feat(drive): add quick mode to status diff (#870)

Author: fangshuyu-768

cmd/auth/login.go

@@ -507,7 +507,7 @@ func collectScopesForDomains(domains []string, identity string) []string {
 	// 3. Shortcut scopes matching by Service (only include shortcuts supporting the identity)
 	for _, sc := range shortcuts.AllShortcuts() {
 		if domainSet[sc.Service] && shortcutSupportsIdentity(sc, identity) {
-			for _, s := range sc.ScopesForIdentity(identity) {
+			for _, s := range sc.DeclaredScopesForIdentity(identity) {
 				scopeSet[s] = true
 			}
 		}

cmd/diagnose_scope_test.go

@@ -97,7 +97,7 @@ func diagBuild(domains []string) diagOutput {
 				if sc.Service != domain || !diagShortcutSupportsIdentity(&sc, identity) {
 					continue
 				}
-				for _, scope := range sc.ScopesForIdentity(identity) {
+				for _, scope := range sc.DeclaredScopesForIdentity(identity) {
 					k := methodKey{domain, "shortcut", sc.Command, scope}
 					if e, ok := merged[k]; ok {
 						e.Identity = appendUniq(e.Identity, identity)
@@ -169,6 +169,25 @@ func appendUniq(ss []string, s string) []string {
 	return append(ss, s)
 }
 
+func TestDiagBuild_ShortcutIncludesConditionalScopes(t *testing.T) {
+	out := diagBuild([]string{"drive"})
+	var sawMetadata, sawDownload bool
+	for _, method := range out.Methods {
+		if method.Domain != "drive" || method.Type != "shortcut" || method.Method != "+status" {
+			continue
+		}
+		if method.Scope == "drive:drive.metadata:readonly" {
+			sawMetadata = true
+		}
+		if method.Scope == "drive:file:download" {
+			sawDownload = true
+		}
+	}
+	if !sawMetadata || !sawDownload {
+		t.Fatalf("drive +status should advertise both metadata and conditional download scopes, saw metadata=%v download=%v", sawMetadata, sawDownload)
+	}
+}
+
 // ── Snapshot generation ───────────────────────────────────────────────
 //
 // Generates a JSON snapshot of all API methods and shortcuts with their

cmd/error_auth_hint.go

@@ -75,7 +75,7 @@ func resolveDeclaredShortcutScopes(cmd *cobra.Command, identity string) []string
 		if sc.Service != service || sc.Command != cmd.Name() || !shortcutSupportsIdentity(sc, identity) {
 			continue
 		}
-		scopes := sc.ScopesForIdentity(identity)
+		scopes := sc.DeclaredScopesForIdentity(identity)
 		if len(scopes) == 0 {
 			return nil
 		}

cmd/root_test.go

@@ -284,6 +284,32 @@ func TestEnrichMissingScopeError_ShortcutUsesDeclaredScopesWhenNoUAT(t *testing.
 	}
 }
 
+func TestEnrichMissingScopeError_ShortcutIncludesConditionalScopes(t *testing.T) {
+	t.Setenv("LARKSUITE_CLI_CONFIG_DIR", t.TempDir())
+
+	f, _, _, _ := cmdutil.TestFactory(t, &core.CliConfig{
+		AppID: "test-app", AppSecret: "test-secret", Brand: core.BrandFeishu,
+	})
+	f.ResolvedIdentity = core.AsUser
+
+	root := &cobra.Command{Use: "lark-cli"}
+	serviceCmd := &cobra.Command{Use: "drive"}
+	shortcutCmd := &cobra.Command{Use: "+status"}
+	root.AddCommand(serviceCmd)
+	serviceCmd.AddCommand(shortcutCmd)
+	f.CurrentCommand = shortcutCmd
+
+	exitErr := output.ErrNetwork("API call failed: %s", &internalauth.NeedAuthorizationError{})
+	enrichMissingScopeError(f, exitErr)
+
+	if exitErr.Detail == nil {
+		t.Fatal("expected error detail")
+	}
+	if !strings.Contains(exitErr.Detail.Hint, "current command requires scope(s): drive:drive.metadata:readonly, drive:file:download") {
+		t.Fatalf("expected conditional scope hint for drive +status, got %q", exitErr.Detail.Hint)
+	}
+}
+
 func TestEnrichMissingScopeError_AppendsExistingHint(t *testing.T) {
 	t.Setenv("LARKSUITE_CLI_CONFIG_DIR", t.TempDir())
 

