd5f6b2 ci: add gitleaks scanning workflow and custom rules (#142) 2026-04-02 16:51:20 +08:00
caojie0621
0f96bdf5e8 fix: normalize escaped sheet range separators (#207)
Accept escaped and full-width sheet/range separators in sheets shortcuts.
Normalize range parsing in the shared sheets helper so read, find, write,
and append handle \!, \!, and ! consistently.
Add regression tests for separator normalization in dry-run paths.
2026-04-02 15:51:22 +08:00
max
102ee51914 feat: add +download shortcut for minutes media download (#101)
* feat: add +download shortcut for minutes media download

* chore: remove accidentally committed test artifacts from shortcuts/vc

* feat: use minute title and auto-detected extension for default download filename

* docs: clarify note_doc_token vs verbatim_doc_token and add cover image guidance

* refactor: resolve default filename from Content-Disposition instead of extra API call

* test: add unit and integration tests for minutes +download shortcut

* fix: add SSRF protection and redirect safety for media download

* feat: add batch download with concurrent execution and SSRF protection

* chore: promote golang.org/x/sync to direct dependency

* fix: resolve copyloopvar and nilerr lint errors

* fix: replace errgroup with WaitGroup to resolve nilerr lint and translate comments to English

* feat: unify --minute-tokens flag, add batch download, token validation, and smart filename resolution

* fix: address PR review — download timeout, UTF-8 truncation, concurrency safety, rate limiting, dedup robustness

* refactor: simplify +download — unify single/batch loop, remove parallel download, merge output flags

* fix(minutes): deduplicate filenames in batch download by prefixing token on collision

* fix(minutes): fix gofmt alignment in downloadOpts struct

* fix(minutes): add transport-level SSRF protection and batch output validation
2026-04-02 15:31:13 +08:00
liujinkun2025
79f43dc337 feat: add drive import, export, move, and task result shortcuts (#194)
Change-Id: I0938dcf587e377afc4ab7133f1e8ff1e2412e566
2026-04-02 14:01:39 +08:00
sammi-bytedance
f231031041 feat: support im message send/reply with uat (#180)
- Add --as user support to +messages-send and +messages-reply
- Add UserScopes (im:message.send_as_user) / BotScopes (im:message:send_as_bot)
- Add DoAPIAsBot to RuntimeContext so file/image uploads always use bot
  identity even when the surrounding command runs as user
- Update skill docs and reference files to reflect user/bot support
- Default identity remains bot (first element of AuthTypes)
2026-04-02 12:12:10 +08:00
wangzhengkui
f68a41163e fix(mail): on-demand scope checks and watch event filtering (#198)
* fix(mail): on-demand scope checks, event filtering, and watch lifecycle

- Remove mail:user_mailbox.folder:read from watch's static Scopes; add
  validateFolderReadScope and validateLabelReadScope that check
  permissions on-demand when listMailboxFolders/listMailboxLabels is
  called (same pattern as validateConfirmSendScope).
- Resolve --mailbox me to real email address via profile API for event
  filtering, preventing other users' mail events from being processed.
  Block startup if resolution fails, with proper error type distinction.
- Add unsubscribe cleanup (guarded by sync.Once) on all exit paths:
  SIGINT/SIGTERM, profile resolution failure, and WebSocket failure.
- Remove bot from AuthTypes since bot tokens cannot subscribe.
- Include profile lookup in dry-run output and update tests.
- Update fetchMailboxPrimaryEmail to return error for diagnostics.
- Update documentation for on-demand scope requirements.

* fix(mail): preserve original error in enhanceProfileError fallback

Return the original error directly for non-permission failures instead
of wrapping with fmt.Errorf, so structured exit codes (ExitNetwork,
ExitAPI) are preserved for scripting.
2026-04-02 10:56:49 +08:00
feng zhi hao
eda2b9cd85 revert: undo auto-resolve local image paths in draft body HTML (#199)
* Revert "fix(mail): clarify that file path flags only accept relative paths (#141)"

This reverts commit 1ffe870dc8.

* Revert "feat(mail): auto-resolve local image paths in draft body HTML (#81) (#139)"

This reverts commit 70c72a2c02.

