Add cli e2e tests coverage

.gitignore

@@ -34,3 +34,4 @@ tests/mail/reports/
 # Generated / test artifacts
 internal/registry/meta_data.json
 cmd/api/download.bin
+app.log

tests/cli_e2e/README.md

@@ -30,6 +30,96 @@ Put them under tests/cli_e2e/xxx.
 ## Run
 
 ```bash
-make build
-go test ./tests/cli_e2e/... -count=1
+make e2e-test
 ```
+
+JUnit report output:
+
+```text
+tests/cli_e2e/.artifacts/cli-e2e-report.xml
+```
+
+## Local User E2E Credentials
+
+For `--as user` E2E runs, you can inject a portable credential file instead of
+going through browser login.
+
+Set `LARK_CLI_CREDENTIALS_FILE` to a JSON file like this:
+
+```json
+{
+  "appId": "cli_xxx",
+  "appSecret": "xxxx",
+  "brand": "lark",
+  "userOpenId": "ou_xxx",
+  "userName": "e2e user",
+  "accessToken": "",
+  "refreshToken": "u-xxxx",
+  "expiresAt": 0,
+  "refreshExpiresAt": 0,
+  "scope": "task:task:readonly",
+  "grantedAt": 0
+}
+```
+
+When this env var is present, the CLI E2E harness will:
+
+- create an isolated temporary HOME + `config.json`
+- point child `lark-cli` processes at that temp config directory
+- let the CLI read refresh/access token data from the same credentials file
+- remove the temporary files after each command run
+
+Example:
+
+```bash
+export LARK_CLI_CREDENTIALS_FILE=/tmp/lark-cli-user-creds.json
+go test ./tests/cli_e2e/task -count=1
+```
+
+For GitHub Actions, store the same JSON content as a base64-encoded repository
+secret such as `TEST_USER_CREDENTIALS_B64`, decode it into a temporary file at
+runtime, export `LARK_CLI_CREDENTIALS_FILE`, and remove the file in an
+`if: always()` cleanup step.
+
+## Browser Auth E2E (Playwright)
+
+`tests/cli_e2e/auth` contains config/auth entry-chain tests:
+
+- `auth login --no-wait --json` -> browser authorization -> `auth login --device-code`
+- `config init --new` -> parse verification URL from process output -> browser authorization -> `config show`
+
+Playwright files live in `tests/cli_e2e/browser`.
+
+Run locally:
+
+```bash
+cd tests/cli_e2e/browser
+npm install
+
+cd ../../..
+export LARK_E2E_ENABLE_BROWSER_AUTH=1
+go test ./tests/cli_e2e/auth -count=1 -v
+```
+
+If your OAuth page redirects to Feishu login (QR/password), provide an
+authenticated Playwright storage state:
+
+```bash
+cd tests/cli_e2e/browser
+npx playwright codegen https://open.feishu.cn --save-storage=.auth/state.json
+```
+
+Then run E2E with:
+
+```bash
+export PLAYWRIGHT_STORAGE_STATE=/Users/bytedance/cli/tests/cli_e2e/browser/.auth/state.json
+export LARK_E2E_ENABLE_BROWSER_AUTH=1
+go test ./tests/cli_e2e/auth -count=1 -v
+```
+
+When enabled, tests write artifacts to a temporary directory and print its path:
+
+- `cli.stdout.log`
+- `cli.stderr.log`
+- `playwright.stdout.log`
+- `playwright.stderr.log`

