feat(doc): add v2 XML content guards for bare ampersands and deprecated tags

[herbertliu]

Summary

Add pre-flight static checks for the v2 XML document path to catch two categories of silent failures before the API call is made.

Changes

• shortcuts/doc/docs_update_check.go: Add CheckV2XMLBareAmpersand (hard error) and CheckV2XMLWarnings (non-fatal warnings) with table-driven tests
• shortcuts/doc/docs_create_v2.go: Integrate bare-ampersand check in validateCreateV2 and XML warnings in executeCreateV2
• shortcuts/doc/docs_update_v2.go: Same integration in validateUpdateV2 / executeUpdateV2
• shortcuts/doc/docs_update_check_test.go: Add TestCheckV2XMLBareAmpersand and TestCheckV2XMLWarnings

Checks

CheckV2XMLBareAmpersand — hard error (returned from Validate):

• Fires when content contains a & that is not a recognised XML entity (&, <, >, ', ", &#N;, &#xH;).
• The v2 XML parser rejects such requests outright; catching this early gives a clear error instead of an opaque API failure.

CheckV2XMLWarnings — non-fatal warnings (printed to stderr before the API call):

1. <quote-container> — v2 silently drops the block; the correct tag is <blockquote>.
2. <column width="N"> with an integer value — has no effect in v2; the correct attribute is width-ratio="0.5" (float 0–1).

Both checks only fire when --doc-format is xml (the default).

Test Plan

• go test ./shortcuts/doc/... — all pass, 66.4% coverage
• go vet ./... — clean
• gofmt -l . — clean

Summary by CodeRabbit

Release Notes

• New Features
  • Enhanced XML validation for v2 documents, including checks for malformed ampersands that will block invalid submissions.
  • Added informative warnings for unsupported XML elements and deprecated attributes in v2 documents, displayed before processing to help users identify compatibility issues.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds XML content validation for v2 documents. Two new validators detect bare ampersands (fatal errors) and unsupported v2 constructs (non-fatal warnings). Both create and update v2 command paths now validate XML content and emit warnings before performing API operations.

Changes

XML V2 Validation and Warning System

Layer / File(s)	Summary
Core XML Validators shortcuts/doc/docs_update_check.go	CheckV2XMLBareAmpersand detects unescaped & using regex entity matching; CheckV2XMLWarnings identifies unsupported quote-container blocks and integer column width attributes (recommending width-ratio instead).
Validation Tests shortcuts/doc/docs_update_check_test.go	TestCheckV2XMLBareAmpersand validates bare ampersand detection across valid entities and bare cases; TestCheckV2XMLWarnings validates warning detection for quote-containers and width attributes; containsStr helper checks substrings in warnings.
Create V2 Integration shortcuts/doc/docs_create_v2.go	Adds fmt import; validateCreateV2 fails on bare ampersands when format is not markdown; executeCreateV2 emits warnings to stderr before calling create-document API.
Update V2 Integration shortcuts/doc/docs_update_v2.go	validateUpdateV2 fails on bare ampersands when format is not markdown; executeUpdateV2 emits warnings to stderr before calling update API.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested labels

size/M, domain/ccm

Suggested reviewers

• fangshuyu-768

Poem

🐰 Ampersands now dance with care,
Bare ones caught before they snare,
Warnings bloom for width-ratio grace,
XML v2 finds its proper place!
✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 27.27% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main changes: adding v2 XML content guards for bare ampersands and deprecated tags, which directly reflects the core functionality added across the modified files.
Description check	✅ Passed	The description comprehensively covers the template requirements with a clear summary, detailed changes list, test plan with verification results, and related issues section.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/docs-v2-xml-content-guard

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@shortcuts/doc/docs_update_check.go`:
- Around line 313-317: The current regex columnIntWidthRe is too permissive and
misses valid forms; change it to require a preceding whitespace before the
attribute, allow optional spaces around '=', accept single or double quotes, and
capture the integer value (e.g. `<column\b[^>]*\swidth\s*=\s*(['"])(\d+)\1`) so
it won't match attributes like data-width and will match forms like width='50'
or width = "50". Apply the same tightening to the other related regex defined
around lines 335-341 so both matchers use `\swidth\s*=\s*(['"])(\d+)\1` (or the
float equivalent) and keep the surrounding `<column\b[^>]*` context to limit
matches to column elements.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: bc2981b2-3f9c-4a87-909d-8b36a95bd73c

📥 Commits

Reviewing files that changed from the base of the PR and between 25c72ce and a29a8bf.

📒 Files selected for processing (4)

• shortcuts/doc/docs_create_v2.go
• shortcuts/doc/docs_update_check.go
• shortcuts/doc/docs_update_check_test.go
• shortcuts/doc/docs_update_v2.go

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Tighten warning matchers to avoid false positives and missed matches.

Current matching can misfire (<quote-containerized> or data-width="50") and miss valid XML forms (width='50', width = "50"). That reduces the reliability of the non-fatal guidance this PR introduces.

♻️ Suggested matcher tightening

+var quoteContainerTagRe = regexp.MustCompile(`<quote-container(?:\s|>|/)`)
-var columnIntWidthRe = regexp.MustCompile(`<column\b[^>]*\bwidth="(\d+)"`)
+var columnIntWidthRe = regexp.MustCompile(`<column\b[^>]*\swidth\s*=\s*(['"])\d+\1`)

 func CheckV2XMLWarnings(content string) []string {
 	if content == "" {
 		return nil
 	}
 	var warnings []string
-	if strings.Contains(content, "<quote-container") {
+	if quoteContainerTagRe.MatchString(content) {
 		warnings = append(warnings,
 			"<quote-container> is not supported in v2 XML and will be silently dropped; "+
 				"use <blockquote> instead.")
 	}

Also applies to: 335-341

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@shortcuts/doc/docs_update_check.go` around lines 313 - 317, The current regex
columnIntWidthRe is too permissive and misses valid forms; change it to require
a preceding whitespace before the attribute, allow optional spaces around '=',
accept single or double quotes, and capture the integer value (e.g.
`<column\b[^>]*\swidth\s*=\s*(['"])(\d+)\1`) so it won't match attributes like
data-width and will match forms like width='50' or width = "50". Apply the same
tightening to the other related regex defined around lines 335-341 so both
matchers use `\swidth\s*=\s*(['"])(\d+)\1` (or the float equivalent) and keep
the surrounding `<column\b[^>]*` context to limit matches to column elements.

[codecov]

Codecov Report

❌ Patch coverage is 70.58824% with 10 lines in your changes missing coverage. Please review.
✅ Project coverage is 65.67%. Comparing base (0ed63b0) to head (a29a8bf).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
shortcuts/doc/docs_update_v2.go	0.00%	6 Missing ⚠️
shortcuts/doc/docs_create_v2.go	33.33%	2 Missing and 2 partials ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #822   +/-   ##
=======================================
  Coverage   65.67%   65.67%           
=======================================
  Files         513      513           
  Lines       47655    47689   +34     
=======================================
+ Hits        31297    31321   +24     
- Misses      13652    13660    +8     
- Partials     2706     2708    +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🚀 PR Preview Install Guide

🧰 CLI update

npm i -g https://pkg.pr.new/larksuite/cli/@larksuite/cli@a29a8bffb521b4b9446700aede4dd52847207c9c

🧩 Skill update

npx skills add larksuite/cli#feat/docs-v2-xml-content-guard -y -g