* Reapply "fix(mail): clarify that file path flags only accept relative paths (#141)"

This reverts commit d465e085b1.
v1.0.2
2026-04-01 23:11:30 +08:00
liangshuo-1
a703202ef8 chore: add v1.0.2 changelog and bump version (#192)
Change-Id: Id02603da7916689f79861f543a5e0f261f443753
2026-04-01 21:17:00 +08:00
MaxHuang22
eb8b542f42 feat: add TestGenerateShortcutsJSON and skip redundant meta fetch (#179)
* feat: add TestGenerateShortcutsJSON for registry shortcut export

Add a test that exports all shortcuts as JSON when SHORTCUTS_OUTPUT
env var is set, enabling the registry repo to extract shortcut
metadata without depending on a dump-shortcuts CLI command.
2026-04-01 20:14:19 +08:00
JackZhao10086
d4c051d211 feat: improve OS keychain/DPAPI access error handling for sandbox environments (#173)
* refactor(keychain): improve error handling and consistency across platforms

- Change platformGet to return error instead of empty string
- Add proper error wrapping for keychain operations
- Make master key creation conditional in getMasterKey
- Improve error messages and handling for keychain access
- Update dependent code to handle new error returns

* docs(keychain): improve function documentation and error message

Add detailed doc comments for all platform-specific keychain functions to clarify their purpose and behavior. Also enhance the error hint message to include a suggestion for reconfiguring the CLI when keychain access fails.

* refactor(keychain): reorder operations in platformGet for better error handling

Check for file existence before attempting to read and get master key

* fix(keychain): improve error handling and consistency across platforms.

* fix(keychain): handle corrupted master key case

* fix(keychain): handle I/O errors when reading master key
2026-04-01 17:58:52 +08:00
williamfzc
5621d2e555 feat(ci): refine PR business area labels and introduce skill format check (#148)
* feat(ci): add PR size label pipeline

* chore(ci): make PR label sync non-blocking

* feat(ci): add dry-run mode for PR label sync

* feat(ci): add PR label dry-run samples

* test(ci): update PR label samples with real historical merged PRs

Replaced synthetic or open PR samples with actual merged/closed PRs from the
repository to provide a more accurate reflection of the size label categorization.
Added 4 samples each for sizes S, M, and L covering docs, fixes, ci, and features.

* feat(ci): add high-level area tags for PRs

Based on user feedback, fine-grained domain labels (like `domain/base`) are too detailed for the early stages.
This change adds support for applying `area/*` tags to indicate which important top-level modules a PR touches.

Currently tracked areas:
- `area/shortcuts`
- `area/skills`
- `area/cmd`

Minor modules like docs, ci, and tests are intentionally excluded to keep tags focused on critical architectural components.

* refactor(ci): extract pr-label-sync logic to a dedicated directory

To avoid polluting the root `scripts/` directory, moved `sync_pr_labels.js` and
`sync_pr_labels.samples.json` into a new `scripts/sync-pr-labels/` folder.
Added a dedicated README to document its usage and behavior.
Updated `.github/workflows/pr-labels.yml` to reflect the new path.

* refactor(ci): rename pr label script directory for simplicity

Renamed `scripts/sync-pr-labels/` to `scripts/pr-labels/` to keep directory
names concise. Updated internal references and GitHub workflow files to point
to the new path.

* ci: add GitHub Actions workflow to check skill format

* test(ci): update sample json to include expected_areas

Added `expected_areas` lists to each sample in `samples.json` to reflect
the newly added `area/*` high-level module tagging logic. Allows testing
to accurately check both `size/*` and `area/*` outputs.

* refactor(scripts): move skill format check to isolated directory and add README

* test(scripts): add positive and negative tests for skill format check

* fix(scripts): revert skill changes and downgrade version/metadata checks to warnings

* fix(scripts): completely remove version check and skip lark-shared

* refactor(ci): improve pr-labels script readability and maintainability

- Reorganized code into logical sections with clear comments
- Encapsulated GitHub API interactions into a reusable `GitHubClient` class
- Extracted and centralized classification logic into a pure `evaluateRules` function
- Replaced magic numbers with named constants (`THRESHOLD_L`, `THRESHOLD_XL`)
- Fixed `ROOT` path resolution logic
- Simplified conditional statements and control flow

* ci: fix setup-node version in pr-labels workflow

* tmp

* refactor(ci): replace generic area labels with business-specific ones

- Add PATH_TO_AREA_MAP to map shortcuts/skills paths to business areas (im, vc, ccm, base, mail, calendar, task, contact)

- Replace importantAreas with businessAreas throughout the codebase

- Remove area/shortcuts, area/skills, area/cmd generic labels

- Now generates specific labels like area/im, area/vc, area/ccm, etc.

