Files
larksuite-cli/internal/output/errors.go
evandance 99e314fe0b feat(errs): typed envelope contract for auth-domain errors (#1135)
Every failure on the authentication, authorization, and configuration
path now surfaces as a typed structured error instead of an ad-hoc
envelope. Users and scripts that consume CLI output get:

  - a fixed nine-category taxonomy on the wire, each mapped to a
    stable shell exit code (authentication/authorization/config = 3,
    network = 4, internal = 5, policy = 6, confirmation = 10)
  - identity-aware detail fields (missing_scopes, requested_scopes,
    granted_scopes, console_url, log_id, retryable, hint) carried
    uniformly on the envelope
  - a single canonical policy envelope at exit 6; the legacy
    auth_error carve-out is retired
  - per-subtype canonical message + hint that preserves Lark's
    diagnostic phrasing and routes recovery to the right actor:
    app developer (app_scope_not_applied), user (missing_scope,
    token_scope_insufficient, user_unauthorized), or tenant admin
    (app_unavailable, app_disabled)
  - wrong app credentials classify as config/invalid_client whether
    surfaced by the Open API endpoint (99991543) or the tenant
    access-token mint endpoint (10003 / 10014), instead of
    collapsing to a transport error or api/unknown
  - local shortcut scope preflight emits the same
    authorization/missing_scope envelope (identity + deterministic
    missing-scope set) used by the post-call permission path, so AI
    consumers read the same structured shape from precheck and from
    server-returned permission denial
  - streaming download/upload failures keep the same network subtype
    split (timeout / TLS / DNS / transport) as the non-stream path
    instead of collapsing every cause to a generic transport failure
  - console_url is carried only on the bot-perspective
    app_scope_not_applied envelope (where the recovery action is
    "developer applies the scope at the developer console"); the
    user-perspective missing_scope envelope drops the field, since
    the only actionable user recovery is `lark-cli auth login --scope`
    and pointing an end user at a console they cannot modify is
    misleading
  - bind workflows (Hermes / OpenClaw / lark-channel) flatten dynamic
    Type tags to wire 'config' with the original module name kept
    as a metric label

All 10 typed errors are cause-bearing, nil-safe on .Error() and
.Unwrap(), and defensively clone slice setter inputs. Four lint
rules (CheckNilSafeError / CheckBuilderImmutable / CheckUnwrapSymmetry
/ CheckBuildAPIErrorArms) lock these invariants on migrated paths.
2026-05-30 19:08:41 +08:00

