* fix(drive): preserve parent token on nested overwrite
Ensure drive +push overwrite requests for nested files keep parent_node aligned with the actual remote parent folder and report parent resolution failures explicitly.
* test(drive): cover nested overwrite push workflow
Add a live drive +push workflow case for overwriting a nested remote file so the PR parent-token fix is exercised against the real backend and verified to converge via +status.
* feat(doc): add width/height params to buildBatchUpdateData
Extend buildBatchUpdateData signature with width and height int params.
When mediaType is "image" and either dimension is positive, the value is
included in the replace_image payload. Existing call sites pass 0, 0.
* feat(doc): add --width/--height flags with validation to docs +media-insert
* feat(doc): add aspect-ratio auto-calculation helpers
Add computeMissingDimension (pure ratio math) and detectImageDimensions
(header-only image.DecodeConfig) with PNG/JPEG/GIF blank-import decoders,
plus imageDimensions struct; drive with two new TDD tests.
* feat(doc): wire --width/--height into Execute with aspect-ratio calculation
* feat(doc): add best-effort dimension computation to DryRun
* docs: add --width/--height to docs +media-insert SKILL.md
* fix: add SafeInputPath validation to detectImageDimensionsFromPath
* fix: guard computeMissingDimension against division by zero and add rounding
* fix: add dimension upper bound, fix err variable reuse in Execute
* refactor: use early-return guard for zero native dimensions per review
* fix: add pixels unit to dimension validation error messages
* fix: surface dimension detection failures in dry-run to match Execute behavior
* fix: move dimension detection before upload to fail fast
* fix: restore withRollbackWarning on dimension detection errors in Execute
Dimension detection runs after the placeholder block is created (Step 2),
so failures must clean up the block to avoid leaving an empty placeholder
in the document.
Introduce three new wiki shortcuts that wrap the corresponding raw APIs
with structured flags, formatted output, my_library alias handling, and
unified envelope shape, replacing the bare `lark-cli wiki spaces list`
/ `wiki nodes list` / `wiki nodes copy` flows for the common cases.
Shortcuts
- wiki +space-list (read, scopes: wiki:space:retrieve):
lists wiki spaces. Default fetches a single page; --page-all walks
every page capped by --page-limit (default 10, 0 = unlimited).
Supports --page-size / --page-token / --format json|pretty|table|csv|ndjson.
Output: {spaces, has_more, page_token} + Meta.Count. Pretty mode
distinguishes "no spaces" from "empty page with has_more" and hints
the caller to resume.
- wiki +node-list (read, scopes: wiki:node:retrieve):
lists nodes in a space or under a parent. Same pagination + format
story as +space-list. Accepts the my_library alias for --space-id
with --as user (resolved via a shared resolveMyLibrarySpaceID helper
extracted from +node-create); rejects my_library upfront for --as bot.
- wiki +node-copy (high-risk-write, scopes: wiki:node:copy):
copies a node into a target space or parent. --target-space-id and
--target-parent-node-token are mutually exclusive. Risk is marked
high-risk-write to match the upstream API's danger: true flag, so the
framework requires --yes. Source is preserved; subtree is copied.
Both list shortcuts pick the narrowest scope the upstream API accepts.
The framework's preflight (internal/auth/scope.go MissingScopes) does
exact-string scope matching, so declaring the broader wiki:wiki:readonly
form would wrongly reject tokens that carry only the per-API scope —
which the API itself accepts — and emit a misleading missing-scope hint.
Shared changes
- shortcuts/wiki/wiki_node_create.go: factor out resolveMyLibrarySpaceID
so +node-list and +node-create share one my_library resolution path.
- shortcuts/wiki/shortcuts.go: register the three new shortcuts.
- skills/lark-wiki/SKILL.md and references/lark-wiki-{space,node-list,
node-copy}.md: documentation for the new shortcuts.
Tooling
- scripts/check-doc-tokens.sh + Makefile gitleaks target:
pre-commit check that scans skill reference docs for realistic-looking
Lark token values without the _EXAMPLE_TOKEN placeholder convention,
preventing gitleaks false positives.
- .gitleaks.toml: allowlist tuning.
- .gitignore: ignore .tmp/.
Tests
- shortcuts/wiki/wiki_list_copy_test.go: unit tests covering registry
membership, declared-narrow-scope pinning, flag validation (page-size
range, page-limit >= 0, target flag exclusivity, my_library + bot
rejection), auto-pagination merging, --page-limit truncation
surfacing next cursor, --page-token single-page mode, empty-slice
serialisation, has_more hint pretty rendering, my_library user-path
resolution, +node-copy copy-to-space / copy-to-parent + body shape,
pretty rendering, and the high-risk-write --yes gate.
