Documentation
¶
Index ¶
- Constants
- func CollectAllScopesFromMeta(identity string) []string
- func CollectScopesForProjects(projects []string, identity string) []string
- func CollectScopesWithSources(projects []string, identity string) ([]string, map[string]*ScopeSource)
- func ComputeMinimumScopeSet(identity string) []string
- func FilterAutoApproveScopes(scopes []string) []string
- func FilterScopes(allScopes []string, domains []string, permissions []string) []string
- func GetReadOnlyScopes(identity string) []string
- func GetRegistryDir() string
- func GetScopeScore(scope string) int
- func GetScopesForDomains(projects []string, identity string) []string
- func GetServiceDescription(name, lang string) string
- func GetServiceDetailDescription(name, lang string) string
- func GetServiceTitle(name, lang string) string
- func GetStrFromMap(m map[string]interface{}, key string) string
- func GetStrSliceFromMap(m map[string]interface{}, key string) []string
- func IdentityToAccessToken(identity string) string
- func Init()
- func InitWithBrand(brand core.LarkBrand)
- func IsAutoApproveScope(scope string) bool
- func ListFromMetaProjects() []string
- func LoadAutoApproveSet() map[string]bool
- func LoadFromMeta(project string) map[string]interface{}
- func LoadOverrideAutoApproveAllow() map[string]bool
- func LoadOverrideAutoApproveDeny() map[string]bool
- func LoadPlatformAutoApproveSet() map[string]bool
- func LoadScopePriorities() map[string]int
- func ResolveScopesFromFilters(projects []string, permissions []string, identity string) []string
- func SelectRecommendedScope(scopes []interface{}, identity string) string
- type CacheMeta
- type CommandEntry
- type MergedRegistry
- type ScopeSource
Constants ¶
const DefaultScopeScore = 0
DefaultScopeScore is the score assigned to scopes not in the priorities table. Higher score = more recommended. Unscored scopes get 0 (least preferred).
Variables ¶
This section is empty.
Functions ¶
func CollectAllScopesFromMeta ¶
CollectAllScopesFromMeta collects all unique scopes from from_meta/*.json for the given identity ("user" or "tenant"). Results are deduplicated and sorted.
func CollectScopesForProjects ¶
CollectScopesForProjects collects the recommended scope for each API method in the specified from_meta projects. For each method, only the scope with the highest priority score is selected.
func CollectScopesWithSources ¶
func CollectScopesWithSources(projects []string, identity string) ([]string, map[string]*ScopeSource)
CollectScopesWithSources is like CollectScopesForProjects but also records which API method contributed each scope. Used by scope-audit.
func ComputeMinimumScopeSet ¶
ComputeMinimumScopeSet computes the minimum set of scopes that covers all from_meta API methods. Equivalent to CollectScopesForProjects with all projects.
func FilterAutoApproveScopes ¶
FilterAutoApproveScopes filters a scope list to only include auto-approve scopes.
func FilterScopes ¶
FilterScopes filters scopes by domain and permission level.
func GetReadOnlyScopes ¶
GetReadOnlyScopes returns read-only scopes from the recommended (best-per-method) scope set.
func GetRegistryDir ¶
func GetRegistryDir() string
GetRegistryDir returns the filesystem path to the registry directory. Used for finding skills files etc.
func GetScopeScore ¶
GetScopeScore returns the priority score for a scope, or DefaultScopeScore if not found.
func GetScopesForDomains ¶
GetScopesForDomains returns scopes for specific projects (by project name).
func GetServiceDescription ¶
GetServiceDescription returns the localized description for a service domain, suitable for --help output. Returns the description field directly. Returns empty string if not found in the config.
func GetServiceDetailDescription ¶
GetServiceDetailDescription returns the localized detail description for a service domain. Returns empty string if not found.
func GetServiceTitle ¶
GetServiceTitle returns the localized title for a service domain. Returns empty string if not found.
func GetStrFromMap ¶
GetStrFromMap extracts a string value from map[string]interface{}.
func GetStrSliceFromMap ¶
GetStrSliceFromMap extracts a []string value from map[string]interface{}. Returns nil if the key is missing or the value is not a string slice.
func IdentityToAccessToken ¶
IdentityToAccessToken maps the --identity flag value to the corresponding accessTokens value used in from_meta JSON files. Bot identity uses tenant_access_token, so "bot" maps to "tenant".
func Init ¶
func Init()
Init initializes the registry with default brand (feishu). It is safe to call multiple times (sync.Once).
func InitWithBrand ¶
InitWithBrand initializes the registry by loading embedded data and optionally overlaying cached remote data. The brand determines which remote API host to use. It is safe to call multiple times (sync.Once). Remote fetch errors are silently ignored when embedded data is available. If no embedded data exists and no cache is found, a synchronous fetch is attempted.
func IsAutoApproveScope ¶
IsAutoApproveScope returns true if the scope has AutoApprove rule.
func ListFromMetaProjects ¶
func ListFromMetaProjects() []string
ListFromMetaProjects lists available service project names (sorted).
func LoadAutoApproveSet ¶
LoadAutoApproveSet returns the set of auto-approve scope names. Sources (merged): recommend=="true" in scope_priorities.json + explicit allow/deny in scope_overrides.json.
func LoadFromMeta ¶
LoadFromMeta loads a service schema by project name. It returns data from the merged registry (embedded + cached remote overlay).
func LoadOverrideAutoApproveAllow ¶
LoadOverrideAutoApproveAllow returns scopes explicitly listed in scope_overrides.json recommend.allow (our desired additions).
func LoadOverrideAutoApproveDeny ¶
LoadOverrideAutoApproveDeny returns scopes explicitly listed in scope_overrides.json recommend.deny
func LoadPlatformAutoApproveSet ¶
LoadPlatformAutoApproveSet returns scopes with AutoApprove rule on the platform (from scope_priorities.json only, before overrides).
func LoadScopePriorities ¶
LoadScopePriorities loads the scope priorities map from scope_priorities.json. Scores are stored as float strings (e.g. "52.42") and rounded to int.
func ResolveScopesFromFilters ¶
ResolveScopesFromFilters resolves scopes from project and permission filters.
func SelectRecommendedScope ¶
SelectRecommendedScope selects the known scope with the highest priority score (higher = more recommended / least privilege). Scopes not in the priority table are skipped to avoid recommending invalid/unknown scopes.
Types ¶
type CacheMeta ¶
type CacheMeta struct {
LastCheckAt int64 `json:"last_check_at"`
Version string `json:"version,omitempty"`
Brand string `json:"brand,omitempty"`
}
CacheMeta holds metadata about the cached remote_meta.json file.
type CommandEntry ¶
type CommandEntry struct {
Command string // CLI label, e.g. "calendars create" or "+agenda"
Type string // "api" or "shortcut"
Scopes []string // effective scopes (requiredScopes if present, else [bestScope])
HTTPMethod string // e.g. "POST" (API only)
}
CommandEntry represents a CLI command (API method or shortcut) and its scopes.
func CollectCommandScopes ¶
func CollectCommandScopes(projects []string, identity string) []CommandEntry
CollectCommandScopes walks from_meta methods for the given projects and returns one CommandEntry per API method, sorted by command label.
Scope selection per method:
- If the method has a "requiredScopes" field, all of those scopes are needed (conjunction).
- Otherwise, only the highest-priority scope from "scopes" is shown (minimum privilege).
type MergedRegistry ¶
type MergedRegistry struct {
Version string `json:"version"`
Services []map[string]interface{} `json:"services"`
}
MergedRegistry is the top-level structure of remote_meta.json.
type ScopeSource ¶
type ScopeSource struct {
APIs []string // e.g. "POST calendar.event.create"
Shortcuts []string // e.g. "+send", "+reply"
}
ScopeSource tracks which APIs and shortcuts contributed a scope.
Source Files