- Update samples.json expected_areas to match new behavior

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(ci): address PR review feedback for label scripts and workflows

- Add `edited` event to PR labels workflow to trigger on title changes
- Add security warning comment in pr-labels.yml workflow
- Update pr-labels README with latest business area labels
- Exclude `skills/lark-*` paths from low risk doc classification
- Handle renamed files properly in PR path classification
- Fix YAML frontmatter extraction to handle CRLF line endings
- Use precise regex for YAML key validation instead of substring match
- Fix exit code checking logic in skill-format-check test script
- Translate Chinese comments in skill-format-check to English

* fix(skill-format-check): address CodeRabbit review feedback

- Fix frontmatter closing delimiter detection to strictly match '---' using regex, preventing invalid closing tags like '----' from passing.
- Improve test fixture reliability by failing tests immediately if fixture preparation fails, avoiding false positives.

* fix: address review comments from PR 148

- ci: warn when PR label sync fails in job summary
- test(skill-format-check): capture validator output for negative tests
- fix(skill-format-check): catch errors when reading SKILL.md to avoid hard crashes

* fix: add error handling for directory enumeration in skill-format-check

- refactor: use `fs.readdirSync` with `{ withFileTypes: true }` to avoid extra stat calls
- fix: catch and report errors gracefully during skills directory enumeration instead of crashing

* docs(skill-format-check): clarify `metadata` requirement in README

test(pr-labels): add edge case samples for skills paths, CCM multi-paths, and renames

* test(pr-labels): add real PR edge case samples

- use PR #134 to test skill path behaviors
- use PR #57 to test multi-path CCM resolution
- use PR #11 to test track renames cross domains

* refactor(ci): migrate pr labels from area to domain prefix

- Replaced `area/` prefix with `domain/` for PR labeling to align with existing GitHub labels
- Renamed internal constants and variables from `area` to `domain` (e.g. `PATH_TO_AREA_MAP` to `PATH_TO_DOMAIN_MAP`)
- Updated `samples.json` test data to use new `domain/` format and `expected_domains` key
- Added `scripts/pr-labels/test.js` runner script for continuous validation of labeling logic against PR samples
- Corrected expected size label for PR #134 test sample

* test: use execFileSync instead of execSync in pr-labels test script

* fix: resolve target path against process.cwd() instead of __dirname in skill-format-check

* docs: correct label prefix in PR label workflow README

- Updated README.md to reflect the new `domain/` label prefix instead of `area/`

* fix(ci): fix dry-run console output formatting and enforce auth in tests

- Removed duplicate domain array interpolation in printDryRunResult
- Added process.env.GITHUB_TOKEN guard in test.js to prevent ambiguous failures from API rate limits

* fix(ci): ensure PR labels can be applied reliably

- Added `issues: write` permission to pr-labels workflow, which is strictly required by the GitHub REST API to modify labels on pull requests
- Reordered script execution in `index.js` to apply/remove labels on the PR *before* attempting to sync repository-level label definitions (colors/descriptions). The definition sync is now a trailing best-effort step with error catching so transient repo-level API failures don't abort the critical path.

* fix(ci): fix edge cases in pr-label index script

- Added missing `skills/lark-task/` to `PATH_TO_DOMAIN_MAP` to properly detect task domain modifications
- Updated GitHub REST API error checking in `syncLabelDefinition` to reliably match `error.status === 422` rather than loosely checking substring
- Moved token presence check in `main()` to happen before `resolveContext` to avoid triggering unauthenticated 401 API limits when GITHUB_TOKEN is omitted locally

* test(ci): clean up PR label test samples

- Removed duplicate PR entries (#11 and #57) to reduce redundant API calls during testing
- Renamed sample test cases to correctly reflect their expected labels (e.g. `size-l-skill-format-check` -> `size-m-skill-format-check`)

* fix(ci): bootstrap new labels before applying to PRs

- Prior changes correctly made full label sync best-effort, but broke the flow for brand new domains
- GitHub API returns a 422 error if you attempt to attach a label to an Issue/PR that does not exist in the repository
- Added a targeted bootstrap loop to create/sync specifically the labels in `toAdd` before attempting `client.addLabels()`
- Left the remaining global label synchronization as a best-effort trailing action

