mirror of
https://github.com/larksuite/cli.git
synced 2026-07-05 15:47:54 +08:00
Introduce a typed error contract framework for lark-cli so in-process
Go callers can branch via errors.As(&errs.XxxError{}) and shell scripts,
AI agents, and protocol adapters can branch on stable JSON type/subtype
fields instead of regex-parsing free-form messages.
Adds:
- Canonical taxonomy under errs/ (9 categories + typed Error structs
embedding a shared Problem, RFC 7807-aligned)
- Centralized Lark code metadata + identity-aware BuildAPIError dispatch
- Typed JSON envelope writer alongside the legacy envelope writer
- MCP / OAuth (RFC 6750 Bearer) projection adapters
- Five CI lint guards preventing ad-hoc taxonomy drift
Backward compatibility: legacy *output.ExitError producers (ErrAPI,
ErrWithHint, Errorf, ErrBare) and business shortcuts that use them
continue to render the legacy envelope unchanged. SecurityPolicyError
wire format and exit code are preserved via a carve-out; taxonomy
migration is deferred to PR 2. Domain-specific business migration is
staged across PR 3+.
Framework-direct paths now return typed *errs.*Error: ErrAuth /
ErrValidation / ErrNetwork emit category literals on the wire
(authentication / validation / network), *core.ConfigError is promoted
at the cmd/root boundary with exit code aligned from 2 to 3, and Lark
API permission denials classified by BuildAPIError exit 3.
At the SDK boundary, WrapDoAPIError preserves any already-classified
error (legacy *output.ExitError or typed *errs.*) so output.ErrAuth
from missing credentials surfaces with the auth category and exit 3
intact instead of being downgraded to a network error. Policy responses
classified by BuildAPIError (codes 21000 / 21001) extract challenge_url
and the canonical hint from the response body, matching what the
auth transport already surfaces at the HTTP layer; non-https
challenge URLs are dropped.
First PR in the feat/error-contract-* series.
88 lines
2.4 KiB
Go
88 lines
2.4 KiB
Go
// Copyright (c) 2026 Lark Technologies Pte. Ltd.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
// Command lintcheck runs the source-level errs/ contract guards (all four checks).
|
|
// The fifth contract rule (business path must use typed errors) lives in
|
|
// .golangci.yml as a forbidigo entry; the four checks here are AST-level
|
|
// guards that golangci-lint cannot express.
|
|
//
|
|
// lintcheck lives in its own Go module under lint/ so its build-time
|
|
// dependency on golang.org/x/tools/go/packages does not leak into the
|
|
// shipped lark-cli binary's module graph.
|
|
//
|
|
// Usage (from repo root):
|
|
//
|
|
// go run -C lint . . # scan the lark-cli repo
|
|
// go run -C lint . /path/to/repo # scan another path
|
|
//
|
|
// Exit codes:
|
|
//
|
|
// 0 no REJECT violations (LABEL and WARNING diagnostics are advisory)
|
|
// 1 one or more REJECT violations
|
|
//
|
|
// WARNING and LABEL diagnostics are still printed so a CI workflow can grep
|
|
// for the prefixes — LABEL emits `[needs-taxonomy-decision]` for an
|
|
// auto-labeler — but neither severity fails CI. Only REJECT does.
|
|
package main
|
|
|
|
import (
|
|
"flag"
|
|
"fmt"
|
|
"os"
|
|
|
|
"github.com/larksuite/cli/lint/errscontract"
|
|
"github.com/larksuite/cli/lint/lintapi"
|
|
)
|
|
|
|
// scanner is the contract every lint domain implements. New domains drop in
|
|
// as sibling packages under lint/ (see README.md) and are added below.
|
|
type scanner struct {
|
|
name string
|
|
fn func(root string) ([]lintapi.Violation, error)
|
|
}
|
|
|
|
var scanners = []scanner{
|
|
{name: "errscontract", fn: errscontract.ScanRepo},
|
|
}
|
|
|
|
func main() {
|
|
flag.Usage = func() {
|
|
fmt.Fprintf(os.Stderr,
|
|
"Usage: lintcheck [repo-root]\n"+
|
|
"Runs every registered lint domain against repo-root (default: current directory).\n")
|
|
flag.PrintDefaults()
|
|
}
|
|
flag.Parse()
|
|
|
|
root := "."
|
|
if flag.NArg() > 0 {
|
|
root = flag.Arg(0)
|
|
// `./...` is a common Go-toolchain idiom; map it to the working dir.
|
|
if root == "./..." {
|
|
root = "."
|
|
}
|
|
}
|
|
|
|
var all []lintapi.Violation
|
|
for _, s := range scanners {
|
|
violations, err := s.fn(root)
|
|
if err != nil {
|
|
fmt.Fprintf(os.Stderr, "lintcheck %s: %v\n", s.name, err)
|
|
os.Exit(2)
|
|
}
|
|
all = append(all, violations...)
|
|
}
|
|
|
|
exitCode := 0
|
|
for _, v := range all {
|
|
fmt.Fprintf(os.Stderr, "%s:%d: [%s/%s] %s\n", v.File, v.Line, v.Action, v.Rule, v.Message)
|
|
if v.Suggestion != "" {
|
|
fmt.Fprintf(os.Stderr, " hint: %s\n", v.Suggestion)
|
|
}
|
|
if v.Action == lintapi.ActionReject {
|
|
exitCode = 1
|
|
}
|
|
}
|
|
os.Exit(exitCode)
|
|
}
|