feat: Command Line SDK update for version 20.2.0

[ChiragAgg5k]

This PR contains updates to the SDK for version 20.2.0.

What's Changed

• Added: Code-signed Windows release binaries (appwrite-cli-win-x64.exe and appwrite-cli-win-arm64.exe) via SignPath

Notes

• Generated against the public appwrite/specs:main/specs/1.9.x/swagger2-1.9.x-console.json (info.version 1.9.3), matching what appwrite/sdk-generator CI fetches. No API surface change vs 20.1.0.

[ChiragAgg5k]

Closing — promoting to RC release. New PR coming with 20.2.0-rc.1.

[greptile-apps]

Greptile Summary

This PR bumps the CLI SDK from 20.1.0 to 20.2.0 and introduces Windows code signing for release binaries via SignPath, adding a multi-step pipeline that uploads unsigned .exe files, submits them to SignPath, and verifies the returned binaries with osslsigncode before publishing.

• Code-signing pipeline: New CI steps upload unsigned Windows binaries, submit them to SignPath using a pinned action commit, replace the originals with the signed copies, and run osslsigncode verify — but the verification does not assert the expected certificate issuer, so any structurally valid Authenticode signature passes.
• --fallback-to-source in ARM64 build: The windows-arm64 pkg command now includes --fallback-to-source, which can embed raw JavaScript source for native modules that lack a pre-compiled binary for the target.
• Scoop manifest lacks hash fields: The scoop/appwrite.config.json does not declare SHA-256 checksums for the downloaded binaries, so Scoop installs have no integrity check beyond trusting the GitHub release URL.

Confidence Score: 4/5

The version bump and cosmetic code changes are safe; the new signing pipeline is well-structured but has a few hardening gaps worth addressing before or shortly after release.

The bulk of the change is a straightforward 20.1.0 to 20.2.0 version bump across manifests, lock files, and install scripts. The substantive new logic is the Windows signing pipeline: the action is pinned to a commit hash, set -euo pipefail is used throughout, and the binary-replacement step fails fast if signed files are missing. The main gaps are that osslsigncode verify does not assert the certificate issuer, the Scoop manifest ships without SHA-256 hashes, and --fallback-to-source in the ARM64 build could bundle source code into the shipped executable.

.github/workflows/publish.yml (signature verification strength) and scoop/appwrite.config.json (missing hash fields)

Important Files Changed

Filename	Overview
.github/workflows/publish.yml	Adds Windows code-signing via SignPath: uploads unsigned binaries as an artifact, submits to SignPath, replaces originals with signed versions, and verifies with osslsigncode — but the verify step does not pin the expected certificate issuer
scoop/appwrite.config.json	Version and URLs bumped to 20.2.0; hash fields for integrity verification are absent, weakening the supply-chain benefit that code signing is meant to provide
package.json	Version bumped to 20.2.0, @appwrite.io/console updated to 12.1.0, and --fallback-to-source added to the windows-arm64 pkg build command which may embed source code in the binary
lib/constants.ts	SDK_VERSION bumped from 20.1.0 to 20.2.0 — straightforward version string update
install.sh	GITHUB_LATEST_VERSION updated from 20.1.0 to 20.2.0 — correct and consistent with the rest of the version bump
install.ps1	Download URLs updated from 20.1.0 to 20.2.0 for both x64 and arm64 Windows binaries — straightforward version bump
lib/commands/init.ts	Cosmetic reformatting of a console.log call — no logic change
lib/commands/push.ts	Whitespace-only reformatting of two ternary expressions and a function signature — no logic change
lib/config.ts	Formatting-only changes: multi-line wrapping of function signatures to stay within column width — no logic change
CHANGELOG.md	Adds 20.2.0 entry documenting code-signed Windows binaries via SignPath
README.md	Version strings in usage examples updated from 20.1.0 to 20.2.0
bun.lock	Lock file updated to reflect @appwrite.io/console 12.1.0 and minor dev-dependency patch bumps
package-lock.json	Lock file updated in sync with package.json version and dependency changes — consistent with bun.lock

Comments Outside Diff (1)

1. scoop/appwrite.config.json, line 8-25 (link)

   Scoop manifest is missing hash fields for the Windows binaries

   Scoop verifies downloaded files against a hash (SHA-256 by default) declared in the manifest. Without it, any file served at the release URL — including a compromised or accidentally swapped binary — installs silently. This is especially notable since the PR's primary motivation is supply-chain integrity (code signing). The hashes can be computed once the release artifacts are built and added as a follow-up before the release is published, or the workflow can compute them and patch the manifest automatically.

_{Reviews (1): Last reviewed commit: "chore: update Command Line SDK to 20.2.0" | Re-trigger Greptile}

[greptile-apps]

Signature verification only checks presence, not certificate identity

osslsigncode verify with no certificate pinning flags checks that the file contains a structurally valid Authenticode signature, but it does not validate who signed it. If the SignPath service ever returns a binary signed by an unexpected or incorrect certificate (misconfiguration, wrong policy slot, etc.), this step would still print "Succeeded" and the pipeline would continue. Consider adding -CAfile, -CRLfile, or at minimum -untrusted flags pointing to Appwrite's code-signing root CA to enforce that the binary was signed by the expected authority.

[greptile-apps]

--fallback-to-source may bundle raw source files into the ARM64 binary

The pkg --fallback-to-source flag tells pkg to include the original JavaScript source for any native module that does not have a pre-compiled binary for the target platform. Depending on which modules are involved, this could embed unobfuscated source inside the shipped .exe. It may also increase binary size noticeably. It is worth confirming this flag is strictly necessary and, if so, auditing which modules fall back and whether including their source is acceptable.