Merge branch 'main' into janniklasrose/vs-index

Author: janniklasrose

.agent/skills/pr-checklist/SKILL.md

@@ -16,14 +16,15 @@ Before submitting a PR, run these commands to match what CI checks. CI uses the
 # 3. Tests (CI runs with both deployment engines)
 ./task test
 
-# 4. If you changed bundle config structs or schema-related code:
+# 4. If you changed bundle config structs, schema, or direct-engine resource code:
 ./task generate-schema
+./task generate-direct
 
 # 5. If you changed files in python/:
 ./task pydabs-codegen pydabs-test pydabs-lint pydabs-docs
 
-# 6. If you changed experimental/aitools or experimental/ssh:
-./task test-exp-aitools   # only if aitools code changed
+# 6. If you changed cmd/aitools/, libs/aitools/, experimental/aitools/, or experimental/ssh/:
+./task test-exp-aitools   # only if aitools code changed (top-level or experimental)
 ./task test-exp-ssh       # only if ssh code changed
 ```
 

.codegen/_openapi_sha

@@ -1 +1 @@
-a499dda0f7802e37868d3f3076f62639165475d8
+0555d6a59265799ed8ea12f355eee662e739430d

.gitattributes

@@ -54,6 +54,7 @@ cmd/workspace/apps-settings/apps-settings.go linguist-generated=true
 cmd/workspace/apps/apps.go linguist-generated=true
 cmd/workspace/artifact-allowlists/artifact-allowlists.go linguist-generated=true
 cmd/workspace/automatic-cluster-update/automatic-cluster-update.go linguist-generated=true
+cmd/workspace/bundle/bundle.go linguist-generated=true
 cmd/workspace/catalogs/catalogs.go linguist-generated=true
 cmd/workspace/clean-room-asset-revisions/clean-room-asset-revisions.go linguist-generated=true
 cmd/workspace/clean-room-assets/clean-room-assets.go linguist-generated=true

.github/OWNERS

@@ -59,6 +59,10 @@
 # Internal
 /internal/                  team:platform
 
+# AI tools
+/cmd/aitools/               team:eng-apps-devex team:platform @lennartkats-db
+/libs/aitools/              team:eng-apps-devex team:platform @lennartkats-db
+
 # CLI compatibility manifest
 /internal/build/cli-compat.json  team:eng-apps-devex team:platform
 /libs/clicompat/                 team:eng-apps-devex team:platform

.golangci.yaml

@@ -99,6 +99,8 @@ linters:
           msg: Use errors.Is(err, fs.ErrPermission) instead.
         - pattern: 'sync\.Once\b($|[^FV])'
           msg: Use sync.OnceFunc, sync.OnceValue, or sync.OnceValues instead.
+        - pattern: 'errors\.As\b'
+          msg: 'Use errors.AsType[T](err) for type-safe error unwrapping (Go 1.26+).'
       analyze-types: true
     copyloopvar:
       check-alias: true
@@ -156,9 +158,6 @@ linters:
       enable-all: true
       disable:
         - require-error # good check, but we have too many assert.(No)?Errorf? so excluding for now
-        - empty
-        - len
-        - equal-values
         - encoded-compare # Always replaces Equal() with JSONEq, but sometimes exact string match is wanted for JSON
     exhaustive:
       default-signifies-exhaustive: true
@@ -180,10 +179,6 @@ linters:
         path: "_test\\.go$"
         linters:
           - forbidigo
-      # TODO: remove these exceptions by moving the dependency out of experimental/.
-      - path: cmd/apps/init.go
-        linters:
-          - depguard
 issues:
   max-issues-per-linter: 1000
   max-same-issues: 1000

.release_metadata.json

@@ -1,3 +1,3 @@
 {
-    "timestamp": "2026-05-13 14:20:07+0000"
+    "timestamp": "2026-05-21 08:07:33+0000"
 }

CHANGELOG.md

@@ -1,5 +1,31 @@
 # Version changelog
 
+## Release v1.0.0 (2026-05-21)
+
+### Notable Changes
+
+* The Databricks CLI is now generally available with version v1.0.0 as the first major release 🚀. From this version on, the CLI follows semantic versioning (see [README](README.md)). This change does not impact DABs or other existing commands beyond the changes listed below.
+* The 0.299.x line continues to receive security-critical patches through May 20, 2027; see [SECURITY](SECURITY.md) for the support policy.