tests/cli_e2e/base/base_basic_workflow_test.go

@@ -0,0 +1,86 @@
+// Copyright (c) 2026 Lark Technologies Pte. Ltd.
+// SPDX-License-Identifier: MIT
+
+package base
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	clie2e "github.com/larksuite/cli/tests/cli_e2e"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/tidwall/gjson"
+)
+
+func TestBase_BasicWorkflow(t *testing.T) {
+	parentT := t
+	ctx, cancel := context.WithTimeout(context.Background(), 4*time.Minute)
+	t.Cleanup(cancel)
+
+	baseName := "lark-cli-e2e-base-basic-" + testSuffix()
+	baseToken := createBase(t, ctx, baseName)
+
+	t.Run("get base", func(t *testing.T) {
+		result, err := clie2e.RunCmd(ctx, clie2e.Request{
+			Args:      []string{"base", "+base-get", "--base-token", baseToken},
+			DefaultAs: "bot",
+		})
+		require.NoError(t, err)
+		if result.ExitCode != 0 {
+			skipIfBaseUnavailable(t, result, "requires bot base get capability")
+		}
+		result.AssertExitCode(t, 0)
+		result.AssertStdoutStatus(t, true)
+		returnedBaseToken := gjson.Get(result.Stdout, "data.base.app_token").String()
+		if returnedBaseToken == "" {
+			returnedBaseToken = gjson.Get(result.Stdout, "data.base.base_token").String()
+		}
+		assert.Equal(t, baseToken, returnedBaseToken, "stdout:\n%s", result.Stdout)
+		assert.NotEmpty(t, gjson.Get(result.Stdout, "data.base.name").String(), "stdout:\n%s", result.Stdout)
+	})
+
+	tableName := "lark-cli-e2e-table-basic-" + testSuffix()
+	tableID, primaryFieldID, primaryViewID := createTable(
+		t,
+		parentT,
+		ctx,
+		baseToken,
+		tableName,
+		`[{"name":"Name","type":"text"}]`,
+		`{"name":"Main","type":"grid"}`,
+	)
+
+	t.Run("get table", func(t *testing.T) {
+		result, err := clie2e.RunCmd(ctx, clie2e.Request{
+			Args:      []string{"base", "+table-get", "--base-token", baseToken, "--table-id", tableID},
+			DefaultAs: "bot",
+		})
+		require.NoError(t, err)
+		if result.ExitCode != 0 {
+			skipIfBaseUnavailable(t, result, "requires bot table get capability")
+		}
+		result.AssertExitCode(t, 0)
+		result.AssertStdoutStatus(t, true)
+		assert.Equal(t, tableID, gjson.Get(result.Stdout, "data.table.id").String())
+		assert.Equal(t, tableName, gjson.Get(result.Stdout, "data.table.name").String())
+	})
+
+	t.Run("list tables and find created table", func(t *testing.T) {
+		result, err := clie2e.RunCmd(ctx, clie2e.Request{
+			Args:      []string{"base", "+table-list", "--base-token", baseToken},
+			DefaultAs: "bot",
+		})
+		require.NoError(t, err)
+		if result.ExitCode != 0 {
+			skipIfBaseUnavailable(t, result, "requires bot table list capability")
+		}
+		result.AssertExitCode(t, 0)
+		result.AssertStdoutStatus(t, true)
+		assert.True(t, gjson.Get(result.Stdout, `data.items.#(table_id=="`+tableID+`")`).Exists(), "stdout:\n%s", result.Stdout)
+	})
+
+	require.NotEmpty(t, primaryFieldID)
+	require.NotEmpty(t, primaryViewID)
+}

