feat: Command Line SDK update for version 21.0.0

[ArnabChatterjee20k]

This PR contains updates to the SDK for version 21.0.0.

What's Changed

• Breaking: Renamed project update-canonical-emails, update-disposable-emails, and update-free-emails to update-deny-canonical-email-policy, update-deny-disposable-email-policy, and update-deny-free-email-policy
• Breaking: Renamed proxy update-rule-verification to proxy update-rule-status
• Breaking: Renamed --provider to --provider-id on project get-o-auth-2-provider
• Breaking: Made --variable-id required on functions create-variable and sites create-variable
• Added: Introduced bigint create/update commands for legacy Databases attributes
• Added: Introduced bigint create/update commands for TablesDB columns
• Added: Added --on-duplicate flag on tablesdb upsert-row, create-rows, and upsert-rows
• Added: Added --limit flag on vcs list-repository-branches
• Added: Code-signed Windows release binaries (appwrite-cli-win-x64.exe and appwrite-cli-win-arm64.exe) via SignPath
• Updated: Extended key-list query filters with key, resourceType, resourceId, and secret
• Updated: Changed default --duration on project create-ephemeral-key from 1 to 600 seconds

[greptile-apps]

Greptile Summary

This PR bumps the CLI to version 21.0.0 with several breaking renames, new BigInt attribute/column commands, extended query/pagination flags across multiple services, and Windows code-signing in the publish workflow.

• Renames update-rule-verification → update-rule-status, update-canonical-emails → update-deny-canonical-email-policy (and the two parallel disposable/free-email commands), and --provider → --provider-id on get-o-auth-2-provider; makes --variable-id required on create-variable for both functions and sites.
• Adds create-big-int-attribute / update-big-int-attribute (databases) and create-big-int-column / update-big-int-column (tables-db); adds --on-duplicate to three migrations commands.
• Integrates SignPath-based Windows binary signing in the CI publish workflow, including signature verification via osslsigncode.

Confidence Score: 3/5

Two confirmed documentation defects make this risky to merge as-is: CHANGELOG attributes --on-duplicate to the wrong service, and --search was silently dropped from proxy list-rules with no migration note.

The CHANGELOG entry for --on-duplicate names tablesdb commands that never received the flag; it was actually added to migrations commands. Separately, --search was removed from proxy list-rules without any CHANGELOG entry, leaving users with no documented migration path.

CHANGELOG.md (wrong commands named for --on-duplicate) and lib/commands/services/proxy.ts (undocumented removal of --search from list-rules).

Important Files Changed

Filename	Overview
CHANGELOG.md	Version entry updated to 21.0.0; the --on-duplicate bullet incorrectly attributes the flag to tablesdb commands rather than the migrations commands that actually received it.
lib/commands/services/proxy.ts	Renames update-rule-verification to update-rule-status and removes --search from list-rules without a CHANGELOG entry, silently breaking users who rely on the search parameter.
lib/commands/services/databases.ts	Adds create-big-int-attribute and update-big-int-attribute commands; --xdefault is requiredOption on the update command despite being semantically incompatible with required=true attributes.
lib/commands/services/migrations.ts	Adds --on-duplicate to createAppwriteMigration, createCSVImport, and createJSONImport; CHANGELOG misattributes this to tablesdb commands.
lib/commands/services/tables-db.ts	Adds create-big-int-column and update-big-int-column commands; mirrors the databases.ts pattern.
.github/workflows/publish.yml	Adds Windows code-signing via SignPath with actions: read permission, artifact upload/download, and osslsigncode verification; action is pinned to a commit hash.
lib/commands/services/functions.ts	Makes --variable-id required on create-variable, makes --key optional on update-variable, and adds query/pagination flags to list-variables.
lib/commands/services/vcs.ts	Extends list-repository-branches with --search, pagination, and query flags; --queries is correctly declared as variadic.
lib/commands/services/project.ts	Removes old email-policy commands and adds renamed equivalents; renames --provider to --provider-id on get-o-auth-2-provider.
lib/constants.ts	Bumps SDK_VERSION from 20.1.0 to 21.0.0; matches all other version files.

Comments Outside Diff (1)

1. CHANGELOG.md, line 113 (link)

   CHANGELOG names wrong commands for --on-duplicate

   The entry says Added `--on-duplicate` flag on `tablesdb upsert-row`, `create-rows`, and `upsert-rows`, but the actual code changes are in lib/commands/services/migrations.ts — specifically createAppwriteMigration, createCSVImport, and createJSONImport. The tablesdb commands create-rows, upsert-rows, and upsert-row in tables-db.ts have no --on-duplicate option in either the base or the new version. Users who read this entry and try the flag on tablesdb commands will get an "unknown option" error, while users of the migrations commands won't know the flag exists.

_{Reviews (13): Last reviewed commit: "chore: update Command Line SDK to 21.0.0" | Re-trigger Greptile}

[greptile-apps]

Option name mismatch in documentation example

The example uses --default null, but the actual CLI option defined in lib/commands/services/databases.ts is --xdefault. Running this example as written will produce an unknown option error. The flag should be --xdefault null — though even that won't work as written because parseInteger is used as the parser for --xdefault, so "null" would be coerced to NaN, not a JSON null. The same mismatch is present in docs/examples/tablesdb/update-big-int-column.md.

[greptile-apps]

parseInteger loses precision for large BigInt values

parseInt() returns a JavaScript number (IEEE 754 double), which can only safely represent integers up to Number.MAX_SAFE_INTEGER (2^53 − 1 ≈ 9 × 10^15). Database BIGINT columns are 64-bit and accept values up to ~9.2 × 10^18. Passing a value like 9223372036854775807 through parseInteger silently serialises as 9223372036854776000 — a different number — without any error. The --min, --max, and --xdefault options all share this flaw on both the create-big-int-attribute and update-big-int-attribute commands. The same problem exists in the parallel tables-db.ts commands. A parseBigInt helper that validates as a BigInt string and passes the value as a string (or BigInt) to the SDK would fix this.

[ChiragAgg5k]

Superseding with a fresh PR built from current master to remove iteration noise on the dev branch.

[greptile-apps]

--search silently removed from proxy list-rules without a CHANGELOG entry

The base version exposed --search <search> on proxy list-rules, and this PR removes it along with its use in the listRules call. Any script or automation that passes --search will now receive an "unknown option" error. The 21.0.0 CHANGELOG has no mention of this removal, so there is no documented migration path for affected users.