* test(ci): automate PR label regression testing

- Added a dedicated GitHub Actions workflow (`pr-labels-test.yml`) to automatically run `test.js` against `samples.json` whenever the labeling logic is updated
- Documented local testing instructions in `scripts/pr-labels/README.md`

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-01 17:45:39 +08:00
kongenpei
17698d5c6a docs: add concise AGENTS development guide (#178)
* docs: add concise AGENTS development guide

* docs: align AGENTS with toolchain and CI license checks

* docs: remove toolchain prerequisite section

---------

Co-authored-by: kongenpei <kongenpei@users.noreply.github.com>
2026-04-01 16:00:55 +08:00
feng zhi hao
70c72a2c02 feat(mail): auto-resolve local image paths in draft body HTML (#81) (#139)
* feat(mail): auto-resolve local image paths in draft body HTML (#81)

Allow <img src="./local/path.png" /> in set_body/set_reply_body HTML.
Local file paths are automatically resolved into inline MIME parts with
generated CIDs, eliminating the need to manually pair add_inline with
set_body. Removing or replacing an <img> tag in the body automatically
cleans up or replaces the corresponding MIME inline part.

- Add postProcessInlineImages to unify resolve, validate, and orphan
  cleanup into a single post-processing step
- Extract loadAndAttachInline shared helper to deduplicate addInline
  and resolveLocalImgSrc logic
- Cache resolved paths so the same file is only attached once
- Use whitelist URI scheme detection instead of blacklist
- Remove dead validateInlineCIDAfterApply and
  validateOrphanedInlineCIDAfterApply functions

Closes #81

* fix(mail): harden inline image CID handling

1. Fix imgSrcRegexp to skip attribute names like data-src/x-src that
   contain "src" as a suffix — only match the real src attribute.
2. Sanitize cidFromFileName to replace whitespace with hyphens,
   producing RFC-safe CID tokens (e.g. "my logo.png" → "my-logo").
3. Add CID validation in newInlinePart to reject spaces, tabs, angle
   brackets, and parentheses — fail fast instead of silently producing
   broken inline images in the sent email.

* refactor(mail): use UUID for auto-generated inline CIDs

Replace filename-derived CID generation (cidFromFileName + uniqueCID)
with UUID-based generation. UUIDs contain only [0-9a-f-] characters,
eliminating all RFC compliance risks from special characters, Unicode,
or filename collisions. Same-file deduplication via pathToCID cache
is preserved — multiple <img> tags referencing the same file still
share one MIME part and one CID.

* fix(mail): avoid panic in generateCID by using uuid.NewRandom

uuid.New() calls Must(NewRandom()) which panics if the random source
fails. Replace with uuid.NewRandom() and propagate the error through
resolveLocalImgSrc, so the CLI returns a clear error instead of
crashing in extreme environments.

* fix(mail): restore quote block hint in set_reply_body template description

The auto-resolve PR accidentally dropped "the quote block is
re-appended automatically" from the set_reply_body shape description.
Restore it alongside the new local-path support note.

* fix(mail): add orphan invariant comment and expand regex test coverage

- Add comment in postProcessInlineImages explaining that partially
  attached inline parts on error are cleaned up by the next Apply.
- Add regex test cases: single-quoted src, multiple spaces before src,
  and newline before src.

* fix(mail): use consistent inline predicate and safer HTML part lookup

1. removeOrphanedInlineParts: change condition from
   ContentDisposition=="inline" && ContentID!="" to
   isInlinePart(child) && ContentID!="", matching the predicate used
   elsewhere — parts with only a ContentID (no Content-Disposition)
   are now correctly cleaned up.
2. postProcessInlineImages: use findPrimaryBodyPart instead of
   findPart(snapshot.Body, PrimaryHTMLPartID) to avoid stale PartID
   after ops restructure the MIME tree.

* fix(mail): revert orphan cleanup to ContentDisposition check to protect HTML body

The previous change (d3d1982) broadened the orphan cleanup predicate to
isInlinePart(), which treats any part with a ContentID as inline. This
deletes the primary HTML body when it carries a Content-ID header
(valid in multipart/related), even on metadata-only edits like
set_subject.

