Security
29,068 installs
lark-cli 共享规则
by larksuite/cli
Use when first setting up lark-cli, running auth login, switching user/bot identity (--as), handling permission denied or scope errors, needing to update…
Skill content
Lark CLI configuration, authentication, and operational guidelines for agent workflows. - Requires initial setup via lark-cli config init --new; generate QR codes for all verification URLs using lark-cli auth qrcode before sharing with users - Supports two identity types-user (personal resources via auth login) and bot (application-level via appId/appSecret)-with distinct permission models; confirm identity matches the operation's intent - Handle permission errors differently by identity: bot requires backend scope setup (provide console_url), user requires auth login --scope or --domain with explicit scope specification - Use split-flow for agent-initiated auth: execute --no-wait --json to get verification URL and device code, display to user, then execute --device-code in a follow-up step after user confirms completion - High-risk write operations require explicit user confirmation; when CLI exits with code 10 and confirmation_required error, display the action details, obtain user consent, then retry with --yes appended to the original command lark-cli 共享规则 本技能指导你如何通过lark-cli操作飞书资源, 以及有哪些注意事项。 配置初始化 首次使用需运行 lark-cli config init 完成应用配置。 当你帮用户初始化配置时,使用background方式使用下面的命令发起配置应用流程,启动后读取输出,从中提取授权链接并发给用户。 URL 转发规则:当命令输出 verification_url、verification_uri_complete、console_url 等 URL 字段时:必须生成二维码:你必须调用 lark-cli auth qrcode 将 URL 转为二维码并展示给用户,这是必须步骤,不要跳过。优先生成 PNG 二维码(--output);仅当用户明确要求时才使用 ASCII(--ascii)。URL 输出规则:将 URL 视为不可修改的 opaque string,不要做任何修改(包括 URL 编码/解码、添加空格或标点、重新拼接 query),二维码和链接请一起展示给用户。 # 发起配置(该命令会阻塞直到用户打开链接并完成操作或过期) lark-cli config init --new 认证