meegle-cli 0.1.0

package/dist/core/auth-policy.d.ts

@@ -0,0 +1,14 @@
+export type HttpMethod = 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
+export type AuthPolicy = 'NONE' | 'PLUGIN_WITH_USER_KEY' | 'PLUGIN_OPTIONAL_USER_KEY' | 'USER_TOKEN_REQUIRED';
+export interface EndpointRef {
+    method: HttpMethod;
+    path: string;
+}
+export interface CommandMeta {
+    id: string;
+    authPolicy: AuthPolicy;
+    endpoint?: EndpointRef;
+}
+export declare function isUserTokenOnlyEndpoint(path: string): boolean;
+export declare function assertCommandSupported(meta: CommandMeta): void;
+export declare function assertEndpointAllowed(endpoint?: EndpointRef): void;

package/dist/core/auth-policy.js

@@ -0,0 +1,37 @@
+import { CliError } from './cli-error.js';
+const USER_TOKEN_ONLY_TEMPLATES = new Set([
+    '/open_api/user/search',
+    '/open_api/:project_key/user_group',
+    '/open_api/:project_key/user_group/members',
+    '/open_api/:project_key/user_groups/members/page',
+]);
+const USER_TOKEN_ONLY_PATTERNS = [
+    /^\/open_api\/user\/search$/,
+    /^\/open_api\/[^/]+\/user_group$/,
+    /^\/open_api\/[^/]+\/user_group\/members$/,
+    /^\/open_api\/[^/]+\/user_groups\/members\/page$/,
+];
+function normalizePath(path) {
+    const noQuery = path.split('?')[0] ?? path;
+    return noQuery.replace(/\/+$/, '');
+}
+export function isUserTokenOnlyEndpoint(path) {
+    const normalized = normalizePath(path);
+    if (USER_TOKEN_ONLY_TEMPLATES.has(normalized)) {
+        return true;
+    }
+    return USER_TOKEN_ONLY_PATTERNS.some((pattern) => pattern.test(normalized));
+}
+export function assertCommandSupported(meta) {
+    if (meta.authPolicy === 'USER_TOKEN_REQUIRED') {
+        throw new CliError(`命令 "${meta.id}" 依赖 user_access_token，当前 CLI 运行在 plugin-only 模式，已拒绝执行。`, 2);
+    }
+}
+export function assertEndpointAllowed(endpoint) {
+    if (!endpoint) {
+        return;
+    }
+    if (isUserTokenOnlyEndpoint(endpoint.path)) {
+        throw new CliError(`接口 ${endpoint.method} ${endpoint.path} 在文档中标注为仅支持 user_access_token，plugin-only 模式已拒绝。`, 2);
+    }
+}

package/dist/core/cli-error.d.ts

@@ -0,0 +1,4 @@
+export declare class CliError extends Error {
+    readonly exitCode: number;
+    constructor(message: string, exitCode?: number);
+}

package/dist/core/cli-error.js

@@ -0,0 +1,9 @@
+export class CliError extends Error {
+    exitCode;
+    constructor(message, exitCode = 1) {
+        super(message);
+        this.name = 'CliError';
+        this.exitCode = exitCode;
+        Object.setPrototypeOf(this, CliError.prototype);
+    }
+}

package/dist/core/client-factory.d.ts

@@ -0,0 +1,3 @@
+import { MeegoClient } from 'meeglesdk';
+import type { CliProfile } from '../types/config.js';
+export declare function createClient(profile: CliProfile): MeegoClient;

package/dist/core/client-factory.js

@@ -0,0 +1,22 @@
+import { MeegoClient } from 'meeglesdk';
+const silentLogger = {
+    debug: () => { },
+    info: () => { },
+    warn: () => { },
+    error: () => { },
+};
+export function createClient(profile) {
+    const options = {
+        pluginId: profile.pluginId,
+        pluginSecret: profile.pluginSecret,
+        baseURL: profile.baseURL,
+        tokenType: profile.tokenType,
+        retry: {
+            maxRetries: 2,
+            retryDelay: 1000,
+        },
+        rateLimit: 'meego-openapi',
+        logger: silentLogger,
+    };
+    return new MeegoClient(options);
+}

