Summary

DingTalk Workspace CLI (dws) unifies DingTalk's extensive product capabilities into a single, cross-platform command-line interface. Designed for both human users and AI agents, dws streamlines interaction with DingTalk services, offering structured JSON outputs and built-in Agent Skills for seamless AI integration.

How It Works

The tool employs a discovery-driven pipeline. A central Market Registry (mcp.dingtalk.com) provides service registrations, which are then discovered and normalized into a unified product/tool directory. This directory is mounted by the CLI (built with Cobra), mapping user flags to inputs for the MCP JSON-RPC transport layer. This architecture avoids hardcoding commands, enables offline functionality via caching, and ensures consistent, structured JSON responses for machine consumption.

Quick Start & Requirements

Installation is streamlined via a one-click script (curl for macOS/Linux, irm for Windows PowerShell) that downloads pre-compiled binaries and installs Agent Skills, requiring no additional language runtimes. Manual installation from GitHub Releases or building from source (git clone, make build) is also supported. Authentication requires a DingTalk application (Client ID/Secret) and, crucially, enterprise administrator authorization and whitelisting due to the project's current "co-creation phase." The CLI binary defaults to ~/.local/bin, which may need to be added to the system's PATH.

Highlighted Details

• Features --help for resource introspection and --dry-run for previewing operations without execution.
• Supports multiple output formats: human-readable tables (default), machine-parseable JSON, and raw API responses.
• Includes integrated Agent Skills, automatically discoverable by many AI agents for out-of-the-box LLM integration.
• Offers shell auto-completion for Bash, Zsh, and Fish environments.
• Authentication tokens are encrypted using PBKDF2 (600,000 iterations) with AES-256-GCM, with the key derived from the device's MAC address.

Maintenance & Community

The project is currently in a "gray-scale co-creation phase," necessitating manual whitelisting via enterprise administrator approval and joining a dedicated "DingTalk DWS co-creation group." Contribution guidelines are detailed in CONTRIBUTING.md.

Licensing & Compatibility

Licensed under the permissive Apache-2.0 license, allowing for broad compatibility with commercial use and integration into closed-source projects.

Limitations & Caveats

Access is restricted during the co-creation phase, requiring explicit enterprise admin authorization and whitelisting. A significant number of planned features, including Mail, Drive, and Video Conferencing, are marked as "coming soon," indicating a currently limited functional scope. The security mechanism for token encryption relies on the device's MAC address, which could be a consideration for specific security requirements.