openyida 2026.5.17 → 2026.5.18

package/README.md

@@ -242,6 +242,8 @@ Use `npm run test:e2e:real:cleanup` to list recorded disposable resources. OpenY
 openyida connector smart-create --curl "curl https://api.example.com/users"
 openyida connector list
 openyida integration create APP_XXX FORM_XXX "Sync customer data"
+openyida integration create APP_XXX FORM_XXX "Approval result notify" \
+  --events processFinish --approval-actions agree,disagree --receivers 123456
 openyida create-report APP_XXX "Sales Dashboard" .cache/openyida/reports/charts.json
 openyida append-chart APP_XXX REPORT_XXX .cache/openyida/reports/chart.json
 ```
@@ -258,13 +260,13 @@ Run `openyida --help` or `openyida <command> --help` for detailed usage.
 | `openyida env setup` | Choose a customer-friendly login environment preset: public, overseas, Alibaba intranet, or private deployment |
 | `openyida env <list\|show\|switch\|add\|remove>` | Manage public/private Yida environment profiles |
 | `openyida commands [--json]` | Emit the machine-readable command manifest |
-| `openyida login [--qr\|--agent-qr\|--codex\|--browser] [--env <name>\|--overseas\|--yidaapps] [--corp-id <corpId>]` | Log in to Yida |
+| `openyida login [--qr\|--agent-qr\|--codex\|--browser] [--env <name>\|--intl\|--overseas\|--global\|--yidaapps] [--corp-id <corpId>]` | Log in to Yida |
 | `openyida logout` | Log out or switch account |
 | `openyida auth <status\|login\|refresh\|logout>` | Manage login status |
 | `openyida org list` | List accessible organizations |
 | `openyida org switch --corp-id <corpId>` | Switch organization without logging in again |
 
-Environment selectors such as `--env intl`, `--overseas`, and `--yidaapps` can be used on login-required commands to choose the target Yida environment for that run.
+Environment selectors such as `--env intl`, `--intl`, `--overseas`, `--global`, and `--yidaapps` can be used on login-required commands to choose the target Yida environment for that run. The `intl` preset targets Global YiDA at `https://www.yidaapps.com` and uses DingTalk International OAuth at `https://login.dingtalk.io`; use `openyida login --browser --intl` when you need cookies accepted by Global YiDA business APIs.
 
 ### Applications
 
@@ -274,6 +276,7 @@ Environment selectors such as `--env intl`, `--overseas`, and `--yidaapps` can b
 | `openyida corp-efficiency [overview\|details\|detail\|groups\|notify] [options] [--open\|--no-open]` | Query enterprise efficiency metrics, detail report entries, and related notification actions |
 | `openyida create-app "<name>"\|--name <name> [options] [--open\|--no-open]` | Create an application and output `appType` |
 | `openyida update-app <appType> --name "..."` | Update application metadata |
+| `openyida app-permission <get\|set\|add\|remove\|search-user> ...` | Manage app primary admins, data admins, and developer members |
 | `openyida export <appType> [output]` | Export an application migration package |
 | `openyida import <file> [name]` | Import a migration package into a target environment |
 
@@ -319,13 +322,15 @@ Environment selectors such as `--env intl`, `--overseas`, and `--yidaapps` can b
 | `openyida create-report <appType> "<name>" <charts.json> [--open\|--no-open]` | Create a Yida report |
 | `openyida append-chart <appType> <reportId> <charts.json> [--open\|--no-open]` | Append a chart to an existing report |
 | `openyida connector <sub-command>` | Manage HTTP connectors, actions, tests, and auth accounts |
-| `openyida integration create <appType> <formUuid> <flowName> [options]` | Create an integration automation flow |
+| `openyida integration create <appType> <formUuid> <flowName> [options]` | Create an integration automation flow, including form and approval-process events |
 | `openyida integration list <appType> [--form-uuid <uuid>] [--status y\|n] [--json]` | List automation flows in an app, optionally filtered by form/status |
 | `openyida integration enable <appType> <formUuid> <processCode>` | Enable an automation flow |
 | `openyida integration disable <appType> <formUuid> <processCode>` | Disable an automation flow |
 | `openyida dws <command> [args]` | Access DingTalk CLI capabilities such as contacts, calendar, todo, and approval |
 | `openyida dingtalk-link <url> [--target fullScreen] [--legacy-scheme] [--json]` | Generate DingTalk AppLink URLs for opening pages in DingTalk; use `--legacy-scheme` only when old `dingtalk://` links are required |
 
+`openyida integration create` supports form events (`insert`, `update`, `delete`, `comment`) and approval events (`processFinish`, `activityTask`; aliases: `approval`, `approvalNode`). Approval events require `--approval-actions agree,disagree,terminated`; `activityTask` also requires `--approval-node-ids <nodeId,...>`.
