v0.1.7

Full Changelog: v0.1.6...v0.1.7

v0.1.6

Full Changelog: v0.1.5...v0.1.6

v0.1.5

Full Changelog: v0.1.4...v0.1.5

PocketBase CLI v0.1.4

Release date: 2026-03-28

This release focuses on hardening output safety, streamlining large file handling, and closing state persistence gaps introduced by real operator and automation workflows.

Highlights

• Sensitive remote output is redacted by default across both success and error paths.
• File-token workflows now require an explicit opt-in before printing signed URLs or temporary tokens to stdout.
• Backup and binary upload/download paths now stream file data instead of buffering entire payloads in memory.
• Session persistence and REPL history handling were tightened to behave more predictably under concurrent and interrupted usage.

Behavioral Changes

• files token now confirms token generation without printing the live token value.
• files url --with-token returns redacted token fields by default; add --reveal-token only when you intentionally need sensitive output.
• Remote responses that include fields such as token, password, secret, or signed URLs are sanitized before being emitted in CLI or --json output.
• Invalid POCKETBASE_CLI_BASE_URL values no longer prevent the CLI from starting; the problem is surfaced through info and command-level validation instead.

Fixes Included

• Streamed backup upload/download handling and binary record uploads to reduce memory spikes on large files.
• Fixed session state save races by combining merged writes with stronger lock ownership checks.
• Preserved REPL history persistence for commands that exit early and aligned REPL raw history redaction with one-shot CLI execution.
• Fixed --binary-file <field>=<path> parsing when the local file path contains =.
• Restored proper mutual exclusion between --file - and --stdin-json.
• Normalized batch request method and url values after validation.
• Restored local auth target validation for records auth-refresh <collection>.
• Kept CLI runtime version and default User-Agent aligned from a single package version source.

Compatibility Notes

• Existing encrypted session state remains compatible.
• Any automation that previously parsed live tokens from files token or files url --with-token output must switch to files url --with-token --reveal-token.
• No local PocketBase process behavior was added; the CLI remains remote-only.

Validation

The release candidate was validated with:

• npm run typecheck
• npm run lint
• npm test
• npm run build

v0.1.3

Full Changelog: v0.1.2...v0.1.3

v0.1.2

Full Changelog: v0.1.1...v0.1.2

v0.1.1

Changelog

All notable changes to this project will be documented in this file.

v0.1.1

Fixed

• Hardened integer option validation across the CLI to prevent silent truncation and ignored malformed numeric input.
• Fixed records delete-by-filter --expect-count so invalid numeric values can no longer bypass the count safety check.
• Improved REPL history redaction for auth login flows to avoid leaking passwords during mistaken --password-stdin usage.
• Rejected unterminated quoted REPL input instead of parsing and executing partial commands.
• Updated backups download to write downloaded archives with private local file permissions.
• Removed tokenized backup download URLs from success output to reduce accidental secret exposure in logs and JSON output.
• Changed corrupted session.json handling to fail fast instead of silently resetting to an empty session.

Validation

• npm run typecheck
• npm test
• npm run build

Reference

• Commit: b87ef81ce756fbeb0455cc59316414669a7cf01f

Full Changelog: https://github.com/Ericsunsk/Pocketbase-CLI/commits/v0.1.1