feat(credential): resolve the active app from the invocation context

[evandance]

Summary

lark-cli stores a single default app profile, so concurrent callers bound to different apps compete over one global default. This PR resolves the active profile per invocation — --profile flag first, then the LARKSUITE_CLI_RUNTIME_APP_ID env var, falling back to the stored default — and adds a hidden config bind --all that binds every account from the agent source as a multi-app config in one pass.

Changes

• Resolve the active profile from --profile / LARKSUITE_CLI_RUNTIME_APP_ID in cmd/bootstrap.go
• Add the LARKSUITE_CLI_RUNTIME_APP_ID constant in internal/envvars/envvars.go
• Add hidden --all flag to config bind with multi-app commit and keychain cleanup in cmd/config/bind.go
• Add BuildAll / per-candidate build to the openclaw binder in cmd/config/binder.go
• Document profile precedence at the resolution site in internal/credential/default_provider.go
• Tests: profile/env precedence in cmd/bootstrap_test.go; --all validation, dedup ordering, and run paths in cmd/config/bind_test.go

Test Plan

• make unit-test passed
• validate passed (gofmt -l, go vet ./..., go build ./... all clean)
• skipped: local-eval / skill eval — no shortcuts/ or skills/ surface touched
• skipped: acceptance-reviewer — hidden flag and env selector, behavior covered by unit tests
• manual verification: go test ./cmd/ -run TestBootstrapInvocationContext -v and go test ./cmd/config/... — precedence and --all paths pass

Related Issues

N/A

Summary by CodeRabbit

• New Features

  • Profile resolution now falls back to the LARKSUITE_CLI_RUNTIME_APP_ID env var when --profile is unspecified; env var value is trimmed and honored.
  • Added hidden --all option to config bind to bind all accounts from OpenClaw into a multi-app workspace; preserves deterministic ordering, deduplicates by app ID, and outputs a JSON summary.

• Tests

  • Added tests for env-var profile fallback, profile-vs-flag precedence, and comprehensive --all binding behavior and ordering.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 99dec393-4099-49d4-9c18-a9873a9a2dc1

📥 Commits

Reviewing files that changed from the base of the PR and between 10f0b7e and 417b0d1.

📒 Files selected for processing (7)

• cmd/bootstrap.go
• cmd/bootstrap_test.go
• cmd/config/bind.go
• cmd/config/bind_test.go
• cmd/config/binder.go
• internal/credential/default_provider.go
• internal/envvars/envvars.go

✅ Files skipped from review due to trivial changes (1)

• internal/credential/default_provider.go

🚧 Files skipped from review as they are similar to previous changes (3)

• internal/envvars/envvars.go
• cmd/bootstrap.go
• cmd/config/bind.go

---

📝 Walkthrough

Walkthrough

This PR adds environment-based profile pinning via LARKSUITE_CLI_RUNTIME_APP_ID (used when --profile is unset) and a hidden --all mode for config bind that binds all OpenClaw accounts into a MultiAppConfig with deterministic ordering, deduplication, persistence, and keychain cleanup; it also refactors the openclaw binder and adds tests.

Changes

Profile Resolution via Environment Variable

Layer / File(s)	Summary
Environment variable definition and bootstrap resolution internal/envvars/envvars.go, cmd/bootstrap.go, cmd/bootstrap_test.go, internal/credential/default_provider.go	CliRuntimeAppID env constant added. BootstrapInvocationContext prefers globals.Profile and falls back to trimmed CliRuntimeAppID when empty. Tests validate trimming and precedence. Credential provider comments note resolved precedence.

Multi-App Config Binding

Layer / File(s)	Summary
Bind option and flag registration cmd/config/bind.go	Add BindOptions.All; register hidden --all flag; validateBindFlags rejects --all with --app-id and limits explicit --source to openclaw for --all.
Binder refactoring and BuildAll method cmd/config/binder.go	Refactor openclawBinder.Build to use buildFromCandidate; add BuildAll() to build every raw app entry; add buildFromCandidate to validate/resolve secrets, store to keychain, and populate core.AppConfig (including Name and Brand).
Multi-app bind orchestration and persistence cmd/config/bind.go	configBindRun routes to configBindAllRun when --all is set. configBindAllRun resolves the source, defaults identity, expands per-app preferences, calls BuildAll, orders apps (default-first), deduplicates by AppId with named-over-default overwrite, and commits via commitMultiAppBinding. commitMultiAppBinding writes MultiAppConfig (CurrentApp = first), performs keychain cleanup for removed secrets, prints a stderr banner, and emits a stdout JSON envelope including app_ids and all: true. cleanupKeychainFromDataMulti removes old keychain stores not referenced by new apps.
Multi-app bind tests cmd/config/bind_test.go	Add flag parsing/validation tests for --all; unit tests for dedupAndOrderApps precedence and ordering; tests rejecting non-OpenClaw sources; end-to-end tests for --all binding, envelope fields, persisted MultiAppConfig, and escalation/force behavior.