Revert to the original ContentDisposition=="inline" && ContentID!=""
condition — only parts explicitly marked as inline attachments are
candidates for orphan removal. Add regression test covering
multipart/related with a Content-ID-bearing HTML body.
2026-04-01 15:47:20 +08:00
kongenpei
d4e83df22c chore: add pull request template (#176)
* add pull request template

* fix: use safe related issue placeholder in PR template

---------

Co-authored-by: kongenpei <kongenpei@users.noreply.github.com>
2026-04-01 15:27:08 +08:00
JackZhao10086
4c51a9874d fix: correct URL formatting in login --no-wait output (#169)
* fix: Fix the issue where the URL returned by the "lark-cli auth login --no-wait" command contains \u0026

* style: fix indentation and whitespace in error handling code

* fix(auth): handle JSON encoding errors in login output

* docs(cmd/auth): add comment for authLoginRun function
2026-04-01 13:58:47 +08:00
kongenpei
6463ab13c9 ci: make pkg.pr.new comment flow fork-safe (#170)
* ci: make pkg.pr.new comment flow fork-safe

* ci: harden trusted comment workflow inputs

* ci: skip comment steps when payload artifact is missing

* ci: use artifact PR number when workflow_run pull_requests is empty

* ci: allow PR comment workflow to write pull requests

---------

Co-authored-by: kongenpei <kongenpei@users.noreply.github.com>
2026-04-01 13:57:28 +08:00
kongenpei
c4851a5c45 ci: improve pkg.pr.new install comment clarity (#168)
* ci: improve pkg.pr.new install comment clarity

* ci: add emojis to pkg.pr.new install comment headings

* ci: avoid hard fail when PR head metadata is missing

---------

Co-authored-by: kongenpei <kongenpei@users.noreply.github.com>
2026-04-01 11:15:54 +08:00
kongenpei
bdd39b0196 ci: add pkg.pr.new PR preview workflow (#152)
* ci: publish PR preview builds to pkg.pr.new

* chore: limit pkg-pr-new build targets to 3 platforms

* ci: use node lts in pkg-pr-new workflow

* chore: trim pkg-pr-new to single target to fit size limit

* ci: publish pkg-pr-new package path without --bin

* ci: disable compact pkg-pr-new urls for fork previews

* ci: post minimal npm -g pkg-pr-new install comment

* chore: enable windows amd64 build for pkg-pr-new

* ci: format pkg-pr-new install comment as markdown code block

* ci: tweak pkg-pr-new comment wording

* ci: pin github-script and paginate PR comments

* chore: enable pkg PR build targets

---------

Co-authored-by: kongenpei <kongenpei@users.noreply.github.com>
v1.0.1
2026-03-31 21:26:38 +08:00
feng zhi hao
1ffe870dc8 fix(mail): clarify that file path flags only accept relative paths (#141) 2026-03-31 20:36:37 +08:00
calendar-assistant
5da3075646 feat(calendar): implement rsvp shortcut (#151)
Change-Id: I96170f024f1c8bb6f44de752961e58e5fec61644
2026-03-31 20:19:24 +08:00
qianzhicheng95
8fc7e12f9e docs: add v1.0.1 changelog (#150)
Change-Id: Ie4751db5ae19689c49deac69007516bf381233b3

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 19:14:42 +08:00
MaxHuang22
27139a0919 feat: add automatic CLI update detection and notification (#144)
Add non-blocking update check that queries the npm registry for the
latest @larksuite/cli version. Results are cached locally (24h TTL)
to avoid repeated network requests.

When a newer version is detected, a `_notice.update` field is injected
into all JSON output envelopes (success, error, and shortcut responses),
enabling AI agents and scripts to surface upgrade prompts.

Key changes:
- New `internal/update` package: registry fetch, semver compare, cache
- Async check in root command (cache-first, then background refresh)
- `_notice` field added to Envelope/ErrorEnvelope structs
- `PrintJson` injects notice into map-based envelopes with "ok" key
- `doctor` command gains cli_version and cli_update checks
- Suppressed for CI, DEV builds, shell completion, and git-describe versions
2026-03-31 19:01:39 +08:00
qianzhicheng95
c35b1ae2c5 feat: add npm publish job to release workflow (#145)
* feat: add npm publish job to release workflow

Change-Id: Ibfae2af6bd2aabf09936c96d21964af98b77c127
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* feat: bump package version to 1.0.1

Change-Id: Ifb58789be5621ab4979b5fe60e0e30042e07fea8
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 18:55:52 +08:00
zgz2048
c8341bbd7c docs(base): clarify field description usage in json (#90)
* docs(base): clarify field description usage in json

* chore(base docs): clarify field description usage

* docs(base): add description to field schema
2026-03-31 16:46:40 +08:00
jackie3927
634adfc745 feat: support auto extension for downloads (#16) 2026-03-31 14:01:50 +08:00
vaxin
62d8681b0b docs: update Base description to include all capabilities (#61)
Add workflows, forms, roles & permissions to the Base feature description
across READMEs and service registry to accurately reflect full coverage.

