Keep enterprise directory data in sync across Feishu and WeCom#183
Open
Atlas-SZ wants to merge 2 commits intodataelement:mainfrom
Open
Keep enterprise directory data in sync across Feishu and WeCom#183Atlas-SZ wants to merge 2 commits intodataelement:mainfrom
Atlas-SZ wants to merge 2 commits intodataelement:mainfrom
Conversation
Contributor
Atlas-SZ
force-pushed
the
feat/wecom-org-sync
branch
from
d196769 to
4d12385
Compare
Contributor
Author
|
This PR has been cleaned up and narrowed to org sync only. It now only contains:
The WeCom runtime/channel fixes have been fully removed from this PR and will stay separate. |
Narrow the branch back to directory sync so it can merge independently without dragging in unrelated WeCom runtime or channel behavior. The result keeps the provider-aware sync backend, enterprise org browser UI, migration, i18n, and regression coverage while preserving existing saved secrets for repeat sync operations. Constraint: PR must remain independent from forgot-password work and must not fork Alembic heads Rejected: Keep WeCom runtime fixes in this PR | mixes unrelated behavior and review scope Rejected: Force re-entry of stored secrets before every sync | breaks existing saved-config flow Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep channel runtime fixes in a separate PR; do not re-mix websocket or session changes into org sync Tested: cd backend && .venv/bin/python -m pytest tests/test_org_sync.py Tested: cd backend && .venv/bin/alembic heads Tested: cd frontend && npm run build Not-tested: Live Feishu or WeCom API sync against real tenants
Upstream/main gained a new OrgMember transliteration migration after the sync-only branch was originally cut. Retarget the provider-aware org sync migration so PR dataelement#183 continues to merge as a single-head schema change instead of reintroducing a forked upgrade path. Constraint: PR dataelement#183 must remain mergeable after upstream added be48e94fa052 Rejected: Leave dual heads and rely on a later merge migration | unnecessary schema complexity for a feature branch Confidence: high Scope-risk: narrow Reversibility: clean Directive: Recheck Alembic heads whenever upstream/main adds migrations before pushing long-lived PR branches Tested: cd backend && .venv/bin/alembic heads Tested: cd backend && .venv/bin/python -m pytest tests/test_org_sync.py Not-tested: Full alembic upgrade/downgrade against a live database snapshot
Atlas-SZ
force-pushed
the
feat/wecom-org-sync
branch
from
4d12385 to
f22c17b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The org sync flow now supports a provider-aware configuration model, adds WeCom directory ingestion, and updates the enterprise settings UI so admins can configure sync, browse a collapsible org tree, and inspect member details without manual directory maintenance. The read path for org sync settings was tightened so only admins can fetch the config and provider secrets are redacted from API responses while still being preserved on save when the UI submits blank secret fields.
Constraint: WeCom validation had to remain read-only against the live tenant
Constraint: Existing Feishu org sync settings needed to keep working without a data migration
Rejected: Add a separate WeCom-only settings key | would duplicate provider config paths and UI state
Rejected: Store org sync secrets only in environment variables | conflicts with tenant-managed enterprise settings workflow
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Do not expose org_sync secrets in API responses or relax admin-only access without revisiting the trust boundary
Tested: backend/.venv/bin/python -m ruff check backend/app/api/enterprise.py backend/app/models/org.py backend/app/services/org_sync_service.py backend/tests/test_password_reset_and_notifications.py
Tested: DATABASE_URL=postgresql+asyncpg://postgres:QF20200610@localhost:25432/clawith REDIS_URL=redis://:difyai123456@localhost:16379/0 backend/.venv/bin/python -m pytest backend/tests/test_password_reset_and_notifications.py
Tested: cd frontend && npm run build
Not-tested: Durable background job processing for very large org syncs
Summary
Checklist