tests/cli_e2e/base/base_role_workflow_test.go

@@ -0,0 +1,130 @@
+// Copyright (c) 2026 Lark Technologies Pte. Ltd.
+// SPDX-License-Identifier: MIT
+
+package base
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	clie2e "github.com/larksuite/cli/tests/cli_e2e"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/tidwall/gjson"
+)
+
+func TestBase_RoleWorkflow(t *testing.T) {
+	parentT := t
+	ctx, cancel := context.WithTimeout(context.Background(), 4*time.Minute)
+	t.Cleanup(cancel)
+
+	baseToken := createBase(t, ctx, "lark-cli-e2e-base-role-"+testSuffix())
+	result, err := clie2e.RunCmd(ctx, clie2e.Request{
+		Args:      []string{"base", "+advperm-enable", "--base-token", baseToken},
+		DefaultAs: "bot",
+	})
+	require.NoError(t, err)
+	if result.ExitCode != 0 {
+		skipIfBaseUnavailable(t, result, "requires bot advanced permission enable capability")
+	}
+	result.AssertExitCode(t, 0)
+	result.AssertStdoutStatus(t, true)
+
+	roleName := "Reviewer-" + testSuffix()
+	roleID := createRole(t, parentT, ctx, baseToken, `{"role_name":"`+roleName+`","role_type":"custom_role"}`)
+
+	t.Run("list", func(t *testing.T) {
+		result, err := clie2e.RunCmd(ctx, clie2e.Request{
+			Args:      []string{"base", "+role-list", "--base-token", baseToken},
+			DefaultAs: "bot",
+		})
+		require.NoError(t, err)
+		if result.ExitCode != 0 {
+			skipIfBaseUnavailable(t, result, "requires bot role list capability")
+		}
+		result.AssertExitCode(t, 0)
+		result.AssertStdoutStatus(t, true)
+
+		roleListPayload := gjson.Get(result.Stdout, "data.data").String()
+		require.NotEmpty(t, roleListPayload, "stdout:\n%s", result.Stdout)
+		assert.True(t, gjson.Valid(roleListPayload), "role list payload should be valid JSON: %s", roleListPayload)
+
+		roleItems := gjson.Get(roleListPayload, "base_roles").Array()
+		assert.NotEmpty(t, roleItems, "role list should contain at least one role: %s", roleListPayload)
+
+		found := false
+		for _, item := range roleItems {
+			rolePayload := item.String()
+			if !gjson.Valid(rolePayload) {
+				continue
+			}
+			if gjson.Get(rolePayload, "role_id").String() == roleID {
+				found = true
+				break
+			}
+		}
+		assert.True(t, found, "stdout:\n%s", result.Stdout)
+	})
+
+	t.Run("get", func(t *testing.T) {
+		result, err := clie2e.RunCmd(ctx, clie2e.Request{
+			Args:      []string{"base", "+role-get", "--base-token", baseToken, "--role-id", roleID},
+			DefaultAs: "bot",
+		})
+		require.NoError(t, err)
+		if result.ExitCode != 0 {
+			skipIfBaseUnavailable(t, result, "requires bot role get capability")
+		}
+		result.AssertExitCode(t, 0)
+		result.AssertStdoutStatus(t, true)
+
+		rolePayload := gjson.Get(result.Stdout, "data.data").String()
+		require.NotEmpty(t, rolePayload, "stdout:\n%s", result.Stdout)
+		require.True(t, gjson.Valid(rolePayload), "stdout:\n%s", result.Stdout)
+		assert.Equal(t, roleID, gjson.Get(rolePayload, "role_id").String())
+	})
+
+	t.Run("update", func(t *testing.T) {
+		updatedRoleName := roleName + " Updated"
+		result, err := clie2e.RunCmd(ctx, clie2e.Request{
+			Args:      []string{"base", "+role-update", "--base-token", baseToken, "--role-id", roleID, "--json", `{"role_name":"` + updatedRoleName + `","role_type":"custom_role"}`, "--yes"},
+			DefaultAs: "bot",
+		})
+		require.NoError(t, err)
+		if result.ExitCode != 0 {
+			skipIfBaseUnavailable(t, result, "requires bot role update capability")
+		}
+		result.AssertExitCode(t, 0)
+		result.AssertStdoutStatus(t, true)
+
+		getResult, err := clie2e.RunCmd(ctx, clie2e.Request{
+			Args:      []string{"base", "+role-get", "--base-token", baseToken, "--role-id", roleID},
+			DefaultAs: "bot",
+		})
+		require.NoError(t, err)
+		if getResult.ExitCode != 0 {
+			skipIfBaseUnavailable(t, getResult, "requires bot role get capability")
+		}
+		getResult.AssertExitCode(t, 0)
+		getResult.AssertStdoutStatus(t, true)
+
+		rolePayload := gjson.Get(getResult.Stdout, "data.data").String()
+		require.NotEmpty(t, rolePayload, "stdout:\n%s", getResult.Stdout)
+		require.True(t, gjson.Valid(rolePayload), "stdout:\n%s", getResult.Stdout)
+		assert.Equal(t, updatedRoleName, gjson.Get(rolePayload, "role_name").String())
+	})
+
+	t.Run("delete", func(t *testing.T) {
+		result, err := clie2e.RunCmd(ctx, clie2e.Request{
+			Args:      []string{"base", "+role-delete", "--base-token", baseToken, "--role-id", roleID, "--yes"},
+			DefaultAs: "bot",
+		})
+		require.NoError(t, err)
+		if result.ExitCode != 0 {
+			skipIfBaseUnavailable(t, result, "requires bot role delete capability")
+		}
+		result.AssertExitCode(t, 0)
+		result.AssertStdoutStatus(t, true)
+	})
+}