feat(base): auto grant current user for bot create and copy

[zgz2048]

Summary

• auto grant the current CLI user full_access after bot-mode base +base-create and base +base-copy
• return structured permission_grant results and keep user-mode behavior unchanged
• remove redundant skill guidance and declare the permission-member scope for the auto-grant path

Testing

• go test ./shortcuts/base

Summary by CodeRabbit

• New Features

  • Automatic permission grants: Base create and copy performed by a bot now attempt to grant full_access to the current CLI user and include a permission_grant result (granted, skipped, or failed) in output.
  • CLI output shows structured permission_grant details alongside created/copied base info; user-mode runs skip augmentation.

• Documentation

  • Updated Base create/copy docs and reference examples to reflect automated permission-grant behavior, result semantics, and response requirements.

• Bug Fixes

  • Dry-run output now clearly indicates permission-grant hints for bot vs. user modes.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1038b2a5-5bf1-48b3-ac57-49ab5106327a

📥 Commits

Reviewing files that changed from the base of the PR and between bf63f48 and da07b1e.

📒 Files selected for processing (2)

• shortcuts/base/base_execute_test.go
• shortcuts/base/base_ops.go

✅ Files skipped from review due to trivial changes (1)

• shortcuts/base/base_execute_test.go

🚧 Files skipped from review as they are similar to previous changes (1)

• shortcuts/base/base_ops.go

---

📝 Walkthrough

Walkthrough

Split shortcut auth scopes into UserScopes and BotScopes; when run as a bot the Base create/copy shortcuts attempt an automatic full_access grant to the current CLI user, augment responses with a permission_grant field, add request-body builder helpers, and expand tests/docs to cover grant success, failure, and skip cases.

Changes

Cohort / File(s)	Summary
OAuth Scopes shortcuts/base/base_copy.go, shortcuts/base/base_create.go	Replaced single Scopes with UserScopes and BotScopes; added docs:permission.member:create to bot scopes.
Execution & Request Builders shortcuts/base/base_ops.go	Extracted buildBaseCopyBody / buildBaseCreateBody; changed execution to call baseV3Call with built bodies, added extractBasePermissionToken and augmentBasePermissionGrant to attempt conditional permission auto-grant and attach permission_grant to outputs; dry-run messages reflect bot-specific grant attempt.
Tests shortcuts/base/base_execute_test.go	Added JSON decoding helpers, configurable test user OpenID, auth-type-aware runner, stubs for Drive permissions API, and new cases for grant success, failure, skipped, and user-auth skipping; updated assertions to verify structured permission_grant.
Documentation skills/lark-base/SKILL.md, skills/lark-base/references/lark-base-base-create.md, skills/lark-base/references/lark-base-base-copy.md	Replaced manual agent-driven grant instructions with automated shortcut behavior; require permission_grant in responses and define permission_grant.status semantics (granted, skipped, failed); retained owner-transfer confirmation constraint.

Sequence Diagram(s)

sequenceDiagram
    actor User
    participant CLI as CLI Shortcut
    participant BaseAPI as Base API
    participant PermAPI as Permissions API

    User->>CLI: Run base create/copy (bot auth)
    CLI->>BaseAPI: Call base create/copy endpoint
    BaseAPI-->>CLI: Respond with base data (includes base_token/app_token)
    alt Bot has current user OpenID
        CLI->>PermAPI: Attempt grant full_access to current user
        alt Grant succeeds
            PermAPI-->>CLI: Grant confirmed
            CLI->>CLI: permission_grant.status = "granted"
        else Grant fails
            PermAPI-->>CLI: Grant failed
            CLI->>CLI: permission_grant.status = "failed"
        end
    else No current user OpenID
        CLI->>CLI: permission_grant.status = "skipped"
    end
    CLI-->>User: Return response containing base and permission_grant

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat: auto-grant current user access for bot-created docs, sheets, imports, and uploads #360: Implements bot auto-grant and permission_grant propagation for other shortcuts; shares the same permission-augmentation helper usage.
• fix: validate base shortcut JSON object inputs #458: Overlaps test changes in shortcuts/base/base_execute_test.go and related Drive permission API stubbing.

Suggested reviewers

• fangshuyu-768

Poem

🐰 I hopped through scopes and split them neat and fine,
Bot and user now have lists, each in its tidy line.
I nudged the shortcut to grant a friendly paw,
When it blooms I sing "granted", else I note what I saw.
A little carrot for the CLI — access by design. 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat(base): auto grant current user for bot create and copy' directly and specifically summarizes the main change: implementing auto-granting of full_access permissions to the current user for bot-mode base creation and copying operations.
Description check	✅ Passed	The PR description covers the key aspects (summary of changes and testing approach) but deviates from the template structure by omitting the 'Changes' section list format and not following the checklist format in 'Test Plan'.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🚀 PR Preview Install Guide

🧰 CLI update

npm i -g https://pkg.pr.new/larksuite/cli/@larksuite/cli@da07b1e815e37f106b59b664ffa84fe44c57ebe1

🧩 Skill update

npx skills add zgz2048/cli#feat/base-auto-grant-current-user -y -g

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@shortcuts/base/base_copy.go`:
- Line 17: Remove the auto-grant scope "docs:permission.member:create" from the
Scopes list in the shortcut declaration (the Scopes slice in base_copy.go) so
normal user-mode (--as user) copies don't require it, and instead ensure the
bot-only grant logic in shortcuts/base/base_ops.go (the code path that executes
when running as bot) adds or requests "docs:permission.member:create" as part of
its auth/grant flow; in short: delete the extra scope from the Scopes array in
base_copy.go and attach/request that scope only within the bot-auth grant logic
in base_ops.go.

In `@shortcuts/base/base_create.go`:
- Line 17: The Scopes array on the shortcut (Scopes in base_create.go for the
+base-create shortcut) wrongly includes "docs:permission.member:create" which
broadens user auth even though augmentBasePermissionGrant (in base_ops.go) only
grants that scope in bot mode (guarded by runtime.IsBot()); remove
"docs:permission.member:create" from the Scopes slice so user (--as user) flows
don't request it, and ensure the existing augmentBasePermissionGrant function
continues to add that scope only in the bot-only path (runtime.IsBot()) where
it's needed.

In `@shortcuts/base/base_ops.go`:
- Around line 24-26: The dry-run guidance emitted inside the runtime.IsBot()
conditional is currently using d.Desc(...), which writes to stdout; change those
calls (the d.Desc(...) at runtime.IsBot() and the similar calls around lines
34-36) so the hint is written to stderr instead—e.g., replace the d.Desc(...)
usage with an explicit write to os.Stderr (using fmt.Fprintln/os.Stderr or the
codebase's stderr helper) so runtime.IsBot() hints go to stderr and stdout
remains machine-readable.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 80dc2a49-3e0b-48dc-a9a9-ce92c50a1922

📥 Commits

Reviewing files that changed from the base of the PR and between 9dfaff4 and 954621d.

📒 Files selected for processing (7)

• shortcuts/base/base_copy.go
• shortcuts/base/base_create.go
• shortcuts/base/base_execute_test.go
• shortcuts/base/base_ops.go
• skills/lark-base/SKILL.md
• skills/lark-base/references/lark-base-base-copy.md
• skills/lark-base/references/lark-base-base-create.md

[codecov]

Codecov Report

❌ Patch coverage is 86.48649% with 5 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (main@9dfaff4). Learn more about missing BASE report.

Files with missing lines	Patch %	Lines
shortcuts/base/base_ops.go	86.48%	3 Missing and 2 partials ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #497   +/-   ##
=======================================
  Coverage        ?   59.06%           
=======================================
  Files           ?      384           
  Lines           ?    32645           
  Branches        ?        0           
=======================================
  Hits            ?    19282           
  Misses          ?    11555           
  Partials        ?     1808           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.