feat(authorization): expand lark-shared auth guidance and tighten logout JSON contract

[yballul-bytedance]

Summary

Expand the lark-shared skill so it owns the full lark-cli authorization surface (login, status, logout, business-domain scopes, missing scopes, authorization revocation, _notice handling), and tighten the auth logout JSON-mode test so success responses are asserted to carry only loggedOut=true with no stray message field.

Changes

• skills/lark-shared/SKILL.md
  • Rewrite the skill description so authorization-related intents (auth login/status/logout, user vs bot identity, --domain business-domain permissions including all/docs/drive, missing scopes, authorization revocation, _notice JSON) route to this skill instead of update-config / Claude settings.
  • Add an 认证任务速查 table mapping user intents (full-permission login, per-domain login, single-scope login, current login status, logout, bot missing scope, revoking server-side authorization, revoking a single scope) to the canonical lark-cli commands and the JSON fields that should be cited in answers.
  • Document the LARKSUITE_CLI_NO_UPDATE_NOTIFIER=1 and LARKSUITE_CLI_NO_SKILLS_NOTIFIER=1 env vars for producing stable JSON when scripts or machines read the output.
  • Soften _notice.update handling: it must no longer interrupt the current task or be copied verbatim as the primary answer; surface the lark-cli update hint only after the user's request is complete and only when still relevant.
• cmd/auth/logout_test.go
  • In TestAuthLogoutRun_JSONMode_Success_WritesStdoutOnly, additionally assert that the success stdout payload does not contain a message field, locking in the contract that logout success carries only loggedOut=true (alongside the existing reason-absence check).

Test Plan

• git diff --check on the synced worktree (passed; no whitespace errors or conflict markers).
• The new assertion in TestAuthLogoutRun_JSONMode_Success_WritesStdoutOnly is exercised by the existing Go test suite for cmd/auth whenever go test ./cmd/auth/... is run in CI; it only tightens an existing success-path assertion and does not introduce new fixtures or dependencies.
• Skill doc change is content-only (Markdown) and does not affect any build or runtime artifact.

Related Issues

Auto research task: 01KVWPVKPPB9A5CE0W0C28VNSX

Summary by CodeRabbit

• Documentation
  • Refined the CLI skill guide for authentication and authorization scenarios, covering login/status/logout, user vs bot identity, domain-based access, required scopes, revocation, and interpreting _notice JSON.
  • Added a “认证任务速查” quick-reference mapping common intents to the recommended lark-cli auth commands and which JSON fields to cite for auth status --json --verify.
  • Improved guidance to suppress notifier interruptions during status checks and adjusted update-message handling to show advice only when relevant.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9d298044-c04a-4973-8d02-c9c1769571dc

📥 Commits

Reviewing files that changed from the base of the PR and between 5e0d683 and e9ef096.

📒 Files selected for processing (1)

• skills/lark-shared/SKILL.md

🚧 Files skipped from review as they are similar to previous changes (1)

• skills/lark-shared/SKILL.md

---

📝 Walkthrough

Walkthrough

The PR updates the shared Lark skill guidance for auth tasks and _notice.update handling. It adds a quick reference for common lark-cli auth scenarios, clarifies auth status --json --verify usage, and revises update-check instructions and notifier suppression guidance.

Changes

Lark shared skill guidance

Layer / File(s)	Summary
Auth quick reference skills/lark-shared/SKILL.md	Updates the skill description and adds a quick-reference table for lark-cli auth flows, login status checks, logout, and JSON fields for auth status --json --verify.
Update-check guidance skills/lark-shared/SKILL.md	Rewrites _notice.update handling to avoid surfacing it for unrelated requests, documents notifier-suppression env vars, and notes that lark-cli update updates both the CLI and AI Skills.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• larksuite/cli#144: Updates _notice.update handling and notifier suppression for lark-cli update, which matches the update-notification guidance changed here.
• larksuite/cli#884: Adds command: "lark-cli update" to emitted _notice payloads and adjusts related hints, aligning with the explicit lark-cli update note in this PR.

Suggested labels

domain/base

Suggested reviewers

• MaxHuang22
• liangshuo-1

Poem

I hop through auth on moonlit grass,
And nibble _notice as clouds drift past.
One update hop, then soft and clear,
The skill now whispers what to hear.
🐰✨ All ears, all set.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main changes to auth guidance and the logout JSON contract.
Description check	✅ Passed	The description follows the template and covers summary, changes, test plan, and related issue context.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch auto-research-sync/01KVWPVKPPB9A5CE0W0C28VNSX/mr-573-395863ea

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@skills/lark-shared/SKILL.md`:
- Line 146: The documentation in the SKILL guide overstates that lark-cli update
always syncs AI Skills. Update the wording near the update guidance to
distinguish the two install paths: when using the binary/self-update flow it
updates both CLI and AI Skills, but when installed via npm it only updates the
CLI and requires a separate skills sync step. Keep the reference to lark-cli
update and clarify the npm/manual sync behavior so the note is accurate.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6992a806-7dca-4c0f-80b2-d52ab608e89a

📥 Commits

Reviewing files that changed from the base of the PR and between ba51d48 and 5b5d16e.

📒 Files selected for processing (2)

• cmd/auth/logout_test.go
• skills/lark-shared/SKILL.md

[github-actions]

🚀 PR Preview Install Guide

🧰 CLI update

npm i -g https://pkg.pr.new/larksuite/cli/@larksuite/cli@e9ef096cd711b03e1634e8051642279882ee47be

🧩 Skill update

npx skills add larksuite/cli#auto-research-sync/01KVWPVKPPB9A5CE0W0C28VNSX/mr-573-395863ea -y -g

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.64%. Comparing base (ba51d48) to head (e9ef096).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1598      +/-   ##
==========================================
- Coverage   74.75%   74.64%   -0.11%     
==========================================
  Files         800      806       +6     
  Lines       80459    81386     +927     
==========================================
+ Hits        60147    60752     +605     
- Misses      15857    16101     +244     
- Partials     4455     4533      +78     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.