+* Starting with v1.0.0, the CLI will use [immutable release tags](https://docs.github.com/en/code-security/concepts/supply-chain-security/immutable-releases) to increase security against supply chain attacks.
+* Breaking change: OAuth tokens for interactive logins (`auth_type = databricks-cli`) are now stored in the OS-native secure store by default (Keychain on macOS, Credential Manager on Windows, Secret Service on Linux) instead of `~/.databricks/token-cache.json`. After upgrading, run `databricks auth login` once per profile to re-authenticate; cached tokens from older versions are not migrated. To keep the previous file-backed storage, set `DATABRICKS_AUTH_STORAGE=plaintext` or add `auth_storage = plaintext` under `[__settings__]` in `~/.databrickscfg` (the env var takes precedence over the config setting), then re-run `databricks auth login`. On systems where the OS keyring is not reachable (e.g. Linux containers without a D-Bus session bus), the CLI transparently falls back to the file cache when reading tokens so legacy `token-cache.json` entries remain accessible without manual configuration.
+
+### CLI
+
+* Added `databricks aitools` command group for installing Databricks skills into your coding agents (Claude Code, Cursor, Codex CLI, OpenCode, GitHub Copilot, Antigravity). Skills are fetched from [github.com/databricks/databricks-agent-skills](https://github.com/databricks/databricks-agent-skills) and either symlinked into each agent's skills directory or copied into the current project. Use `databricks aitools install` to set up, `update` to pull newer versions, `list` to see what's available, and `uninstall` to remove them. Pick where they go with `--scope=project|global` (`--scope=both` is accepted on `update` and `list`).
+* `[__settings__].default_profile` is now consulted as a fallback by `databricks api`, `databricks auth token`, and bundle commands when neither `--profile` nor `DATABRICKS_CONFIG_PROFILE` is set. `databricks auth token` continues to give precedence to `DATABRICKS_HOST` over `default_profile`. For bundle commands, `default_profile` only applies when the bundle does not pin its own `workspace.host`.
+* Fixed bug where auth commands did not load the DEFAULT profile properly during auth where type is `databricks-cli`.
+* `databricks workspace import-dir` now skips `.git`, `.databricks`, and `node_modules` directories during recursive imports. To import one of these directories deliberately, pass it as `SOURCE_PATH` ([#5118](https://github.com/databricks/cli/pull/5118)).
+* `databricks postgres create-role --help` now documents the `--json` body shape and rejects the common mistake of wrapping the body in `{"role": ...}` client-side with a hint pointing at the correct shape ([#5111](https://github.com/databricks/cli/pull/5111)).
+* `databricks aitools list` honors `--output json`, emitting a structured `{release, skills[...], summary{}}` document so coding agents and CI can consume the skill/version/installation matrix without scraping the tabular text output ([#5233](https://github.com/databricks/cli/pull/5233)).
+
+### Bundles
+* Make sure warnings asking for approval are understood by agents ([#5239](https://github.com/databricks/cli/pull/5239))
+* Support `replace_existing: true` on `postgres_branches` and `postgres_endpoints` so bundles can manage the implicitly-created production branch and primary read-write endpoint of a Lakebase project.
+* Add `postgres_catalogs` resource to bind a Unity Catalog catalog to a Postgres database on a Lakebase Autoscaling branch ([#5265](https://github.com/databricks/cli/pull/5265)).
+* Add `postgres_synced_tables` resource to sync a Unity Catalog Delta table into a Postgres table on a Lakebase Autoscaling branch ([#5268](https://github.com/databricks/cli/pull/5268)).
+* engine/direct: Changes to state file now persisted to .wal file right away instead of being saved in the end ([#5149](https://github.com/databricks/cli/pull/5149))
+
+
 ## Release v0.299.2 (2026-05-13)
 
 ### Notable Changes

NEXT_CHANGELOG.md

@@ -1,14 +1,17 @@
 # NEXT CHANGELOG
 
-## Release v0.300.0
