@lark-project/meegle 1.0.8 → 1.0.10

package/CHANGELOG.md

@@ -8,6 +8,19 @@ versioned section on each npm release.
 
 ## [Unreleased]
 
+## [v1.0.10] - 2026-06-25
+
+### Fixed
+
+- `mywork todo` now adds an actionable troubleshooting suggestion when the backend returns `get action info fail`, pointing users to refresh command metadata and pass `--asset-key` for multi-workspace accounts.
+- Meegle runtime flags such as `--refresh` and `--profile` are no longer forwarded as backend tool parameters when passed explicitly on dynamic commands.
+
+## [v1.0.9] - 2026-06-11
+
+### Added
+
+- `attachment +download` now performs an extra integrity check on the downloaded file and aborts — writing nothing to disk — when the file fails validation or cannot be verified. A failed check returns a `CLIENT_FILE_SIGN_MISMATCH` error and an unverifiable response returns `CLIENT_FILE_SIGN_UNVERIFIED`; both carry a retry hint.
+
 ## [v1.0.8] - 2026-06-09
 
 ### Added

package/README.md

@@ -85,7 +85,15 @@ The default `meegle auth login` uses an arrow-key host picker plus a browser OAu
 npm install -g @lark-project/meegle
 ```
 
-**Step 2 — Persist the host**
+**Step 2 — Install the Agent Skill**
+
+> Recommended for AI-agent workflows, optional for direct CLI use. The skill teaches agents how to choose and run `meegle` commands correctly.
+
+```bash
+npx skills add larksuite/meegle-cli -y -g
+```
+
+**Step 3 — Persist the host**
 
 ```bash
 meegle config set host <host>
@@ -93,7 +101,7 @@ meegle config set host <host>
 
 Examples of `<host>`: `project.feishu.cn`, `meegle.com`, or your self-hosted tenant domain such as `your-tenant.example.com`.
 
-**Step 3 — Log in with Device Code**
+**Step 4 — Log in with Device Code**
 
 > Run this command in the background. It prints an authorization URL — extract it and send it to the user. The command exits automatically once the user completes authorization in the browser.
 
@@ -107,7 +115,7 @@ Alternatively, pass the host inline each time without persisting it:
 meegle auth login --device-code --host <host>
 ```
 
-**Step 4 — Verify**
+**Step 5 — Verify**
 
 ```bash
 meegle auth status
@@ -332,6 +340,11 @@ meegle mywork todo --action done --page-num 1
 meegle mywork todo --action overdue --page-num 1
 ```
 
+If `mywork todo` fails with `get action info fail`, refresh command metadata first:
+`meegle --refresh mywork todo --action this_week --page-num 1`. If your account
+belongs to multiple workspaces, pass the workspace key explicitly:
+`meegle mywork todo --action this_week --page-num 1 --asset-key Asset_xxx`.
+
 ### Querying Work Items
 
 ```bash
@@ -474,6 +487,18 @@ meegle attachment +download "$URL" \
   --output ./local.pdf --overwrite
 ```
 
+**Integrity check (`+download`)**: `+download` performs an extra integrity check
+on each downloaded file and aborts — writing nothing — if the file fails
+validation or cannot be verified. On a failed check you get a
+`CLIENT_FILE_SIGN_MISMATCH` error (unverifiable response →
+`CLIENT_FILE_SIGN_UNVERIFIED`); both are transient, so just retry.
+
+**Custom headers / env routing**: any custom headers configured for the active
+profile are applied to the download GET as well as the preprocess call, so an
+environment-routing header pins the whole download to the same environment. Auth
+headers are stripped before the GET so the token never reaches the
+object-storage host.
+
 `+upload` returns a JSON object with the file token and metadata:
 
 ```json

package/README.zh-CN.md

@@ -85,7 +85,15 @@ meegle inspect workitem.create
 npm install -g @lark-project/meegle
 ```
 
-**Step 2 — 持久化 host**
+**Step 2 — 安装 Agent Skill**
+
+> 推荐用于 AI Agent 场景；如果只是手动使用 CLI，则是可选步骤。Skill 会教 Agent 正确选择和执行 `meegle` 命令。
+
+```bash
+npx skills add larksuite/meegle-cli -y -g
+```
+
+**Step 3 — 持久化 host**
 
 ```bash
 meegle config set host <host>
@@ -93,7 +101,7 @@ meegle config set host <host>
 
 `<host>` 示例：`project.feishu.cn`、`meegle.com`，或自建租户域名（如 `your-tenant.example.com`）。
 
-**Step 3 — Device Code 登录**
+**Step 4 — Device Code 登录**
 
 > 建议后台执行。命令会输出授权 URL —— 提取后发给用户，用户在浏览器完成授权后命令自动退出。
 
@@ -107,7 +115,7 @@ meegle auth login --device-code
 meegle auth login --device-code --host <host>
 ```
 
-**Step 4 — 验证**
+**Step 5 — 验证**
 
 ```bash
 meegle auth status
@@ -332,6 +340,11 @@ meegle mywork todo --action done --page-num 1
 meegle mywork todo --action overdue --page-num 1
 ```
 
+如果 `mywork todo` 返回 `get action info fail`，先刷新命令元数据：
+`meegle --refresh mywork todo --action this_week --page-num 1`。如果账号同时属于多个工作区，
+请显式传入工作区 key：
+`meegle mywork todo --action this_week --page-num 1 --asset-key Asset_xxx`。
+
 ### 查询工作项
 
 ```bash
@@ -468,6 +481,15 @@ meegle attachment +download "$URL" \
   --output ./local.pdf --overwrite
 ```
 
+**完整性校验（`+download`）**：`+download` 会对下载的文件做一次额外的完整性校验，
+若校验失败或无法校验则中止下载、不写任何文件。校验不通过时返回
+`CLIENT_FILE_SIGN_MISMATCH` 错误（无法校验时为 `CLIENT_FILE_SIGN_UNVERIFIED`）；
+两者都是临时问题，重试即可。
+
+**自定义头 / 环境路由**：当前 profile 配置的自定义头会同时作用于下载 GET 与预处理调用，
+从而用环境路由头把整条下载固定到同一环境。GET 前会剥掉 auth 相关头，
+确保 token 不会发到对象存储所在的主机。
+
 `+upload` 输出 JSON 对象，包含 file_token 与文件元信息：
 
 ```json

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lark-project/meegle",
-  "version": "1.0.8",
+  "version": "1.0.10",
   "description": "Agent-First CLI for Meegle (Lark Project)",
   "license": "MIT",
   "homepage": "https://github.com/larksuite/meegle-cli#readme",