shortcuts/common/types.go

@@ -33,9 +33,18 @@ type Shortcut struct {
 	Command     string
 	Description string
 	Risk        string   // "read" | "write" | "high-risk-write" (empty defaults to "read")
-	Scopes      []string // default scopes (fallback when UserScopes/BotScopes are empty)
-	UserScopes  []string // optional: user-identity scopes (overrides Scopes when non-empty)
-	BotScopes   []string // optional: bot-identity scopes (overrides Scopes when non-empty)
+	Scopes      []string // unconditional pre-flight scopes (fallback when UserScopes/BotScopes are empty)
+	UserScopes  []string // optional: user-identity unconditional scopes (overrides Scopes when non-empty)
+	BotScopes   []string // optional: bot-identity unconditional scopes (overrides Scopes when non-empty)
+
+	// ConditionalScopes are additional scopes that only some execution paths
+	// need (for example a default mode vs. a lighter --quick mode, or a
+	// destructive flag like --delete-remote). They are surfaced in metadata,
+	// auth hints, and scope-diagnosis output via DeclaredScopesForIdentity, but
+	// they are NOT enforced by the framework's unconditional pre-flight check.
+	ConditionalScopes     []string // fallback when ConditionalUserScopes/BotScopes are empty
+	ConditionalUserScopes []string // optional: user-identity conditional scopes
+	ConditionalBotScopes  []string // optional: bot-identity conditional scopes
 
 	// Declarative fields (new framework).
 	AuthTypes []string // supported identities: "user", "bot" (default: ["user"])
@@ -72,3 +81,47 @@ func (s *Shortcut) ScopesForIdentity(identity string) []string {
 	}
 	return s.Scopes
 }
+
+// ConditionalScopesForIdentity returns additional flag/path-dependent scopes
+// for the given identity. Identity-specific conditional scopes override the
+// default ConditionalScopes when present.
+func (s *Shortcut) ConditionalScopesForIdentity(identity string) []string {
+	switch identity {
+	case "user":
+		if len(s.ConditionalUserScopes) > 0 {
+			return s.ConditionalUserScopes
+		}
+	case "bot":
+		if len(s.ConditionalBotScopes) > 0 {
+			return s.ConditionalBotScopes
+		}
+	}
+	return s.ConditionalScopes
+}
+
+// DeclaredScopesForIdentity returns the full scope set agents/help/diagnostics
+// should know about for this shortcut: unconditional pre-flight scopes plus
+// any conditional scopes that some execution paths may require.
+func (s *Shortcut) DeclaredScopesForIdentity(identity string) []string {
+	base := s.ScopesForIdentity(identity)
+	extra := s.ConditionalScopesForIdentity(identity)
+	if len(base) == 0 && len(extra) == 0 {
+		return nil
+	}
+	out := make([]string, 0, len(base)+len(extra))
+	seen := make(map[string]struct{}, len(base)+len(extra))
+	for _, scope := range append(base, extra...) {
+		if scope == "" {
+			continue
+		}
+		if _, ok := seen[scope]; ok {
+			continue
+		}
+		seen[scope] = struct{}{}
+		out = append(out, scope)
+	}
+	if len(out) == 0 {
+		return nil
+	}
+	return out
+}

shortcuts/common/types_test.go

@@ -71,3 +71,37 @@ func TestScopesForIdentity_NilScopes(t *testing.T) {
 		t.Errorf("expected nil, got %v", got)
 	}
 }
+
+func TestConditionalScopesForIdentity_FallbackAndOverrides(t *testing.T) {
+	s := Shortcut{
+		ConditionalScopes:     []string{"c-default"},
+		ConditionalUserScopes: []string{"c-user"},
+		ConditionalBotScopes:  []string{"c-bot"},
+	}
+	if got := s.ConditionalScopesForIdentity("user"); !reflect.DeepEqual(got, []string{"c-user"}) {
+		t.Errorf("expected user conditional scopes, got %v", got)
+	}
+	if got := s.ConditionalScopesForIdentity("bot"); !reflect.DeepEqual(got, []string{"c-bot"}) {
+		t.Errorf("expected bot conditional scopes, got %v", got)
+	}
+	if got := s.ConditionalScopesForIdentity("tenant"); !reflect.DeepEqual(got, []string{"c-default"}) {
+		t.Errorf("expected default conditional scopes for unknown identity, got %v", got)
+	}
+}
+
+func TestDeclaredScopesForIdentity_MergesAndDeduplicates(t *testing.T) {
+	s := Shortcut{
+		Scopes:            []string{"base-a", "shared"},
+		ConditionalScopes: []string{"shared", "cond-b"},
+	}
+	if got := s.DeclaredScopesForIdentity("user"); !reflect.DeepEqual(got, []string{"base-a", "shared", "cond-b"}) {
+		t.Errorf("expected merged declared scopes, got %v", got)
+	}
+}
+
+func TestDeclaredScopesForIdentity_ConditionalOnly(t *testing.T) {
+	s := Shortcut{ConditionalScopes: []string{"cond-only"}}
+	if got := s.DeclaredScopesForIdentity("user"); !reflect.DeepEqual(got, []string{"cond-only"}) {
+		t.Errorf("expected conditional-only declared scopes, got %v", got)
+	}
+}