feat: update login hint and split-flow docs

[JackZhao10086]

Summary

Improve the AI agent hint in lark-cli auth login --no-wait --json output and add Split-Flow device-code authorization documentation, ensuring AI agents correctly handle multi-turn device-code login scenarios.

Changes

• Update login hint text (login.go): Refactor the hint field in --no-wait --json JSON output with the following new guidance:
  • Must tell the user to come back and notify after completing authorization before ending the turn
  • Emphasize that the AI agent must execute lark-cli auth login --device-code <device_code> itself, not instruct the user to do so
  • Explicitly prohibit caching verification_url or device_code — always re-run lark-cli auth login --no-wait --json fresh
• Update unit tests (login_test.go): Adjust assertions to match the updated hint text
• Add Split-Flow step-by-step docs (SKILL.md): Add a complete two-step authorization guide in the lark-shared skill documentation:
  • Step 1: Initiate authorization, generate QR code, display to user, and end the current turn
  • Step 2: After user confirms, the agent executes --device-code to complete login
  • Three key rules: agent must execute the command itself, never block with --device-code in the same turn, never cache credentials

Test Plan

• Unit tests pass (cmd/auth/login_test.go assertions updated)
• Manual local verification confirms the lark-cli auth login --no-wait --json flow works as expected

Related Issues

• None

Summary by CodeRabbit

• Bug Fixes

  • Updated auth login --no-wait JSON response format with clearer instructions and placeholder values to prevent caching and reuse errors.

• Documentation

  • Added split-flow authentication guidance for multi-step device code authorization workflows.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR updates the device-code authentication flow's --no-wait JSON response hint from embedding the actual device code directly to using a static <device_code> placeholder with explicit caching warnings. Corresponding test assertions are updated, and skill documentation is added to guide AI agents through the two-stage authorization pattern.

Changes

Device-code auth hint guidance

Layer / File(s)

Summary

Update --no-wait hint message and documentation cmd/auth/login.go, cmd/auth/login_test.go, skills/lark-shared/SKILL.md

The --no-wait JSON hint field is changed from a fmt.Sprintf template that injected authResp.DeviceCode to a static instruction string with <device_code> placeholder and "do not cache" + "rerun fresh" guidance. Test assertions are updated to expect the new hint content including explicit lark-cli auth login --device-code <device_code> and lark-cli auth login --no-wait --json commands. Skill documentation is extended with a "Split-Flow 完整步骤" section explaining the two-stage flow: initiate authorization and display URL+QR code in one turn, then execute device-code polling in a later turn after user confirmation, along with rules prohibiting caching of verification URLs or device codes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• larksuite/cli#1088: Updates cmd/auth/login.go and cmd/auth/login_test.go hint wording alongside skills/lark-shared/SKILL.md to modify device-flow QR-code verification guidance.
• larksuite/cli#933: Modifies the --no-wait --json device-flow hint and corresponding tests to instruct agents to present the verification URL as a final turn and defer --device-code polling to a later step.
• larksuite/cli#968: Updates cmd/auth/login.go + cmd/auth/login_test.go hint/expected hint strings to instruct users on QR-code verification instead of embedding the device code directly.

Suggested labels

size/M

Suggested reviewers

• liangshuo-1
• albertnusouo
• MaxHuang22

Poem

🐰 A hint so clear, no codes in sight,
With placeholders bold and caching blight,
Split-flow wisdom for agents wise,
Fresh tokens each time, no cached surprise! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title 'feat: update login hint and split-flow docs' directly summarizes the main changes—updating login hint text and adding split-flow documentation.
Description check	✅ Passed	The pull request description includes all required template sections: Summary, Changes (with file-specific details), Test Plan, and Related Issues.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/auth_hint_opt

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.14%. Comparing base (99e314f) to head (114b2e5).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1201   +/-   ##
=======================================
  Coverage   69.14%   69.14%           
=======================================
  Files         630      630           
  Lines       59304    59310    +6     
=======================================
+ Hits        41005    41011    +6     
  Misses      14988    14988           
  Partials     3311     3311           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@cmd/auth/login.go`:
- Around line 282-288: The concatenated "hint" string in the auth login flow is
missing spaces/newlines between adjacent string literals causing run-on text
(e.g., between "...requests it." and "**CRITICAL:..."); update the construction
of the "hint" value so each concatenated piece ends or begins with an explicit
space or newline (or join using a single formatted multi-line string) so
sentences are separated and readable; locate the "hint" assignment in
cmd/auth/login.go and modify the string pieces (the "hint" key value) to include
appropriate spaces/newlines between sections.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 937bd2d6-8f4f-444f-b830-59072842206c

📥 Commits

Reviewing files that changed from the base of the PR and between 99e314f and 114b2e5.

📒 Files selected for processing (3)

• cmd/auth/login.go
• cmd/auth/login_test.go
• skills/lark-shared/SKILL.md

[github-actions]

🚀 PR Preview Install Guide

🧰 CLI update

npm i -g https://pkg.pr.new/larksuite/cli/@larksuite/cli@114b2e5d410eb142a27dbad33377d9b351a72baa

🧩 Skill update

npx skills add larksuite/cli#feat/auth_hint_opt -y -g