- tests/cli_e2e/wiki/wiki_shortcut_workflow_test.go: live end-to-end
workflow exercising the shortcut layer against a real tenant.
Reuses an existing my_library node as a host so the test never adds
to the top-layer quota; the copy is placed under the same host node.
- tests/cli_e2e/wiki/coverage.md: shortcut coverage entries added.
Minor cleanups
- skills/lark-doc/references/lark-doc-search.md and
skills/lark-minutes/references/lark-minutes-search.md: replace
realistic-looking example ou_ tokens with _EXAMPLE_ placeholders so
scripts/check-doc-tokens.sh passes.
Change-Id: I9efb0557f477d369d7f26a09c1e154d4ab15b253
Co-authored-by: liujinkun <liujinkun@bytedance.com>
* fix(selfupdate): use LookPath instead of Executable for binary verification (fixes#836)
VerifyBinary was using vfs.Executable() to find the binary to run --version against.
On Linux with global npm install, this returns the inode of the running binary (old version),
not the newly installed one that sits behind npm's bin symlink.
Switch to exec.LookPath("lark-cli") which resolves the PATH entry and follows npm's
bin symlink to the correct newly installed version, matching what the user actually runs.
* test(selfupdate): add LookPath-based tests for VerifyBinary
Add TestVerifyBinaryLookPath, TestVerifyBinaryLookPathNotFound, and
TestVerifyBinaryEmptyOutput. Expose execLookPath variable so tests can
inject a mock LookPath and cover the full VerifyBinary execution path
including version parsing and error branches.
* test(selfupdate): add os/exec import and isolate config dir in VerifyBinary tests
CodeRabbit feedback:
- Add missing os/exec import for execLookPath variable
- Add t.Setenv(LARKSUITE_CLI_CONFIG_DIR, ...) to each new test for config isolation
* test(selfupdate): extract execLookPath to separate lookpath.go
Move the execLookPath variable declaration to its own file so it is
accessible to updater.go without the test-only import cycle.
* fix(selfupdate): remove unused os/exec import from test file
* fix(selfupdate): gofmt + fold lookpath hook and restore version fences
- Move execLookPath into updater.go (drops redundant lookpath.go)
- Document package-level mock: no t.Parallel()
- Extend TestVerifyBinaryLookPath with exact-match regressions (0.0, 12.1.0 vs 2.1.0)
Co-authored-by: CatfishGG <catfishgg@users.noreply.github.com>
* fix(registry): wait for background meta refresh before test reset
TestComputeMinimumScopeSet can start doBackgroundRefresh via Init() while
the next test's resetInit() mutates package-level globals the goroutine
still reads (e.g. remoteMetaURL / configuredBrand), causing data races under
-race in the coverage job.
Track the refresh goroutine with a WaitGroup and drain it at the start of
resetInit() in tests.
* docs: rewrite lark-shared update section to recommend lark-cli update
Change-Id: Ie043b1a32675dcd041f9123503fcccb791cccd07
* feat: add command field to _notice JSON for AI agents
Change-Id: I04b069880f7dca8db384ba8a6919e5682c0382be
* feat: demote npm install to fallback with skills-not-synced warning
Change-Id: If21c3ef6cd1818b28f5578078a04c3627128c6d0
* fix: address CodeRabbit review — guard type assertions, remove npm fallback from SKILL.md
- Add t.Fatalf guards before type-asserting notice sub-maps in
TestSetupNotices_BothUpdateAndSkills to prevent nil-panic on
unexpected shapes.
- Remove the npm fallback section from SKILL.md entirely so AI agents
only see `lark-cli update` as the update path.
- Strip remaining npm mentions from the "重要" note.
Change-Id: Ieb124763b918093e1dcae06f5ea7428dbc248d5f
* fix: add npx skills add hint alongside npm fallback in update paths
When npm is shown as a fallback (manual update path and rollback hint),
append the npx skills add command so users know how to sync skills
separately.
Change-Id: I454172be51073d35def635613a23ad35ba68b5fb
Add im +chat-list shortcut wrapping GET /open-apis/im/v1/chats (previously not exposed via lark-cli).
Add --exclude-muted to both +chat-search and +chat-list: client-side filter that calls POST /open-apis/im/v1/chat_user_setting/batch_get_mute_status after each page and drops is_muted=true chats.
Introduce shortcuts/im/mute_filter.go with pure helpers and an orchestrator (MaybeApplyMuteFilter) shared by both shortcuts.
Change-Id: I22221ac5835667f58cbd40b34de75825d2445d1c
Adds --chat-mode group|topic to lark-cli im +chat-create so users and AI agents can create 话题群 (topic chats) directly via the CLI. Without this, requests to create a topic chat silently fall back to a normal conversation group. Default remains group; chat_mode is now always emitted in the POST /open-apis/im/v1/chats request body.
