mirror of
https://github.com/larksuite/cli.git
synced 2026-07-06 00:06:28 +08:00
Give each AI Agent (OpenClaw, Hermes) its own lark-cli workspace so
its Feishu calls don't overwrite the developer's local config or
collide with other Agents.
lark-cli config bind [--source openclaw|hermes] [--app-id <id>]
[--identity bot-only|user-default] [--force]
Key capabilities:
- Source auto-detected from OPENCLAW_* / HERMES_* env signals; config
written to ~/.lark-cli/<agent>/, isolated per Agent.
- Two identity presets: 'bot-only' (flag-mode default) and
'user-default'. Flag mode rejects silent bot→user escalation
without --force; TUI prompts are exempt.
- Agent-friendly stdout JSON with 'identity' + 'message' for
next-step branching.
- 'config show' and 'doctor' expose the bound 'workspace'.
- OpenClaw SecretRef resolution: plain / ${VAR} / file:+JSON Pointer
/ exec:.
32 lines
723 B
Go
32 lines
723 B
Go
// Copyright (c) 2026 Lark Technologies Pte. Ltd.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
//go:build !windows
|
|
|
|
package binding
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"syscall"
|
|
|
|
"github.com/larksuite/cli/internal/vfs"
|
|
)
|
|
|
|
// checkOwnerUID verifies the file is owned by the current user.
|
|
func checkOwnerUID(path, label string) error {
|
|
stat, err := vfs.Stat(path)
|
|
if err != nil {
|
|
return fmt.Errorf("%s: cannot stat %q: %w", label, path, err)
|
|
}
|
|
sysStat, ok := stat.Sys().(*syscall.Stat_t)
|
|
if !ok {
|
|
return fmt.Errorf("%s: cannot retrieve file owner for %q", label, path)
|
|
}
|
|
if sysStat.Uid != uint32(os.Getuid()) {
|
|
return fmt.Errorf("%s: path %q is owned by uid %d, expected %d",
|
|
label, path, sysStat.Uid, os.Getuid())
|
|
}
|
|
return nil
|
|
}
|