Co-authored-by: dengfanxin <dengfanxin.dfx@bytedance.com>
2026-03-31 13:32:45 +08:00
evandance
a2656e1385 feat:remove useless files (#131) 2026-03-31 12:31:10 +08:00
91-enjoy
8bd5049ebe feat: normalize markdown message send/reply output (#28)
* feat(IM):  im markdown send/reply

Change-Id: I6b53eb2207d7c2393d3c7d108df3ba197b9eae46

* add Resolve content type

Change-Id: I71a0cdb8b500ca1496b23fede1f2b2617f16ec63
2026-03-31 01:36:52 +08:00
YangJunzhou-01
69bcdd9e35 feat: add auto-pagination to messages search and update lark-im docs (#30)
Change-Id: Ic50e891d2385c2e3ac902cd89d95c3db99f94050
2026-03-30 23:00:41 +08:00
Schumi Lin
9b933f1a20 docs: add official badge to distinguish from third-party Lark CLI tools (#103)
* docs: add official badge and maintainer attribution to README

Many third-party Feishu/Lark CLI tools exist, causing confusion
about which is the official one. Add an "Official" badge and a
blockquote clearly stating this repo is maintained by the
Lark/Feishu Open Platform team at larksuite.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* docs: use 飞书官方 CLI 工具 in Chinese README

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* docs: merge official attribution into description, drop Open Platform wording

Remove the separate blockquote and fold official status into the
main description line. Also remove "Open Platform" — this is
the Lark/Feishu CLI tool, not an "Open Platform CLI tool".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* docs: remove self-made Official badge

No major official repo (OpenAI, Anthropic, Stripe, AWS, HashiCorp)
uses a custom shields.io "Official" badge — anyone can make one, so
it signals nothing. The org namespace (larksuite/) and the "official"
wording in the description are sufficient.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-30 20:15:42 +08:00
kongenpei
8e24166d90 fix(base): use base history read scope for record history list (#96)
Co-authored-by: kongenpei <kongenpei@users.noreply.github.com>
2026-03-30 19:40:17 +08:00
feng zhi hao
ecf3209c52 fix: remove sensitive send scope from reply and forward shortcuts (#92)
* fix: remove sensitive send scope from reply and forward shortcuts

Remove mail:user_mailbox.message:send from the required scopes of
+reply, +reply-all, and +forward shortcuts. This scope is sensitive
and may not be granted, while these shortcuts default to saving
drafts and do not strictly require it.

* fix: validate send scope dynamically when --confirm-send is set

Add validateConfirmSendScope() to check mail:user_mailbox.message:send
in the Validate phase when --confirm-send is used, preventing the
"draft created but send failed" scenario. Add regression tests for
+reply, +reply-all, and +forward.
2026-03-30 18:19:11 +08:00
evandance
a13bee8fda fix: resolve silent failure in lark-cli api error output (#39) (#85)
MarkRaw previously skipped both enrichPermissionError and
WriteErrorEnvelope, causing api command to exit 1 with no output
on API errors. Now MarkRaw only skips enrichPermissionError while
WriteErrorEnvelope always runs, ensuring stderr error envelope is
always written.

