docs: add drive knowledge asset workflow guidance

[jiangguozhou]

Summary

This PR adds structured lark-drive guidance for knowledge asset inventory,
organization, permission auditing, and safety workflows. It also clarifies that
broader Wiki/document-library governance flows should enter through lark-drive,
while lark-wiki remains focused on Wiki space, member, and node operations.

Changes

• Add lark-drive knowledge asset workflow references for overview, artifacts,
  inventory, organization, permission audit, and safety rules
• Route knowledge asset inventory/organization/governance requests from
  lark-drive/SKILL.md to the new references
• Clarify lark-wiki routing so Wiki/document-library governance workflows
  delegate to lark-drive

Test Plan

• git diff --cached --check passed before commit
• Verified referenced skill and workflow files exist locally
• Full unit tests not run; docs-only skill guidance change

Related Issues

• None

Summary by CodeRabbit

• New Features

  • Added a comprehensive knowledge asset organization workflow, including inventory scanning, organization planning, and permission auditing capabilities for knowledge bases and document libraries.

• Documentation

  • Added detailed workflow guides covering knowledge asset inventory, organization planning, permission auditing, and safety policies to support effective knowledge management.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR establishes a complete knowledge asset organization workflow system for the lark-drive skill. It refines skill routing to guide users toward a new set of reference documents that define safety policies, artifact contracts, and three sequential workflows: inventory (catalog knowledge resources), organize (generate cleanup/organization plans), and permission-audit (identify permission risks).

Changes

Knowledge Asset Organization Workflow

Layer / File(s)	Summary
Skill routing and entry points skills/lark-drive/SKILL.md, skills/lark-wiki/SKILL.md	Updated both skill descriptions and routing rules to direct document/directory inventory, organization, and governance requests to lark-drive via the new knowledge workflow, with lark-wiki limited to wiki space and member operations.
Workflow overview and principles skills/lark-drive/references/lark-drive-knowledge-overview.md	High-level overview defining applicable scenarios, target scope models (cloud folders, wikis, doc libraries), recipe routing to sub-workflows, compound intent execution paths, and capability boundaries (supported vs. unsupported checks).
Safety policy and action levels skills/lark-drive/references/lark-drive-knowledge-safety.md	Tiered action classification (read-only, plan-only, confirmed write, high-risk/unsupported) with mandatory dry-run and plan-display gating, user clarification scenarios, and structured fact/inference/recommendation/uncovered statement patterns.
Artifact protocol and data contracts skills/lark-drive/references/lark-drive-knowledge-artifacts.md	JSON schema contracts for scope.json (run metadata), inventory.json (factual items with hierarchy), organize-plan.json (planned actions with command templates), permission-audit.json (risk findings), and execution-log.json (execution results and errors).
Knowledge inventory workflow skills/lark-drive/references/lark-drive-knowledge-inventory.md	Five-step workflow: normalize scope from multiple sources, recursively scan drive folders with tree hierarchy, recursively enumerate wiki/doc nodes with ownership details, optionally read content outline, output inventory.json with halt conditions for permission, pagination, or scale limits.
Knowledge organization workflow skills/lark-drive/references/lark-drive-knowledge-organize.md	Plan-generation workflow: analyze inventory using fact-field priority with reason/evidence splits, define allowed action types (create/move/link within drive/wiki, no delete/patch), provide parameterized Drive/Wiki CLI command templates, validate via dry-run before user-confirmed execution.
Permission audit workflow skills/lark-drive/references/lark-drive-knowledge-permission-audit.md	Three-step audit: input scope (prefer inventory.json), audit wiki members via wiki +member-list, audit document public permissions with type-based constraints (exclude folders, record as uncovered), classify findings by risk level with fact/inference/suggestion/evidence, output permission-audit.json.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• larksuite/cli#864: Refines lark-drive-search.md routing guidance and query/evidence handling alongside main PR's knowledge workflow routing updates.
• larksuite/cli#1073: Modifies lark-drive/lark-wiki skill routing guidance to steer cloud-space/knowledge operations toward lark-drive, overlapping routing decision logic.
• larksuite/cli#374: Adjusts cross-skill routing rules around drive --wiki-token and lark-base fallback handling, targeting related routing/decision constraints.

