registry

package
v1.0.42 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2026 License: MIT Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const DefaultScopeScore = 0

DefaultScopeScore is the score assigned to scopes not in the priorities table. Higher score = more recommended. Unscored scopes get 0 (least preferred).

Variables

This section is empty.

Functions

func BuildConsoleScopeURL added in v1.0.40 

func BuildConsoleScopeURL(brand core.LarkBrand, appID, scope string) string

BuildConsoleScopeURL returns the developer-console "apply scope" URL for the given app and scope, branded for feishu / lark. Returns "" when appID or scope is empty so callers can omit the field cleanly.

func CollectAllScopesFromMeta 

func CollectAllScopesFromMeta(identity string) []string

CollectAllScopesFromMeta collects all unique scopes from from_meta/*.json for the given identity ("user" or "tenant"). Results are deduplicated and sorted.

func CollectScopesForProjects 

func CollectScopesForProjects(projects []string, identity string) []string

CollectScopesForProjects collects the recommended scope for each API method in the specified from_meta projects. For each method, only the scope with the highest priority score is selected.

func CollectScopesWithSources 

func CollectScopesWithSources(projects []string, identity string) ([]string, map[string]*ScopeSource)

CollectScopesWithSources is like CollectScopesForProjects but also records which API method contributed each scope. Used by scope-audit.

func ComputeMinimumScopeSet 

func ComputeMinimumScopeSet(identity string) []string

ComputeMinimumScopeSet computes the minimum set of scopes that covers all from_meta API methods. Equivalent to CollectScopesForProjects with all projects.

func EmbeddedMetaJSON added in v1.0.42 

func EmbeddedMetaJSON() []byte

EmbeddedMetaJSON returns the raw embedded meta_data.json bytes for callers that need to parse key order or other JSON-level structure not exposed by LoadFromMeta (which loses map insertion order).

func EmbeddedServiceNames added in v1.0.42 

func EmbeddedServiceNames() []string

EmbeddedServiceNames returns sorted embedded service names (no overlay). Returns a defensive copy — callers must not mutate the package-level slice.

func EmbeddedSpec added in v1.0.42 

func EmbeddedSpec(serviceName string) map[string]interface{}

EmbeddedSpec returns the embedded spec for one service, or nil if unknown. Bypasses remote overlay — used for deterministic envelope output.

func ExtractRequiredScopes added in v1.0.40 

func ExtractRequiredScopes(detail interface{}) []string

ExtractRequiredScopes pulls scope names out of the API error's permission_violations field. The detail argument is the raw `error` block that the platform returns alongside lark code 99991672 / 99991679 — typically shaped as: 

{ "permission_violations": [ {"subject": "<scope>"}, ... ] }

Returns nil when the structure does not match or no non-empty subjects are present, so callers can branch on a simple len() == 0 check.

func FilterAutoApproveScopes 

func FilterAutoApproveScopes(scopes []string) []string

FilterAutoApproveScopes filters a scope list to only include auto-approve scopes.

func FilterScopes 

func FilterScopes(allScopes []string, domains []string, permissions []string) []string

FilterScopes filters scopes by domain and permission level.

func GetAuthChildren added in v1.0.8 

func GetAuthChildren(parent string) []string

GetAuthChildren returns all service names whose auth_domain equals parent.

func GetAuthDomain added in v1.0.8 

func GetAuthDomain(service string) string

GetAuthDomain returns the auth_domain for a service, or "" if not set. When auth_domain is set, the service's scopes are collected under the parent domain during auth login.

func GetReadOnlyScopes 

func GetReadOnlyScopes(identity string) []string

GetReadOnlyScopes returns read-only scopes from the recommended (best-per-method) scope set.

func GetRegistryDir 

func GetRegistryDir() string

GetRegistryDir returns the filesystem path to the registry directory. Used for finding skills files etc.

func GetScopeScore 

func GetScopeScore(scope string) int

GetScopeScore returns the priority score for a scope, or DefaultScopeScore if not found.

func GetScopesForDomains 

func GetScopesForDomains(projects []string, identity string) []string

GetScopesForDomains returns scopes for specific projects (by project name).

func GetServiceDescription 

func GetServiceDescription(name, lang string) string

GetServiceDescription returns the localized description for a service domain, suitable for --help output. Returns the description field directly. Returns empty string if not found in the config.

func GetServiceDetailDescription 

func GetServiceDetailDescription(name, lang string) string

GetServiceDetailDescription returns the localized detail description for a service domain. Returns empty string if not found.

func GetServiceTitle 

func GetServiceTitle(name, lang string) string

GetServiceTitle returns the localized title for a service domain. Returns empty string if not found.

func GetStrFromMap 

func GetStrFromMap(m map[string]interface{}, key string) string

GetStrFromMap extracts a string value from map[string]interface{}.

func GetStrSliceFromMap 

func GetStrSliceFromMap(m map[string]interface{}, key string) []string

GetStrSliceFromMap extracts a []string value from map[string]interface{}. Returns nil if the key is missing or the value is not a string slice.