+
 ### Utilities
 
 | Command | Description |
@@ -441,11 +446,15 @@ Scan the QR code to join the OpenYida DingTalk user group for updates and suppor
 
 Thanks to everyone who has contributed to OpenYida. Read the [Contributing Guide](./CONTRIBUTING.md) to get involved.
 
+Latest contributors: [DDlixin1](https://github.com/DDlixin1), [fcloud](https://github.com/fcloud).
+
 <!-- openyida-contributors:start -->
 
 <p>
   <a href="https://github.com/yize"><img src="https://github.com/yize.png?size=48" width="48" height="48" alt="九神" title="九神" /></a>
   <a href="https://github.com/alex-mm"><img src="https://github.com/alex-mm.png?size=48" width="48" height="48" alt="天晟" title="天晟" /></a>
+  <a href="https://github.com/DDlixin1"><img src="https://github.com/DDlixin1.png?size=48" width="48" height="48" alt="DDlixin1" title="DDlixin1" /></a>
+  <a href="https://github.com/fcloud"><img src="https://github.com/fcloud.png?size=48" width="48" height="48" alt="Aiden Wu (fcloud)" title="Aiden Wu (fcloud)" /></a>
   <a href="https://github.com/nicky1108"><img src="https://github.com/nicky1108.png?size=48" width="48" height="48" alt="nicky1108" title="nicky1108" /></a>
   <a href="https://github.com/angelinheys"><img src="https://github.com/angelinheys.png?size=48" width="48" height="48" alt="angelinheys" title="angelinheys" /></a>
   <a href="https://github.com/yipengmu"><img src="https://github.com/yipengmu.png?size=48" width="48" height="48" alt="yipengmu" title="yipengmu" /></a>

package/bin/yida.js

@@ -692,6 +692,12 @@ async function main() {
       break;
     }
 
+    case 'app-permission': {
+      const { run: runAppPermission } = require('../lib/app-permission/app-permission');
+      await runAppPermission(args);
+      break;
+    }
+
     case 'data': {
       if (args.length < 2) {
         warn('用法: openyida data <action> <resource> [args] [options]');

package/lib/app-permission/app-permission.js

@@ -0,0 +1,459 @@
+'use strict';
+
+const querystring = require('querystring');
+
+const {
+  loadCookieData,
+  triggerLogin,
+  resolveBaseUrl,
+  httpGet,
+  httpPost,
+  requestWithAutoLogin,
+} = require('../core/utils');
+const { searchUsers } = require('../corp-manager/api');
+
+const ROLE_CONFIGS = {
+  MAIN: {
+    key: 'main',
+    label: '应用主管理员',
+    memberField: 'managers',
+    idField: 'managerIdList',
+    required: true,
+  },
+  DATA: {
+    key: 'data',
+    label: '数据管理员',
+    memberField: 'dataManagers',
+    idField: 'dataManagerUserIdList',
+    required: false,
+  },
+  DEV: {
+    key: 'dev',
+    label: '开发成员',
+    memberField: 'devManagers',
+    idField: 'devManagerUserIdList',
+    required: false,
+  },
+};
+
+const ROLE_ALIASES = {
+  main: 'MAIN',
+  primary: 'MAIN',
+  owner: 'MAIN',
+  admin: 'MAIN',
+  manager: 'MAIN',
+  mainManagers: 'MAIN',
+  MAIN: 'MAIN',
+
+  data: 'DATA',
+  dataAdmin: 'DATA',
+  dataManager: 'DATA',
+  dataManagers: 'DATA',
+  DATA: 'DATA',
+
+  dev: 'DEV',
+  develop: 'DEV',
+  developer: 'DEV',
+  development: 'DEV',
+  devManager: 'DEV',
+  devManagers: 'DEV',
+  DEV: 'DEV',
+};
+
+const USAGE = `openyida app-permission - 应用级管理员设置
+
+Usage:
+  openyida app-permission search-user <keyword> [--dept <text>] [--size N]
+  openyida app-permission get <appType>
+  openyida app-permission set <appType> <main|data|dev> --users <userId1,userId2>