package/dist/core/command-guard.d.ts

@@ -0,0 +1,16 @@
+import type { AuthContext, MeegoClient } from 'meeglesdk';
+import { type CommandMeta } from './auth-policy.js';
+import type { CliProfile } from '../types/config.js';
+export interface RuntimeOptions {
+    profile?: string;
+    userKey?: string;
+    compatAuth?: boolean;
+}
+export interface GuardContext {
+    profileName: string;
+    profile: CliProfile;
+    client: MeegoClient;
+    auth: AuthContext;
+    userKey?: string;
+}
+export declare function runGuarded<T>(meta: CommandMeta, runtime: RuntimeOptions, action: (ctx: GuardContext) => Promise<T>): Promise<T>;

package/dist/core/command-guard.js

@@ -0,0 +1,38 @@
+import { CliError } from './cli-error.js';
+import { assertCommandSupported, assertEndpointAllowed } from './auth-policy.js';
+import { getProfile } from './config-store.js';
+import { createClient } from './client-factory.js';
+function resolveUserKey(runtimeUserKey, defaultUserKey) {
+    if (runtimeUserKey?.trim()) {
+        return runtimeUserKey.trim();
+    }
+    if (defaultUserKey?.trim()) {
+        return defaultUserKey.trim();
+    }
+    if (process.env.MEEGLE_USER_KEY?.trim()) {
+        return process.env.MEEGLE_USER_KEY.trim();
+    }
+    return undefined;
+}
+function buildPluginAuth(userKey, compatAuth) {
+    if (!userKey) {
+        return { type: 'plugin' };
+    }
+    return {
+        type: 'plugin',
+        userKey,
+        authMode: compatAuth ? 0 : 1,
+    };
+}
+export async function runGuarded(meta, runtime, action) {
+    assertCommandSupported(meta);
+    assertEndpointAllowed(meta.endpoint);
+    const { name: profileName, profile } = await getProfile(runtime.profile);
+    const userKey = resolveUserKey(runtime.userKey, profile.defaultUserKey);
+    if (meta.authPolicy === 'PLUGIN_WITH_USER_KEY' && !userKey) {
+        throw new CliError(`命令 "${meta.id}" 需要 userKey，请传 --user-key 或先在 auth init 配置 defaultUserKey。`, 2);
+    }
+    const client = createClient(profile);
+    const auth = buildPluginAuth(userKey, runtime.compatAuth);
+    return action({ profileName, profile, client, auth, userKey });
+}

package/dist/core/config-store.d.ts

@@ -0,0 +1,15 @@
+import type { CliConfig, CliProfile } from '../types/config.js';
+export declare function getConfigFilePath(): string;
+export declare function loadConfig(): Promise<CliConfig>;
+export declare function saveConfig(config: CliConfig): Promise<void>;
+export declare function upsertProfile(profileName: string, profileInput: {
+    pluginId: string;
+    pluginSecret: string;
+    baseURL?: string;
+    tokenType?: 0 | 1;
+    defaultUserKey?: string;
+}): Promise<CliConfig>;
+export declare function getProfile(profileName?: string): Promise<{
+    name: string;
+    profile: CliProfile;
+}>;

package/dist/core/config-store.js

@@ -0,0 +1,69 @@
+import { mkdir, readFile, writeFile } from 'node:fs/promises';
+import os from 'node:os';
+import path from 'node:path';
+import { CliError } from './cli-error.js';
+const DEFAULT_BASE_URL = 'https://project.feishu.cn';
+const CONFIG_DIR = process.env.MEEGLE_CLI_CONFIG_DIR ?? path.join(os.homedir(), '.meegle-cli');
+const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
+const EMPTY_CONFIG = {
+    version: 1,
+    activeProfile: 'default',
+    profiles: {},
+};
+export function getConfigFilePath() {
+    return CONFIG_FILE;
+}
+async function ensureConfigDir() {
+    await mkdir(CONFIG_DIR, { recursive: true, mode: 0o700 });
+}
+export async function loadConfig() {
+    try {
+        const raw = await readFile(CONFIG_FILE, 'utf8');
+        const parsed = JSON.parse(raw);
+        if (parsed.version !== 1 || typeof parsed.activeProfile !== 'string' || !parsed.profiles) {
+            throw new CliError(`配置文件格式不兼容: ${CONFIG_FILE}`, 2);
+        }
+        return parsed;
+    }
+    catch (error) {
+        if (error.code === 'ENOENT') {
+            return { ...EMPTY_CONFIG };
+        }
+        if (error instanceof CliError) {
+            throw error;
+        }
+        throw new CliError(`读取配置失败: ${CONFIG_FILE}`, 1);
+    }
+}
+export async function saveConfig(config) {
+    await ensureConfigDir();
+    const content = `${JSON.stringify(config, null, 2)}\n`;
+    await writeFile(CONFIG_FILE, content, { encoding: 'utf8', mode: 0o600 });
+}
+export async function upsertProfile(profileName, profileInput) {
+    const config = await loadConfig();
+    const normalizedName = profileName.trim();
+    if (!normalizedName) {
+        throw new CliError('profile 名称不能为空', 2);
+    }
+    const profile = {
+        pluginId: profileInput.pluginId,
+        pluginSecret: profileInput.pluginSecret,
+        baseURL: profileInput.baseURL ?? DEFAULT_BASE_URL,
+        tokenType: profileInput.tokenType ?? 0,
+        defaultUserKey: profileInput.defaultUserKey,
+    };
+    config.profiles[normalizedName] = profile;
+    config.activeProfile = normalizedName;
+    await saveConfig(config);
+    return config;
+}
+export async function getProfile(profileName) {
+    const config = await loadConfig();
+    const name = profileName?.trim() || config.activeProfile;
+    const profile = config.profiles[name];
+    if (!profile) {
+        throw new CliError(`未找到 profile "${name}"，请先执行 meegle auth init --target-profile ${name} ...`, 2);
+    }
+    return { name, profile };
+}

package/dist/core/error-handler.d.ts

@@ -0,0 +1 @@
+export declare function handleCliError(error: unknown): number;

package/dist/core/error-handler.js

@@ -0,0 +1,52 @@
+import { CommanderError } from 'commander';
+import { ErrorCodes, MeegoError } from 'meeglesdk';
+import { CliError } from './cli-error.js';
+const TOKEN_TYPE_WRONG = 1000052755;
+function print(message) {
+    process.stderr.write(`${message}\n`);
+}
+function handleMeegoError(error) {
+    switch (error.errCode) {
+        case TOKEN_TYPE_WRONG:
+            print('接口仅支持 user_access_token；当前 CLI 为 plugin-only 模式，命令已拒绝。');
+            return 2;
+        case ErrorCodes.PLUGIN_TOKEN_MUST_HAVE_USER_KEY:
+            print('缺少 userKey。请传 --user-key 或在 auth init 中配置 defaultUserKey。');
+            return 2;
+        case ErrorCodes.X_USER_KEY_WRONG:
+            print('X-User-Key 无效。请检查 --user-key 是否正确。');
+            return 2;
+        case ErrorCodes.CHECK_TOKEN_FAILED:
+        case ErrorCodes.TOKEN_NOT_EXIST:
+        case ErrorCodes.CHECK_TOKEN_PERM_FAILED:
+            print(`鉴权失败(${error.errCode})：${error.errMsg}`);
+            return 3;
+        default:
+            print(`API 错误(${error.errCode})：${error.errMsg}`);
+            if (error.logId) {
+                print(`log_id: ${error.logId}`);
+            }
+            return 1;
+    }
+}
+export function handleCliError(error) {
+    if (error instanceof CommanderError) {
+        if (error.code !== 'commander.helpDisplayed') {
+            print(error.message);
+        }
+        return error.exitCode;
+    }
+    if (error instanceof CliError) {
+        print(error.message);
+        return error.exitCode;
+    }
+    if (error instanceof MeegoError) {
+        return handleMeegoError(error);
+    }
+    if (error instanceof Error) {
+        print(error.message);
+        return 1;
+    }
+    print('未知错误');
+    return 1;
+}