func HasAuthDomain added in v1.0.8 

func HasAuthDomain(service string) bool

HasAuthDomain reports whether the service has an auth_domain configured.

func IdentityToAccessToken 

func IdentityToAccessToken(identity string) string

IdentityToAccessToken maps the --identity flag value to the corresponding accessTokens value used in from_meta JSON files. Bot identity uses tenant_access_token, so "bot" maps to "tenant".

func Init 

func Init()

Init initializes the registry with default brand (feishu). It is safe to call multiple times (sync.Once).

func InitWithBrand 

func InitWithBrand(brand core.LarkBrand)

InitWithBrand initializes the registry by loading embedded data and optionally overlaying cached remote data. The brand determines which remote API host to use. It is safe to call multiple times (sync.Once). Remote fetch errors are silently ignored when embedded data is available. If no embedded data exists and no cache is found, a synchronous fetch is attempted.

func IsAutoApproveScope 

func IsAutoApproveScope(scope string) bool

IsAutoApproveScope returns true if the scope has AutoApprove rule.

func ListFromMetaProjects 

func ListFromMetaProjects() []string

ListFromMetaProjects lists available service project names (sorted).

func LoadAutoApproveSet 

func LoadAutoApproveSet() map[string]bool

LoadAutoApproveSet returns the set of auto-approve scope names. Sources (merged): recommend=="true" in scope_priorities.json + explicit allow/deny in scope_overrides.json.

func LoadFromMeta 

func LoadFromMeta(project string) map[string]interface{}

LoadFromMeta loads a service schema by project name. It returns data from the merged registry (embedded + cached remote overlay).

func LoadOverrideAutoApproveAllow 

func LoadOverrideAutoApproveAllow() map[string]bool

LoadOverrideAutoApproveAllow returns scopes explicitly listed in scope_overrides.json recommend.allow (our desired additions).

func LoadOverrideAutoApproveDeny 

func LoadOverrideAutoApproveDeny() map[string]bool

LoadOverrideAutoApproveDeny returns scopes explicitly listed in scope_overrides.json recommend.deny

func LoadPlatformAutoApproveSet 

func LoadPlatformAutoApproveSet() map[string]bool

LoadPlatformAutoApproveSet returns scopes with AutoApprove rule on the platform (from scope_priorities.json only, before overrides).

func LoadScopePriorities 

func LoadScopePriorities() map[string]int

LoadScopePriorities loads the scope priorities map from scope_priorities.json. Scores are stored as float strings (e.g. "52.42") and rounded to int.

func ResolveScopesFromFilters 

func ResolveScopesFromFilters(projects []string, permissions []string, identity string) []string

ResolveScopesFromFilters resolves scopes from project and permission filters.

func SelectRecommendedScope 

func SelectRecommendedScope(scopes []interface{}, identity string) string

SelectRecommendedScope selects the known scope with the highest priority score (higher = more recommended / least privilege). Scopes not in the priority table are skipped to avoid recommending invalid/unknown scopes.

func SelectRecommendedScopeFromStrings added in v1.0.40 

func SelectRecommendedScopeFromStrings(scopes []string, identity string) string

SelectRecommendedScopeFromStrings is a string-typed convenience wrapper around SelectRecommendedScope. When no scope is recognized by the priority table, it falls back to the first input scope so callers always have something to surface to users.

Types

type CacheMeta 

type CacheMeta struct {
	LastCheckAt int64  `json:"last_check_at"`
	Version     string `json:"version,omitempty"`
	Brand       string `json:"brand,omitempty"`
}

CacheMeta holds metadata about the cached remote_meta.json file.

type CommandEntry 

type CommandEntry struct {
	Command    string   // CLI label, e.g. "calendars create" or "+agenda"
	Type       string   // "api" or "shortcut"
	Scopes     []string // effective scopes (requiredScopes if present, else [bestScope])
	HTTPMethod string   // e.g. "POST" (API only)
}

CommandEntry represents a CLI command (API method or shortcut) and its scopes.

func CollectCommandScopes 

func CollectCommandScopes(projects []string, identity string) []CommandEntry

CollectCommandScopes walks from_meta methods for the given projects and returns one CommandEntry per API method, sorted by command label.

Scope selection per method:

  • If the method has a "requiredScopes" field, all of those scopes are needed (conjunction).
  • Otherwise, only the highest-priority scope from "scopes" is shown (minimum privilege).

type MergedRegistry 

type MergedRegistry struct {
	Version  string                   `json:"version"`
	Services []map[string]interface{} `json:"services"`
}

MergedRegistry is the top-level structure of remote_meta.json.

type ScopeSource 

type ScopeSource struct {
	APIs      []string // e.g. "POST calendar.event.create"
	Shortcuts []string // e.g. "+send", "+reply"
}

ScopeSource tracks which APIs and shortcuts contributed a scope.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.