feat: add drive import, export, move, task result shortcuts

[liujinkun2025]

Summary

This PR adds a new set of Drive shortcuts to support document import, export,
move, and async task result queries in lark-cli. It also updates the related
skill documentation and registry metadata so the new capabilities are easier to
discover and use.

Changes

• Add drive +import to upload local files and import them as docx, sheet, or bitable
• Add drive +export to export doc, docx, sheet, and bitable files to local output with bounded polling
• Add export download handling for completed export tasks
• Add drive +move to move files and folders, including async polling for folder moves and root-folder fallback
• Add drive +task_result to query async task status for import, export, and folder move scenarios
• Update Drive and Wiki skill docs and refresh registry metadata for the new shortcuts and APIs

Test Plan

• go test ./shortcuts/drive/...
• Added or updated unit tests for import, export, move, and task result flows
• Manual verification against live Drive APIs

Related Issues

• None

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d08caccc-738a-49bb-9ef9-8386a167df13

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch main

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR refactors the mail draft inline-image workflow and hardens the keychain layer, but the PR title and description ("add drive import, export, move, task result shortcuts") do not match the actual changes — no Drive shortcut code appears in the diff. The changes are entirely in the mail/draft pipeline and infrastructure.

Key changes:

• shortcuts/mail/draft/patch.go: Replaced two post-Apply validation functions with a unified postProcessInlineImages that auto-resolves <img src=\"./local/path\"> references to inline MIME CID parts, validates all CID references, and removes orphaned inline parts automatically.
• internal/keychain/: Get() signature changed to (string, error); getMasterKey gains allowCreate to avoid creating a new master key during read operations; error discrimination between not-found / corrupted / access-blocked is now explicit on all platforms.
• cmd/auth/login.go / cmd/root.go: JSON output now uses json.NewEncoder with SetEscapeHTML(false), fixing URL escaping.
• New CI workflows, AGENTS.md, and script tooling added.

Issues found:

• internal/keychain/default.go: defaultKeychain.Get no longer errors on missing entries; ResolveSecretInput will silently return an empty AppSecret, leading to confusing downstream authentication failures instead of a clear "not found" error.
• shortcuts/mail/draft/patch.go: imgSrcRegexp matches <img> tags inside HTML comments and script/style blocks, potentially triggering unexpected file loads.
• shortcuts/mail/draft/patch.go: Mid-loop failure in resolveLocalImgSrc leaves orphaned MIME parts in the snapshot until the next successful Apply.

Confidence Score: 4/5

Mostly safe to merge; one P1 regression in keychain/default.go should be addressed before shipping

The inline-image automation and keychain error-handling improvements are well-implemented and thoroughly tested. One P1 issue exists: defaultKeychain.Get silently returns an empty AppSecret when the keychain entry is missing, which is a user-facing regression. The two P2 issues (regex in comments, partial-failure orphan window) are minor edge cases.

internal/keychain/default.go — not-found guard removal is the primary concern; shortcuts/mail/draft/patch.go — imgSrcRegexp context-blindness and partial-failure handling are secondary

Important Files Changed

Filename	Overview
shortcuts/mail/draft/patch.go	Core patch logic refactored: unified postProcessInlineImages auto-resolves local img src paths to inline MIME CIDs; two edge cases around regex-in-comments and partial-failure orphan window
shortcuts/mail/draft/patch_inline_resolve_test.go	New 773-line test file covering auto-resolve, deduplication, orphan cleanup, non-image rejection, and CID reuse; thorough coverage
internal/keychain/default.go	defaultKeychain.Get now passes through Get() directly; removed the not-found error sentinel — callers relying on an error for absent entries will now silently receive an empty string
internal/keychain/keychain.go	Get() signature changed to (string, error); wrapError helper added for consistent ExitError wrapping; behavioral change: not-found now returns nil error
internal/keychain/keychain_darwin.go	getMasterKey refactored with allowCreate param; platformGet reads encrypted file before fetching master key; proper error discrimination for corrupted/blocked/not-found
cmd/auth/login.go	Switched JSON output to json.NewEncoder with SetEscapeHTML(false) to prevent URL escaping; encoder errors now handled

Sequence Diagram

sequenceDiagram
    participant Caller
    participant Apply
    participant applyOp
    participant postProcessInlineImages
    participant resolveLocalImgSrc
    participant loadAndAttachInline
    participant removeOrphanedInlineParts

