mirror of
https://github.com/larksuite/cli.git
synced 2026-07-03 14:02:43 +08:00
* refactor(cmd): split Execute into Build with IO/Keychain injection
Introduce a public cmd.Build entry point so external consumers (cli-server,
MCP server, other embedders) can assemble the full CLI command tree without
going through os.Args or the platform keychain. Build takes an
InvocationContext plus functional BuildOptions:
* WithIO(in, out, errOut) — inject custom streams; terminal detection
is derived from the input's underlying *os.File when present.
* WithKeychain(kc) — swap the credential store.
* HideProfile(bool) — registered later in cmd.HideProfile.
The existing Execute() keeps using the internal buildInternal (which
still returns the Factory so error handling can attribute exit codes),
and SetDefaultFS replaces the global VFS implementation at startup.
Hardening applied up front:
* cmdutil.NewIOStreams(in, out, errOut) centralizes terminal detection
so SystemIO() and WithIO share one path.
* cmdutil.NewDefault normalizes partial IOStreams — callers may pass
&IOStreams{Out: buf} without tripping nil-writer panics in the
RoundTripper warnings, Cobra, or the credential provider.
* Build guards against nil functional options.
* An API contract test (cmd/build_api_test.go) exercises Build +
WithIO + WithKeychain + HideProfile + SetDefaultFS so the public
surface is reachable by deadcode analysis.
Change-Id: I7c895e6019817401accbde2db3ef800da40ad319
* feat(schema): filter methods by strict mode in schema output
When strict mode is active, schema output now excludes methods that
are incompatible with the forced identity. This applies to both
pretty and JSON output formats at the resource and method levels.
Change-Id: I39647d5578466c3e23dc545bfb917ae075203ad7
* refactor: centralize strict-mode as flag registration
Change-Id: Iec11151c5002c2f58a8aa067d08747db2e4d2d8c
* fix(cmd): align strict-mode completion and build context; drop dead register shims
Thread a context.Context through RegisterShortcuts, RegisterServiceCommands,
and service.registerService/Resource/Method by introducing explicit
*WithContext variants. Pass that context into NewCmdServiceMethodWithContext
so shortcut and service command construction can honor cancellation and
strict-mode pruning consistently.
Also drop the context-less registerMethod and registerResource shims —
they became unreachable once the WithContext variants took over, and
were the source of new deadcode warnings. registerService is retained
because service_test.go still calls it directly.
Change-Id: I3fe5673aed663c7383bbbc5b0ae94d1f3491f22d
* refactor(cmd): hide --profile in single-app mode via build option
- GlobalOptions gains HideProfile; RegisterGlobalFlags stays pure and reads
the policy off the struct. No boolean-trap parameter, one call per site.
- buildConfig holds GlobalOptions inline so HideProfile(bool) BuildOption
mutates it directly. buildInternal stays a pure assembly function and
requires callers to supply WithIO — no implicit os.Std* fallback.
- Add WithIO BuildOption (wrapping raw io.Reader/Writer with automatic
*os.File TTY detection); Execute injects streams explicitly and decides
profile visibility via HideProfile(isSingleAppMode()).
- installTipsHelpFunc force-shows hidden root flags while rendering the
root command's own help, so single-app users still discover --profile
via lark-cli --help without it polluting subcommand helps.
Change-Id: I7755387e993992ca969e0a4a6f54441cc1993eef
* feat(transport): extension abort hook and shared base transport
Two transport-layer changes bundled because both reshape the base
round-tripper contract used by the HTTP client, the Lark SDK client,
and the in-process updater.
1. Extension abort hook (PreRoundTripE).
Extensions implementing exttransport.AbortableInterceptor can now
return an error from PreRoundTripE to skip the built-in chain. The
post hook still fires with (nil, reason) so extensions can unwind
resources. extensionMiddleware captures the provider name so the
returned *AbortError carries attribution.
2. Shared base transport to stop RPC leak.
util.NewBaseTransport cloned http.DefaultTransport on every call, so
each cmdutil.Factory produced a fresh *http.Transport whose
persistConn readLoop/writeLoop goroutines lingered until
IdleConnTimeout (~90s). Invisible in a single-process CLI, but the
fork is consumed by cli-server where each RPC request constructs a
new Factory, causing linear memory + goroutine growth under load.