Sequence Diagram(s)

sequenceDiagram
  participant User
  participant CLI
  participant OpenClawBinder
  participant Keychain
  participant Store
  User->>CLI: run `config bind --all`
  CLI->>OpenClawBinder: Resolve source and call BuildAll()
  OpenClawBinder->>OpenClawBinder: buildFromCandidate per app (resolve secrets)
  OpenClawBinder->>Keychain: store secrets via core.ForStorage
  OpenClawBinder->>CLI: return []AppConfig
  CLI->>CLI: sortAppsDefaultFirst -> dedupAndOrderApps
  CLI->>Store: commitMultiAppBinding (write MultiAppConfig)
  CLI->>Keychain: cleanupKeychainFromDataMulti (remove replaced secrets)
  CLI->>User: print banner and stdout JSON envelope

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• larksuite/cli#252: Related bootstrap/profile-resolution changes touching BootstrapInvocationContext.

Suggested labels

domain/base

Suggested reviewers

• liangshuo-1
• Roy-oss1

Poem

🐰 I sniff the env for a tiny ID,
Trim the edges, pick the profile with pride.
Then bind them all, default yields to name,
Clean keys hop away, the order stays the same.
Hooray — multi-app blooms in one bright stride!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: resolving the active app/profile from the invocation context using priority precedence.
Description check	✅ Passed	The description includes all required sections (Summary, Changes, Test Plan, Related Issues) with clear, complete information about the PR's purpose and testing approach.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/runtime-app-id

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@cmd/config/bind_test.go`:
- Around line 1939-1953: Update the failing tests (e.g.,
TestConfigBindRun_AllRejectsAppID) to assert typed error metadata instead of
string matching: call errs.ProblemOf(err) and verify the returned Problem's
Category/Subtype values, and use errors.As(err, &ve) with var ve
*errs.ValidationError to assert ve.Param equals the expected flag (e.g., "--all"
or "--app-id"); locate the failure by the test name and the call to
configBindRun/Bin dOptions and apply the same typed assertions to the sibling
test in the 2019-2032 range so both error-path tests validate problem metadata
and param preservation.

In `@cmd/config/bind.go`:
- Around line 134-136: The early return in configBindRun when opts.All calls
configBindAllRun and skips finalizeSource, allowing --all to bypass the
source/env mismatch guard; change the flow so finalizeSource (and its agent env
checks) runs before delegating to configBindAllRun (and similarly ensure the
same fix is applied to the other all-path that mirrors this logic), i.e.,
validate and finalize the source via finalizeSource within configBindRun (or
call a common validate-then-bind helper) before calling configBindAllRun to
preserve the source vs detected agent environment check.
- Around line 733-751: The --all path in configBindAllRun applies opts.Identity
to every app but never invokes warnIdentityEscalation, allowing
bot-only→user-default escalation without --force; fix by invoking
warnIdentityEscalation for each app after applyPreferences (inside the for i :=
range apps loop) or just after building apps and before commitMultiAppBinding so
the escalation gate runs per-app; call warnIdentityEscalation(app, opts, prior)
(or the existing signature) and propagate/return any error it produces so
--force behavior and safety checks are enforced.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ac42fd33-ce8e-4b28-bc52-299fd7842347

📥 Commits

Reviewing files that changed from the base of the PR and between 5aeae2d and 10f0b7e.

📒 Files selected for processing (7)

• cmd/bootstrap.go
• cmd/bootstrap_test.go
• cmd/config/bind.go
• cmd/config/bind_test.go
• cmd/config/binder.go
• internal/credential/default_provider.go
• internal/envvars/envvars.go

[github-actions]

🚀 PR Preview Install Guide

🧰 CLI update

npm i -g https://pkg.pr.new/larksuite/cli/@larksuite/cli@417b0d18203dcad7a299bd7573171af2d6c85620

🧩 Skill update

npx skills add larksuite/cli#feat/runtime-app-id -y -g

[codecov]

Codecov Report

❌ Patch coverage is 76.64234% with 32 lines in your changes missing coverage. Please review.
✅ Project coverage is 72.83%. Comparing base (e53f9d9) to head (417b0d1).
⚠️ Report is 4 commits behind head on main.

Files with missing lines	Patch %	Lines
cmd/config/bind.go	76.78%	15 Missing and 11 partials ⚠️
cmd/config/binder.go	71.42%	4 Missing and 2 partials ⚠️

Additional details and impacted files

@@           Coverage Diff            @@
##             main    #1409    +/-   ##
========================================
  Coverage   72.83%   72.83%            
========================================
  Files         731      732     +1     
  Lines       69111    69264   +153     
========================================
+ Hits        50335    50451   +116     
- Misses      14999    15020    +21     
- Partials     3777     3793    +16     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.