mirror of
https://github.com/larksuite/cli.git
synced 2026-07-06 00:06:28 +08:00
Introduce a typed error contract framework for lark-cli so in-process
Go callers can branch via errors.As(&errs.XxxError{}) and shell scripts,
AI agents, and protocol adapters can branch on stable JSON type/subtype
fields instead of regex-parsing free-form messages.
Adds:
- Canonical taxonomy under errs/ (9 categories + typed Error structs
embedding a shared Problem, RFC 7807-aligned)
- Centralized Lark code metadata + identity-aware BuildAPIError dispatch
- Typed JSON envelope writer alongside the legacy envelope writer
- MCP / OAuth (RFC 6750 Bearer) projection adapters
- Five CI lint guards preventing ad-hoc taxonomy drift
Backward compatibility: legacy *output.ExitError producers (ErrAPI,
ErrWithHint, Errorf, ErrBare) and business shortcuts that use them
continue to render the legacy envelope unchanged. SecurityPolicyError
wire format and exit code are preserved via a carve-out; taxonomy
migration is deferred to PR 2. Domain-specific business migration is
staged across PR 3+.
Framework-direct paths now return typed *errs.*Error: ErrAuth /
ErrValidation / ErrNetwork emit category literals on the wire
(authentication / validation / network), *core.ConfigError is promoted
at the cmd/root boundary with exit code aligned from 2 to 3, and Lark
API permission denials classified by BuildAPIError exit 3.
At the SDK boundary, WrapDoAPIError preserves any already-classified
error (legacy *output.ExitError or typed *errs.*) so output.ErrAuth
from missing credentials surfaces with the auth category and exit 3
intact instead of being downgraded to a network error. Policy responses
classified by BuildAPIError (codes 21000 / 21001) extract challenge_url
and the canonical hint from the response body, matching what the
auth transport already surfaces at the HTTP layer; non-https
challenge URLs are dropped.
First PR in the feat/error-contract-* series.
110 lines
3.3 KiB
Go
110 lines
3.3 KiB
Go
// Copyright (c) 2026 Lark Technologies Pte. Ltd.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package client
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"io"
|
|
|
|
"github.com/larksuite/cli/internal/core"
|
|
"github.com/larksuite/cli/internal/output"
|
|
)
|
|
|
|
// PaginationOptions contains pagination control options.
|
|
type PaginationOptions struct {
|
|
PageLimit int // max pages to fetch; 0 = unlimited (default: 10)
|
|
PageDelay int // ms, default 200
|
|
Identity core.Identity // identity passed to checkErr; defaults to AsUser when empty
|
|
}
|
|
|
|
// PaginateWithJq aggregates all pages, checks for API errors, then applies a jq filter.
|
|
// If checkErr detects an error, the raw result is printed as JSON before returning the error.
|
|
func PaginateWithJq(ctx context.Context, ac *APIClient, request RawApiRequest,
|
|
jqExpr string, out io.Writer, pagOpts PaginationOptions,
|
|
checkErr func(interface{}, core.Identity) error) error {
|
|
result, err := ac.PaginateAll(ctx, request, pagOpts)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
// Identity resolution honors pagOpts.Identity first, then the request's
|
|
// own identity, and only falls back to AsUser when neither caller
|
|
// supplied one. Without checking request.As, bot/auto requests would
|
|
// always be classified as user identity for checkErr.
|
|
identity := pagOpts.Identity
|
|
if identity == "" {
|
|
identity = request.As
|
|
}
|
|
if identity == "" || identity == core.AsAuto {
|
|
identity = core.AsUser
|
|
}
|
|
if apiErr := checkErr(result, identity); apiErr != nil {
|
|
output.FormatValue(out, result, output.FormatJSON)
|
|
return apiErr
|
|
}
|
|
return output.JqFilter(out, result, jqExpr)
|
|
}
|
|
|
|
func mergePagedResults(w io.Writer, results []interface{}) interface{} {
|
|
if len(results) == 0 {
|
|
return map[string]interface{}{}
|
|
}
|
|
|
|
firstMap, ok := results[0].(map[string]interface{})
|
|
if !ok {
|
|
return map[string]interface{}{"pages": results}
|
|
}
|
|
|
|
data, ok := firstMap["data"].(map[string]interface{})
|
|
if !ok {
|
|
return map[string]interface{}{"pages": results}
|
|
}
|
|
|
|
arrayField := output.FindArrayField(data)
|
|
if arrayField == "" {
|
|
return map[string]interface{}{"pages": results}
|
|
}
|
|
|
|
var merged []interface{}
|
|
for _, r := range results {
|
|
if rm, ok := r.(map[string]interface{}); ok {
|
|
if d, ok := rm["data"].(map[string]interface{}); ok {
|
|
if items, ok := d[arrayField].([]interface{}); ok {
|
|
merged = append(merged, items...)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
fmt.Fprintf(w, "[pagination] merged %d pages, %d total items\n", len(results), len(merged))
|
|
|
|
mergedData := make(map[string]interface{})
|
|
for k, v := range data {
|
|
mergedData[k] = v
|
|
}
|
|
mergedData[arrayField] = merged
|
|
|
|
// Surface the last page's real has_more so callers can detect truncation
|
|
// when --page-limit stops the loop before the API is exhausted. Page tokens
|
|
// are intentionally dropped: the merged view is an aggregate, not a resume
|
|
// cursor — to fetch more, re-run with a larger --page-limit.
|
|
lastHasMore := false
|
|
if lastMap, ok := results[len(results)-1].(map[string]interface{}); ok {
|
|
if lastData, ok := lastMap["data"].(map[string]interface{}); ok {
|
|
lastHasMore, _ = lastData["has_more"].(bool)
|
|
}
|
|
}
|
|
mergedData["has_more"] = lastHasMore
|
|
delete(mergedData, "page_token")
|
|
delete(mergedData, "next_page_token")
|
|
|
|
result := make(map[string]interface{})
|
|
for k, v := range firstMap {
|
|
result[k] = v
|
|
}
|
|
result["data"] = mergedData
|
|
|
|
return result
|
|
}
|