Replace NewBaseTransport with SharedTransport — returns
http.DefaultTransport (the stdlib-wide singleton) by default, and
a cached proxy-disabled clone only when LARK_CLI_NO_PROXY is set.
Return type is http.RoundTripper to discourage in-place mutation of
the shared instance. FallbackTransport is kept as a thin
*http.Transport wrapper so existing callers in internal/auth and
internal/cmdutil transport decorators (which were already on the
singleton path) do not have to migrate.
Leak-site migrations: factory_default.go (HTTP + SDK base) and
update.go now call SharedTransport directly.
Change-Id: Ia82462134c5c5ee838be878b887860f41446a235
* fix: unblock Build() zero-opts path and sidecar demo build
Two regressions surfaced on refactor/build-execute-split:
1. cmd.Build(ctx, inv) without WithIO panicked at rootCmd.SetIn/Out/Err
because cfg.streams stayed nil — NewDefault normalized internally
but cmd/build.go never saw the normalized value. Default cfg.streams
to cmdutil.SystemIO() before the root command wires them, and add a
TestBuild_NoOptions regression guard.
2. sidecar/server-demo/main.go still called cmdutil.NewDefault(inv),
so `go build -tags authsidecar_demo ./sidecar/server-demo` failed
with "not enough arguments". Pass nil for the new streams parameter
to preserve the prior behavior (NewDefault substitutes SystemIO).
Change-Id: I20227b2355cde7d19e22eba3eb841c6d8611e8a7
364 lines
12 KiB
Go
364 lines
12 KiB
Go
// Copyright (c) 2026 Lark Technologies Pte. Ltd.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package cmd
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"net/url"
|
|
"os"
|
|
"strconv"
|
|
|
|
internalauth "github.com/larksuite/cli/internal/auth"
|
|
"github.com/larksuite/cli/internal/build"
|
|
"github.com/larksuite/cli/internal/cmdutil"
|
|
"github.com/larksuite/cli/internal/core"
|
|
"github.com/larksuite/cli/internal/output"
|
|
"github.com/larksuite/cli/internal/registry"
|
|
"github.com/larksuite/cli/internal/update"
|
|
"github.com/spf13/cobra"
|
|
)
|
|
|
|
const rootLong = `lark-cli — Lark/Feishu CLI tool.
|
|
|
|
USAGE:
|
|
lark-cli <command> [subcommand] [method] [options]
|
|
lark-cli api <method> <path> [--params <json>] [--data <json>]
|
|
lark-cli schema <service.resource.method> [--format pretty]
|
|
|
|
EXAMPLES:
|
|
# View upcoming events
|
|
lark-cli calendar +agenda
|
|
|
|
# List calendar events
|
|
lark-cli calendar events instance_view --params '{"calendar_id":"primary","start_time":"1700000000","end_time":"1700086400"}'
|
|
|
|
# Search users
|
|
lark-cli contact +search-user --query "John"
|
|
|
|
# Generic API call
|
|
lark-cli api GET /open-apis/calendar/v4/calendars
|
|
|
|
FLAGS:
|
|
--params <json> URL/query parameters JSON
|
|
--data <json> request body JSON (POST/PATCH/PUT/DELETE)
|
|
--as <type> identity type: user | bot | auto (default: auto)
|
|
--format <fmt> output format: json (default) | ndjson | table | csv | pretty
|
|
--page-all automatically paginate through all pages
|
|
--page-size <N> page size (0 = use API default)
|
|
--page-limit <N> max pages to fetch with --page-all (default: 10, 0 for unlimited)
|
|
--page-delay <MS> delay in ms between pages (default: 200, only with --page-all)
|
|
-o, --output <path> output file path for binary responses
|
|
--jq <expr> jq expression to filter JSON output
|
|
-q <expr> shorthand for --jq
|
|
--dry-run print request without executing
|
|
|
|
AI AGENT SKILLS:
|
|
lark-cli pairs with AI agent skills (Claude Code, etc.) that
|
|
teach the agent Lark API patterns, best practices, and workflows.
|
|
|
|
Install all skills:
|
|
npx skills add larksuite/cli -g -y
|
|
|
|
Or pick specific domains:
|
|
npx skills add larksuite/cli -s lark-calendar -y
|
|
npx skills add larksuite/cli -s lark-im -y
|
|
|
|
Learn more: https://github.com/larksuite/cli#agent-skills
|
|
|
|
COMMUNITY:
|
|
GitHub: https://github.com/larksuite/cli
|
|
Issues: https://github.com/larksuite/cli/issues
|
|
Docs: https://open.feishu.cn/document/
|
|
|
|
More help: lark-cli <command> --help`
|
|
|
|
// Execute runs the root command and returns the process exit code.
|
|
func Execute() int {
|
|
inv, err := BootstrapInvocationContext(os.Args[1:])
|
|
if err != nil {
|
|
fmt.Fprintln(os.Stderr, "Error:", err)
|
|
return 1
|
|
}
|
|
f, rootCmd := buildInternal(
|
|
context.Background(), inv,
|
|
WithIO(os.Stdin, os.Stdout, os.Stderr),
|
|
HideProfile(isSingleAppMode()),
|
|
)
|
|
|
|
// --- Update check (non-blocking) ---
|
|
if !isCompletionCommand(os.Args) {
|
|
setupUpdateNotice()
|
|
}
|
|
|
|
if err := rootCmd.Execute(); err != nil {
|
|
return handleRootError(f, err)
|
|
}
|
|
return 0
|
|
}
|
|
|
|
// setupUpdateNotice starts an async update check and wires the output decorator.
|
|
func setupUpdateNotice() {
|
|
// Sync: check cache immediately (no network, fast).
|
|
if info := update.CheckCached(build.Version); info != nil {
|
|
update.SetPending(info)
|
|
}
|
|
|
|
// Async: refresh cache for this run (and future runs).
|
|
go func() {
|
|
defer func() {
|
|
if r := recover(); r != nil {
|
|
fmt.Fprintf(os.Stderr, "update check panic: %v\n", r)
|
|
}
|
|
}()
|
|
update.RefreshCache(build.Version)
|
|
// If cache was just populated for the first time, set pending now.
|
|
if update.GetPending() == nil {
|
|
if info := update.CheckCached(build.Version); info != nil {
|
|
update.SetPending(info)
|
|
}
|
|
}
|
|
}()
|
|
|
|
// Wire the output decorator so JSON envelopes include "_notice".
|
|
output.PendingNotice = func() map[string]interface{} {
|
|
info := update.GetPending()
|
|
if info == nil {
|
|
return nil
|
|
}
|
|
return map[string]interface{}{
|
|
"update": map[string]interface{}{
|
|
"current": info.Current,
|
|
"latest": info.Latest,
|
|
"message": info.Message(),
|
|
},
|
|
}
|
|
}
|
|
}
|
|
|
|
// isCompletionCommand returns true if args indicate a shell completion request.
|
|
// Update notifications must be suppressed for these to avoid corrupting
|
|
// machine-parseable completion output.
|
|
func isCompletionCommand(args []string) bool {
|
|
for _, arg := range args {
|
|
if arg == "completion" || arg == "__complete" {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
// handleRootError dispatches a command error to the appropriate handler
|
|
// and returns the process exit code.
|
|
func handleRootError(f *cmdutil.Factory, err error) int {
|
|
errOut := f.IOStreams.ErrOut
|
|
|
|
// SecurityPolicyError uses a custom envelope format (string codes, challenge_url, retryable)
|
|
// that differs from the standard ErrDetail, so it's handled separately.
|
|
var spErr *internalauth.SecurityPolicyError
|
|
if errors.As(err, &spErr) {
|
|
writeSecurityPolicyError(errOut, spErr)
|
|
return 1
|
|
}
|
|
|
|
// All other structured errors normalize to ExitError.
|
|
if exitErr := asExitError(err); exitErr != nil {
|
|
if !exitErr.Raw {
|
|
// Raw errors (e.g. from `api` command) preserve the original API
|
|
// error detail; skip enrichment which would clear it.
|
|
enrichPermissionError(f, exitErr)
|
|
}
|
|
output.WriteErrorEnvelope(errOut, exitErr, string(f.ResolvedIdentity))
|
|
return exitErr.Code
|
|
}
|
|
|
|
// Cobra errors (required flags, unknown commands, etc.)
|
|
fmt.Fprintln(errOut, "Error:", err)
|
|
return 1
|
|
}
|
|
|
|
// asExitError converts known structured error types to *output.ExitError.
|
|
// Returns nil for unrecognized errors (e.g. cobra flag errors).
|
|
func asExitError(err error) *output.ExitError {
|
|
var cfgErr *core.ConfigError
|
|
if errors.As(err, &cfgErr) {
|
|
return output.ErrWithHint(cfgErr.Code, cfgErr.Type, cfgErr.Message, cfgErr.Hint)
|
|
}
|
|
var exitErr *output.ExitError
|
|
if errors.As(err, &exitErr) {
|
|
return exitErr
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// writeSecurityPolicyError writes the security-policy-specific JSON envelope to w.
|
|
// This format intentionally differs from the standard ErrDetail envelope:
|
|
// it uses string codes ("challenge_required"/"access_denied") and extra fields
|
|
// (retryable, challenge_url) for machine-readable policy error handling.
|
|
func writeSecurityPolicyError(w io.Writer, spErr *internalauth.SecurityPolicyError) {
|
|
var codeStr string
|
|
switch spErr.Code {
|
|
case internalauth.LarkErrBlockByPolicyTryAuth:
|
|
codeStr = "challenge_required"
|
|
case internalauth.LarkErrBlockByPolicy:
|
|
codeStr = "access_denied"
|
|
default:
|
|
codeStr = strconv.Itoa(spErr.Code)
|
|
}
|
|
|
|
errData := map[string]interface{}{
|
|
"type": "auth_error",
|
|
"code": codeStr,
|
|
"message": spErr.Message,
|
|
"retryable": false,
|
|
}
|
|
if spErr.ChallengeURL != "" {
|
|
errData["challenge_url"] = spErr.ChallengeURL
|
|
}
|
|
if spErr.CLIHint != "" {
|
|
errData["hint"] = spErr.CLIHint
|
|
}
|
|
|
|
env := map[string]interface{}{"ok": false, "error": errData}
|
|
|
|
buffer := &bytes.Buffer{}
|
|
encoder := json.NewEncoder(buffer)
|
|
encoder.SetEscapeHTML(false)
|
|
encoder.SetIndent("", " ")
|
|
err := encoder.Encode(env)
|
|
|
|
if err != nil {
|
|
fmt.Fprintln(w, `{"ok":false,"error":{"type":"internal_error","code":"marshal_error","message":"failed to marshal error"}}`)
|
|
return
|
|
}
|
|
fmt.Fprint(w, buffer.String())
|
|
}
|
|
|
|
// installTipsHelpFunc wraps the default help function to append a TIPS section
|
|
// when a command has tips set via cmdutil.SetTips. It also force-shows global
|
|
// flags that are normally hidden in single-app mode (currently --profile)
|
|
// when rendering the root command's own help, so users discovering the CLI
|
|
// still see them at `lark-cli --help`.
|
|
func installTipsHelpFunc(root *cobra.Command) {
|
|
defaultHelp := root.HelpFunc()
|
|
root.SetHelpFunc(func(cmd *cobra.Command, args []string) {
|
|
if cmd == root {
|
|
if f := root.PersistentFlags().Lookup("profile"); f != nil && f.Hidden {
|
|
f.Hidden = false
|
|
defer func() { f.Hidden = true }()
|
|
}
|
|
}
|
|
defaultHelp(cmd, args)
|
|
tips := cmdutil.GetTips(cmd)
|
|
if len(tips) == 0 {
|
|
return
|
|
}
|
|
out := cmd.OutOrStdout()
|
|
fmt.Fprintln(out)
|
|
fmt.Fprintln(out, "Tips:")
|
|
for _, tip := range tips {
|
|
fmt.Fprintf(out, " • %s\n", tip)
|
|
}
|
|
})
|
|
}
|
|
|
|
// enrichPermissionError adds console_url and improves the hint for permission errors.
|
|
// It differentiates between:
|
|
// - LarkErrAppScopeNotEnabled (99991672): app has not enabled the API scope → hint to admin console
|
|
// - LarkErrUserScopeInsufficient (99991679): user has not authorized the scope → hint to auth login --scope
|
|
func enrichPermissionError(f *cmdutil.Factory, exitErr *output.ExitError) {
|
|
if exitErr.Detail == nil || exitErr.Detail.Type != "permission" {
|
|
return
|
|
}
|
|
// Extract required scopes from API error detail
|
|
scopes := extractRequiredScopes(exitErr.Detail.Detail)
|
|
if len(scopes) == 0 {
|
|
return
|
|
}
|
|
|
|
cfg, err := f.Config()
|
|
if err != nil {
|
|
return
|
|
}
|
|
|
|
// Select the recommended (least-privilege) scope
|
|
scopeIfaces := make([]interface{}, len(scopes))
|
|
for i, s := range scopes {
|
|
scopeIfaces[i] = s
|
|
}
|
|
recommended := registry.SelectRecommendedScope(scopeIfaces, "tenant")
|
|
if recommended == "" {
|
|
recommended = scopes[0]
|
|
}
|
|
|
|
// Build admin console URL with the recommended scope
|
|
host := "open.feishu.cn"
|
|
if cfg.Brand == "lark" {
|
|
host = "open.larksuite.com"
|
|
}
|
|
consoleURL := fmt.Sprintf("https://%s/page/scope-apply?clientID=%s&scopes=%s", host, url.QueryEscape(cfg.AppID), url.QueryEscape(recommended))
|
|
|
|
// Clear raw API detail — useful info is now in message/hint/console_url
|
|
exitErr.Detail.Detail = nil
|
|
|
|
isBot := f.ResolvedIdentity.IsBot()
|
|
|
|
larkCode := exitErr.Detail.Code
|
|
switch larkCode {
|
|
case output.LarkErrUserScopeInsufficient, output.LarkErrUserNotAuthorized:
|
|
// User has not authorized the scope → re-authorize
|
|
exitErr.Detail.Message = fmt.Sprintf("User not authorized: required scope %s [%d]", recommended, larkCode)
|
|
if isBot {
|
|
exitErr.Detail.Hint = "enable the scope in developer console (see console_url)"
|
|
} else {
|
|
exitErr.Detail.Hint = fmt.Sprintf("run `lark-cli auth login --scope \"%s\"` in the background. It blocks and outputs a verification URL — retrieve the URL and open it in a browser to complete login.", recommended)
|
|
}
|
|
exitErr.Detail.ConsoleURL = consoleURL
|
|
|
|
case output.LarkErrAppScopeNotEnabled:
|
|
// App has not enabled the API scope → admin console
|
|
exitErr.Detail.Message = fmt.Sprintf("App scope not enabled: required scope %s [%d]", recommended, larkCode)
|
|
exitErr.Detail.Hint = "enable the scope in developer console (see console_url)"
|
|
exitErr.Detail.ConsoleURL = consoleURL
|
|
|
|
default:
|
|
// Other permission errors (matched by keyword)
|
|
exitErr.Detail.Message = fmt.Sprintf("Permission denied: required scope %s [%d]", recommended, larkCode)
|
|
if isBot {
|
|
exitErr.Detail.Hint = "enable the scope in developer console (see console_url)"
|
|
} else {
|
|
exitErr.Detail.Hint = fmt.Sprintf(
|
|
"enable scope in console (see console_url), or run `lark-cli auth login --scope \"%s\"` in the background. It blocks and outputs a verification URL — retrieve the URL and open it in a browser to complete login.", recommended)
|
|
}
|
|
exitErr.Detail.ConsoleURL = consoleURL
|
|
}
|
|
}
|
|
|
|
// extractRequiredScopes extracts scope names from the API error's permission_violations field.
|
|
func extractRequiredScopes(detail interface{}) []string {
|
|
m, ok := detail.(map[string]interface{})
|
|
if !ok {
|
|
return nil
|
|
}
|
|
violations, ok := m["permission_violations"].([]interface{})
|
|
if !ok {
|
|
return nil
|
|
}
|
|
var scopes []string
|
|
for _, v := range violations {
|
|
vm, ok := v.(map[string]interface{})
|
|
if !ok {
|
|
continue
|
|
}
|
|
if subject, ok := vm["subject"].(string); ok {
|
|
scopes = append(scopes, subject)
|
|
}
|
|
}
|
|
return scopes
|
|
}
|