Change-Id: I79385e2e8606f84e3f27de240d1b41037bf51261
`lark-cli auth login --scope "a,b"` previously sent the raw comma-joined
string to the device authorization endpoint, which treats it as a single
malformed scope and fails with:
device authorization failed: The provided scope list contains invalid
or malformed scopes.
OAuth 2.0 (RFC 6749 §3.3) requires space-delimited scopes on the wire,
but commas are the more natural separator for users typing on a shell
(quoting whitespace is awkward, especially for AI-agent generated
commands). Accept both: split on commas/whitespace, trim, dedupe, then
re-join with single spaces.
Also adds unit tests covering single, comma, space, mixed, dedupe, and
trailing-separator inputs.
Co-authored-by: aj <2072584+meijing0114@users.noreply.github.com>
Five tests in cmd/update mocked SkillsUpdateOverride to return success
and let runSkillsAndStamp call WriteStamp, but did not isolate
LARKSUITE_CLI_CONFIG_DIR. Each run clobbered the real
~/.lark-cli/skills.stamp with the mock version ("2.0.0" or "1.0.0"),
causing skillscheck to fire a misleading drift notice on every
subsequent lark-cli invocation.
Add t.Setenv("LARKSUITE_CLI_CONFIG_DIR", t.TempDir()) at the top of:
- TestUpdateNpm_JSON
- TestUpdateNpm_Human
- TestUpdateForce_JSON
- TestUpdateDevVersion_JSON
- TestUpdateWindows_NpmSuccess_JSON
Scope is limited to tests that mock SkillsUpdateOverride to success;
tests that invoke real npx are pre-existing and out of scope here.
Change-Id: I7a78a6c70f276b51333253acc115e0109c01a851
OpenClaw stores secret file paths in user-authored ~/-relative form so
the configuration stays portable across machines. lark-cli config bind
previously rejected these as non-absolute, blocking users until they
rewrote the OpenClaw config with literal absolute paths.
bind now resolves ~ to the OpenClaw home directory (OPENCLAW_HOME if
set, otherwise the OS home) before the path audit runs, mirroring how
OpenClaw itself reads the same field. Cwd-relative paths and other
unsafe locations are still rejected as before.
Adds shortcuts/mail/flag_suggest.go (~120 LOC) implementing a cobra
FlagErrorFunc hook for the mail subcommand tree. On 'unknown flag: --X'
or 'unknown shorthand flag: "X" in -X', it collects flags from the
current command via cmd.Flags().VisitAll, runs bidirectional prefix
match + Levenshtein DP (threshold=max(1,len/3+1), cap 4), and returns
top-5 candidates inside the existing ErrorEnvelope JSON:
error.type = "unknown_flag"
error.detail.{unknown, command_path, candidates}
error.detail.candidates[*] = {flag, shorthand, distance, reason}
Exit code stays 1 (ExitAPI), not ExitValidation - no breaking change for
CI/agent scripts that check non-zero exit. stderr switches from plain
'Error: unknown flag: --X' to JSON envelope, aligning with the existing
'errors = JSON envelope on stderr' convention; mail unknown-flag was the
last gap.
Scope is strictly the mail subcommand tree: shortcuts/register.go gains
a single 'if service == "mail" { mail.InstallOnMail(svc) }' branch
after the existing Mount loop. Other domains (calendar / im / api /
auth / ...) keep cobra's default FlagErrorFunc and unchanged plain-text
stderr behavior.
Covers:
- shortcuts/mail/flag_suggest.go (new, ~120 LOC)
- shortcuts/mail/flag_suggest_test.go (new, 12 table-driven tests)
- shortcuts/register.go (+3 lines after mail Mount loop)
No changes to cmd/root.go or internal/output/* - ErrDetail.Detail is
already interface{}, handleRootError already routes *ExitError via
WriteErrorEnvelope.
* feat(vc): agent join meeting basic shortcuts structure
Change-Id: Ic5d64067eb48670fa6636841cd00cbfa9b0bf3e7
* docs: add skill references for vc +meeting-join and +meeting-leave
* feat(vc): add meeting events shortcut
Add vc +meeting-events for bot meeting activity queries with page-all pagination support and tested pretty/json output.
