@fateforge/archery-cli 1.0.7 → 1.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/docs/LIVE-SMOKE-EVIDENCE.md +18 -0
- package/package.json +11 -7
- package/skills/archery-cli/SKILL.md +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [Unreleased]
|
|
9
|
+
|
|
10
|
+
## [1.0.8] - 2026-06-17
|
|
11
|
+
|
|
12
|
+
### Fixed
|
|
13
|
+
|
|
14
|
+
- **2FA login now works against real Archery.** Session-mode login posted the OTP to `/api/v1/user/2fa/` (the 2FA *config* endpoint) instead of `/api/v1/user/2fa/verify/`, and never replayed the temp `session_key` from `/authenticate/` as the `sessionid` cookie — so the verify view could not find the password-verified user and rejected every code as wrong/expired, even when correct. The OTP is now posted to `/api/v1/user/2fa/verify/` with the temp session replayed as the `sessionid` cookie, matching Archery's real handshake. Verified live against `hhyo/archery:v1.8.5` (correct code logs in and caches the session; a wrong code returns the server's `验证码不正确!`). The prior unit test was self-fulfilling (its mock accepted exactly what the client sent); it now faithfully encodes the real contract — correct endpoint plus replayed session cookie — so a regression on either half fails the test.
|
|
15
|
+
|
|
8
16
|
## [1.0.7] - 2026-06-16
|
|
9
17
|
|
|
10
18
|
### Fixed
|
|
@@ -361,6 +361,24 @@ intermittently returned `用户名或密码错误`. Using `http://127.0.0.1:9123
|
|
|
361
361
|
defect; the session login flow itself (GET csrf → POST authenticate → cookie)
|
|
362
362
|
matches the verified curl flow byte-for-byte.
|
|
363
363
|
|
|
364
|
+
## 2026-06-17 — 1.0.8 real 2FA login round-trip (closes the prior 2FA gap)
|
|
365
|
+
|
|
366
|
+
The earlier runs could only mock 2FA because the `cli_verify` account had no 2FA
|
|
367
|
+
enabled. A dedicated TOTP account was seeded on the same `tools-e2e-archery`
|
|
368
|
+
container (`hhyo/archery:v1.8.5`) — user `cli2fa`, `TwoFactorAuthConfig` with a
|
|
369
|
+
known base32 secret — so valid codes can be minted with `pyotp` and the real
|
|
370
|
+
`/authenticate/` → `/api/v1/user/2fa/verify/` handshake is exercised end to end.
|
|
371
|
+
|
|
372
|
+
| Check | Status | Evidence |
|
|
373
|
+
|-------|--------|----------|
|
|
374
|
+
| Correct OTP completes login | live | PASS — `auth login --otp <fresh>` → `ok:true`, "session cookie cached successfully". The OTP is posted to `/api/v1/user/2fa/verify/` with the temp `session_key` replayed as the `sessionid` cookie. |
|
|
375
|
+
| Cached 2FA session is usable | live | PASS — a following `doctor --region local` (no OTP) shows `authValid:true`, `username:cli2fa`, `mode:session`. |
|
|
376
|
+
| Wrong OTP rejected cleanly | live | PASS — `--otp 000000` → `ok:false`, server message `验证码不正确!` (real `TwoFAVerify` rejection, not the client's generic fallback). |
|
|
377
|
+
| Wrong endpoint regression guard | unit | The faithful mock now requires `/api/v1/user/2fa/verify/` **and** the replayed `sessionid` cookie; reverting either half fails `TestEnsureSession_2FAWithOTPSucceeds`. |
|
|
378
|
+
|
|
379
|
+
This **closes the "honest gap"** recorded for 1.0.5 below: the real
|
|
380
|
+
`/api/v1/user/2fa/verify/` round-trip is now live-verified.
|
|
381
|
+
|
|
364
382
|
## 2026-06-16 — 1.0.5 features (read-only, 2FA, param unification, detail rework)
|
|
365
383
|
|
|
366
384
|
Verified against the same `tools-e2e-archery` container (`hhyo/archery:v1.8.5`,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@fateforge/archery-cli",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.8",
|
|
4
4
|
"description": "Archery SQL audit CLI for AI Agents - manage SQL workflows, queries, instances, diagnostics, and data dictionaries with a machine-readable contract",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"archery",
|
|
@@ -25,13 +25,17 @@
|
|
|
25
25
|
"bin": {
|
|
26
26
|
"archery-cli": "scripts/run.js"
|
|
27
27
|
},
|
|
28
|
+
"scripts": {
|
|
29
|
+
"version": "node scripts/sync-version.js",
|
|
30
|
+
"check-version": "node scripts/check-version.js"
|
|
31
|
+
},
|
|
28
32
|
"optionalDependencies": {
|
|
29
|
-
"@fateforge/archery-cli-darwin-arm64": "1.0.
|
|
30
|
-
"@fateforge/archery-cli-darwin-x64": "1.0.
|
|
31
|
-
"@fateforge/archery-cli-linux-arm64": "1.0.
|
|
32
|
-
"@fateforge/archery-cli-linux-x64": "1.0.
|
|
33
|
-
"@fateforge/archery-cli-win32-arm64": "1.0.
|
|
34
|
-
"@fateforge/archery-cli-win32-x64": "1.0.
|
|
33
|
+
"@fateforge/archery-cli-darwin-arm64": "1.0.8",
|
|
34
|
+
"@fateforge/archery-cli-darwin-x64": "1.0.8",
|
|
35
|
+
"@fateforge/archery-cli-linux-arm64": "1.0.8",
|
|
36
|
+
"@fateforge/archery-cli-linux-x64": "1.0.8",
|
|
37
|
+
"@fateforge/archery-cli-win32-arm64": "1.0.8",
|
|
38
|
+
"@fateforge/archery-cli-win32-x64": "1.0.8"
|
|
35
39
|
},
|
|
36
40
|
"files": [
|
|
37
41
|
"scripts/run.js",
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: archery-cli
|
|
3
|
-
version: "1.0.
|
|
3
|
+
version: "1.0.8"
|
|
4
4
|
description: "Archery SQL audit platform CLI for managing SQL workflows, queries, instances, diagnostics. Use when the user asks about SQL审核, database operations, Archery platform management, or needs to submit/review/execute SQL against database instances."
|
|
5
5
|
license: MIT
|
|
6
6
|
user-invocable: true
|
|
7
|
-
metadata: {"requires":{"bins":["archery-cli"],"min_version":"1.0.
|
|
7
|
+
metadata: {"requires":{"bins":["archery-cli"],"min_version":"1.0.8"}}
|
|
8
8
|
---
|
|
9
9
|
|
|
10
10
|
# archery-cli
|