+  openyida app-permission set <appType> <data|dev> --clear
+  openyida app-permission add <appType> <main|data|dev> --users <userId1,userId2>
+  openyida app-permission remove <appType> <main|data|dev> --users <userId1,userId2>
+
+Examples:
+  openyida app-permission get APP_XXX
+  openyida app-permission add APP_XXX data --users manager7350
+  openyida app-permission set APP_XXX dev --users user001,user002
+`;
+
+function fail(message) {
+  console.error(message);
+  console.error(USAGE);
+  process.exit(1);
+}
+
+function printJson(payload) {
+  console.log(JSON.stringify(payload, null, 2));
+}
+
+function getAuthRef() {
+  let cookieData = loadCookieData();
+  if (!cookieData || !cookieData.cookies || !cookieData.csrf_token) {
+    cookieData = triggerLogin();
+  }
+
+  if (!cookieData || !cookieData.cookies || !cookieData.csrf_token) {
+    throw new Error('无法获取有效登录态或 CSRF Token');
+  }
+
+  return {
+    csrfToken: cookieData.csrf_token,
+    cookies: cookieData.cookies,
+    baseUrl: resolveBaseUrl(cookieData),
+    cookieData,
+  };
+}
+
+function assertSuccess(result, action) {
+  if (result && result.success) {
+    return result;
+  }
+  const message = result && (result.errorMsg || result.message || result.errorCode);
+  throw new Error(`${action}失败${message ? `：${message}` : ''}`);
+}
+
+function normalizeRole(role) {
+  const normalized = ROLE_ALIASES[String(role || '').trim()];
+  if (!normalized) {
+    throw new Error(`无效角色：${role}，可用值：main, data, dev`);
+  }
+  return normalized;
+}
+
+function normalizeText(value) {
+  if (value === null || value === undefined) {
+    return '';
+  }
+  if (typeof value === 'string') {
+    return value;
+  }
+  if (typeof value === 'object') {
+    return value.zh_CN || value.pureEn_US || value.en_US || value.value || value.text || value.label || '';
+  }
+  return String(value);
+}
+
+function validateAppType(appType) {
+  if (!appType) {
+    throw new Error('缺少 appType');
+  }
+  if (/[/?#]/.test(appType)) {
+    throw new Error(`无效 appType：${appType}`);
+  }
+  return appType;
+}
+
+function splitList(value) {
+  if (!value || value === true) {
+    return [];
+  }
+  if (Array.isArray(value)) {
+    return value;
+  }
+  return String(value).split(',').map(item => item.trim()).filter(Boolean);
+}
+
+function unique(values) {
+  return [...new Set((values || []).map(value => String(value).trim()).filter(Boolean))];
+}
+
+function toPositiveInt(value, defaultValue) {
+  const parsed = Number.parseInt(value || `${defaultValue}`, 10);
+  if (!Number.isFinite(parsed) || parsed <= 0) {
+    return defaultValue;
+  }
+  return parsed;
+}
+
+function parseCliOptions(tokens) {
+  const positionals = [];
+  const options = {};
+
+  for (let i = 0; i < tokens.length; i += 1) {
+    const token = tokens[i];
+    if (token.startsWith('--')) {
+      const key = token.slice(2).replace(/-/g, '_');
+      const next = tokens[i + 1];
+      if (next !== undefined && !next.startsWith('--')) {
+        options[key] = next;
+        i += 1;
+      } else {
+        options[key] = true;
+      }
+    } else {
+      positionals.push(token);
+    }
+  }
+
+  return { positionals, options };
+}
+
+function buildCommonParams(authRef, params = {}) {
+  return {
+    _csrf_token: authRef.csrfToken,
