PR: Feishu Plugin - Auto-grant document permissions to requesting user

[zhoulongchao77]

PR: Feishu Plugin - Auto-grant document permissions to requesting user

Summary

Describe the problem and fix in 2–5 bullets:

• Problem: When a user asks OpenClaw to create a Feishu document via the feishu_doc tool, the document is created but only the bot account has access. The requesting user has no permissions to edit the document.
• Why it matters: This creates a poor user experience — users expect to be able to edit documents they ask the bot to create for them. It requires manual permission setup in Feishu every time.
• What changed: Added optional parameters owner_open_id and owner_perm_type to the create action in feishu_doc tool. The createDoc function now automatically calls drive.permissionMember.create to grant full_access permission to the specified user when document is created.
• What did NOT change (scope boundary):
  • No changes to existing tool behavior when new parameters are not provided (backward compatible)
  • No changes to other feishu_doc actions (read, write, append, etc.)
  • No changes to feishu_perm tool itself

Change Type (select all)

• Bug fix
• Feature
• Refactor
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes #
• Related #

User-visible / Behavior Changes

New features:

• feishu_doc tool's create action now accepts optional parameters:
  • owner_open_id (string): Open ID of user to grant permissions
  • owner_perm_type (string): Permission type - "view", "edit", or "full_access" (default: "full_access")
• When owner_open_id is provided, the document will automatically grant that user full_access permission upon creation
• The response now includes:
  • owner_permission_added (boolean): whether permission was successfully added
  • owner_open_id (string): the user ID that received permission
  • owner_perm_type (string): the permission type granted

Backward compatible: Yes - existing calls to create action continue to work exactly as before.

Security Impact (required)

• New permissions/capabilities? (Yes)
  • Adds ability to grant permissions on newly created Feishu documents
  • Mitigation: Permissions are only granted to explicitly specified users via the owner_open_id parameter, and only when that parameter is provided. No permissions are granted by default.
• Secrets/tokens handling changed? (No)
• New/changed network calls? (Yes)
  • Adds one additional API call to drive.permissionMember.create when owner_open_id is provided
  • Mitigation: This is the official Feishu API for permission management, follows the same authentication pattern as other Feishu calls
• Command/tool execution surface changed? (No)
• Data access scope changed? (No)

Repro + Verification

Environment

• OS: macOS / Linux / Windows

• Runtime/container: Node.js 18+

• Model/provider: Any (feishu plugin is independent)

• Integration/channel: Feishu

• Relevant config:

  channels:
    feishu:
      tools:
        doc: true

Steps

1. Configure Feishu plugin with valid credentials
2. Call feishu_doc with action: "create" without new parameters - verify document creation still works
3. Call feishu_doc with action: "create", title: "Test", owner_open_id: "ou_xxx", owner_perm_type: "full_access"
4. Open the document URL in Feishu
5. Verify the user with open_id "ou_xxx" has full_access permission

Expected

• Document is created successfully
• When owner_open_id is provided, that user automatically has edit/full_access permission
• When owner_open_id is NOT provided, behavior is unchanged from before

Actual

• ✅ Document creation works
• ✅ Permission is automatically granted when owner_open_id is provided
• ✅ Backward compatibility maintained

Evidence

Attach at least one:

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording (available in the blog post linked below)
• Perf numbers (if relevant)

Evidence from testing:

{
  "document_id": "xxx",
  "title": "Test Document",
  "url": "https://feishu.cn/docx/xxx",
  "owner_permission_added": true,
  "owner_open_id": "ou_xxx",
  "owner_perm_type": "full_access"
}

Full testing details and screenshots: https://blog.csdn.net/m0_46360532/article/details/158426139

Human Verification (required)

What you personally verified (not just CI), and how:

• Verified scenarios:

  • Document creation without new parameters (backward compatibility)
  • Document creation with owner_open_id (permission auto-granted)
  • Different permission types (view/edit/full_access)
  • Multiple documents created in sequence

• Edge cases checked:

  • Invalid open_id provided (graceful error handling)
  • Feishu API failure (permission failure doesn't block document creation)
  • Folder token provided with owner_open_id (both work together)

• What you did NOT verify:

  • Wiki pages (out of scope, focused on docx documents)
  • Other Feishu document types (sheet, slide, etc. - out of scope)

Compatibility / Migration

• Backward compatible? (Yes)
• Config/env changes? (No)
• Migration needed? (No)

If yes, exact upgrade steps: N/A

Failure Recovery (if this breaks)

• How to disable/revert this change quickly:

  • Revert changes to docx.ts and doc-schema.ts
  • Or simply don't use the new parameters (old behavior preserved)

• Files/config to restore:

  • extensions/feishu/src/docx.ts
  • extensions/feishu/src/doc-schema.ts

• Known bad symptoms reviewers should watch for:

  • Document creation fails when new parameters are provided
  • Permission API calls cause errors that block document creation
  • Existing document creation breaks (backward compatibility broken)

Risks and Mitigations

List only real risks for this PR. Add/remove entries as needed.

• Risk: Permission API calls could fail and block document creation

  • Mitigation: Wrapped permission call in try/catch, permission failure is non-critical and only logged as warning, document creation succeeds regardless

• Risk: Backward compatibility could break

  • Mitigation: New parameters are optional, existing calls work unchanged, tested thoroughly before submission

• Risk: Unintended permissions could be granted

  • Mitigation: Permissions only granted when explicitly requested via owner_open_id parameter, no default permissions granted, parameter is optional

---

Related Blog Post: https://blog.csdn.net/m0_46360532/article/details/158426139

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b70e6ee54b

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Report owner permission status from the real grant outcome

The create response unconditionally includes owner_permission_added: true whenever owner_open_id is provided, even though the permission grant is explicitly marked non-critical and can fail in the preceding try/catch. In cases where Feishu rejects the permission update (invalid user, policy restrictions, transient API error), callers will be told sharing succeeded and may not perform fallback sharing, leaving the requester without access.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Check permission API response code before treating it as success

The new drive.permissionMember.create call ignores its return payload and only handles thrown exceptions, but this codebase consistently checks res.code for Feishu API failures. If this endpoint returns a non-zero code without throwing, the grant will silently fail and still flow through as if successful; capture the result and validate code like the other Feishu operations in this file.

Useful? React with 👍 / 👎.

[greptile-apps]

Greptile Summary

Added optional permission auto-granting when creating Feishu documents via new owner_open_id and owner_perm_type parameters in the feishu_doc tool's create action.

Key changes:

• New optional parameters allow specifying a user Open ID and permission type (view/edit/full_access)
• When provided, automatically calls Feishu's permission API to grant access after document creation
• Permission failures are non-blocking and logged as warnings
• Response includes permission status fields when user ID is provided
• Backward compatible (new parameters are optional)

Issues found:

• owner_permission_added reports success even when the permission API call fails
• Type safety could be improved by avoiding type casts

Confidence Score: 3/5

• This PR has a logical bug where permission status is misreported, but the feature is backward compatible and permission failures are non-blocking
• Score reflects one critical issue: permission status incorrectly reports success even when API calls fail. The permission call is wrapped in try/catch that only warns, so users could be misled about actual permissions granted. Type safety issues exist but are non-critical style concerns. The feature is backward compatible and well-structured otherwise.
• Pay close attention to extensions/feishu/src/docx.ts - the permission status tracking logic needs correction before merge

_{Last reviewed commit: b70e6ee}

[greptile-apps]

_{2 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Type casting to any bypasses type safety. Use proper type narrowing instead.

Suggested change

	return json(await createDoc(client, p.title, p.folder_token, (p as any).owner_open_id, (p as any).owner_perm_type));
	const createParams = p as Extract<FeishuDocParams, { action: "create" }>;
	return json(await createDoc(client, createParams.title, createParams.folder_token, createParams.owner_open_id, createParams.owner_perm_type));

Prompt To Fix With AI

This is a comment left during a code review.
Path: extensions/feishu/src/docx.ts
Line: 539

Comment:
Type casting to `any` bypasses type safety. Use proper type narrowing instead.

```suggestion
                  const createParams = p as Extract<FeishuDocParams, { action: "create" }>;
                  return json(await createDoc(client, createParams.title, createParams.folder_token, createParams.owner_open_id, createParams.owner_perm_type));
```

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

owner_permission_added incorrectly reports true even when the permission API call fails. The try/catch above only logs a warning, so failures are silently ignored while claiming success. Track actual success status in a variable set to true only after successful API call.

Prompt To Fix With AI

This is a comment left during a code review.
Path: extensions/feishu/src/docx.ts
Line: 305-309

Comment:
`owner_permission_added` incorrectly reports `true` even when the permission API call fails. The try/catch above only logs a warning, so failures are silently ignored while claiming success. Track actual success status in a variable set to `true` only after successful API call.

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

Consider using optionalStringEnum from src/agents/schema/typebox.ts instead of nested Type.Union for string enums (follows tool schema guidelines). Note: existing feishu schemas use this pattern, so consistency across all schema files would be needed.

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}

Prompt To Fix With AI

This is a comment left during a code review.
Path: extensions/feishu/src/doc-schema.ts
Line: 25-29

Comment:
Consider using `optionalStringEnum` from `src/agents/schema/typebox.ts` instead of nested Type.Union for string enums (follows tool schema guidelines). Note: existing feishu schemas use this pattern, so consistency across all schema files would be needed.

<sub>Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!</sub>

How can I resolve this? If you propose a fix, please make it concise.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: afa9452e8e

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Validate permission API result before treating grant as success

This call ignores the returned payload and only reacts to thrown exceptions, but Feishu endpoints in this plugin generally signal failures via non-zero code values. If drive.permissionMember.create returns { code != 0 } without throwing, the grant silently fails and execution continues as if sharing succeeded, which can leave the requester without access after document creation.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Set owner_permission_added from actual grant outcome

The response unconditionally sets owner_permission_added: true whenever ownerOpenId is present, even when the permission grant throws and is caught as non-critical. In those failure paths, callers receive a false success signal and may skip fallback sharing logic, so the intended user still cannot open or edit the new doc.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d9118f7976

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Validate permission-create response before marking grant success

createDoc treats drive.permissionMember.create as successful whenever the call resolves, but Feishu SDK operations in this plugin typically signal failures via non-zero code values (see extensions/feishu/src/perm.ts), not only thrown exceptions. In that case, this path still sets ownerPermissionAdded = true and reports owner_permission_added: true, so callers can incorrectly assume sharing succeeded and skip fallback permission handling, leaving the requesting user without access.

Useful? React with 👍 / 👎.

[Takhoffman]

PR #28295 - PR: Feishu Plugin - Auto-grant document permissions to requesting user (#28295)

Merged via squash.

• Merge commit: bf9585d
• Verified: pnpm build, pnpm check, pnpm test:macmini
• Changes made:
  M CHANGELOG.md
  M extensions/feishu/src/docx.ts
  M extensions/feishu/src/docx.test.ts
• Why these changes were made:
  Hardened owner-permission create flow to keep typed params and only report owner permission metadata when permission grant succeeds, with regression tests for success/failure/omitted-owner behavior.
• Changelog: CHANGELOG.md updated=true required=true opt_out=false

Thanks @zhoulongchao77!