package/dist/core/json-file.d.ts

@@ -0,0 +1 @@
+export declare function readJsonFile<T>(filePath: string): Promise<T>;

package/dist/core/json-file.js

@@ -0,0 +1,12 @@
+import { readFile } from 'node:fs/promises';
+import { CliError } from './cli-error.js';
+export async function readJsonFile(filePath) {
+    try {
+        const raw = await readFile(filePath, 'utf8');
+        return JSON.parse(raw);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : 'unknown error';
+        throw new CliError(`读取 JSON 文件失败: ${filePath} (${message})`, 2);
+    }
+}

package/dist/core/output.d.ts

@@ -0,0 +1 @@
+export declare function printData(data: unknown, asJson: boolean): void;

package/dist/core/output.js

@@ -0,0 +1,11 @@
+export function printData(data, asJson) {
+    if (asJson) {
+        console.log(JSON.stringify(data, null, 2));
+        return;
+    }
+    if (typeof data === 'string') {
+        console.log(data);
+        return;
+    }
+    console.dir(data, { depth: null, colors: true });
+}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,15 @@
+#!/usr/bin/env node
+import { buildCli } from './cli.js';
+import { handleCliError } from './core/error-handler.js';
+async function main() {
+    const program = buildCli();
+    program.showHelpAfterError();
+    program.exitOverride();
+    try {
+        await program.parseAsync(process.argv);
+    }
+    catch (error) {
+        process.exitCode = handleCliError(error);
+    }
+}
+await main();

package/dist/types/config.d.ts

@@ -0,0 +1,12 @@
+export interface CliProfile {
+    pluginId: string;
+    pluginSecret: string;
+    baseURL: string;
+    tokenType: 0 | 1;
+    defaultUserKey?: string;
+}
+export interface CliConfig {
+    version: 1;
+    activeProfile: string;
+    profiles: Record<string, CliProfile>;
+}

package/dist/types/config.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "meegle-cli",
+  "version": "0.1.0",
+  "description": "Plugin-only CLI for Feishu Project (Meegle) based on meeglesdk",
+  "type": "module",
+  "bin": {
+    "meegle": "./dist/index.js"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "RELEASE.md"
+  ],
+  "scripts": {
+    "clean": "rm -rf dist",
+    "build": "npm run clean && tsc -p tsconfig.build.json",
+    "build:all": "npm run clean && tsc -p tsconfig.json",
+    "dev": "tsc -w -p tsconfig.json",
+    "typecheck": "tsc --noEmit -p tsconfig.json",
+    "test": "npm run build:all && node --test dist/tests/auth-policy.test.js dist/tests/e2e-cli.test.js",
+    "test:smoke:real": "npm run build:all && node --test dist/tests/smoke-real.test.js",
+    "release:check": "npm test && npm run build && npm pack --dry-run",
+    "prepublishOnly": "npm run release:check"
+  },
+  "keywords": [
+    "meegle",
+    "feishu",
+    "lark",
+    "project",
+    "cli"
+  ],
+  "dependencies": {
+    "commander": "^12.1.0",
+    "meeglesdk": "0.1.7"
+  },
+  "devDependencies": {
+    "@types/node": "^22.15.21",
+    "typescript": "^5.8.3"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}