Skip to content

v0.1.0 — first OSS release

Choose a tag to compare

View all tags
@igor-ctrl igor-ctrl released this 05 May 20:21
· 38 commits to main since this release
v0.1.0
a62c9ad

First public release on PyPI as bc-cli.

The PyPI distribution name is bc-clibcli is squatted by an unrelated 2018-era package. The Python import name (import bcli) and CLI binary (bcli) are unaffected.

Added

  • SDKBCClient (sync) and AsyncBCClient (async) for Microsoft Dynamics 365 Business Central. Profile-based and programmatic construction modes.
  • CLI — Typer-based bcli with subcommands for query (get), write (post/patch/delete/attach), config, auth, registry import, batch, saved queries (q), and ETL.
  • Three-tier endpoint resolution. Custom registry → standard v2.0 → fuzzy-match suggestion. Imports from Postman v2.1, raw JSON, or live $metadata.
  • Auth — Client-credentials, device-code, browser (PKCE), and WorkOS AuthKit. Token cache with 5-min expiry buffer; OS keychain via keyring.
  • Write safetySafeContext enforces explicit environment + company_id on writes; production writes require confirm_production=True. The disable_writes profile flag adds an interactive confirmation before any mutating call.
  • Saved queries (bcli q) — Named, parameterised aliases per-profile with type/pattern/min/max/enum validation. OData v4 escape on string interpolation into filter:.
  • ETL pipeline — Built-in dlt source for incremental backup. Polaris REST catalog integration for Iceberg snapshots.
  • Telemetry — Pluggable backends (null, console, azure_monitor, arbitrary module:Class). Privacy-first defaults; opt-in capture of filter text and signed-in UPN.
  • Structured logging — JSON request logs on the bcli.http logger.

Security

Two independent review passes before publish. Highlights:

  • Project-level .bcli.toml cannot override [telemetry] backend (closes an arbitrary-Python-import RCE).
  • Token and identity caches written with 0o600 via atomic write; parent dir 0o700.
  • WorkOS role cache expires after 1 hour.
  • @odata.nextLink validated against a BC host allowlist before bearer attachment.
  • CI hardened — actions pinned by full SHA, default permissions: contents: read, uv sync --locked.
  • Saved-query OData injection prevention.

See CHANGELOG.md for the full record.

Assets 2
Loading