* feat(vc): refine meeting events pagination and output
* test: add unit tests for vc +meeting-join and +meeting-leave shortcuts
* feat(vc): improve meeting events pretty timeline
* feat(vc): refine meeting events pretty output
* docs(skill): add vc meeting events shortcut guide
* docs(skill): clarify vc meeting events output guidance
* docs: clarify participant-snapshot vs meeting-events routing
* refactor: split lark-vc-agent from lark-vc
* docs: drop nonexistent workflow skill reference and fix identity
* docs: fix cross-links in lark-vc-agent references after split
* fix(vc): send meeting join password at top level
* docs: rewrite lark-vc-agent description in user-facing language
* docs: tighten lark-vc-agent description to descriptive neutral tone
* fix: use Chinese quotes in vc/vc-agent description YAML frontmatter
* docs: downgrade dry-run from mandatory to optional for vc-agent writes
* docs: clarify pretty vs json format choice by processing depth
* docs: systematic review of lark-vc-agent SKILL for clarity and precision
* feat(vc): print meeting event page token in pretty output
* docs(skill): refine vc agent meeting guidance
* revert: restore CRITICAL banner in lark-vc-agent to match repo convention
* docs: replace inaccurate no-replay warning with real social-cost risk
* docs: tighten meeting-join risk warning to single sentence
* docs: tighten vc-agent references - remove redundancy and fix vague wording
* Revert "docs: tighten vc-agent references - remove redundancy and fix vague wording"
This reverts commit 9845fc40622c65b0811da1c9ae4902434377f33e.
* docs(skill): refine vc meeting events paging guidance
* fix(vc): keep meeting event count aligned with events list
* docs(skill): tighten vc agent meeting events workflow
* refactor(vc): simplify meeting events pagination
* docs(skill): tighten vc agent meeting guidance
* docs(skill): require reading shared docs for meeting summaries
* chore(env): switch default feishu endpoints to pre
* fix(env): use feishu accounts host
* docs(vc): use explicit date in recording example
* revert(env): remove default ppe request header
* chore(env): switch default feishu endpoints to pre
* docs(skill): guide users to early-bird group on agent meeting gray miss
Teach the lark-vc-agent skill to recognize OAPI's new gray-miss signal for
the three agent meeting commands (`+meeting-join`, `+meeting-leave`,
`+meeting-events`) and route the user to the early-bird group instead of
treating it as a permission error.
When CLI stderr JSON returns `error.code=20017 / ErrNotInGray`, the agent
renders the fixed early-bird invite link
`https://go.larkoffice.com/join-chat/2f4nb0e1-fe00-4f67-bed7-25beaf533fbd`.
The user manual is intentionally not surfaced yet.
Scope-related errors still follow the existing `auth login --scope` flow
with no early-bird copy mixed in. lark-shared and other skills are not
touched, so the guidance stays scoped to the agent meeting commands only.
* chore(env): switch endpoints to boe for agent meeting gray testing
* chore(vc-agent): update gray guide and boe endpoints
* docs(vc-agent): refine gray guidance flow
* docs(vc-agent): centralize gray guidance
* fix(ci): stabilize vc output and skill frontmatter
* fix(vc): address review feedback
---------
Co-authored-by: zhaolei.vc <zhaolei.vc@bytedance.com>
Co-authored-by: renaocheng <renaocheng@bytedance.com>
Remove the cold-start _notice.skills that fires whenever
~/.lark-cli/skills.stamp is missing. The stamp is written
exclusively by `lark-cli update`, so users who installed skills via
`npx skills add larksuite/cli -g` (the documented path) saw the
notice on every run despite a fully populated ~/.agents/skills/.
The version-drift notice (stamp != binary) is preserved unchanged
for users who opted into tracking by running `lark-cli update`.
- internal/skillscheck/check.go: Init returns silently on empty stamp
- internal/skillscheck/notice.go: drop dead cold-start branch in Message;
Current field is now guaranteed non-empty
- tests updated in skillscheck package + cmd/root_integration_test.go
to assert the new contract
No new files, no env vars, no JSON schema change. The _notice.skills
shape stays {current, target, message} — only the cold-start message
string is no longer possible.
The +chat-search row in lark-im SKILL.md described the search as
"by keyword and/or member open_ids", which doesn't match the real
flag names (--query, --member-ids). Naming them inline avoids
agents guessing --keyword from the prose, matching the style
already used by +chat-messages-list.
Change-Id: Ife8668d9b13ee66711bc4e81a7b2bcc7f05d9586
Add IM flag shortcut commands to lark-cli, enabling users to create, list, and cancel bookmarks on messages and threads via +flag-create, +flag-list, and +flag-cancel.
Change-Id: I8f87f0eadf83fb59b024a3b9fe67b23d363abe0a
- Assemble applinks via net/url to ensure proper encoding
- Normalize message position values across more numeric types
- Avoid leaking null message_app_link; assemble when missing
- Update unit tests to assert URL semantics and cover edge cases
Change-Id: Ic473cb563c8a648c4f6677c32b25b9f371a0f84e