feat(wiki): add +space-list, +node-list, +node-copy shortcuts

Implement three new wiki shortcuts for organizing and migrating wiki content:

- `+space-list`: list all accessible wiki spaces with auto-pagination
- `+node-list`: list nodes under a space or parent node with auto-pagination
- `+node-copy`: copy a wiki node (and subtree) to a target space or parent node

Also includes:
- Reference docs under skills/lark-wiki/references/ (with _EXAMPLE_TOKEN placeholders)
- Updated skills/lark-wiki/SKILL.md with new shortcuts table entries
- 9 unit tests covering registration, pagination, validation, and copy scenarios
- scripts/check-doc-tokens.sh: pre-push check that catches realistic-looking
  example tokens in reference docs and prompts use of _EXAMPLE_TOKEN placeholders
- Makefile: add `make gitleaks` target (runs check-doc-tokens then gitleaks)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: herbertliu

.gitleaks.toml

@@ -14,3 +14,4 @@ id = "lark-session-token"
 description = "Detect Lark session tokens"
 regex = '''\bXN0YXJ0-[A-Za-z0-9_-]+-WVuZA\b'''
 keywords = ["XN0YXJ0-", "-WVuZA"]
+

Makefile

@@ -8,7 +8,7 @@ DATE     := $(shell date +%Y-%m-%d)
 LDFLAGS  := -s -w -X $(MODULE)/internal/build.Version=$(VERSION) -X $(MODULE)/internal/build.Date=$(DATE)
 PREFIX   ?= /usr/local
 
-.PHONY: build vet test unit-test integration-test install uninstall clean fetch_meta
+.PHONY: build vet test unit-test integration-test install uninstall clean fetch_meta gitleaks
 
 fetch_meta:
 	python3 scripts/fetch_meta.py
@@ -37,3 +37,13 @@ uninstall:
 
 clean:
 	rm -f $(BINARY)
+
+# Run secret-leak checks locally before pushing.
+# Step 1: check-doc-tokens catches realistic-looking example tokens in reference
+#         docs and asks you to use _EXAMPLE_TOKEN placeholders instead.
+# Step 2: gitleaks scans the full repo for real leaked secrets.
+# Install gitleaks: https://github.com/gitleaks/gitleaks#installing
+gitleaks:
+	@bash scripts/check-doc-tokens.sh
+	@command -v gitleaks >/dev/null 2>&1 || { echo "gitleaks not found. Install: brew install gitleaks"; exit 1; }
+	gitleaks detect --redact -v --exit-code=2

scripts/check-doc-tokens.sh

@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+# Copyright (c) 2026 Lark Technologies Pte. Ltd.
+# SPDX-License-Identifier: MIT
+#
+# check-doc-tokens.sh
+#
+# Scans skill reference docs for token-like values that look realistic but
+# are not using the required placeholder format (*_EXAMPLE_TOKEN or similar).
+#
+# Real token patterns (Lark API) often look like:
+#   wikcnXXXXXXXXX  doccnXXXXXXX  shtcnXXX  fldcnXXX  ou_XXXX  cli_XXXX
+#
+# Docs MUST use clearly fake placeholders, e.g.:
+#   wikcn_EXAMPLE_TOKEN   doccn_EXAMPLE_TOKEN   <space_id>   your_token_here
+#
+# If this check fails, replace the realistic-looking value with a placeholder
+# like `wikcn_EXAMPLE_TOKEN` so gitleaks CI won't flag it as a real secret.
+
+set -euo pipefail
+
+SKILLS_DIR="${1:-skills}"
+ERRORS=0
+
+# Patterns that indicate a realistic-looking Lark token value inside a string.
+# Matches JSON-style: "field": "token_value" or markdown backtick spans.
+# Token prefixes used by Lark Open Platform:
+#   wikcn  doccn  docx  shtcn  bascn  fldcn  vewcn  tbln  ou_  cli_  obcn  flec
+#
+# Excluded (clearly fake):
+#   - Values ending with EXAMPLE_TOKEN  (e.g. wikcn_EXAMPLE_TOKEN)
+#   - Values that are all uppercase X   (e.g. bascnXXXXXXXX)
+#   - Values containing only X/_/<>     (e.g. <your_token>)
+REALISTIC_TOKEN_RE='"(wikcn|doccn|shtcn|bascn|fldcn|vewcn|tbln|obcn|flec)[A-Za-z0-9]{6,}"'
+PLACEHOLDER_RE='(EXAMPLE|_TOKEN|XXXX|xxxx|<|>|your_|_here)'
+
+while IFS= read -r -d '' file; do
+  # grep returns exit 1 when no match — use || true to avoid set -e killing us
+  # Then filter out values that are clearly placeholders (EXAMPLE, XXXX, etc.)
+  matches=$(grep -nEo "$REALISTIC_TOKEN_RE" "$file" 2>/dev/null | grep -vE "$PLACEHOLDER_RE" || true)
+  if [[ -n "$matches" ]]; then
+    echo ""
+    echo "❌  $file"
+    echo "    Contains realistic-looking token values that may trigger gitleaks:"
+    while IFS= read -r line; do
+      echo "      $line"
+    done <<< "$matches"
+    echo "    → Replace with a placeholder, e.g.: wikcn_EXAMPLE_TOKEN, doccn_EXAMPLE_TOKEN"
+    ERRORS=$((ERRORS + 1))
+  fi
+done < <(find "$SKILLS_DIR" -path "*/references/*.md" -print0)
+
+if [[ $ERRORS -gt 0 ]]; then
+  echo ""
+  echo "❌  check-doc-tokens: $ERRORS file(s) contain realistic token values in reference docs."
+  echo "    Use _EXAMPLE_TOKEN placeholders to avoid false positives in gitleaks CI."
+  exit 1
+else
+  echo "✅  check-doc-tokens: all reference docs use safe placeholder tokens."
+fi

shortcuts/wiki/shortcuts.go

@@ -9,5 +9,8 @@ import "github.com/larksuite/cli/shortcuts/common"
 func Shortcuts() []common.Shortcut {
 	return []common.Shortcut{
 		WikiNodeCreate,
+		WikiSpaceList,
+		WikiNodeList,
+		WikiNodeCopy,
 	}
 }