- Simplify apiRun MarkRaw logic (remove unnecessary IsJSONContentType check)
- Update existing tests to match new behavior
- Add 5 e2e tests covering api/service/shortcut error output
2026-03-30 17:19:24 +08:00
liangshuo-1
e5a83f5eaa ci: improve CI workflows and add golangci-lint config (#71)
* ci: improve CI workflows and add golangci-lint config

- Add path filters to avoid unnecessary CI runs on non-Go changes
- Use go-version-file instead of hardcoded Go version
- Unify runners to ubuntu-latest
- Consolidate staticcheck/vet into golangci-lint with curated linter set
- Add go mod tidy check, govulncheck, and dependency license check
- Enable race detector in coverage, increase test timeout to 5m
- Add build verification step to tests workflow
- Add .codecov.yml with patch coverage target (60%)
- Add .golangci.yml (v2) with security and correctness linters

Change-Id: I409beb21cc1f1568ff47739c0a00f6214c10a0dd

* ci: replace Codecov upload with GitHub Job Summary coverage report

- Remove Codecov action dependency and CODECOV_TOKEN usage
- Generate coverage report using go tool cover and display in Job Summary
- Rename job from 'codecov' to 'coverage'
- Remove .codecov.yml from paths filter

Change-Id: Ib65dab6c4d7117c3300a9ea31eb1550537c72f88

* ci: trigger lint workflow

Change-Id: Ic1c492dd339f5460d2be2971ac65ea8f99e524eb

* ci: replace golangci-lint action with go run to avoid action whitelist restriction

Change-Id: I87274abf9780eb8b6350e98a27302ec5acc2a2e5

* ci: replace golangci-lint action with go run, keep incremental lint via --new-from-rev

Change-Id: I3d4a13cfd7b6c02e4098b04b8533a7248185c077

* ci: add fetch-depth 0 to lint checkout for incremental lint to work

Change-Id: I112279c5ec06dc0aa3aa7e01d564ea27fbd20533

* ci: disable errcheck linter due to high volume of existing violations

Change-Id: Iec57e8fbe42699f687d931d9dde2f879f2ae5b02

* ci: align golangci-lint config with GitHub CLI, make govulncheck non-blocking

- Add exptostd, gocheckcompilerdirectives, gochecksumtype, gomoddirectives linters
- Move gosec, staticcheck, errname, errorlint, misspell to TODO for later enablement
- Remove G104 exclusion (errcheck is disabled)
- Make govulncheck continue-on-error until Go version is upgraded

Change-Id: I330ece4f202229aee1e2f50790f6b22738704c05

* ci: fix go-licenses module path for v2

Change-Id: Ifd018ebe79cd18402171417b1b73313af2d23c6d
2026-03-30 11:09:31 +08:00
TimZhong
d2ad5e4def docs: rename user-facing Bitable references to Base (#11) 2026-03-29 00:00:52 +08:00
TimZhong
511c24bd95 docs: add star history chart to readmes (#12) 2026-03-29 00:00:14 +08:00
liuxinyanglxy
62ad335b26 docs: simplify installation steps by merging CLI and Skills into one section (#26)
Combine the separate "Install CLI" and "Install AI Agent Skills" sections
into a single "Install" section for both human and AI Agent quick start
guides. Renumber the AI Agent steps accordingly.

Change-Id: I4ac10538d912a8889f52ea5a85e757d3e8bad21e
2026-03-28 17:33:24 +08:00
liuxinyanglxy
d4d4f32ec6 docs: add npm version badge and improve AI agent tip wording (#23)
Add npm version badge to both README files for better package
discoverability. Reword the Quick Start tip to directly address
AI assistants instead of human users.

Change-Id: I9fb4252e4a7bde4ab6644c6ca6e63dc5d34b6f0c

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 15:29:42 +08:00
Schumi Lin
aac94ceb5c docs: emphasize Skills installation as required for AI Agents (#19)
* docs: emphasize Skills installation as required step for AI Agents

Split the AI Agent quick start from a single code block into separate
labeled steps, and add a prominent note explaining that without Skills
the Agent cannot discover available commands or parameters.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* docs: position Skills installation as the core step of the setup

Reword the Skills step to convey that it is the most important part of
the entire setup — the CLI is just a binary, Skills are what give the
Agent the knowledge to operate Lark.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* docs: tone down Skills step wording, keep it concise

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 14:45:20 +08:00
liangshuo-1
2345b98d20 Merge pull request #3 from schumilin/fix/readme-install-clarification
docs: clarify install methods and add source build steps
2026-03-28 11:43:44 +08:00
schumilin
ccbf4a0bd6 docs: clarify install methods as alternatives and add source build steps
Closes larksuite/cli#2

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 11:41:25 +08:00
梁硕
83dfb068ad feat: open-source lark-cli — the official CLI for Lark/Feishu
Change-Id: I113d9cdb5403cec347efe4595415e34a18b7decf
v1.0.0
2026-03-28 10:36:25 +08:00