Suggested labels

domain/ccm, size/M

Suggested reviewers

• liujinkun2025
• fangshuyu-768

Poem

🐰 A workflow blooms in docs so clear,
Safety rules and schemas here,
Inventory, organize, audit the way,
Knowledge assets sorted and surveyed! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'docs: add drive knowledge asset workflow guidance' clearly and concisely describes the main change, accurately summarizing the addition of workflow documentation.
Description check	✅ Passed	The description covers Summary, Changes, and Test Plan sections with substantive content. However, the Test Plan section lacks manual verification completion and contains only documentation changes, which aligns with repository expectations.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/drive-knowledge-workflows

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 67.92%. Comparing base (ee9d090) to head (2424f6d).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1103      +/-   ##
==========================================
- Coverage   67.92%   67.92%   -0.01%     
==========================================
  Files         601      603       +2     
  Lines       55766    55779      +13     
==========================================
+ Hits        37880    37888       +8     
- Misses      14751    14755       +4     
- Partials     3135     3136       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 5

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@skills/lark-drive/references/lark-drive-knowledge-inventory.md`:
- Around line 50-54: Update Step 3's initial wiki +node-list command to allow
subtree-scoped inventory by adding an optional --parent-node-token parameter;
modify the example invocation that currently always queries the space root so it
conditionally accepts [--parent-node-token
"<scoped_root_node_token_if_subtree>"] when documenting the wiki +node-list call
in Step 3, and ensure the text explains using --parent-node-token to start from
the subtree root instead of the space root to preserve scope fidelity.

In `@skills/lark-drive/references/lark-drive-knowledge-organize.md`:
- Around line 49-58: The templates currently only emit dry-run commands (e.g.,
using the --dry-run flag) while the action contract requires both a dry-run and
an execute command and requires requires_confirmation=true; update the template
generation that produces organize-plan.json (and any affected templates between
lines 63-95) to emit a paired execute command for each action — either by
providing an explicit execute command field alongside the dry-run example or by
adding a normalization rule that derives the execute command by removing the
--dry-run flag from the dry-run command; ensure every action includes source,
target, reason, evidence, requires_confirmation=true, a dry-run command, and an
execute command so generation is deterministic.

In `@skills/lark-drive/references/lark-drive-knowledge-permission-audit.md`:
- Line 19: The capability table row uses dotted endpoint notation
`drive.permission.public.get` while neighboring rows use CLI command style
`drive permission.public get`; update this row to the CLI command style "drive
permission.public get" (or whatever unified "命令" notation is used elsewhere) so
the table is consistent—locate the table entry containing "Drive 文件夹公开权限" and
replace the dotted form with the CLI-style command.
- Line 58: Unify the unsupported-check key by replacing all occurrences of
drive_folder_public_permission with the canonical
drive_folder_public_permission_unsupported in this document and any related
examples/tests; ensure the logic that handles type=folder entries writes that
key into unsupported_checks or warnings (e.g.,
drive_folder_public_permission_unsupported) and update any cross-references
(including the other instance noted at 102-102) so producers/consumers of
permission-audit.json use the single canonical key.

In `@skills/lark-drive/SKILL.md`:
- Around line 39-40: Reorder the reference list in SKILL.md so that the safety
document is loaded before the artifacts document: change the sequence that
currently lists `references/lark-drive-knowledge-artifacts.md` followed by
`references/lark-drive-knowledge-safety.md` to `overview ->
references/lark-drive-knowledge-safety.md ->
references/lark-drive-knowledge-artifacts.md`; update the two lines that mention
these filenames to reflect the new order and ensure the text reads "overview ->
safety -> artifacts".

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8207499a-b96a-42ae-81c9-bd32f57245e6

📥 Commits

Reviewing files that changed from the base of the PR and between f12d279 and 2424f6d.

📒 Files selected for processing (8)

• skills/lark-drive/SKILL.md
• skills/lark-drive/references/lark-drive-knowledge-artifacts.md
• skills/lark-drive/references/lark-drive-knowledge-inventory.md
• skills/lark-drive/references/lark-drive-knowledge-organize.md
• skills/lark-drive/references/lark-drive-knowledge-overview.md
• skills/lark-drive/references/lark-drive-knowledge-permission-audit.md
• skills/lark-drive/references/lark-drive-knowledge-safety.md
• skills/lark-wiki/SKILL.md

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Subtree scope entry is missing from Step 3 root command.

Line 7 says subtree inventory is supported, but Step 3 always starts from space root. For subtree scope, the first wiki +node-list call should start with the scoped node_token as --parent-node-token; otherwise the workflow over-scans and breaks scope fidelity.