232 lines
7.7 KiB
Go

// Copyright (c) 2026 Lark Technologies Pte. Ltd.
// SPDX-License-Identifier: MIT
package output
import (
"bytes"
"encoding/json"
"errors"
"fmt"
"io"
"github.com/larksuite/cli/errs"
)
// ExitError is a structured error that carries an exit code and optional detail.
// It is propagated up the call chain and handled by main.go to produce
// a JSON error envelope on stderr and the correct exit code.
//
// Deprecated: legacy error type. Return a typed *errs.XxxError instead
// (see errs/types.go).
type ExitError struct {
Code int
Detail *ErrDetail
Err error
Raw bool // when true, the dispatcher skips enrichment (e.g. enrichPermissionError) and preserves the original error detail
}
func (e *ExitError) Error() string {
if e.Detail != nil {
return e.Detail.Message
}
if e.Err != nil {
return e.Err.Error()
}
return fmt.Sprintf("exit %d", e.Code)
}
func (e *ExitError) Unwrap() error {
return e.Err
}
// MarkRaw sets Raw=true on an ExitError so that the dispatcher skips
// enrichment (e.g. enrichPermissionError, enrichMissingScopeError) and
// preserves the upstream message verbatim. Returns the original error
// unchanged if it is not (or does not wrap) an ExitError.
//
// Used by `cmd/api` and other "passthrough" call sites where the caller
// wants the original Lark response wording rather than the enriched
// message/hint variant.
func MarkRaw(err error) error {
var exitErr *ExitError
if errors.As(err, &exitErr) {
exitErr.Raw = true
}
return err
}
// WriteErrorEnvelope writes a JSON error envelope for the given ExitError to w.
//
// Deprecated: legacy envelope writer. Typed errors are dispatched by
// cmd/root.go through WriteTypedErrorEnvelope.
func WriteErrorEnvelope(w io.Writer, err *ExitError, identity string) {
if err.Detail == nil {
return
}
env := &ErrorEnvelope{
OK: false,
Identity: identity,
Error: err.Detail,
Notice: GetNotice(),
}
var buf bytes.Buffer
enc := json.NewEncoder(&buf)
enc.SetEscapeHTML(false)
enc.SetIndent("", " ")
if err := enc.Encode(env); err != nil {
return
}
// Encode appends a trailing newline; write directly.
buf.WriteTo(w)
}
// --- Convenience constructors ---
// Errorf creates an ExitError with the given code, type, and formatted message.
//
// Deprecated: construct a typed *errs.XxxError directly
// (e.g. errs.NewValidationError, errs.NewInternalError).
func Errorf(code int, errType, format string, args ...any) *ExitError {
var err error
for _, arg := range args {
if e, ok := arg.(error); ok {
err = e
break
}
}
return &ExitError{
Code: code,
Detail: &ErrDetail{Type: errType, Message: fmt.Sprintf(format, args...)},
Err: err,
}
}
// ErrValidation creates a validation ExitError (exit 2, wire type
// "validation"). The legacy envelope emits only `type`+`message`; for
// `subtype` / `param` extension fields, construct a typed
// *errs.ValidationError directly.
func ErrValidation(format string, args ...any) *ExitError {
return Errorf(ExitValidation, "validation", format, args...)
}
// ErrAuth creates an authentication ExitError (exit 3, wire type "auth").
//
// New code should construct a typed *errs.AuthenticationError directly;
// the typed envelope emits the canonical `type: "authentication"`.
// Migrating an existing call site flips a user-visible wire field.
func ErrAuth(format string, args ...any) *ExitError {
return Errorf(ExitAuth, "auth", format, args...)
}
// ErrNetwork creates a network ExitError (exit 4, wire type "network").
// The legacy envelope emits only `type`+`message`; for `subtype`
// ("transport" / "timeout" / "tls" / "dns") and retryable hint extension
// fields, construct a typed *errs.NetworkError directly.
func ErrNetwork(format string, args ...any) *ExitError {
return Errorf(ExitNetwork, "network", format, args...)
}
// ErrAPI creates an API ExitError using ClassifyLarkError.
// For permission errors, uses a concise message; the raw API response is preserved in Detail.
//
// Deprecated: route through errclass.BuildAPIError, which emits typed
// *errs.PermissionError / *errs.AuthenticationError / etc. with
// MissingScopes, ConsoleURL, and Identity at the source.
func ErrAPI(larkCode int, msg string, detail any) *ExitError {
exitCode, errType, hint := ClassifyLarkError(larkCode, msg)
if errType == "permission" {
msg = fmt.Sprintf("Permission denied [%d]", larkCode)
}
return &ExitError{
Code: exitCode,
Detail: &ErrDetail{
Type: errType,
Code: larkCode,
Message: msg,
Hint: hint,
Detail: detail,
},
}
}
// ErrWithHint creates an ExitError with a hint string.
//
// Deprecated: construct a typed *errs.XxxError directly and set its Hint
// field; the typed envelope promotes Problem.Hint to the wire.
func ErrWithHint(code int, errType, msg, hint string) *ExitError {
return &ExitError{
Code: code,
Detail: &ErrDetail{Type: errType, Message: msg, Hint: hint},
}
}
// ErrBare creates an ExitError with only an exit code and no envelope.
// The predicate-command silent-exit signal: stdout has already been
// written and the caller wants the matching exit code without a stderr
// envelope (e.g. `auth check` emitting its JSON result and then exiting
// non-zero on a no-token state). Outside the typed-envelope contract.
func ErrBare(code int) *ExitError {
return &ExitError{Code: code}
}
// WriteTypedErrorEnvelope writes the JSON error envelope for a typed error.
// Each typed error owns its wire shape via its own struct tags: Problem fields
// are promoted to the top level through embedding, and extension fields
// (MissingScopes, ChallengeURL, etc.) sit alongside as siblings — not inside
// a `detail` sub-object.
//
// Two-stage write:
//
// 1. Serialize the envelope into an in-memory buffer. If serialization
// fails, return false so the dispatcher falls back to the legacy
// envelope path; nothing is written to w.
// 2. Best-effort write of the serialized bytes to w. A partial write is
// accepted (return value still true): the typed exit code has already
// been determined upstream by handleRootError calling ExitCodeOf(err)
// before this writer runs, so a torn envelope on stderr must not
// downgrade the caller's typed exit (3/4/6/10) to plain 1. Consumers
// parse-or-skip on malformed JSON.
//
// Returns true when err was a typed error and serialization succeeded.
// Returns false only when err carries no Problem (caller should fall back
// to WriteErrorEnvelope) or when JSON encoding itself failed.
func WriteTypedErrorEnvelope(w io.Writer, err error, identity string) bool {
typed, ok := errs.UnwrapTypedError(err)
if !ok {
return false
}
env := typedEnvelope{
OK: false,
Identity: identity,
Error: typed,
Notice: GetNotice(),
}
var buf bytes.Buffer
enc := json.NewEncoder(&buf)
enc.SetEscapeHTML(false)
enc.SetIndent("", " ")
if encErr := enc.Encode(env); encErr != nil {
// Encoding failed — emit nothing here and let the dispatcher fall
// back to the legacy envelope writer so stderr is never blank.
return false
}
// Best-effort write. Partial-write does not downgrade the success status:
// the dispatcher has already captured ExitCodeOf(err) before calling us,
// and a torn stderr is preferable to falling through to the plain
// "Error:" path with exit 1.
_, _ = w.Write(buf.Bytes())
return true
}
// typedEnvelope wraps a typed error for wire emission. Error is `error` so the
// underlying typed error's own json tags determine the inner shape via
// encoding/json reflection; Notice mirrors the existing ErrorEnvelope (see
// GetNotice in envelope.go).
type typedEnvelope struct {
OK bool `json:"ok"`
Identity string `json:"identity,omitempty"`
Error error `json:"error"`
Notice map[string]interface{} `json:"_notice,omitempty"`
}