Documentation
¶
Index ¶
- Variables
- func GetConfigDir() string
- func GetConfigPath() string
- func RemoveSecretStore(input SecretInput, kc keychain.KeychainAccess)
- func ResolveOpenBaseURL(brand LarkBrand) string
- func ResolveSecretInput(s SecretInput, kc keychain.KeychainAccess) (string, error)
- func SaveMultiAppConfig(config *MultiAppConfig) error
- func ValidateProfileName(name string) error
- func ValidateSecretKeyMatch(appId string, secret SecretInput) error
- type AppConfig
- type AppUser
- type CliConfig
- func RequireAuth(kc keychain.KeychainAccess) (*CliConfig, error)
- func RequireAuthForProfile(kc keychain.KeychainAccess, profileOverride string) (*CliConfig, error)
- func RequireConfig(kc keychain.KeychainAccess) (*CliConfig, error)
- func RequireConfigForProfile(kc keychain.KeychainAccess, profileOverride string) (*CliConfig, error)
- func ResolveConfigFromMulti(raw *MultiAppConfig, kc keychain.KeychainAccess, profileOverride string) (*CliConfig, error)
- type ConfigError
- type Endpoints
- type Identity
- type LarkBrand
- type MultiAppConfig
- type SecretInput
- type SecretRef
- type StrictMode
Constants ¶
This section is empty.
Variables ¶
var ValidSecretSources = map[string]bool{ "file": true, "keychain": true, }
ValidSecretSources is the set of recognized SecretRef sources.
Functions ¶
func GetConfigDir ¶
func GetConfigDir() string
GetConfigDir returns the config directory path. If the home directory cannot be determined, it falls back to a relative path and prints a warning to stderr.
func RemoveSecretStore ¶
func RemoveSecretStore(input SecretInput, kc keychain.KeychainAccess)
RemoveSecretStore cleans up keychain entries when an app is removed. Errors are intentionally ignored — cleanup is best-effort.
func ResolveOpenBaseURL ¶
ResolveOpenBaseURL returns the Open API base URL for the given brand.
func ResolveSecretInput ¶
func ResolveSecretInput(s SecretInput, kc keychain.KeychainAccess) (string, error)
ResolveSecretInput resolves a SecretInput to a plain string. SecretRef objects are resolved by source (file / keychain).
func SaveMultiAppConfig ¶
func SaveMultiAppConfig(config *MultiAppConfig) error
SaveMultiAppConfig saves config to disk.
func ValidateProfileName ¶ added in v1.0.5
ValidateProfileName checks that a profile name is valid. Rejects empty names, whitespace, control characters, and shell-problematic characters, but allows Unicode letters (e.g. Chinese, Japanese) for localized profile names.
func ValidateSecretKeyMatch ¶ added in v1.0.7
func ValidateSecretKeyMatch(appId string, secret SecretInput) error
ValidateSecretKeyMatch checks that the appSecret keychain key references the expected appId. This prevents silent mismatches when config.json is edited by hand (e.g. appId changed but appSecret.id still points to the old app). Only applicable when appSecret is a keychain SecretRef; other forms are skipped.
Types ¶
type AppConfig ¶
type AppConfig struct {
Name string `json:"name,omitempty"`
AppId string `json:"appId"`
AppSecret SecretInput `json:"appSecret"`
Brand LarkBrand `json:"brand"`
Lang string `json:"lang,omitempty"`
DefaultAs Identity `json:"defaultAs,omitempty"` // AsUser | AsBot | AsAuto
StrictMode *StrictMode `json:"strictMode,omitempty"`
Users []AppUser `json:"users"`
}
AppConfig is a per-app configuration entry (stored format — secrets may be unresolved).
func (*AppConfig) ProfileName ¶ added in v1.0.5
ProfileName returns the display name for this app config. If Name is set, returns Name; otherwise falls back to AppId.
type CliConfig ¶
type CliConfig struct {
ProfileName string
AppID string
AppSecret string
Brand LarkBrand
DefaultAs Identity // AsUser | AsBot | AsAuto | "" (from config file)
UserOpenId string
UserName string
SupportedIdentities uint8 `json:"-"` // bitflag: 1=user, 2=bot; set by credential provider
}
CliConfig is the resolved single-app config used by downstream code.
func RequireAuth ¶
func RequireAuth(kc keychain.KeychainAccess) (*CliConfig, error)
RequireAuth loads config and ensures a user is logged in.
func RequireAuthForProfile ¶ added in v1.0.5
func RequireAuthForProfile(kc keychain.KeychainAccess, profileOverride string) (*CliConfig, error)
RequireAuthForProfile loads config for a profile and ensures a user is logged in.
func RequireConfig ¶
func RequireConfig(kc keychain.KeychainAccess) (*CliConfig, error)
RequireConfig loads the single-app config using the default profile resolution.
func RequireConfigForProfile ¶ added in v1.0.5
func RequireConfigForProfile(kc keychain.KeychainAccess, profileOverride string) (*CliConfig, error)
RequireConfigForProfile loads the single-app config for a specific profile. Resolution priority: profileOverride > config.CurrentApp > Apps[0].
func ResolveConfigFromMulti ¶ added in v1.0.5
func ResolveConfigFromMulti(raw *MultiAppConfig, kc keychain.KeychainAccess, profileOverride string) (*CliConfig, error)
ResolveConfigFromMulti resolves a single-app config from an already-loaded MultiAppConfig. This avoids re-reading the config file when the caller has already loaded it.
