Skip to content

fix: support pnpm global installs in self-update#1705

Merged
liangshuo-1 merged 7 commits into
mainfrom
fix/pnpm-selfupdate-detection
Jul 6, 2026
Merged

fix: support pnpm global installs in self-update#1705
liangshuo-1 merged 7 commits into
mainfrom
fix/pnpm-selfupdate-detection

Conversation

@leave330

@leave330 leave330 commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Summary

lark-cli update classified pnpm global installs as npm because both use a node_modules/@larksuite/cli layout. When npm was also on PATH, the updater ran npm install -g, creating a duplicate install under npm's global prefix instead of updating the pnpm-managed one (#1681). Users ended up with two lark-cli binaries of different versions, and which one ran depended on PATH order.

This detects pnpm from the resolved binary path and updates in place with pnpm add -g @larksuite/cli@<version>. When pnpm is detected but not on PATH, it falls back to the existing manual path (GitHub Releases URL) with a pnpm-specific hint. The npm and manual paths are unchanged.

Detection matches a .pnpm path segment, or a pnpm segment immediately followed by store — covering both pnpm layouts (the classic virtual store node_modules/.pnpm/… and pnpm 11's global content-addressable store ~/Library/pnpm/store/v11/links/…) without misclassifying an npm install that merely lives under a directory named pnpm. Verified end-to-end on a real pnpm 11 / macOS install (the environment reported in #1681): update prints via pnpm and runs pnpm add -g in place, and skills sync then runs and reports its launcher.

Changes

  • internal/selfupdate/updater.go: add InstallPnpm detection via containsPnpmMarker (matches a pnpm or .pnpm path segment, POSIX and Windows separators), a PnpmAvailable field, and RunPnpmInstall (pnpm add -g, argv form). Classification is refactored into a pure, unit-testable detectFromResolved.
  • cmd/update/update.go: route auto-updates through the detected package manager (doNpmUpdate → parameterized doAutoUpdate), show a pnpm-specific hint on the manual fallback, report the actual package manager in the failure message, and document the pnpm branch in --help. The JSON envelope key set is unchanged (pnpm success is action: "updated").
  • internal/selfupdate/updater.go: post-update skills sync is now package-manager-aware — runSkillsCommand uses pnpm dlx skills … when the CLI is a pnpm install and pnpm is available, otherwise npx skills … (selection extracted into a pure, unit-tested skillsInvocation). This addresses pnpm-only environments: pnpm's standalone installer bundles Node without putting npm/npx on PATH, so an unconditional npx skills add would fail with npx not found in PATH right after a successful CLI update. The manual-fallback "sync skills separately" hint is aligned to pnpm dlx on the pnpm branch, and the update output reports the skills launcher (Updating skills via pnpm dlx/npx ...).
  • internal/selfupdate/updater.go: DetectInstallMethod now memoizes its first result on the Updater. The update flow mutates the install (pnpm add -g) before syncing skills; without caching, the skills-time re-detection could resolve a now-stale os.Executable() and silently fall back to npx, diverging from the launcher reported to the user. Caching is the correct semantics (install method is process-invariant) and keeps the reported and executed launcher consistent; it also avoids repeated EvalSymlinks + LookPath per skills command.
  • cmd/update/update.go: the EACCES permission hint and the no-rollback reinstall hint are now package-manager-aware — pnpm users get pnpm setup / pnpm add -g … && pnpm dlx skills add … instead of npm-flavored advice that would otherwise send them toward a second duplicate install.

Known limitation: a non-default pnpm setup whose resolved path passes through neither a .pnpm virtual-store segment nor the pnpm home/store directory would still be classified as npm. Default and common layouts (virtual store and global store) are covered.

Test Plan

  • unit tests passed — pnpm/npm/manual classification, containsPnpmMarker boundaries (virtual store, global store on macOS/Linux/Windows, and .pnpmfoo/pnpmfoo negatives), RunPnpmInstall success/error, and command-layer pnpm success / install-failure / pnpm-unavailable manual fallback (asserts the npm install path is not invoked on the pnpm branch)
  • validate passed (build, vet, unit, integration)
  • local-eval passed (E2E 2/2, skillave N/A — no shortcut/skill/meta change)
  • acceptance-reviewer passed (5/5 cases)
  • manual verification: ran the built binary from a real pnpm 11 global install (~/Library/pnpm/store/v11/links/…/@larksuite/cli/bin/lark-cli update) — detected via pnpm and updated in place with pnpm add -g; also lark-cli update --check --json / --help (non-destructive)

Related Issues

Closes #1681

Summary by CodeRabbit

  • New Features

    • Added pnpm-aware self-update: detects whether the CLI was installed via pnpm, runs global installs with pnpm, and uses pnpm dlx for skills when available.
    • Updated update prompts/auto-detection guidance to include pnpm install instructions alongside npm.
  • Bug Fixes

    • Improved update output and JSON error/rollback messaging to reference the correct package manager (npm vs pnpm).
    • Added install-detection memoization to keep install classification consistent during the update flow.
    • Extended pnpm-specific permission hinting for EACCES cases.
  • Tests

    • Expanded pnpm coverage for auto/human/JSON outcomes, install failures, unavailable fallback messaging, and skills launcher argument handling.

@leave330 leave330 requested a review from liangshuo-1 as a code owner July 1, 2026 10:05
@leave330 leave330 added the bug Something isn't working label Jul 1, 2026
@github-actions github-actions Bot added the size/L Large or sensitive change across domains or core paths label Jul 1, 2026
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: afb5d3bf-7c82-46be-b2f3-2b323e1737a9

📥 Commits

Reviewing files that changed from the base of the PR and between df60cd3 and 568883e.

📒 Files selected for processing (4)
  • cmd/update/update.go
  • cmd/update/update_test.go
  • internal/selfupdate/updater.go
  • internal/selfupdate/updater_test.go
🚧 Files skipped from review as they are similar to previous changes (3)
  • cmd/update/update.go
  • cmd/update/update_test.go
  • internal/selfupdate/updater_test.go

📝 Walkthrough

Walkthrough

This PR adds pnpm-aware update handling across detection, install execution, update messaging, and skills sync invocation.

Changes

pnpm-aware update support

Layer / File(s) Summary
Detection contract and install method classification
internal/selfupdate/updater.go
Adds InstallPnpm, PnpmAvailable, pnpm-specific auto-update/manual messaging, and resolved-path classification for npm versus pnpm installs.
pnpm install execution and skills launcher
internal/selfupdate/updater.go
Adds RunPnpmInstall, a pnpm install override hook, and skills command selection between pnpm dlx and npx.
Update command auto/manual flow wiring
cmd/update/update.go
Updates update help text, switches auto-update dispatch to a package-manager-aware path, and varies manual install instructions by detected method.
Test coverage for pnpm update behavior
internal/selfupdate/updater_test.go, cmd/update/update_test.go
Adds unit tests for pnpm detection, install eligibility, pnpm install execution, skills invocation, and command-level JSON and human update flows.

Estimated code review effort: 3 (Moderate) | ~30 minutes

Sequence Diagram(s)

sequenceDiagram
  participant User
  participant updateRun
  participant Updater
  participant pnpm
  participant skills
  User->>updateRun: lark-cli update
  updateRun->>Updater: DetectInstallMethod()
  Updater-->>updateRun: install method + pnpm availability
  updateRun->>Updater: RunNpmInstall() or RunPnpmInstall()
  Updater->>pnpm: install `@larksuite/cli`@version
  pnpm-->>Updater: install result
  updateRun->>skills: runSkillsCommand()
  skills-->>updateRun: sync result
Loading

Possibly related PRs

  • larksuite/cli#391: Extends the same self-update and update-command flow with package-manager-specific handling.
  • larksuite/cli#723: Also changes cmd/update/update.go skills execution and hint emission paths.
  • larksuite/cli#1251: Modifies the skills execution path in internal/selfupdate/updater.go.

Suggested reviewers: MaxHuang22, liangshuo-1

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the pnpm self-update fix and matches the main change.
Description check ✅ Passed The description follows the template with Summary, Changes, Test Plan, and Related Issues sections and is sufficiently detailed.
Linked Issues check ✅ Passed The changes address #1681 by detecting pnpm installs, using pnpm add -g, and falling back to manual update when pnpm is unavailable.
Out of Scope Changes check ✅ Passed No clear out-of-scope changes are present; the added skills-sync and messaging updates support the pnpm self-update fix.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/pnpm-selfupdate-detection

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@codecov

codecov Bot commented Jul 1, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 79.20792% with 21 lines in your changes missing coverage. Please review.
✅ Project coverage is 74.42%. Comparing base (cccf025) to head (568883e).

Files with missing lines Patch % Lines
internal/selfupdate/updater.go 72.46% 19 Missing ⚠️
cmd/update/update.go 93.75% 1 Missing and 1 partial ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #1705      +/-   ##
==========================================
+ Coverage   74.40%   74.42%   +0.02%     
==========================================
  Files         854      854              
  Lines       88375    88445      +70     
==========================================
+ Hits        65752    65825      +73     
+ Misses      17552    17546       -6     
- Partials     5071     5074       +3     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

🚀 PR Preview Install Guide

🧰 CLI update

npm i -g https://pkg.pr.new/larksuite/cli/@larksuite/cli@568883ee18f2e22ea80fd28ac03e54d142d8611f

🧩 Skill update

npx skills add larksuite/cli#fix/pnpm-selfupdate-detection -y -g

@CLAassistant

CLAassistant commented Jul 1, 2026

Copy link
Copy Markdown

CLA assistant check
All committers have signed the CLA.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@internal/selfupdate/updater.go`:
- Around line 346-349: The launcher lookup path in updater.go is returning an
untyped fmt.Errorf, which breaks command-facing error classification. Update the
exec.LookPath handling in the updater logic to construct the failure with the
appropriate errs.* typed error for a missing launcher, and attach the original
exec.LookPath error via .WithCause(err) so the cause is preserved. Use the
existing launcher/binPath lookup flow in the updater function to locate the
change, and keep r.Err set to the typed error before returning.
- Around line 171-173: The pnpm detection in containsPnpmMarker is too broad
because matching plain /pnpm/ or \pnpm\ can misclassify npm installs as
InstallPnpm. Tighten the check in containsPnpmMarker to only recognize
pnpm-specific paths such as .pnpm or the documented pnpm/store layout, and keep
the existing cross-platform path handling intact.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ba320ccf-eae8-43db-96f5-422208b02fe1

📥 Commits

Reviewing files that changed from the base of the PR and between 43f49dc and a25525d.

📒 Files selected for processing (3)
  • cmd/update/update.go
  • internal/selfupdate/updater.go
  • internal/selfupdate/updater_test.go
🚧 Files skipped from review as they are similar to previous changes (2)
  • internal/selfupdate/updater_test.go
  • cmd/update/update.go

Comment thread internal/selfupdate/updater.go Outdated
Comment thread internal/selfupdate/updater.go
@leave330 leave330 force-pushed the fix/pnpm-selfupdate-detection branch from a25525d to bfb4817 Compare July 1, 2026 13:19
@leave330 leave330 force-pushed the fix/pnpm-selfupdate-detection branch from df60cd3 to 568883e Compare July 3, 2026 05:15
@liangshuo-1 liangshuo-1 merged commit e621c6e into main Jul 6, 2026
37 checks passed
@liangshuo-1 liangshuo-1 deleted the fix/pnpm-selfupdate-detection branch July 6, 2026 13:11
This was referenced Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working size/L Large or sensitive change across domains or core paths

Projects

None yet

Development

Successfully merging this pull request may close these issues.

lark-cli update incorrectly detects pnpm-installed CLI as npm-installed

3 participants