+    _locale_time_zone_offset: '28800000',
+    _stamp: String(Date.now()),
+    ...params,
+  };
+}
+
+async function appGet(appType, path, params, authRef = getAuthRef()) {
+  const safeAppType = validateAppType(appType);
+  return requestWithAutoLogin(
+    auth => httpGet(
+      auth.baseUrl,
+      `/${safeAppType}/${path.replace(/^\/+/, '')}`,
+      buildCommonParams(auth, params),
+      auth.cookies,
+    ),
+    authRef,
+  );
+}
+
+async function appPost(appType, path, params, authRef = getAuthRef()) {
+  const safeAppType = validateAppType(appType);
+  return requestWithAutoLogin(
+    auth => httpPost(
+      auth.baseUrl,
+      `/${safeAppType}/${path.replace(/^\/+/, '')}`,
+      querystring.stringify(buildCommonParams(auth, params)),
+      auth.cookies,
+    ),
+    authRef,
+  );
+}
+
+function normalizeMember(record) {
+  const userId = record.userId || record.emplId || record.id || record.key || record.workNo || '';
+  const userName = normalizeText(
+    record.displayName ||
+    record.defaultName ||
+    record.name ||
+    record.nickName ||
+    record.label ||
+    record.userName,
+  );
+
+  return {
+    userId,
+    userName,
+    dingtalkId: record.dingtalkId || '',
+    avatar: record.personalPhoto || record.personalPhotoUrl || record.avatar || '',
+    companyNo: record.companyNo || '',
+    workStatus: record.workStatus || '',
+  };
+}
+
+function memberIds(members) {
+  return unique((members || []).map(member => member.userId || member.emplId || member.id || member.key));
+}
+
+function idsFromContent(content, config) {
+  const idValue = content[config.idField];
+  const idsFromField = typeof idValue === 'string' ? splitList(idValue) : [];
+  if (idsFromField.length > 0) {
+    return unique(idsFromField);
+  }
+  return memberIds(content[config.memberField] || []);
+}
+
+function normalizeRolePayload(content, roleType) {
+  const config = ROLE_CONFIGS[roleType];
+  const members = (content[config.memberField] || []).map(normalizeMember);
+  const ids = idsFromContent(content, config);
+
+  return {
+    role: config.key,
+    roleType,
+    roleLabel: config.label,
+    required: config.required,
+    userIds: ids,
+    members,
+  };
+}
+
+function normalizeAppPermission(content = {}) {
+  return {
+    success: true,
+    appType: content.appType || '',
+    appName: normalizeText(content.appName),
+    sentryMode: content.sentryMode || '',
+    isAccessControl: content.isAccessControl || '',
+    allowExternalAddressBook: content.allowExternalAddressBook || '',
+    newAllowExternalAddressBook: content.newAllowExternalAddressBook || '',
+    currentUserAdminType: content.adminType || '',
+    roles: {
+      main: normalizeRolePayload(content, 'MAIN'),
+      data: normalizeRolePayload(content, 'DATA'),
+      dev: normalizeRolePayload(content, 'DEV'),
+    },
+  };
+}
+
+async function getAppPermission(appType, authRef = getAuthRef()) {
+  const result = await appGet(
+    appType,
+    '/query/app/getAppIncludingAecpInfo.json',
+    { appKey: appType },
+    authRef,
+  );
+  assertSuccess(result, '查询应用管理员设置');
+  return normalizeAppPermission(result.content || {});
+}
+
+async function saveRoleManagers(options = {}, authRef = getAuthRef()) {
+  const appType = validateAppType(options.appType);
+  const roleType = normalizeRole(options.role || options.roleType);
