chore(makefile): refuse make install in non-interactive mode

[liangshuo-1]

Why

make install builds from source and produces a binary that won't match official release artifacts (different version metadata, no codesigning, breaks the self-update flow). When the CLI shows a "new version available" notice, AI coding assistants tend to pattern-match to make install and silently clobber the user's properly-installed binary — a real scenario we saw recently with Claude Code.

What

Add a TTY gate to the install target:

• Non-interactive (AI Bash tool, CI, pipes) → refuses with a message pointing at lark-cli update.
• Real terminal (contributor) → prompts y/N confirmation, then proceeds.
• I_AM_A_CONTRIBUTOR=1 make install → escape hatch for scripted contributor workflows.

Also adds a banner comment at the top of the Makefile so anyone (including AI) reading the file sees the intended audience first.

Test plan

• echo "" | make install (simulating non-TTY) → refuses with exit 1, prints lark-cli update hint.
• I_AM_A_CONTRIBUTOR=1 make install → bypasses gate.
• Run make install in a real terminal → prompts y/N; y proceeds, anything else aborts.

Follow-ups (separate PRs)

• Update notice text + JSON _notice.update.command field so the suggested command is explicit.

Summary by CodeRabbit

• Chores
  • Improved installation process with clearer guidance for end-users to use the standard update command instead of direct installation.
  • Enhanced installation workflow with automatic permission for contributors while requiring confirmation in interactive environments.

[coderabbitai]

📝 Walkthrough

Walkthrough

The install target in the Makefile is modified to conditionally allow installation based on contributor status and interactivity. It automatically permits installation when I_AM_A_CONTRIBUTOR is set, otherwise requires interactive terminal confirmation. The file header is updated with guidance for different user types regarding the use of lark-cli update versus make install.

Changes

Cohort / File(s)	Summary
Makefile Configuration Makefile	Updated install target with conditional logic to check I_AM_A_CONTRIBUTOR environment variable; added interactive confirmation prompts for non-contributors; updated file header with usage instructions for end users and contributors.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A Makefile blooms with care,
Checking if contributors dare,
Interactive prompts now guard the way,
Users guided, come what may!
Simple rules, no conflicts here,
Installation's path is crystal clear! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding a TTY gate to refuse make install in non-interactive mode, which is the core behavioral modification in this PR.
Description check	✅ Passed	The description is comprehensive and well-structured, covering motivation (Why), implementation details (What), and testing approach. It addresses all key template sections with concrete details about the changes and test verification.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/makefile-install-gate

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 7/8 reviews remaining, refill in 7 minutes and 30 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

Makefile (1)

35-35: Consider gating before build to avoid unnecessary compilation on refusal.

With install: build, non-interactive runs still build even when install is blocked. Moving build after the gate would fail faster for AI/CI/scripted misuse.

Refactor option

-install: build
+install:
 	`@if` [ "$$I_AM_A_CONTRIBUTOR" = "1" ]; then \
 		: ; \
 	elif [ -t 0 ] && [ -t 1 ]; then \
 		echo "" ; \
 		echo "  make install builds from source — for CONTRIBUTORS only." ; \
 		echo "  To upgrade an existing lark-cli, run: lark-cli update" ; \
 		echo "" ; \
 		printf "  Continue installing from source? (y/N) " ; \
 		read ans ; \
 		case "$$ans" in y|Y|yes|YES) ;; *) echo "Aborted." ; exit 1 ;; esac ; \
 	else \
 		echo "make install: refusing in non-interactive mode." ; \
 		echo "  To upgrade lark-cli: run \`lark-cli update\`." ; \
 		echo "  To install from source non-interactively: I_AM_A_CONTRIBUTOR=1 make install" ; \
 		exit 1 ; \
 	fi
+	@$(MAKE) build
 	install -d $(PREFIX)/bin
 	install -m755 $(BINARY) $(PREFIX)/bin/$(BINARY)

Also applies to: 52-53

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Makefile` at line 35, The install target currently depends on build
("install: build") causing a full build even when the install gate fails; change
the Makefile so the install recipe first performs the gate/check step and only
invokes the build target after the gate succeeds (i.e., move or reorder the
dependency/commands so the gate runs before calling the build target), and apply
the same reordering for the similar targets around lines with the other
install-like rules referenced (the other occurrences similar to "install" at the
later block).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Makefile`:
- Around line 36-37: The contributor bypass condition in the Makefile currently
triggers for any non-empty I_AM_A_CONTRIBUTOR; change the conditional to only
succeed when I_AM_A_CONTRIBUTOR is exactly "1". Locate the conditional that
references I_AM_A_CONTRIBUTOR (the line starting with `@if` [ -n
"$$I_AM_A_CONTRIBUTOR" ]; then) and replace the test with an exact string
comparison against "1" (so the block only runs when I_AM_A_CONTRIBUTOR=1),
preserving Makefile variable escaping and the existing then/else block
structure.

---

Nitpick comments:
In `@Makefile`:
- Line 35: The install target currently depends on build ("install: build")
causing a full build even when the install gate fails; change the Makefile so
the install recipe first performs the gate/check step and only invokes the build
target after the gate succeeds (i.e., move or reorder the dependency/commands so
the gate runs before calling the build target), and apply the same reordering
for the similar targets around lines with the other install-like rules
referenced (the other occurrences similar to "install" at the later block).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1eca6003-a473-4af2-8738-f156ec7aa12b

📥 Commits

Reviewing files that changed from the base of the PR and between b37adfd and f985b49.

📒 Files selected for processing (1)

• Makefile

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Tighten contributor bypass to the documented =1 value.

Line 36 currently bypasses on any non-empty I_AM_A_CONTRIBUTOR value, which is looser than the documented contract (I_AM_A_CONTRIBUTOR=1).

Suggested patch

-	`@if` [ -n "$$I_AM_A_CONTRIBUTOR" ]; then \
+	`@if` [ "$$I_AM_A_CONTRIBUTOR" = "1" ]; then \

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	@if [ -n "$$I_AM_A_CONTRIBUTOR" ]; then \
	: ; \
	`@if` [ "$$I_AM_A_CONTRIBUTOR" = "1" ]; then \
	: ; \

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Makefile` around lines 36 - 37, The contributor bypass condition in the
Makefile currently triggers for any non-empty I_AM_A_CONTRIBUTOR; change the
conditional to only succeed when I_AM_A_CONTRIBUTOR is exactly "1". Locate the
conditional that references I_AM_A_CONTRIBUTOR (the line starting with `@if` [ -n
"$$I_AM_A_CONTRIBUTOR" ]; then) and replace the test with an exact string
comparison against "1" (so the block only runs when I_AM_A_CONTRIBUTOR=1),
preserving Makefile variable escaping and the existing then/else block
structure.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.17%. Comparing base (082275f) to head (f985b49).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #721   +/-   ##
=======================================
  Coverage   64.17%   64.17%           
=======================================
  Files         504      504           
  Lines       44287    44287           
=======================================
  Hits        28420    28420           
  Misses      13393    13393           
  Partials     2474     2474           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🚀 PR Preview Install Guide

🧰 CLI update

npm i -g https://pkg.pr.new/larksuite/cli/@larksuite/cli@f985b49ff8323c6ce05136c1d3cc9b5623a21326

🧩 Skill update

npx skills add larksuite/cli#chore/makefile-install-gate -y -g