    Caller->>Apply: Apply(snapshot, patch)
    Apply->>applyOp: for each op (set_body, add_inline, …)
    applyOp-->>Apply: snapshot mutated
    Apply->>postProcessInlineImages: postProcessInlineImages(snapshot)
    postProcessInlineImages->>postProcessInlineImages: findPrimaryBodyPart → htmlPart
    postProcessInlineImages->>resolveLocalImgSrc: resolveLocalImgSrc(snapshot, origHTML)
    loop for each local img src
        resolveLocalImgSrc->>loadAndAttachInline: loadAndAttachInline(snapshot, src, uuid-cid, …)
        loadAndAttachInline-->>resolveLocalImgSrc: container (MIME inline part appended)
        resolveLocalImgSrc-->>resolveLocalImgSrc: replace src=path → src=cid:uuid
    end
    resolveLocalImgSrc-->>postProcessInlineImages: modified HTML
    postProcessInlineImages->>postProcessInlineImages: extractCIDRefs → validate all cid refs have MIME parts
    postProcessInlineImages->>removeOrphanedInlineParts: removeOrphanedInlineParts(root, refSet)
    removeOrphanedInlineParts-->>postProcessInlineImages: orphaned parts removed
    postProcessInlineImages-->>Apply: nil
    Apply->>Apply: refreshSnapshot(snapshot)
    Apply-->>Caller: nil or error

Loading

_{Reviews (1): Last reviewed commit: "feat: add TestGenerateShortcutsJSON and ..." | Re-trigger Greptile}

[greptile-apps]

Silent empty secret when keychain entry is missing

defaultKeychain.Get previously returned an explicit error when no entry existed ("keychain entry not found: %s/%s"). With this change it now passes through keychain.Get(...) directly, which returns ("", nil) for a missing entry (see platformGet on all platforms — ErrNotExist/ErrNotFound is mapped to ("", nil)).

The consequence: ResolveSecretInput in secret_resolve.go calls kc.Get for source: "keychain" entries and returns its result verbatim:

case "keychain":
    return kc.Get(keychain.LarkCliService, s.Ref.ID)

When the entry is missing, this returns ("", nil). RequireConfig treats that as success and builds a CliConfig with an empty AppSecret. The user then gets a cryptic API authentication error rather than a clear "keychain entry not found" message.

Consider restoring the not-found guard here (or inside ResolveSecretInput):

func (d *defaultKeychain) Get(service, account string) (string, error) {
    val, err := Get(service, account)
    if err != nil {
        return "", err
    }
    if val == "" {
        return "", fmt.Errorf("keychain entry not found: %s/%s", service, account)
    }
    return val, nil
}

[greptile-apps]

imgSrcRegexp matches <img> tags inside HTML comments and script/style blocks

The regex (?i)<img\s(?:[^>]*?\s)?src\s*=\s*["']([^"']+)["'] is applied to the raw HTML string without any awareness of parsing context. An <img> tag inside an HTML comment, <script>, or <style> block will be matched and resolveLocalImgSrc will attempt to load the referenced path as a local file.

For example, an author commenting out an old inline image reference:

<!-- old: <img src="./draft-logo.png" /> -->

would trigger a file-load attempt for ./draft-logo.png. If the file doesn't exist this produces a confusing "inline image './draft-logo.png': ..." error on set_body; if it does exist, an unexpected MIME inline part is silently attached.

Consider documenting this known limitation in the function comment, or applying a pre-filter pass that blanks out <!-- ... --> / <script>...</script> / <style>...</style> sections before running the regex.

[greptile-apps]

Partial-failure window leaves orphaned inline parts in the snapshot

The comment at lines 991–993 acknowledges this, but it's worth calling out explicitly: when resolveLocalImgSrc fails mid-loop (e.g., the second of three local images can't be read), inline parts already attached by earlier iterations are appended to the snapshot's MIME tree but the HTML body is never updated (the function returns an error before the html != origHTML check). The draft is now in an inconsistent state with orphaned MIME parts.

removeOrphanedInlineParts will clean these up on the next successful Apply, but there is no next Apply if the caller surfaces the error to the user and they abandon the operation. In that scenario the saved draft carries invisible attachment baggage.

A simple mitigation is to roll back snapshot mutations on error, or at minimum promote the existing comment to a // TODO with a tracking note.