+  const userIds = unique(options.userIds || options.users || []);
+
+  if (ROLE_CONFIGS[roleType].required && userIds.length === 0) {
+    throw new Error(`${ROLE_CONFIGS[roleType].label}不能为空`);
+  }
+
+  const result = await appPost(
+    appType,
+    '/query/app/updateAppAdmin.json',
+    {
+      adminType: roleType,
+      managers: userIds.join(','),
+    },
+    authRef,
+  );
+  assertSuccess(result, '保存应用管理员设置');
+
+  return {
+    success: true,
+    appType,
+    role: ROLE_CONFIGS[roleType].key,
+    roleType,
+    roleLabel: ROLE_CONFIGS[roleType].label,
+    userIds,
+    content: result.content,
+  };
+}
+
+async function updateRoleManagers(options = {}, authRef = getAuthRef()) {
+  const appType = validateAppType(options.appType);
+  const roleType = normalizeRole(options.role || options.roleType);
+  const action = options.action || 'set';
+  const inputUserIds = unique(options.userIds || options.users || []);
+
+  if (action === 'set') {
+    return saveRoleManagers({ appType, roleType, userIds: inputUserIds }, authRef);
+  }
+
+  if (inputUserIds.length === 0) {
+    throw new Error(`${action} 操作必须提供 --users`);
+  }
+
+  const current = await getAppPermission(appType, authRef);
+  const roleKey = ROLE_CONFIGS[roleType].key;
+  const previousUserIds = current.roles[roleKey].userIds;
+  let nextUserIds;
+
+  if (action === 'add') {
+    nextUserIds = unique(previousUserIds.concat(inputUserIds));
+  } else if (action === 'remove') {
+    const removeSet = new Set(inputUserIds);
+    nextUserIds = previousUserIds.filter(userId => !removeSet.has(userId));
+  } else {
+    throw new Error(`未知操作：${action}`);
+  }
+
+  const saved = await saveRoleManagers({ appType, roleType, userIds: nextUserIds }, authRef);
+  return {
+    ...saved,
+    action,
+    previousUserIds,
+  };
+}
+
+async function runSearchUser(positionals, options) {
+  const keyword = positionals[0];
+  if (!keyword) {
+    fail('缺少搜索关键词');
+  }
+
+  printJson(await searchUsers({
+    keyword,
+    dept: options.dept || options.department,
+    size: toPositiveInt(options.size, 50),
+  }));
+}
+
+async function runGet(positionals) {
+  const appType = positionals[0];
+  if (!appType) {
+    fail('缺少 appType');
+  }
+  printJson(await getAppPermission(appType));
+}
+
+async function runUpdate(action, positionals, options) {
+  const appType = positionals[0];
+  const role = positionals[1];
+  if (!appType) {
+    fail('缺少 appType');
+  }
+  if (!role) {
+    fail('缺少角色：main、data 或 dev');
+  }
+
+  const userIds = options.clear ? [] : splitList(options.users || options.user || options.user_ids);
+  if (!options.clear && userIds.length === 0) {
+    fail(`${action} 操作必须提供 --users <userId1,userId2>；清空 data/dev 请使用 --clear`);
+  }
+  if (options.clear && action !== 'set') {
+    fail('--clear 只支持 set 操作');
+  }
+
+  const saved = await updateRoleManagers({
+    action,
+    appType,
+    role,
+    userIds,
+  });
+  const current = await getAppPermission(appType);
+  const roleKey = ROLE_CONFIGS[saved.roleType].key;
+
+  printJson({
+    ...saved,
+    currentRole: current.roles[roleKey],
+  });
+}
+
+async function run(args) {
+  const { positionals, options } = parseCliOptions(args);
+  const action = positionals.shift();
+
+  if (!action || action === '--help' || action === '-h') {
