Feishu / Lark (`feishu`)¶

The feishu connector indexes Feishu (Lark) messenger chats and docx documents. It has two auth modes — user (the default) indexes everything the authorizing person can see; tenant acts as an app-only bot limited to what it's added to.

How MFS sees it¶

feishu://workspace/
├── chats/
│   └── eng-team__oc_abc123/messages.jsonl   message_stream
└── docs/
    └── Roadmap__doccnxxx.md                 document

Chat messages are grouped into threads by the feishu.messages preset (rendered with the sender id for a stronger search signal); only docx documents are indexed.

Credentials¶

Feishu / Lark needs an App ID + App Secret from the Lark Developer Console.

https://open.feishu.cn/app (feishu / China) or https://open.larksuite.com/app (lark / overseas) → Create Custom App.
Note the App ID (cli_…) and App Secret.
Permissions & Scopes → add the read scopes, then request release/approval if your org requires it.

Feishu Create Custom App button

Feishu Create custom app dialog

Feishu app credentials section

Feishu Permissions and Scopes page

Feishu Version Management and Release page

feishu and lark are separate registries — an app from one can't authorize against the other (the region field selects which).

User mode (default, recommended)¶

The app indexes everything the authorizing user can see. Add the scopes as User Scopes: im:chat:readonly, im:message.group_msg:get_as_user, im:message.p2p_msg:get_as_user, drive:drive:readonly, docx:document:readonly, contact:user.id:readonly.

Add the connector — the wizard runs a one-time browser authorization inline:

mfs-server connector add feishu://workspace

Open the printed URL and approve. This consent must be done by a person and can't be automated — it's the OAuth user-authorization step. After that the token refreshes automatically while the connector is actively synced (each sync renews it). If it goes unused for several days the authorization expires; the next use reports that re-authorization is needed. To re-authorize, have a person approve the URL again — existing indexed data is unaffected:

mfs-server connector auth feishu://workspace

app_id = "cli_a1b2c3d4"
app_secret = "env:FEISHU_APP_SECRET"
region = "feishu"          # or "lark"
auth = "user"

Tenant mode (app-only bot)¶

Set auth = "tenant". The app acts as itself and sees only chats it's been added to and docs/folders shared with it — add the bot to a chat by @mentioning it. Add the same scopes as Bot Scopes.

app_id = "cli_a1b2c3d4"
app_secret = "env:FEISHU_APP_SECRET"
region = "feishu"
auth = "tenant"
docs_folder_token = "fldcn..."   # optional: limit docs to one shared folder
max_read_rows = 50000

Sync and freshness¶

The connector uses the message create_time as its cursor; deletion detection is never. Like gdrive, it honors --since: user mode can enumerate your whole My Space, so for a large account estimate first (optionally with a since date) and use mfs add feishu://<alias> --since <date> to index only recently-changed docs. Older docs are left untouched and can be added later.

Search and browse¶

mfs search "deploy failed" feishu://workspace/chats/
mfs search "quarterly roadmap" feishu://workspace/docs/
mfs cat feishu://workspace/docs/Roadmap__doccnxxx.md --range 1:80

Pitfalls¶

p2p single chats can't be auto-listed (a Feishu API limit) — include them with extra_chats, by oc_… chat id or the partner's ou_… open_id.
docs: only docx is indexed. In user mode with no docs_folder_token / extra_docs, the whole My Space is enumerated; narrow with docs_folder_token or name docs with extra_docs. In tenant mode the app only sees what's shared with it.

Feishu / Lark (feishu)¶