Incomex AI Portal
KB-2B99

S177 — Cowork Full LarkBase Tools — Usage Package (2026-05-23)

3 min read Revision 1
s177larkcoworkmcppackagetoolscowork-handoff

S177 — Cowork Full LarkBase Tools — Usage Package (2026-05-23)

Cowork-facing usage package for the S177 Remote MCP Gateway after the 4000x round. Supersedes the 2500x package; Cowork now has a 15-tool surface with strict safety boundaries.

1. Connection

  • Transport: MCP streamable-HTTP.
  • URL: https://vps.incomexsaigoncorp.vn/mcp/s177/ocER6C1zErepgpAe/mcp.
  • Liveness: …/healthz (unauth).
  • Auth: Authorization: Bearer <token> (constant-time compare).
  • Operator secret: S177_LARK_MCP_REMOTE_TOKEN (GSM).

2. Tool surface (15 tools)

Tier A (read, any base): lark_healthcheck, lark_app_get, lark_records_get, lark_views_list.

Tier B (record write): lark_records_create, lark_records_update, lark_records_delete, lark_records_batch_delete. Base đệm live; prod live blocked at adapter; prod dry-run allowed.

Tier C (schema dry-run only this round): lark_fields_create, lark_fields_update, lark_fields_delete, lark_tables_update, lark_tables_delete, lark_views_create, lark_views_delete. Live calls return error_type=live_write_blocked.

3. Allowed / blocked

  • record read: live everywhere.
  • record write dry-run: any base.
  • record write live: Base đệm only (probe protected from delete).
  • batch delete live: deferred.
  • schema dry-run: any base.
  • schema live: deferred.

4. First 15 Cowork test calls

healthcheck; app_get(Base đệm); records_get(probe); views_list; create dry-run; create LIVE -> created_id; get on created; update LIVE on probe (single field); delete LIVE on created; delete on probe (refused); batch_delete dry-run; create LIVE on prod (refused); fields_create dry-run; views_create dry-run; records_get on probe again.

5. Dry-run / confirm contract

  • dry_run=True -> mode=dry_run with would_write/audit_ref/backup_ref.
  • dry_run=False, confirm=False -> safety_violation/confirm_required.
  • dry_run=False, confirm=True -> live; success or RT-2 refusal.

6. Production limitations

No live write or destructive op on any non-Base-đệm base. No live schema mutation on any base. batch_delete is dry-run only — loop single record.delete for cleanup.

7. Delete / schema warnings

lark_records_delete is irreversible at Lark; Gateway takes a GPG pre-write backup. Probe recvkdFceNdpcz is permanently protected. Schema live is refused at the api_caller this round.

8. Marking COWORK_FULL_TOOLS_READY

When (1) healthcheck returns 15 tools, (2) all 15 §4 calls match expected, (3) negative-path calls return RT-2 refusals, (4) bearer token is in Cowork's own secret store, (5) Cowork's runbook references this package and the 4000x evidence doc — flip the flag to COWORK_FULL_TOOLS_READY.