+    console.log(USAGE);
+    return;
+  }
+
+  if (action === 'search-user') {
+    await runSearchUser(positionals, options);
+  } else if (action === 'get' || action === 'list') {
+    await runGet(positionals);
+  } else if (['set', 'add', 'remove'].includes(action)) {
+    await runUpdate(action, positionals, options);
+  } else {
+    fail(`未知 app-permission 子命令：${action}`);
+  }
+}
+
+module.exports = {
+  ROLE_CONFIGS,
+  ROLE_ALIASES,
+  USAGE,
+  parseCliOptions,
+  splitList,
+  normalizeRole,
+  normalizeText,
+  normalizeMember,
+  normalizeAppPermission,
+  getAppPermission,
+  saveRoleManagers,
+  updateRoleManagers,
+  run,
+};

package/lib/core/command-manifest.js

@@ -20,7 +20,7 @@ const COMMAND_GROUPS = [
     id: 'auth',
     titleKey: 'help.group_auth',
     commands: [
-      command('login', ['login'], 'login [--qr|--agent-qr|--codex|--browser] [--env <name>|--overseas|--yidaapps] [--corp-id <corpId>]', 'help.cmd_login', {
+      command('login', ['login'], 'login [--qr|--agent-qr|--codex|--browser] [--env <name>|--intl|--overseas|--global|--yidaapps] [--corp-id <corpId>]', 'help.cmd_login', {
         requiresLogin: false,
         output: 'json',
       }),
@@ -46,6 +46,9 @@ const COMMAND_GROUPS = [
       }),
       command('create-app', ['create-app'], 'create-app "<name>"|--name <name> [options] [--open|--no-open]', 'help.cmd_create_app'),
       command('update-app', ['update-app'], 'update-app <appType> --name "..."', 'help.cmd_update_app'),
+      command('app-permission', ['app-permission'], 'app-permission <get|set|add|remove|search-user> ...', 'help.cmd_app_permission', {
+        output: 'json',
+      }),
       command('export', ['export'], 'export <appType> [output]', 'help.cmd_export'),
       command('import', ['import'], 'import <file> [name]', 'help.cmd_import'),
     ],
@@ -133,6 +136,7 @@ const COMMAND_GROUPS = [
       command('integration.create', ['integration', 'create'], 'integration create <appType> ...', 'help.cmd_integration'),
       command('integration.check', ['integration', 'check'], 'integration check <appType...>', 'help.cmd_integration_check'),
       command('dws', ['dws'], 'dws <command> [args]', 'help.cmd_dws'),
+      command('dws.contact-user-search', ['dws', 'contact', 'user', 'search'], 'dws contact user search --keyword <text>', 'help.cmd_dws'),
       command('dingtalk-link', ['dingtalk-link'], 'dingtalk-link <url> [--target fullScreen] [--legacy-scheme] [--json]', 'help.cmd_dingtalk_link', {
         requiresLogin: false,
         output: 'text|json',

package/lib/core/env-manager.js

@@ -65,14 +65,23 @@ function buildDingtalkOAuthLoginUrl(options = {}) {
     scope: 'openid corpid',
     lang: options.lang || 'zh_CN',
   });
+  if (options.forceLogin) {
+    params.set('FEForceLogin', 'true');
+  }
 
   return `${loginOrigin}/oauth2/auth?${params.toString()}`;
 }
 
+// 海外 YiDA / DingTalk International 登录入口。
+// 必须满足三个条件才能让国际版钉钉扫码识别：
+//   1. login origin 为 login.dingtalk.io
+//   2. redirect_uri 落在 www.yidaapps.com（否则登完跳回国内域名，海外后端拿不到 session）
+//   3. 追加 FEForceLogin=true，强制走国际版登录流程
 const INTERNATIONAL_LOGIN_URL = buildDingtalkOAuthLoginUrl({
   loginOrigin: DINGTALK_INTL_LOGIN_ORIGIN,
   baseUrl: INTERNATIONAL_BASE_URL,
   lang: 'en_US',
+  forceLogin: true,
 });
 const LEGACY_INTERNATIONAL_LOGIN_URL = buildDingtalkOAuthLoginUrl({