Proposed doc fix

 读取根层：
 
 ```bash
 lark-cli wiki +node-list \
   --space-id "<space_id_or_my_library>" \
+  [--parent-node-token "<scoped_root_node_token_if_subtree>"] \
   --page-all --page-limit 0 --format json --as user

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @skills/lark-drive/references/lark-drive-knowledge-inventory.md around lines
50 - 54, Update Step 3's initial wiki +node-list command to allow subtree-scoped
inventory by adding an optional --parent-node-token parameter; modify the
example invocation that currently always queries the space root so it
conditionally accepts [--parent-node-token
"<scoped_root_node_token_if_subtree>"] when documenting the wiki +node-list call
in Step 3, and ensure the text explains using --parent-node-token to start from
the subtree root instead of the space root to preserve scope fidelity.

</details>

<!-- fingerprinting:phantom:triton:hawk -->

<!-- This is an auto-generated comment by CodeRabbit -->

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Action contract requires execute command, but templates only show --dry-run.

The doc requires both commands per action, but current templates only provide dry-run examples. Add paired execute templates (or a normalization rule like “remove --dry-run for execute”) to keep organize-plan.json generation deterministic.

Proposed doc fix pattern

 每个 action 必须包含：
 ...
 - dry-run command
 - execute command
+
+推荐模板约定：
+- `dry-run command`：命令含 `--dry-run`
+- `execute command`：与 dry-run 命令参数一致，仅去掉 `--dry-run`

Also applies to: 63-95

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@skills/lark-drive/references/lark-drive-knowledge-organize.md` around lines
49 - 58, The templates currently only emit dry-run commands (e.g., using the
--dry-run flag) while the action contract requires both a dry-run and an execute
command and requires requires_confirmation=true; update the template generation
that produces organize-plan.json (and any affected templates between lines
63-95) to emit a paired execute command for each action — either by providing an
explicit execute command field alongside the dry-run example or by adding a
normalization rule that derives the execute command by removing the --dry-run
flag from the dry-run command; ensure every action includes source, target,
reason, evidence, requires_confirmation=true, a dry-run command, and an execute
command so generation is deterministic.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Use one command notation style in the capability table.

This row uses dotted endpoint style (drive.permission.public.get) while neighboring rows use CLI command style (drive permission.public get). In a “命令” column, this inconsistency can mislead execution.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@skills/lark-drive/references/lark-drive-knowledge-permission-audit.md` at
line 19, The capability table row uses dotted endpoint notation
`drive.permission.public.get` while neighboring rows use CLI command style
`drive permission.public get`; update this row to the CLI command style "drive
permission.public get" (or whatever unified "命令" notation is used elsewhere) so
the table is consistent—locate the table entry containing "Drive 文件夹公开权限" and
replace the dotted form with the CLI-style command.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Unify the drive_folder_public_permission unsupported-check key.

The doc currently uses two different required keys for the same uncovered check (drive_folder_public_permission_unsupported vs drive_folder_public_permission). Please standardize to one canonical value, otherwise producers/consumers of permission-audit.json can drift.

Also applies to: 102-102

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@skills/lark-drive/references/lark-drive-knowledge-permission-audit.md` at
line 58, Unify the unsupported-check key by replacing all occurrences of
drive_folder_public_permission with the canonical
drive_folder_public_permission_unsupported in this document and any related
examples/tests; ensure the logic that handles type=folder entries writes that
key into unsupported_checks or warnings (e.g.,
drive_folder_public_permission_unsupported) and update any cross-references
(including the other instance noted at 102-102) so producers/consumers of
permission-audit.json use the single canonical key.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

调整 reference 加载顺序为 safety 在 artifacts 之前。

这里先读 artifacts 再读 safety，和当前分层依赖（先安全策略，再产物协议）不一致，容易让执行阶段先按结构落地、后补安全约束。建议改成 overview -> safety -> artifacts。

Suggested diff

-2. 需要标准中间产物时阅读 [`lark-drive-knowledge-artifacts.md`](references/lark-drive-knowledge-artifacts.md)。
-3. 涉及任何写操作或权限治理时阅读 [`lark-drive-knowledge-safety.md`](references/lark-drive-knowledge-safety.md)。
+2. 涉及任何写操作或权限治理时阅读 [`lark-drive-knowledge-safety.md`](references/lark-drive-knowledge-safety.md)。
+3. 需要标准中间产物时阅读 [`lark-drive-knowledge-artifacts.md`](references/lark-drive-knowledge-artifacts.md)。

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	2. 需要标准中间产物时阅读 [`lark-drive-knowledge-artifacts.md`](references/lark-drive-knowledge-artifacts.md)。
	3. 涉及任何写操作或权限治理时阅读 [`lark-drive-knowledge-safety.md`](references/lark-drive-knowledge-safety.md)。
	2. 涉及任何写操作或权限治理时阅读 [`lark-drive-knowledge-safety.md`](references/lark-drive-knowledge-safety.md)。
	3. 需要标准中间产物时阅读 [`lark-drive-knowledge-artifacts.md`](references/lark-drive-knowledge-artifacts.md)。

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@skills/lark-drive/SKILL.md` around lines 39 - 40, Reorder the reference list
in SKILL.md so that the safety document is loaded before the artifacts document:
change the sequence that currently lists
`references/lark-drive-knowledge-artifacts.md` followed by
`references/lark-drive-knowledge-safety.md` to `overview ->
references/lark-drive-knowledge-safety.md ->
references/lark-drive-knowledge-artifacts.md`; update the two lines that mention
these filenames to reflect the new order and ensure the text reads "overview ->
safety -> artifacts".

[github-actions]

🚀 PR Preview Install Guide

🧰 CLI update

npm i -g https://pkg.pr.new/larksuite/cli/@larksuite/cli@2424f6dfc246a79aaaf77f93cc7e018303386cc8

🧩 Skill update

npx skills add larksuite/cli#docs/drive-knowledge-workflows -y -g