type ConfigError ¶
type ConfigError struct {
Code int // exit code: 2=validation, 3=auth
Type string // "config" or "auth"
Message string
Hint string
}
ConfigError is a structured error from config resolution. It carries enough information for main.go to convert it into an output.ExitError.
func (*ConfigError) Error ¶
func (e *ConfigError) Error() string
type Endpoints ¶
type Endpoints struct {
Open string // e.g. "https://open.feishu.cn"
Accounts string // e.g. "https://accounts.feishu.cn"
MCP string // e.g. "https://mcp.feishu.cn"
}
Endpoints holds resolved endpoint URLs for different Lark services.
func ResolveEndpoints ¶
ResolveEndpoints resolves endpoint URLs based on brand.
type LarkBrand ¶
type LarkBrand string
LarkBrand represents the Lark platform brand. "feishu" targets China-mainland, "lark" targets international. Any other string is treated as a custom base URL.
func ParseBrand ¶ added in v1.0.5
ParseBrand normalizes a brand string to a LarkBrand constant. Unrecognized values default to BrandFeishu.
type MultiAppConfig ¶
type MultiAppConfig struct {
StrictMode StrictMode `json:"strictMode,omitempty"`
CurrentApp string `json:"currentApp,omitempty"`
PreviousApp string `json:"previousApp,omitempty"`
Apps []AppConfig `json:"apps"`
}
MultiAppConfig is the multi-app config file format.
func LoadMultiAppConfig ¶
func LoadMultiAppConfig() (*MultiAppConfig, error)
LoadMultiAppConfig loads multi-app config from disk.
func (*MultiAppConfig) CurrentAppConfig ¶ added in v1.0.5
func (m *MultiAppConfig) CurrentAppConfig(profileOverride string) *AppConfig
CurrentAppConfig returns the currently active app config. Resolution priority: profileOverride > CurrentApp field > Apps[0].
func (*MultiAppConfig) FindApp ¶ added in v1.0.5
func (m *MultiAppConfig) FindApp(name string) *AppConfig
FindApp looks up an app by name, then by appId. Returns nil if not found. Name match takes priority: if profile A has Name "X" and profile B has AppId "X", FindApp("X") returns profile A.
func (*MultiAppConfig) FindAppIndex ¶ added in v1.0.5
func (m *MultiAppConfig) FindAppIndex(name string) int
FindAppIndex looks up an app index by name, then by appId. Returns -1 if not found.
func (*MultiAppConfig) ProfileNames ¶ added in v1.0.5
func (m *MultiAppConfig) ProfileNames() []string
ProfileNames returns all profile names (Name if set, otherwise AppId).
type SecretInput ¶
type SecretInput struct {
Plain string // non-empty for plain string values
Ref *SecretRef // non-nil for SecretRef values
}
SecretInput represents a secret value: either a plain string or a SecretRef object.
func ForStorage ¶
func ForStorage(appId string, input SecretInput, kc keychain.KeychainAccess) (SecretInput, error)
ForStorage determines how to store a secret in config.json. - SecretRef → preserved as-is - Plain text → stored in keychain, returns keychain SecretRef Returns error if keychain is unavailable (no silent plaintext fallback).
func PlainSecret ¶
func PlainSecret(s string) SecretInput
PlainSecret creates a SecretInput from a plain string.
func (SecretInput) IsPlain ¶
func (s SecretInput) IsPlain() bool
IsPlain returns true if this is a plain text string (not a SecretRef).
func (SecretInput) IsSecretRef ¶
func (s SecretInput) IsSecretRef() bool
IsSecretRef returns true if this is a SecretRef object (env/file/keychain).
func (SecretInput) IsZero ¶
func (s SecretInput) IsZero() bool
IsZero returns true if the SecretInput has no value.
func (SecretInput) MarshalJSON ¶
func (s SecretInput) MarshalJSON() ([]byte, error)
MarshalJSON serializes SecretInput: plain string → JSON string, SecretRef → JSON object.
func (*SecretInput) UnmarshalJSON ¶
func (s *SecretInput) UnmarshalJSON(data []byte) error
UnmarshalJSON deserializes SecretInput from either a JSON string or a SecretRef object.
type SecretRef ¶
type SecretRef struct {
Source string `json:"source"` // "file" | "keychain"
Provider string `json:"provider,omitempty"` // optional, reserved
ID string `json:"id"` // env var name / file path / command / keychain key
}
SecretRef references a secret stored externally.
type StrictMode ¶ added in v1.0.5
type StrictMode string
StrictMode represents the identity restriction policy.
const ( StrictModeOff StrictMode = "off" StrictModeBot StrictMode = "bot" StrictModeUser StrictMode = "user" )
func (StrictMode) AllowsIdentity ¶ added in v1.0.5
func (m StrictMode) AllowsIdentity(id Identity) bool
AllowsIdentity reports whether the given identity is permitted under this mode.
func (StrictMode) ForcedIdentity ¶ added in v1.0.5
func (m StrictMode) ForcedIdentity() Identity
ForcedIdentity returns the identity forced by this mode, or "" if not active.
func (StrictMode) IsActive ¶ added in v1.0.5
func (m StrictMode) IsActive() bool
IsActive returns true if strict mode restricts identity.
Source Files