   loginOrigin: DINGTALK_INTL_LOGIN_ORIGIN,
@@ -96,11 +105,11 @@ const DEFAULT_ALIBABA_INTERNAL_ENV = {
   cookieFile: 'cookies-alibaba.json',
 };
 
-/** 海外版 DingTalk / Wukong 环境配置 */
+/** 海外版 YiDA / DingTalk International 环境配置 */
 const DEFAULT_INTERNATIONAL_ENV = {
   baseUrl: INTERNATIONAL_BASE_URL,
   loginUrl: INTERNATIONAL_LOGIN_URL,
-  description: '海外版 YiDA Apps / DingTalk / Wukong（login.dingtalk.io）',
+  description: '海外版 YiDA Apps / DingTalk International（www.yidaapps.com）',
   cookieFile: 'cookies-intl.json',
 };
 
@@ -115,27 +124,51 @@ const ENV_ALIASES = {
   aliyun: 'public',
   domestic: 'public',
   china: 'public',
+  '国内': 'public',
+  '国内版': 'public',
+  '中国': 'public',
+  '中国版': 'public',
+  '国内宜搭': 'public',
+  '中国宜搭': 'public',
   overseas: 'intl',
   oversea: 'intl',
   international: 'intl',
   global: 'intl',
   abroad: 'intl',
   intl: 'intl',
+  '海外': 'intl',
+  '海外版': 'intl',
+  '国际': 'intl',
+  '国际版': 'intl',
+  '全球': 'intl',
+  '全球版': 'intl',
+  '海外宜搭': 'intl',
+  '海外yida': 'intl',
+  '国际宜搭': 'intl',
+  '全球宜搭': 'intl',
+  '日本': 'intl',
+  '日本宜搭': 'intl',
+  '日本yida': 'intl',
   alibaba: 'alibaba',
   internal: 'alibaba',
   intranet: 'alibaba',
+  '阿里': 'alibaba',
+  '阿里内网': 'alibaba',
+  '内网': 'alibaba',
 };
 
 const SHARED_COOKIE_DOMAINS = new Set([
   'aliwork.com',
   'yidaapps.com',
   'alibaba-inc.com',
+  'yidaapps.com',
 ]);
 
 const KNOWN_YIDA_HOSTS = new Set([
   'www.aliwork.com',
   'www.yidaapps.com',
   'yida-group.alibaba-inc.com',
+  'www.yidaapps.com',
 ]);
 
 function cloneBuiltinEnvironments() {
@@ -255,6 +288,7 @@ function inferLoginUrlForBaseUrl(baseUrl, fallbackLoginUrl) {
       loginOrigin: DINGTALK_INTL_LOGIN_ORIGIN,
       baseUrl: normalizedBaseUrl,
       lang: 'en_US',
+      forceLogin: true,
     });
   }
   return fallbackLoginUrl || `${normalizedBaseUrl}/workPlatform`;

package/lib/core/locales/ar.js

@@ -21,6 +21,7 @@ module.exports = {
     cmd_corp_efficiency: 'استعلام عن نظرة عامة على كفاءة المؤسسة وتقارير التفاصيل',
     cmd_create_app: 'إنشاء تطبيق Yida',
     cmd_update_app: 'تحديث معلومات التطبيق',
+    cmd_app_permission: 'إدارة مسؤولي التطبيق الأساسيين والبيانات والتطوير',
     cmd_export: 'تصدير التطبيق (حزمة الترحيل)',
     cmd_import: 'استيراد حزمة الترحيل، إعادة بناء التطبيق',
     group_form: 'النماذج & الصفحات',

package/lib/core/locales/de.js

@@ -21,6 +21,7 @@ module.exports = {
     cmd_corp_efficiency: 'Unternehmenseffizienz-Übersicht und Detailberichte abrufen',
     cmd_create_app: 'Yida-App erstellen',
     cmd_update_app: 'App-Informationen aktualisieren',
+    cmd_app_permission: 'App-Haupt-, Daten- und Entwicklungsadmins verwalten',
     cmd_export: 'App exportieren (Migrationspaket erstellen)',
     cmd_import: 'Migrationspaket importieren, App neu aufbauen',
     group_form: 'Formulare & Seiten',

package/lib/core/locales/en.js

@@ -23,6 +23,7 @@ module.exports = {
     cmd_corp_efficiency: 'Query enterprise efficiency overview and detail reports',
     cmd_create_app: 'Create a Yida app',
     cmd_update_app: 'Update app info',
+    cmd_app_permission: 'Manage app primary, data, and developer admins',
     cmd_export: 'Export app (generate migration package)',
     cmd_import: 'Import migration package, rebuild app',
     group_form: 'Forms & Pages',