+## Release v1.1.0
 
 ### Notable Changes
 
 ### CLI
 
 ### Bundles
-* Make sure warnings asking for approval are understood by agents ([#5239](https://github.com/databricks/cli/pull/5239))
+* The error reported when a direct-only resource (catalogs, external locations, vector search endpoints) is used with the terraform engine now also suggests setting `bundle.engine: direct` in `databricks.yml`, in addition to the `DATABRICKS_BUNDLE_ENGINE` environment variable ([#5295](https://github.com/databricks/cli/pull/5295)).
 
 * Added `vector_search_indexes` as a bundle resource (direct engine only). Supports UC grants and prompts for confirmation on recreate or delete since both are destructive ([#5123](https://github.com/databricks/cli/pull/5123)).
 
 ### Dependency updates
+
+* Bump Go toolchain to 1.26.3 ([#5302](https://github.com/databricks/cli/pull/5302)).
+* Bump `github.com/databricks/databricks-sdk-go` from v0.132.0 to v0.136.0.

README.md

@@ -2,8 +2,6 @@
 
 [![build](https://github.com/databricks/cli/workflows/build/badge.svg?branch=main)](https://github.com/databricks/cli/actions?query=workflow%3Abuild+branch%3Amain)
 
-This project is in Public Preview.
-
 Documentation is available at https://docs.databricks.com/dev-tools/cli/databricks-cli.html.
 
 ## Installation
@@ -36,5 +34,30 @@ This CLI follows the Databricks Unified Authentication principles.
 
 You can find a detailed description at https://github.com/databricks/databricks-sdk-go#authentication.
 
+## Stability Policy
+
+### Feature stability
+
+Commands and flags are stable by default and will not break within a major version.
+
+Some features are unstable and may change in any MINOR release:
+
+- Commands and flags marked **Beta** or **Private Preview** in their `--help` output.
+- Commands in the `databricks experimental` group.
+
+### Versioning
+
+The CLI follows [Semantic Versioning](https://semver.org) (`MAJOR.MINOR.PATCH`):
+
+- `MAJOR` is incremented for breaking changes to **stable** features.
+- `MINOR` is incremented for new features and for breaking changes to **unstable** features.
+- `PATCH` is incremented for backward-compatible bug fixes, security fixes, and dependency updates.
+
+Databricks may ship a breaking change to a stable feature without a major version bump in exceptional circumstances where waiting for the next major version would itself cause greater harm: an active security incident, a legal or compliance requirement, or a regression introduced in the current major version. Any such exceptional change is announced in the release notes.
+
+### Security patches
+
+Security patches ship on the current release, and on specific older versions listed in [`SECURITY.md`](./SECURITY.md). The CLI does not currently offer a broader long-term support commitment.
+
 ## Privacy Notice
 Databricks CLI use is subject to the [Databricks License](https://github.com/databricks/cli/blob/main/LICENSE) and [Databricks Privacy Notice](https://www.databricks.com/legal/privacynotice), including any Usage Data provisions.

SECURITY.md

@@ -1,4 +1,14 @@
 ## Reporting a Vulnerability
 
-We appreciate any security concerns brought to our attention and encourage you to notify us of any potential vulnerabilities discovered in our systems or products.
-If you believe you have found a security vulnerability, please report it to us at [security@databricks.com](mailto:security@databricks.com).
+We appreciate any security concerns brought to our attention and encourage you to notify us of any potential vulnerabilities discovered in our systems or products. If you believe you have found a security vulnerability, please report it to us at [security@databricks.com](mailto:security@databricks.com).
+
+## Supported Versions
+
+The following versions receive security patches:
+
+| Version | Notes |
+| :---- | :---- |
+| Latest release | Active development line. |
+| `v0.299.x` | Extended security support until 2027-05-20. |
+
+Other versions of the CLI do not receive patches.