Skip to content

feat(drive): Strengthen lark-drive high-risk write operations and read-only recognition boundaries.#1801

Merged
yballul-bytedance merged 1 commit into
larksuite:mainfrom
yballul-bytedance:auto-research-sync/01KWW7ZHEWMRH9JSBMDAMSNJZ4/mr-1001-d0eab7a0
Jul 9, 2026
Merged

feat(drive): Strengthen lark-drive high-risk write operations and read-only recognition boundaries.#1801
yballul-bytedance merged 1 commit into
larksuite:mainfrom
yballul-bytedance:auto-research-sync/01KWW7ZHEWMRH9JSBMDAMSNJZ4/mr-1001-d0eab7a0

Conversation

@yballul-bytedance

@yballul-bytedance yballul-bytedance commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

Summary

Strengthen the lark-drive skill’s guardrails for high-risk write operations, including deletion, public permission changes, owner transfer, version deletion/rollback, and bulk move/overwrite/
sync. Distinguish “target state” from “specific target plus execution confirmation.” Also define URL type/token recognition as a read-only responsibility of drive +inspect, and add common usage
guidance for files list sorting, file.statistics, and file.view_records typed flags to reduce Drive command misuse and unauthorized execution.

Changes

  • skills/lark-drive/SKILL.md

    • Expanded the description to include scenarios for identifying link type, real token, and title.

    • Added two quick-decision rules:

      • URL type/token recognition should use lightweight judgment or +inspect, only for identification/disambiguation.
      • High-risk write operations must have both a specific target and explicit confirmation from the user in the current turn. Do not treat target-state requests such as “delete useless
        ones,” “open it to everyone,” or “overwrite/move these” as execution confirmation.
    • Changed the files list section from “must” to “read the reference before use and pass parameters according to the template,” avoiding overly rigid binding.

    • Clarified that file.statistics get and file.view_records list should use typed flags such as --file-token, --file-type, --page-size, and --viewer-id-type, instead of rewriting them as
      --params JSON.

  • skills/lark-drive/references/lark-drive-delete.md

    • Clarified the meaning of “specific target”: a concrete URL/token, or a resource list confirmed item-by-item or in batch by the user. Candidates found through heuristic search are pending-
      confirmation targets.

    • Added a “pre-deletion gate” table requiring both a specific target and execution confirmation. If either is missing, list candidates and stop to wait for confirmation.

  • skills/lark-drive/references/lark-drive-files-list.md

    • Added a “sort by time” section with templates for CreatedTime / EditedTime plus ASC / DESC.
    • Updated parameter rules:
      • Do not pass order_by / direction by default.
      • Use minimal --params only when sorting.
      • Add page_size / page_token only for pagination, recursive inventory, full export of a large directory, or follow-up pagination after the first page returns has_more=true.
      • Do not omit server-side sorting and then sort locally with scripts.
  • skills/lark-drive/references/lark-drive-inspect.md

    • Expanded the scenario table: use drive +inspect when asking for resource type, canonical token, title, canonical URL, or when the path looks like docx / Base / Sheet / Slides / Drive folder
      but the task is only identification.

    • Clarified that identifying link type/token/title is a Drive inspect task. Do not replace it with body reading, Base table commands, or manual URL path extraction.

  • skills/lark-drive/references/lark-drive-permission-guide.md

    • Added a “pre-public-permission-change gate” table: --yes is allowed only when all three are present: specific target, user-selected link_share_entity level, and current-turn execution
      confirmation.

    • Clarified that phrases like “open it up,” “share it with everyone,” or “let everyone view it” only express the target state, not the specific public scope. List available levels first, then
      stop and wait for the user’s choice.

Test Plan

  • Applied the MR net patch with git apply --3way. SKILL.md required semantic merge to preserve the GitHub base’s existing “copy document / create duplicate” decision item; the other 4
    reference files applied cleanly.
  • git diff --check reported no whitespace errors.
  • git diff --cached --stat matches the MR file list: 5 files changed, 58 insertions(+), 4 deletions(-).
  • Later, in an integration environment, regress the skill prompts for drive +delete, drive permission.public patch, drive files list, drive file.statistics get, drive file.view_records list,
    and drive +inspect, confirming that agents reliably hit the new gates and typed-flag guidance.

