Skip to content

Improve secure label error handling#1707

Merged
fangshuyu-768 merged 2 commits into
mainfrom
codex/secure-label-error-reliability
Jul 2, 2026
Merged

Improve secure label error handling#1707
fangshuyu-768 merged 2 commits into
mainfrom
codex/secure-label-error-reliability

Conversation

@fangshuyu-768

@fangshuyu-768 fangshuyu-768 commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • classify secure-label related Drive API codes from the telemetry table: invalid parameters, permission denied, downgrade approval required, and field validation failures
  • add secure-label command hints for label IDs, approval-required downgrades, and rate-limit backoff
  • reject display-name style --label-id values such as Public(D) before sending the API request

Validation

  • go test ./internal/errclass ./shortcuts/drive
  • go build ./...
  • git diff --check

Notes

  • go test ./... was also attempted, but this workspace has unrelated failures in schema/manifest fixtures, qualitygate temp git cleanup, missing local e2e binary, and live e2e scope/network dependencies.

Summary by CodeRabbit

  • New Features

    • Improved secure label list/update guidance with clearer --label-id usage tips and more contextual recovery hints.
    • Added stronger input normalization and command-aware error decoration for secure label operations.
  • Bug Fixes

    • Secure label updates now reject display-name-like values for --label-id and enforce numeric, non-empty IDs.
    • Enhanced handling for common Drive error codes, including permission issues, validation/precondition failures, not-found/quota-related cases, and rate limiting with retryability guidance.
  • Tests

    • Expanded secure label and Drive error-code coverage to verify hints, categories/subtypes, and retry behavior.

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 82c7e7e3-64a7-41f4-b1d3-d391094f8546

📥 Commits

Reviewing files that changed from the base of the PR and between 490c14e and 85f7385.

📒 Files selected for processing (2)
  • shortcuts/drive/drive_secure_label.go
  • shortcuts/drive/drive_secure_label_test.go
🚧 Files skipped from review as they are similar to previous changes (1)
  • shortcuts/drive/drive_secure_label_test.go

📝 Walkthrough

Walkthrough

This PR expands Drive error-code metadata mappings and updates secure-label list/update commands to normalize --label-id, add context-specific hints, and return typed errors. It also extends tests for the new Drive mappings and secure-label error cases.

Changes

Drive secure-label error handling

Layer / File(s) Summary
Drive error-code metadata mappings
internal/errclass/codemeta_drive.go, internal/errclass/codemeta_drive_test.go
Adds new Drive error-code entries with Category/Subtype/Retryable flags and corresponding test case expectations.
Secure-label command changes
shortcuts/drive/drive_secure_label.go
Adds tips for secure-label-list and secure-label-update, validates/normalizes --label-id, and routes API errors through a new decoration helper in Validate/DryRun/Execute paths.
Normalization and error decoration helpers
shortcuts/drive/drive_secure_label.go
Introduces normalizeSecureLabelID and decorateSecureLabelError with operation-aware hint guidance.
Secure-label update tests
shortcuts/drive/drive_secure_label_test.go
Adds tests for list rate limiting, display-name rejection, downgrade approval, invalid JSON type, and update rate-limit scenarios with typed error assertions.

Estimated code review effort: 3 (Moderate) | ~25 minutes

Possibly related PRs

  • larksuite/cli#985: Introduced the Drive secure-label shortcuts that this PR extends with normalization and error decoration logic.
  • larksuite/cli#1703: Also expands internal/errclass/codemeta_drive.go Drive error-code mappings and related tests.

Suggested reviewers: caojie0621

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 10.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and accurately summarizes the main change: improved secure label error handling.
Description check ✅ Passed The description covers the summary and validation well, but omits the template's Changes and Related Issues sections.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/secure-label-error-reliability

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added domain/ccm PR touches the ccm domain size/M Single-domain feat or fix with limited business impact labels Jul 1, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
shortcuts/drive/drive_secure_label_test.go (1)

153-273: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Please cover the remaining changed paths.

The new tests lock down rejection and update-side API decoration, but this PR also changes success-path behavior by trimming --label-id before DryRun/Execute and changes +secure-label-list to decorate API failures. A small request-body assertion for a whitespace-padded label ID, plus one list error case, would close the gaps introduced by this change set. As per coding guidelines, "Every behavior change needs a test alongside the change".

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@shortcuts/drive/drive_secure_label_test.go` around lines 153 - 273, The
current tests cover rejection and update error decoration, but they miss the new
success-path trimming of --label-id and the API failure decoration in
+secure-label-list. Add a request-body assertion around DriveSecureLabelUpdate
to verify a whitespace-padded --label-id is trimmed before DryRun/Execute, and
add one +secure-label-list error case that exercises the decorated API failure
path using the existing DriveSecureLabelList command and errs API/validation
types.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@shortcuts/drive/drive_secure_label.go`:
- Around line 162-180: The decorateSecureLabelError helper is overwriting
existing Problem.Hint values and hard-coding update-only recovery text for codes
like 1063001, 1063002, and 9499, which is wrong for commands such as
+secure-label-list. Update decorateSecureLabelError to preserve any upstream
hint already set by errs.ProblemOf/classify logic, and make the added guidance
conditional on the invoking command or operation context rather than always
applying the same update-specific wording. Keep the symbol
decorateSecureLabelError as the place to adjust the hint-merging behavior and
command-aware branching.

---

Outside diff comments:
In `@shortcuts/drive/drive_secure_label_test.go`:
- Around line 153-273: The current tests cover rejection and update error
decoration, but they miss the new success-path trimming of --label-id and the
API failure decoration in +secure-label-list. Add a request-body assertion
around DriveSecureLabelUpdate to verify a whitespace-padded --label-id is
trimmed before DryRun/Execute, and add one +secure-label-list error case that
exercises the decorated API failure path using the existing DriveSecureLabelList
command and errs API/validation types.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 51a96c5c-da63-4131-b3dd-52dd1dffad65

📥 Commits

Reviewing files that changed from the base of the PR and between a6797ac and 490c14e.

📒 Files selected for processing (4)
  • internal/errclass/codemeta_drive.go
  • internal/errclass/codemeta_drive_test.go
  • shortcuts/drive/drive_secure_label.go
  • shortcuts/drive/drive_secure_label_test.go

Comment thread shortcuts/drive/drive_secure_label.go Outdated
@codecov

codecov Bot commented Jul 1, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 62.50000% with 21 lines in your changes missing coverage. Please review.
✅ Project coverage is 74.51%. Comparing base (a6797ac) to head (85f7385).
⚠️ Report is 3 commits behind head on main.

Files with missing lines Patch % Lines
shortcuts/drive/drive_secure_label.go 62.50% 14 Missing and 7 partials ⚠️
Additional details and impacted files
@@           Coverage Diff            @@
##             main    #1707    +/-   ##
========================================
  Coverage   74.51%   74.51%            
========================================
  Files         850      851     +1     
  Lines       87070    87205   +135     
========================================
+ Hits        64879    64983   +104     
- Misses      17223    17244    +21     
- Partials     4968     4978    +10     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

🚀 PR Preview Install Guide

🧰 CLI update

npm i -g https://pkg.pr.new/larksuite/cli/@larksuite/cli@85f738515e0d354f6776e681c5d6d00b858800cf

🧩 Skill update

npx skills add larksuite/cli#codex/secure-label-error-reliability -y -g

@fangshuyu-768

Copy link
Copy Markdown
Collaborator Author

Addressed the review feedback in 85f7385:\n\n- made secure-label error decoration operation-aware for list vs update\n- preserve existing upstream/classifier hints and append command-specific guidance instead of overwriting\n- added coverage for whitespace-padded --label-id trimming in dry-run/execute success paths\n- added +secure-label-list rate-limit test that preserves upstream detail and uses list-specific guidance\n\nValidation:\n- go test ./internal/errclass ./shortcuts/drive\n- go build ./...\n- git diff --check

@fangshuyu-768 fangshuyu-768 merged commit d0cde9a into main Jul 2, 2026
39 checks passed
@fangshuyu-768 fangshuyu-768 deleted the codex/secure-label-error-reliability branch July 2, 2026 07:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

domain/ccm PR touches the ccm domain size/M Single-domain feat or fix with limited business impact

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants