docs(approval): clarify user identity scope limitations#1853
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (4)
✅ Files skipped from review due to trivial changes (2)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughApproval documentation now explains legacy OAuth scope limitations for user-identity operations, adds token-scope verification guidance, and directs users to administrator validation instead of repeated authentication attempts. ChangesApproval scope guidance
Estimated code review effort: 1 (Trivial) | ~5 minutes Possibly related PRs
Suggested labels: Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
skills/lark-approval/SKILL.md (1)
18-22: 🗄️ Data Integrity & Integration | 🔵 Trivial | ⚡ Quick winAdd a current scope/identity map for approval endpoints.
skills/lark-approval/SKILL.md#L16-L24explains the legacy-scope fallback, but the reference pages still list only old scope names and never say whether each endpoint is user-grantable or bot/tenant-only. Add a small mapping in the main skill and link these notes to it:
skills/lark-approval/references/lark-approval-instances-get.md#L6-L8skills/lark-approval/references/lark-approval-instances-initiated.md#L6-L8skills/lark-approval/references/lark-approval-tasks-query.md#L6-L8🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@skills/lark-approval/SKILL.md` around lines 18 - 22, 在 skills/lark-approval/SKILL.md 的审批身份说明旁新增当前 scope/identity 映射,明确相关端点分别支持 user scope 还是仅支持 bot/tenant scope,并链接各参考页面。同步更新 skills/lark-approval/references/lark-approval-instances-get.md、lark-approval-instances-initiated.md 和 lark-approval-tasks-query.md 的 scope 说明,移除仅列旧 scope 的歧义并链接回主技能中的映射;保留缺少旧 scope 时先核验 token、不要反复 auth login 或静默切换身份的规则。
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@skills/lark-approval/SKILL.md`:
- Around line 18-22: 在 skills/lark-approval/SKILL.md 的审批身份说明旁新增当前 scope/identity
映射,明确相关端点分别支持 user scope 还是仅支持 bot/tenant scope,并链接各参考页面。同步更新
skills/lark-approval/references/lark-approval-instances-get.md、lark-approval-instances-initiated.md
和 lark-approval-tasks-query.md 的 scope 说明,移除仅列旧 scope 的歧义并链接回主技能中的映射;保留缺少旧 scope
时先核验 token、不要反复 auth login 或静默切换身份的规则。
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: a38a878a-463c-4cab-9ecd-b91a9ebc0702
📒 Files selected for processing (4)
skills/lark-approval/SKILL.mdskills/lark-approval/references/lark-approval-instances-get.mdskills/lark-approval/references/lark-approval-instances-initiated.mdskills/lark-approval/references/lark-approval-tasks-query.md
|
@coderabbitai 已处理:主 skill 新增 Feishu 的 scope/identity 映射,分别说明 |
|
Tip For best results, initiate chat on the files or code changes. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
fd . skills/lark-approval -e md
echo "---SKILL---"
cat -n skills/lark-approval/SKILL.md
echo "---get---"
cat -n skills/lark-approval/references/lark-approval-instances-get.md
echo "---initiated---"
cat -n skills/lark-approval/references/lark-approval-instances-initiated.md
echo "---query---"
cat -n skills/lark-approval/references/lark-approval-tasks-query.mdLength of output: 21238
|
Fixes #780
背景
部分审批端点仍在元数据中列出已不能作为 user scope 授予的旧权限。反复执行登录无法恢复,且错误切换为 bot 身份会改变审批主体。
核心改动
验证
go test ./internal/qualitygate/rules -count=1git diff --check风险与回滚
仅补充 Skill 运行指引,不改变 CLI 命令或 API 行为。回滚本提交即可恢复原文档。
Summary by CodeRabbit
approval:instance:read) and that merged scopes likeapproval:instanceare tenant-only (not usable as a user token substitute).