Related Issues

Auto research task: 01KWW7ZHEWMRH9JSBMDAMSNJZ4

Summary by CodeRabbit

Summary

  • Documentation
    • Updated cloud-space guidance to correctly handle link type, real token, and title routing for Feishu/doubao 云空间, without relying on fallback URL fetching.
    • Expanded drive +inspect usage with typical scenarios and reinforced “don’t infer from page content/Base/manual path truncation” rules.
    • Added “deletion threshold” and “public permission change threshold” guardrails: high-risk write actions now require a specific target plus explicit, per-round confirmation.
    • Refined drive files list sorting/pagination and tightened --params/typed --format json examples for related native commands.

@github-actions github-actions Bot added domain/ccm PR touches the ccm domain size/M Single-domain feat or fix with limited business impact labels Jul 8, 2026
@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

This PR updates lark-drive documentation to clarify drive +inspect routing and token identification, refine drive files list sorting and pagination rules, and add confirmation gates before delete and public permission changes.

Changes

Lark Drive skill documentation

Layer / File(s) Summary
Inspect-based URL/token identification guidance
skills/lark-drive/SKILL.md, skills/lark-drive/references/lark-drive-inspect.md
Adds doubao.com cloud-space routing behavior, expands +inspect guidance for URL type and token resolution, and warns against manual URL parsing or switching to write APIs after inspection failure.
Files list pagination and sorting rules
skills/lark-drive/SKILL.md, skills/lark-drive/references/lark-drive-files-list.md
Adds time-based sorting examples, defines order_by/direction defaults and mappings, tightens page_size guidance for pagination/export flows, and adds typed-flag examples for native docx-related endpoints.
Delete and permission pre-check gates
skills/lark-drive/references/lark-drive-delete.md, skills/lark-drive/references/lark-drive-permission-guide.md
Adds required target and execution confirmation steps before drive +delete --yes and drive permission.public patch --yes, with fallback discovery flows and explicit scope confirmation rules.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

Suggested labels: documentation

Suggested reviewers: fangshuyu-768, wittam-01, YH-1600

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: stronger lark-drive guardrails for high-risk writes and read-only inspection.
Description check ✅ Passed The description follows the template with Summary, Changes, Test Plan, and Related Issues sections and covers the PR scope well.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

🚀 PR Preview Install Guide

🧰 CLI update

npm i -g https://pkg.pr.new/larksuite/cli/@larksuite/cli@6e4dfbac07121dd53dd9f22fea650aadaf972791

🧩 Skill update

npx skills add yballul-bytedance/cli#auto-research-sync/01KWW7ZHEWMRH9JSBMDAMSNJZ4/mr-1001-d0eab7a0 -y -g

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@skills/lark-drive/references/lark-drive-delete.md`:
- Around line 10-21: Clarify the deletion gate in lark-drive-delete.md so a raw
URL is not treated as a concrete delete target; update the guidance around the
delete prerequisites to say that `drive +delete` must use the resolved
`file-token` and `type` from prior inspection, and that URLs/tokens are only for
identifying or confirming candidates until resolved. Keep the existing
distinction in the deletion policy text between candidate discovery and
execution, and adjust the wording near the “目标明确” and `drive +delete --yes`
checks to reference the resolved target pair rather than the URL itself.

In `@skills/lark-drive/references/lark-drive-files-list.md`:
- Around line 44-72: The sort examples in the references are misleading because
they look like complete ordered listings, but `lark-cli drive files list` only
returns one page unless `page_size` and `page_token` are handled. Update the
examples under the time-sorting section to either explicitly say they are
first-page-only or add the pagination flow used by `folder_token`/`page_token`
guidance, and keep the sort examples consistent with the `order_by`/`direction`
rules in the document.

In `@skills/lark-drive/SKILL.md`:
- Around line 24-25: The inspect gate wording is too broad and still implies
URL-shape parsing can determine canonical type/token/title; tighten it in
SKILL.md so lightweight URL checks are only used to decide whether to invoke
lark-cli drive +inspect, not to infer the real resource identity. Make it
explicit that canonical type, real token, and title resolution must come from
drive +inspect for wiki URLs or when disambiguation is needed, and keep the rule
that inspect is only for identification/disambiguation and not a universal
prerequisite.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5930543c-bfcf-451d-98a2-f47417336c15

📥 Commits

Reviewing files that changed from the base of the PR and between 9413e7c and 307abac.

📒 Files selected for processing (5)
  • skills/lark-drive/SKILL.md
  • skills/lark-drive/references/lark-drive-delete.md
  • skills/lark-drive/references/lark-drive-files-list.md
  • skills/lark-drive/references/lark-drive-inspect.md
  • skills/lark-drive/references/lark-drive-permission-guide.md

Comment thread skills/lark-drive/references/lark-drive-delete.md Outdated
Comment thread skills/lark-drive/references/lark-drive-files-list.md
Comment thread skills/lark-drive/SKILL.md Outdated
@yballul-bytedance yballul-bytedance changed the title feat(drive): 强化 lark-drive 高风险写操作与只读识别边界 feat(drive): Strengthen lark-drive high-risk write operations and read-only recognition boundaries. Jul 8, 2026
@wittam-01 wittam-01 force-pushed the auto-research-sync/01KWW7ZHEWMRH9JSBMDAMSNJZ4/mr-1001-d0eab7a0 branch 2 times, most recently from 3ae6fa7 to 8692fa0 Compare July 8, 2026 10:28
@yballul-bytedance yballul-bytedance force-pushed the auto-research-sync/01KWW7ZHEWMRH9JSBMDAMSNJZ4/mr-1001-d0eab7a0 branch from 8692fa0 to f51db4a Compare July 8, 2026 10:53
@wittam-01 wittam-01 force-pushed the auto-research-sync/01KWW7ZHEWMRH9JSBMDAMSNJZ4/mr-1001-d0eab7a0 branch from f51db4a to ed1d19c Compare July 8, 2026 11:19
@yballul-bytedance yballul-bytedance force-pushed the auto-research-sync/01KWW7ZHEWMRH9JSBMDAMSNJZ4/mr-1001-d0eab7a0 branch from ed1d19c to c6d1007 Compare July 8, 2026 11:27

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (2)
skills/lark-drive/references/lark-drive-delete.md (1)

10-21: 🗄️ Data Integrity & Integration | 🟠 Major

Use the resolved delete target, not the raw URL/token.

drive +delete should gate on the resolved file-token/type pair; treating a raw URL/token as a concrete delete target keeps the inspect artifact in the execution path. Please rewrite the prerequisite table and the “目标明确” definition accordingly. Based on the PR objective that deletion requires a concrete target plus explicit confirmation in the current turn.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@skills/lark-drive/references/lark-drive-delete.md` around lines 10 - 21, The
delete prerequisite wording in lark-drive-delete.md still treats a raw URL/token
as a concrete target; update the “目标明确” definition and the prerequisite table so
`drive +delete --yes` is only allowed when the resolved `file-token/type` pair
is available and the user has explicitly confirmed that exact target in the
current turn. Keep the guidance around `drive +search` and `drive +inspect` for
unresolved candidates, and make the distinction between candidate selection and
executable delete target unambiguous.
skills/lark-drive/SKILL.md (1)

24-25: 🎯 Functional Correctness | 🟠 Major

Keep URL-shape checks out of canonical identity resolution.

轻量判断 still reads as if the URL itself can determine the real type/token/title before drive +inspect. Please limit the URL check to deciding whether drive +inspect is needed; the canonical identity should come from drive +inspect only. Based on the PR objective that URL type, real token, and title detection belong to drive +inspect.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@skills/lark-drive/SKILL.md` around lines 24 - 25, Adjust the guidance in
SKILL.md so the initial URL check in the drive workflow is only a gate for
whether lark-cli drive +inspect --url '<url>' should be used, not part of
canonical identity resolution. Update the wording around the URL-shape check and
drive +inspect so that real type, token, and title detection are attributed
solely to +inspect, and keep the existing symbols drive +inspect, inspect, and
the high-risk write-operation rules aligned with that separation.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@skills/lark-drive/references/lark-drive-delete.md`:
- Around line 10-21: The delete prerequisite wording in lark-drive-delete.md
still treats a raw URL/token as a concrete target; update the “目标明确” definition
and the prerequisite table so `drive +delete --yes` is only allowed when the
resolved `file-token/type` pair is available and the user has explicitly
confirmed that exact target in the current turn. Keep the guidance around `drive
+search` and `drive +inspect` for unresolved candidates, and make the
distinction between candidate selection and executable delete target
unambiguous.

In `@skills/lark-drive/SKILL.md`:
- Around line 24-25: Adjust the guidance in SKILL.md so the initial URL check in
the drive workflow is only a gate for whether lark-cli drive +inspect --url
'<url>' should be used, not part of canonical identity resolution. Update the
wording around the URL-shape check and drive +inspect so that real type, token,
and title detection are attributed solely to +inspect, and keep the existing
symbols drive +inspect, inspect, and the high-risk write-operation rules aligned
with that separation.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 63c186a7-8083-4f34-a9d0-fa89416d77aa

📥 Commits

Reviewing files that changed from the base of the PR and between f51db4a and c6d1007.

📒 Files selected for processing (5)
  • skills/lark-drive/SKILL.md
  • skills/lark-drive/references/lark-drive-delete.md
  • skills/lark-drive/references/lark-drive-files-list.md
  • skills/lark-drive/references/lark-drive-inspect.md
  • skills/lark-drive/references/lark-drive-permission-guide.md
✅ Files skipped from review due to trivial changes (3)
  • skills/lark-drive/references/lark-drive-inspect.md
  • skills/lark-drive/references/lark-drive-permission-guide.md
  • skills/lark-drive/references/lark-drive-files-list.md

@wittam-01 wittam-01 force-pushed the auto-research-sync/01KWW7ZHEWMRH9JSBMDAMSNJZ4/mr-1001-d0eab7a0 branch from c6d1007 to 24365cb Compare July 8, 2026 11:40
Comment thread skills/lark-drive/SKILL.md Outdated
Comment thread skills/lark-drive/SKILL.md Outdated
@fangshuyu-768

Copy link
Copy Markdown
Collaborator

One broader consistency concern: the new guardrails are valuable, but the quick-decision rules and the detailed references currently give agents different signals in a couple of places.

  • For URL identity, SKILL.md says agents may directly extract token/type when the URL path looks clear, while lark-drive-inspect.md says link type/token/title recognition should not be replaced with manual URL slicing and should go through drive +inspect.
  • For high-risk writes, SKILL.md frames the common gate as concrete URL/token/list plus current-turn confirmation, while the detailed permission/owner/version/sync guidance requires more operation-specific executable details before running the write.

Because agents usually read the quick-decision section first, these broader rules can accidentally loosen or contradict the stricter reference-level rules. I think the safest model is to make the quick-decision section act only as routing guidance, and leave canonical identity resolution plus executable write prerequisites to the detailed references.

@wittam-01 wittam-01 force-pushed the auto-research-sync/01KWW7ZHEWMRH9JSBMDAMSNJZ4/mr-1001-d0eab7a0 branch from 24365cb to 9b0a8ec Compare July 8, 2026 12:52
@wittam-01 wittam-01 force-pushed the auto-research-sync/01KWW7ZHEWMRH9JSBMDAMSNJZ4/mr-1001-d0eab7a0 branch from 9b0a8ec to 6e4dfba Compare July 8, 2026 13:03
@yballul-bytedance yballul-bytedance merged commit 74d8458 into larksuite:main Jul 9, 2026
22 checks passed
@liangshuo-1 liangshuo-1 mentioned this pull request Jul 9, 2026
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

domain/ccm PR touches the ccm domain size/M Single-domain feat or fix with limited business impact

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants