Skip to content

feat: add embedder public APIs (meta, error dispatch, OpenID)#1865

Open
zhaojunlin0405 wants to merge 12 commits into
mainfrom
feat/embedder-public-apis
Open

feat: add embedder public APIs (meta, error dispatch, OpenID)#1865
zhaojunlin0405 wants to merge 12 commits into
mainfrom
feat/embedder-public-apis

Conversation

@zhaojunlin0405

@zhaojunlin0405 zhaojunlin0405 commented Jul 13, 2026

Copy link
Copy Markdown
Collaborator

Summary

Add three public APIs so integrators that consume lark-cli as a Go module
(restricted, embedded, or agent-oriented distributions) can build and run a
customized binary without depending on internal packages or unstable symbols:

  • extension/apimeta.SetEmbedded — inject embedded API metadata at process
    start, so binaries built from the bare module resolve schema and generated
    service commands offline.
  • extension/envelope.DispatchError — classify an error exactly like the root
    command dispatcher and return the stderr envelope bytes plus the exit code,
    so custom entrypoints render errors identically to the official binary.
  • extension/credential: an optional pre-verified OpenID channel
    (Account.OpenIDVerified + LARKSUITE_CLI_USER_OPEN_ID) that lets a provider
    assert an already-verified user identity and skip the startup user_info
    call. Off by default.

Changes

  • registry: SetEmbeddedMeta with a parse-order guard and a defensive copy.
  • output: DispatchError pure classifier; renderTypedEnvelope extracted from
    WriteTypedErrorEnvelope; handleRootError routes through DispatchError.
  • extension/envelope: thin public facade with golden byte-parity tests.
  • extension/credential: Account.OpenIDVerified (appended at struct end for
    ABI-friendly evolution) plus env-driven injection; a call-site short-circuit
    of the startup verification in the credential resolver.
  • test: derive the semantic-review waiver dates from the current date to fix a
    pre-existing date-dependent test failure.

Test Plan

  • Unit tests: registry injection guard, DispatchError branch classification,
    and the credential behavior matrix.
  • Golden contract test asserting the public DispatchError triple is
    byte-identical to the real root dispatcher's stderr output and exit code.
  • E2E: error-envelope contract and OpenID-injection scenarios run in the
    container sandbox.
  • go build ./..., go vet, and golangci-lint run --new-from-rev=origin/main
    all clean.

Related Issues

N/A

Summary by CodeRabbit

  • New Features

    • Added support for embedding API metadata at startup, with validation and protection against late updates.
    • Added an API for integrations to provide embedded metadata programmatically.
    • Added support for asserting a user’s OpenID through environment configuration when a user access token is available.
  • Bug Fixes

    • Standardized command-line error formatting, exit codes, and JSON error envelopes across error types.
    • Improved handling of authorization, validation, usage, and partial-failure errors.
    • Preserved verified identity information without unnecessary startup verification.

@github-actions github-actions Bot added the size/L Large or sensitive change across domains or core paths label Jul 13, 2026
@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: faba2190-b1d7-4986-8a79-b27fb409f65d

📥 Commits

Reviewing files that changed from the base of the PR and between cbdb39b and 7f23bad.

📒 Files selected for processing (8)
  • cmd/root.go
  • extension/apimeta/apimeta.go
  • extension/credential/env/env.go
  • extension/credential/env/env_test.go
  • extension/credential/types.go
  • extension/envelope/envelope.go
  • internal/output/dispatch.go
  • internal/registry/loader.go
🚧 Files skipped from review as they are similar to previous changes (7)
  • extension/apimeta/apimeta.go
  • extension/credential/types.go
  • extension/envelope/envelope.go
  • internal/output/dispatch.go
  • extension/credential/env/env_test.go
  • cmd/root.go
  • internal/registry/loader.go

📝 Walkthrough

Walkthrough

The change centralizes CLI error classification and envelope rendering, exposes embedded API metadata injection, and adds verified OpenID propagation from environment credentials through account resolution.

Changes

Error dispatch and envelope parity

Layer / File(s) Summary
Centralized error classification and rendering
internal/output/dispatch.go, internal/output/errors.go, internal/output/dispatch_test.go
Typed, partial, bare, Cobra usage, and untyped errors now produce consistent envelope and exit-code results, with unit coverage.
Root integration and public envelope API
cmd/root.go, extension/envelope/envelope.go, cmd/dispatch_golden_test.go
Root handling and embedders use the shared dispatcher, with byte-level parity tests against actual stderr output.

Embedded metadata injection

Layer / File(s) Summary
Embedded metadata injection lifecycle
internal/registry/loader.go, internal/registry/loader_inject_test.go, internal/registry/remote_test.go
Validated metadata can be injected before parsing, stored safely, exposed through the schema catalog, and rejected after parsing or on invalid input.
Public metadata injection API
extension/apimeta/apimeta.go, extension/apimeta/apimeta_test.go
The apimeta package exposes metadata injection and the registry-loaded sentinel with validation tests.

Verified OpenID account resolution

Layer / File(s) Summary
OpenID credential contract and environment resolution
extension/credential/types.go, extension/credential/env/env.go, extension/credential/env/env_test.go, internal/envvars/envvars.go
Account records whether OpenID is verified, and environment credentials assert OpenID only when UAT is available.
Credential-provider verification flow
internal/credential/credential_provider.go, internal/credential/credential_provider_test.go
User-info enrichment is skipped for non-empty verified OpenID values and retained for unverified or incomplete values.

Estimated code review effort: 4 (Complex) | ~45 minutes

Sequence Diagram(s)

sequenceDiagram
  participant CLI
  participant DispatchError
  participant EnvelopeRenderer
  participant Stderr
  CLI->>DispatchError: pass error and identity
  DispatchError->>EnvelopeRenderer: classify and render error
  EnvelopeRenderer-->>DispatchError: envelope bytes and exit code
  DispatchError-->>CLI: envelope, code, presence
  CLI->>Stderr: write envelope when present
Loading
sequenceDiagram
  participant Integrator
  participant ApiMeta
  participant Registry
  participant SchemaCatalog
  Integrator->>ApiMeta: SetEmbedded(metadata)
  ApiMeta->>Registry: SetEmbeddedMeta(metadata)
  Registry->>Registry: validate and store before parse
  Registry->>SchemaCatalog: expose embedded services
  SchemaCatalog-->>Integrator: injected catalog data
Loading

Possibly related PRs

Suggested reviewers: liangshuo-1, evandance

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 55.26% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: public APIs for embedded meta, error dispatch, and OpenID support.
Description check ✅ Passed The PR description follows the template and covers summary, changes, test plan, and related issues with relevant details.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/embedder-public-apis

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 13, 2026

Copy link
Copy Markdown

🚀 PR Preview Install Guide

🧰 CLI update

npm i -g https://pkg.pr.new/larksuite/cli/@larksuite/cli@7f23badfea46d2049073d1314327e9afb043a95d

🧩 Skill update

npx skills add larksuite/cli#feat/embedder-public-apis -y -g

@codecov

codecov Bot commented Jul 13, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 94.52055% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 74.70%. Comparing base (37d490a) to head (7f23bad).

Files with missing lines Patch % Lines
internal/output/dispatch.go 92.59% 1 Missing and 1 partial ⚠️
internal/output/errors.go 88.88% 1 Missing and 1 partial ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #1865      +/-   ##
==========================================
+ Coverage   74.66%   74.70%   +0.03%     
==========================================
  Files         877      880       +3     
  Lines       91731    91767      +36     
==========================================
+ Hits        68494    68556      +62     
+ Misses      17926    17894      -32     
- Partials     5311     5317       +6     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@extension/envelope/envelope.go`:
- Around line 4-26: Clarify the DispatchError documentation to exclude
command-context-dependent hint enrichment from its parity guarantee. Explicitly
state that the official root dispatcher may apply the need_user_authorization
scope hint through its Factory, while direct envelope.DispatchError calls on raw
errors do not, and revise the byte-identical/classification guarantee
accordingly.

In `@internal/output/dispatch.go`:
- Around line 49-54: Update the cobra-usage branch in the fallback construction
within dispatch error handling to chain .WithCause(err) onto the validation
error, matching the existing internal-error branch. Preserve the current subtype
and message while ensuring the original error remains available through
errors.Is and errors.Unwrap.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 49e025a8-335b-4722-ae68-e238fbc177cb

📥 Commits

Reviewing files that changed from the base of the PR and between 83352fe and cea83d7.

📒 Files selected for processing (18)
  • cmd/dispatch_golden_test.go
  • cmd/root.go
  • extension/apimeta/apimeta.go
  • extension/apimeta/apimeta_test.go
  • extension/credential/env/env.go
  • extension/credential/env/env_test.go
  • extension/credential/types.go
  • extension/envelope/envelope.go
  • internal/credential/credential_provider.go
  • internal/credential/credential_provider_test.go
  • internal/envvars/envvars.go
  • internal/output/dispatch.go
  • internal/output/dispatch_test.go
  • internal/output/errors.go
  • internal/qualitygate/cmd/semantic-review/main_test.go
  • internal/registry/loader.go
  • internal/registry/loader_inject_test.go
  • internal/registry/remote_test.go

Comment thread extension/envelope/envelope.go
Comment thread internal/output/dispatch.go
zhaojunlin0405 added a commit that referenced this pull request Jul 13, 2026
…cobra-usage cause

Address CodeRabbit review on PR #1865:
- envelope.DispatchError godoc no longer claims blanket byte-identical parity; it discloses that the official dispatcher folds the need_user_authorization scope hint via a Factory embedders lack, so a direct call omits only that hint.
- dispatch.go cobra-usage fallback now chains .WithCause(err), matching the internal-error branch and the repo guideline (keeps errors.Is/Unwrap working); envelope bytes and exit code are unchanged (Cause is not serialized).
…ed-literal break

Inserting an exported field mid-struct breaks downstream unkeyed struct literals (a Go API compatibility break for module embedders): a positional value intended for SupportedIdentities would land on the new bool field. Append OpenIDVerified after SupportedIdentities so existing field positions are preserved; keyed literals were already unaffected.
…ve lint

The bare mention of go:embed at the start of a doc comment line tripped gocheckcompilerdirectives (it parsed as a malformed //go:embed directive). Reword so the token appears mid-sentence.
…cobra-usage cause

Address CodeRabbit review on PR #1865:
- envelope.DispatchError godoc no longer claims blanket byte-identical parity; it discloses that the official dispatcher folds the need_user_authorization scope hint via a Factory embedders lack, so a direct call omits only that hint.
- dispatch.go cobra-usage fallback now chains .WithCause(err), matching the internal-error branch and the repo guideline (keeps errors.Is/Unwrap working); envelope bytes and exit code are unchanged (Cause is not serialized).
@zhaojunlin0405 zhaojunlin0405 force-pushed the feat/embedder-public-apis branch from cbdb39b to 7f23bad Compare July 14, 2026 06:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

feature size/L Large or sensitive change across domains or core paths

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant