Skip to content

feat(base): tighten lark-base auth fallback and local attachment lookup guidance#1699

Open
yballul-bytedance wants to merge 1 commit into
larksuite:mainfrom
yballul-bytedance:auto-research-sync/01KWE29JZMNK51APJWKJ63ZK68/mr-849-c35a2c44
Open

feat(base): tighten lark-base auth fallback and local attachment lookup guidance#1699
yballul-bytedance wants to merge 1 commit into
larksuite:mainfrom
yballul-bytedance:auto-research-sync/01KWE29JZMNK51APJWKJ63ZK68/mr-849-c35a2c44

Conversation

@yballul-bytedance

@yballul-bytedance yballul-bytedance commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Summary

Tighten the lark-base skill guidance so agents fall back to a single auth login flow on token/scope errors and constrain local attachment path lookup to explicit, in-scope candidates.

Changes

  • skills/lark-base/SKILL.md: Under "Usage boundaries", add two rules: (1) once any Base command returns token_missing, need_user_authorization, or current command requires scope(s), stop probing more Base/Drive/Contact business commands and run lark-cli auth login --domain base --no-wait --json to end the round after the QR code is generated, and avoid hand-crafted space-separated scope strings that trigger malformed scopes; (2) before uploading a local attachment, only check the user-provided relative path or same-name candidates in the current directory, and stop with a not-found report instead of expanding the search to the repository parent, home directory, or the whole disk.
  • skills/lark-base/SKILL.md: Update the attachment-field row in the quick routing table to cross-reference the new local-attachment boundary rule instead of the generic "upload from local file" wording.

Test Plan

  • git diff --check (clean, no whitespace errors).
  • Manual review of the rendered skills/lark-base/SKILL.md to confirm the new bullets sit under the "Usage boundaries" section and that the quick routing table row for attachment fields still parses.

Related Issues

Auto research task: 01KWE29JZMNK51APJWKJ63ZK68

Summary by CodeRabbit

  • Documentation
    • Clarified the handling of Base command authorization and token/scope-related failures, including when to stop and re-authenticate.
    • Added stricter guidance for local file attachments: only check the intended path, report missing files immediately, and avoid searching outside the expected location.
    • Updated attachment-field guidance to ensure uploads, downloads, and deletions follow the correct attachment-specific workflow.

@github-actions github-actions Bot added domain/base PR touches the base domain size/M Single-domain feat or fix with limited business impact labels Jul 1, 2026
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This PR updates skills/lark-base/SKILL.md to add usage boundary rules: Base commands returning specific auth/scope errors must halt and trigger lark-cli auth login, and local attachment uploads must validate file existence within restricted path scope. The quick routing table's attachment field row is also updated accordingly.

Changes

Base auth and attachment boundary updates

Layer / File(s) Summary
Auth/scope error handling and attachment boundary
skills/lark-base/SKILL.md
Adds stop-and-reauth guidance for token_missing, need_user_authorization, and scope errors via lark-cli auth login --domain base --no-wait --json; restricts local attachment upload checks to the provided path/current directory and requires stopping on missing files; updates the “附件字段” quick routing row to reflect these constraints.

Estimated code review effort: 1 (Trivial) | ~3 minutes

Possibly related PRs

  • larksuite/cli#345: Both PRs tighten lark-base handling of local attachment uploads and file-based input guard behavior.
  • larksuite/cli#1598: Both PRs update AI Skills' authorization/missing-scope guidance steering users toward lark-cli auth flows.

Suggested reviewers: kongenpei

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: tighter auth fallback and local attachment lookup guidance.
Description check ✅ Passed The description matches the template with Summary, Changes, Test Plan, and Related Issues, and it is sufficiently specific.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
skills/lark-base/SKILL.md (1)

35-35: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Consider splitting the scope-string warning into its own bullet for discoverability.

The auth-error stop rule and the hand-crafted scope-string warning are two distinct constraints. Combining them into one long bullet reduces scannability. Splitting would make each rule more actionable.

- - 任一 Base 命令返回 `token_missing`、`need_user_authorization` 或 `current command requires scope(s)` 后,停止继续试 Base/Drive/Contact 业务命令;直接走 `lark-cli auth login --domain base --no-wait --json`,生成二维码后结束本轮等待授权。不要手写多个 scope 的空格字符串,容易触发 malformed scopes。
+ - 任一 Base 命令返回 `token_missing`、`need_user_authorization` 或 `current command requires scope(s)` 后,停止继续试 Base/Drive/Contact 业务命令;直接走 `lark-cli auth login --domain base --no-wait --json`,生成二维码后结束本轮等待授权。
+ - 不要手写多个 scope 的空格字符串,容易触发 malformed scopes。
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@skills/lark-base/SKILL.md` at line 35, Split the auth-error stop rule and the
scope-string warning into separate bullets in SKILL.md: one bullet should cover
stopping Base/Drive/Contact command retries and immediately running lark-cli
auth login --domain base --no-wait --json after token_missing,
need_user_authorization, or current command requires scope(s); the other should
warn against hand-writing multiple scopes as a space-separated string because it
can trigger malformed scopes. Keep the guidance aligned with the existing Base
auth workflow text.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@skills/lark-base/SKILL.md`:
- Line 35: Split the auth-error stop rule and the scope-string warning into
separate bullets in SKILL.md: one bullet should cover stopping
Base/Drive/Contact command retries and immediately running lark-cli auth login
--domain base --no-wait --json after token_missing, need_user_authorization, or
current command requires scope(s); the other should warn against hand-writing
multiple scopes as a space-separated string because it can trigger malformed
scopes. Keep the guidance aligned with the existing Base auth workflow text.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5b5bc80f-d161-4e1e-8d0c-d81c2ddb2716

📥 Commits

Reviewing files that changed from the base of the PR and between ec6fdc9 and c58be09.

📒 Files selected for processing (1)
  • skills/lark-base/SKILL.md

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

🚀 PR Preview Install Guide

🧰 CLI update

npm i -g https://pkg.pr.new/larksuite/cli/@larksuite/cli@c58be096db6c515c54df1545f9b05a7b47d80eca

🧩 Skill update

npx skills add yballul-bytedance/cli#auto-research-sync/01KWE29JZMNK51APJWKJ63ZK68/mr-849-c35a2c44 -y -g

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

domain/base PR touches the base domain size/M Single-domain feat or fix with limited business impact

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant