@andrzejchm/notion-cli 0.1.2 → 0.2.0

package/dist/cli.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 // src/cli.ts
-import { Command as Command14 } from "commander";
+import { Command as Command20 } from "commander";
 import { fileURLToPath } from "url";
 import { dirname, join as join3 } from "path";
 import { readFileSync } from "fs";
@@ -21,6 +21,9 @@ function createChalk() {
   const level = isColorEnabled() ? void 0 : 0;
   return new Chalk({ level });
 }
+function error(msg) {
+  return createChalk().red(msg);
+}
 function success(msg) {
   return createChalk().green(msg);
 }
@@ -347,14 +350,468 @@ function initCommand() {
     } catch {
       stderrWrite(dim("(Could not verify integration access \u2014 run `notion ls` to check)"));
     }
+    stderrWrite("");
+    stderrWrite(dim("Write commands (comment, append, create-page) require additional"));
+    stderrWrite(dim("capabilities in your integration settings:"));
+    stderrWrite(dim("  notion.so/profile/integrations/internal \u2192 your integration \u2192"));
+    stderrWrite(dim('  Capabilities: enable "Read content", "Insert content", "Read comments", "Insert comments"'));
+    stderrWrite("");
+    stderrWrite(dim("To post comments and create pages attributed to your user account:"));
+    stderrWrite(dim("  notion auth login"));
   }));
   return cmd;
 }
 
-// src/commands/profile/list.ts
+// src/commands/auth/login.ts
 import { Command as Command2 } from "commander";
+
+// src/oauth/oauth-client.ts
+var OAUTH_CLIENT_ID = "314d872b-594c-818d-8c02-0037a9d4be1f";
+var OAUTH_CLIENT_SECRET = "secret_DfokG3sCdjylsYxIX26cSlFUadspf6D4Jr5gaVjO7xv";
+var OAUTH_REDIRECT_URI = "http://localhost:54321/oauth/callback";
+function buildAuthUrl(state) {
+  const params = new URLSearchParams({
+    client_id: OAUTH_CLIENT_ID,
+    redirect_uri: OAUTH_REDIRECT_URI,
+    response_type: "code",
+    owner: "user",
+    state
+  });
+  return `https://api.notion.com/v1/oauth/authorize?${params.toString()}`;
+}
+function basicAuth() {
+  return Buffer.from(`${OAUTH_CLIENT_ID}:${OAUTH_CLIENT_SECRET}`).toString("base64");
+}
+async function exchangeCode(code, redirectUri = OAUTH_REDIRECT_URI) {
+  const response = await fetch("https://api.notion.com/v1/oauth/token", {
+    method: "POST",
+    headers: {
+      "Authorization": `Basic ${basicAuth()}`,
+      "Content-Type": "application/json",
+      "Notion-Version": "2022-06-28"
+    },
+    body: JSON.stringify({
+      grant_type: "authorization_code",
+      code,
+      redirect_uri: redirectUri
+    })
+  });
+  if (!response.ok) {
+    let errorMessage = `OAuth token exchange failed (HTTP ${response.status})`;
+    try {
+      const body = await response.json();
+      if (body.error_description) errorMessage = body.error_description;
+      else if (body.error) errorMessage = body.error;
+    } catch {
+    }
+    throw new CliError(
+      ErrorCodes.AUTH_INVALID,
+      errorMessage,
+      'Run "notion auth login" to restart the OAuth flow'
+    );
+  }
+  const data = await response.json();
+  return data;
+}
+async function refreshAccessToken(refreshToken) {
+  const response = await fetch("https://api.notion.com/v1/oauth/token", {
+    method: "POST",
+    headers: {
+      "Authorization": `Basic ${basicAuth()}`,
+      "Content-Type": "application/json",
+      "Notion-Version": "2022-06-28"
+    },
+    body: JSON.stringify({
+      grant_type: "refresh_token",
+      refresh_token: refreshToken
+    })
+  });
+  if (!response.ok) {
+    let errorMessage = `OAuth token refresh failed (HTTP ${response.status})`;
+    try {
+      const body = await response.json();
+      if (body.error_description) errorMessage = body.error_description;
+      else if (body.error) errorMessage = body.error;
+    } catch {
+    }
+    throw new CliError(
+      ErrorCodes.AUTH_INVALID,
+      errorMessage,
+      'Run "notion auth login" to re-authenticate'
+    );
+  }
+  const data = await response.json();
+  return data;
+}
+
+// src/oauth/oauth-flow.ts
+import { createServer } from "http";
+import { randomBytes } from "crypto";
+import { spawn } from "child_process";
+import { createInterface } from "readline";
+function openBrowser(url) {
+  const platform = process.platform;
+  let cmd;
+  let args;
+  if (platform === "darwin") {
+    cmd = "open";
+    args = [url];
+  } else if (platform === "win32") {
+    cmd = "cmd";
+    args = ["/c", "start", url];
+  } else {
+    cmd = "xdg-open";
+    args = [url];
+  }
+  try {
+    const child = spawn(cmd, args, {
+      detached: true,
+      stdio: "ignore"
+    });
+    child.unref();
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function manualFlow(url) {
+  process.stderr.write(
+    `
+Opening browser to:
+  ${url}
+
+Paste the full redirect URL here (${OAUTH_REDIRECT_URI}?code=...):
+> `
+  );
+  const rl = createInterface({
+    input: process.stdin,
+    output: process.stderr,
+    terminal: false
+  });
+  return new Promise((resolve, reject) => {
+    rl.once("line", (line) => {
+      rl.close();
+      try {
+        const parsed = new URL(line.trim());
+        const code = parsed.searchParams.get("code");
+        const state = parsed.searchParams.get("state");
+        const errorParam = parsed.searchParams.get("error");
+        if (errorParam === "access_denied") {
+          reject(
+            new CliError(
+              ErrorCodes.AUTH_INVALID,
+              "Notion OAuth access was denied.",
+              'Run "notion auth login" to try again'
+            )
+          );
+          return;
+        }
+        if (!code || !state) {
+          reject(
+            new CliError(
+              ErrorCodes.AUTH_INVALID,
+              "Invalid redirect URL \u2014 missing code or state parameter.",
+              "Make sure you paste the full redirect URL from the browser address bar"
+            )
+          );
+          return;
+        }
+        resolve({ code, state });
+      } catch {
+        reject(
+          new CliError(
+            ErrorCodes.AUTH_INVALID,
+            "Could not parse the pasted URL.",
+            "Make sure you paste the full redirect URL from the browser address bar"
+          )
+        );
+      }
+    });
+    rl.once("close", () => {
+      reject(
+        new CliError(
+          ErrorCodes.AUTH_INVALID,
+          "No redirect URL received.",
+          'Run "notion auth login" to try again'
+        )
+      );
+    });
+  });
+}
+async function runOAuthFlow(options) {
+  const state = randomBytes(16).toString("hex");
+  const authUrl = buildAuthUrl(state);
+  if (options?.manual) {
+    return manualFlow(authUrl);
+  }
+  return new Promise((resolve, reject) => {
+    let settled = false;
+    let timeoutHandle = null;
+    const server = createServer((req, res) => {
+      if (settled) {
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end("<html><body><h1>Already handled. You can close this tab.</h1></body></html>");
+        return;
+      }
+      try {
+        const reqUrl = new URL(req.url ?? "/", `http://localhost:54321`);
+        const code = reqUrl.searchParams.get("code");
+        const returnedState = reqUrl.searchParams.get("state");
+        const errorParam = reqUrl.searchParams.get("error");
+        if (errorParam === "access_denied") {
+          settled = true;
+          res.writeHead(200, { "Content-Type": "text/html" });
+          res.end(
+            "<html><body><h1>Access Denied</h1><p>You cancelled the Notion OAuth request. You can close this tab.</p></body></html>"
+          );
+          if (timeoutHandle) clearTimeout(timeoutHandle);
+          server.close(() => {
+            reject(
+              new CliError(
+                ErrorCodes.AUTH_INVALID,
+                "Notion OAuth access was denied.",
+                'Run "notion auth login" to try again'
+              )
+            );
+          });
+          return;
+        }
+        if (!code || !returnedState) {
+          res.writeHead(200, { "Content-Type": "text/html" });
+          res.end("<html><body><p>Waiting for OAuth callback...</p></body></html>");
+          return;
+        }
+        if (returnedState !== state) {
+          settled = true;
+          res.writeHead(400, { "Content-Type": "text/html" });
+          res.end(
+            "<html><body><h1>Security Error</h1><p>State mismatch \u2014 possible CSRF attempt. You can close this tab.</p></body></html>"
+          );
+          if (timeoutHandle) clearTimeout(timeoutHandle);
+          server.close(() => {
+            reject(
+              new CliError(
+                ErrorCodes.AUTH_INVALID,
+                "OAuth state mismatch \u2014 possible CSRF attempt. Aborting.",
+                'Run "notion auth login" to start a fresh OAuth flow'
+              )
+            );
+          });
+          return;
+        }
+        settled = true;
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end(
+          "<html><body><h1>Authenticated!</h1><p>You can close this tab and return to the terminal.</p></body></html>"
+        );
+        if (timeoutHandle) clearTimeout(timeoutHandle);
+        server.close(() => {
+          resolve({ code, state: returnedState });
+        });
+      } catch {
+        res.writeHead(500, { "Content-Type": "text/html" });
+        res.end("<html><body><h1>Error processing callback</h1></body></html>");
+      }
+    });
+    server.on("error", (err) => {
+      if (settled) return;
+      settled = true;
+      if (timeoutHandle) clearTimeout(timeoutHandle);
+      reject(
+        new CliError(
+          ErrorCodes.AUTH_INVALID,
+          `Failed to start OAuth callback server: ${err.message}`,
+          "Make sure port 54321 is not in use, or use --manual flag"
+        )
+      );
+    });
+    server.listen(54321, "127.0.0.1", () => {
+      const browserOpened = openBrowser(authUrl);
+      if (!browserOpened) {
+        server.close();
+        settled = true;
+        if (timeoutHandle) clearTimeout(timeoutHandle);
+        manualFlow(authUrl).then(resolve, reject);
+        return;
+      }
+      process.stderr.write(
+        `
+Opening browser for Notion OAuth...
+If your browser didn't open, visit:
+  ${authUrl}
+
+Waiting for callback (up to 120 seconds)...
+`
+      );
+      timeoutHandle = setTimeout(() => {
+        if (settled) return;
+        settled = true;
+        server.close(() => {
+          reject(
+            new CliError(
+              ErrorCodes.AUTH_INVALID,
+              "OAuth login timed out after 120 seconds.",
+              'Run "notion auth login" to try again, or use --manual flag'
+            )
+          );
+        });
+      }, 12e4);
+    });
+  });
+}
+
+// src/oauth/token-store.ts
+var OAUTH_EXPIRY_DURATION_MS = 60 * 60 * 1e3;
+async function saveOAuthTokens(profileName, response) {
+  const config = await readGlobalConfig();
+  const existing = config.profiles?.[profileName] ?? {};
+  const updatedProfile = {
+    ...existing,
+    oauth_access_token: response.access_token,
+    oauth_refresh_token: response.refresh_token,
+    oauth_expiry_ms: Date.now() + OAUTH_EXPIRY_DURATION_MS,
+    workspace_id: response.workspace_id,
+    workspace_name: response.workspace_name,
+    ...response.owner?.user?.id != null && { oauth_user_id: response.owner.user.id },
+    ...response.owner?.user?.name != null && { oauth_user_name: response.owner.user.name }
+  };
+  config.profiles = {
+    ...config.profiles,
+    [profileName]: updatedProfile
+  };
+  await writeGlobalConfig(config);
+}
+async function clearOAuthTokens(profileName) {
+  const config = await readGlobalConfig();
+  const existing = config.profiles?.[profileName];
+  if (!existing) return;
+  const {
+    oauth_access_token: _access,
+    oauth_refresh_token: _refresh,
+    oauth_expiry_ms: _expiry,
+    oauth_user_id: _userId,
+    oauth_user_name: _userName,
+    ...rest
+  } = existing;
+  config.profiles = {
+    ...config.profiles,
+    [profileName]: rest
+  };
+  await writeGlobalConfig(config);
+}
+
+// src/commands/auth/login.ts
+function loginCommand() {
+  const cmd = new Command2("login");
+  cmd.description("authenticate with Notion via OAuth browser flow").option("--profile <name>", "profile name to store credentials in").option("--manual", "print auth URL instead of opening browser (for headless environments)").action(
+    withErrorHandling(async (opts) => {
+      if (!process.stdin.isTTY && !opts.manual) {
+        throw new CliError(
+          ErrorCodes.AUTH_NO_TOKEN,
+          "Cannot run interactive OAuth login in non-TTY mode.",
+          "Use --manual flag to get an auth URL you can open in a browser"
+        );
+      }
+      let profileName = opts.profile;
+      if (!profileName) {
+        const config = await readGlobalConfig();
+        profileName = config.active_profile ?? "default";
+      }
+      const result = await runOAuthFlow({ manual: opts.manual });
+      const response = await exchangeCode(result.code);
+      await saveOAuthTokens(profileName, response);
+      const userName = response.owner?.user?.name ?? "unknown user";
+      const workspaceName = response.workspace_name ?? "unknown workspace";
+      stderrWrite(success(`\u2713 Logged in as ${userName} to workspace ${workspaceName}`));
+      stderrWrite(dim("Your comments and pages will now be attributed to your Notion account."));
+    })
+  );
+  return cmd;
+}
+
+// src/commands/auth/logout.ts
+import { Command as Command3 } from "commander";
+function logoutCommand() {
+  const cmd = new Command3("logout");
+  cmd.description("remove OAuth tokens from the active profile").option("--profile <name>", "profile name to log out from").action(
+    withErrorHandling(async (opts) => {
+      let profileName = opts.profile;
+      if (!profileName) {
+        const config2 = await readGlobalConfig();
+        profileName = config2.active_profile ?? "default";
+      }
+      const config = await readGlobalConfig();
+      const profile = config.profiles?.[profileName];
+      if (!profile?.oauth_access_token) {
+        stderrWrite(`No OAuth session found for profile '${profileName}'.`);
+        return;
+      }
+      await clearOAuthTokens(profileName);
+      stderrWrite(success(`\u2713 Logged out. OAuth tokens removed from profile '${profileName}'.`));
+      stderrWrite(
+        dim(
+          `Internal integration token (if any) is still active. Run 'notion init' to change it.`
+        )
+      );
+    })
+  );
+  return cmd;
+}
+
+// src/commands/auth/status.ts
+import { Command as Command4 } from "commander";
+function statusCommand() {
+  const cmd = new Command4("status");
+  cmd.description("show authentication status for the active profile").option("--profile <name>", "profile name to check").action(
+    withErrorHandling(async (opts) => {
+      let profileName = opts.profile;
+      const config = await readGlobalConfig();
+      if (!profileName) {
+        profileName = config.active_profile ?? "default";
+      }
+      const profile = config.profiles?.[profileName];
+      stderrWrite(`Profile: ${profileName}`);
+      if (!profile) {
+        stderrWrite(`  ${error("\u2717")} No profile found (run 'notion init' to create one)`);
+        return;
+      }
+      if (profile.oauth_access_token) {
+        const userName = profile.oauth_user_name ?? "unknown";
+        const userId = profile.oauth_user_id ?? "unknown";
+        stderrWrite(`  OAuth: ${success("\u2713")} Logged in as ${userName} (user: ${userId})`);
+        if (profile.oauth_expiry_ms != null) {
+          const expiryDate = new Date(profile.oauth_expiry_ms).toISOString();
+          stderrWrite(dim(`         Access token expires: ${expiryDate}`));
+        }
+      } else {
+        stderrWrite(
+          `  OAuth: ${error("\u2717")} Not logged in (run 'notion auth login')`
+        );
+      }
+      if (profile.token) {
+        const tokenPreview = profile.token.substring(0, 10) + "...";
+        stderrWrite(`  Internal token: ${success("\u2713")} Configured (${tokenPreview})`);
+      } else {
+        stderrWrite(`  Internal token: ${error("\u2717")} Not configured`);
+      }
+      if (profile.oauth_access_token) {
+        stderrWrite(`  Active method: OAuth (user-attributed)`);
+      } else if (profile.token) {
+        stderrWrite(`  Active method: Internal integration token (bot-attributed)`);
+      } else {
+        stderrWrite(
+          dim(`  Active method: None (run 'notion auth login' or 'notion init')`)
+        );
+      }
+    })
+  );
+  return cmd;
+}
+
+// src/commands/profile/list.ts
+import { Command as Command5 } from "commander";
 function profileListCommand() {
-  const cmd = new Command2("list");
+  const cmd = new Command5("list");
   cmd.description("list all authentication profiles").action(withErrorHandling(async () => {
     const config = await readGlobalConfig();
     const profiles = config.profiles ?? {};
@@ -377,9 +834,9 @@ function profileListCommand() {
 }
 
 // src/commands/profile/use.ts
-import { Command as Command3 } from "commander";
+import { Command as Command6 } from "commander";
 function profileUseCommand() {
-  const cmd = new Command3("use");
+  const cmd = new Command6("use");
   cmd.description("switch the active profile").argument("<name>", "profile name to activate").action(withErrorHandling(async (name) => {
     const config = await readGlobalConfig();
     const profiles = config.profiles ?? {};
@@ -400,9 +857,9 @@ function profileUseCommand() {
 }
 
 // src/commands/profile/remove.ts
-import { Command as Command4 } from "commander";
+import { Command as Command7 } from "commander";
 function profileRemoveCommand() {
-  const cmd = new Command4("remove");
+  const cmd = new Command7("remove");
   cmd.description("remove an authentication profile").argument("<name>", "profile name to remove").action(withErrorHandling(async (name) => {
     const config = await readGlobalConfig();
     const profiles = { ...config.profiles ?? {} };
@@ -426,7 +883,7 @@ function profileRemoveCommand() {
 }
 
 // src/commands/completion.ts
-import { Command as Command5 } from "commander";
+import { Command as Command8 } from "commander";
 var BASH_COMPLETION = `# notion bash completion
 _notion_completion() {
   local cur prev words cword
@@ -528,7 +985,7 @@ complete -c notion -n '__fish_seen_subcommand_from completion' -a zsh -d 'zsh co
 complete -c notion -n '__fish_seen_subcommand_from completion' -a fish -d 'fish completion script'
 `;
 function completionCommand() {
-  const cmd = new Command5("completion");
+  const cmd = new Command8("completion");
   cmd.description("output shell completion script").argument("<shell>", "shell type (bash, zsh, fish)").action(withErrorHandling(async (shell) => {
     switch (shell) {
       case "bash":
@@ -552,7 +1009,7 @@ function completionCommand() {
 }
 
 // src/commands/search.ts
-import { Command as Command6 } from "commander";
+import { Command as Command9 } from "commander";
 import { isFullPageOrDataSource } from "@notionhq/client";
 
 // src/config/local-config.ts
@@ -595,6 +1052,36 @@ async function readLocalConfig() {
 }
 
 // src/config/token.ts
+function isOAuthExpired(profile) {
+  if (profile.oauth_expiry_ms == null) return false;
+  return Date.now() >= profile.oauth_expiry_ms;
+}
+async function resolveOAuthToken(profileName, profile) {
+  if (!profile.oauth_access_token) return null;
+  if (!isOAuthExpired(profile)) {
+    return profile.oauth_access_token;
+  }
+  if (!profile.oauth_refresh_token) {
+    await clearOAuthTokens(profileName);
+    throw new CliError(
+      ErrorCodes.AUTH_NO_TOKEN,
+      "OAuth session expired and no refresh token is available.",
+      'Run "notion auth login" to re-authenticate'
+    );
+  }
+  try {
+    const refreshed = await refreshAccessToken(profile.oauth_refresh_token);
+    await saveOAuthTokens(profileName, refreshed);
+    return refreshed.access_token;
+  } catch {
+    await clearOAuthTokens(profileName);
+    throw new CliError(
+      ErrorCodes.AUTH_NO_TOKEN,
+      'OAuth session expired. Run "notion auth login" to re-authenticate.',
+      "Your session was revoked or the refresh token has expired"
+    );
+  }
+}
 async function resolveToken() {
   const envToken = process.env["NOTION_API_TOKEN"];
   if (envToken) {
@@ -607,17 +1094,29 @@ async function resolveToken() {
     }
     if (localConfig.profile) {
       const globalConfig2 = await readGlobalConfig();
-      const profileToken = globalConfig2.profiles?.[localConfig.profile]?.token;
-      if (profileToken) {
-        return { token: profileToken, source: `profile: ${localConfig.profile}` };
+      const profile = globalConfig2.profiles?.[localConfig.profile];
+      if (profile) {
+        const oauthToken = await resolveOAuthToken(localConfig.profile, profile);
+        if (oauthToken) {
+          return { token: oauthToken, source: "oauth" };
+        }
+        if (profile.token) {
+          return { token: profile.token, source: `profile: ${localConfig.profile}` };
+        }
       }
     }
   }
   const globalConfig = await readGlobalConfig();
   if (globalConfig.active_profile) {
-    const profileToken = globalConfig.profiles?.[globalConfig.active_profile]?.token;
-    if (profileToken) {
-      return { token: profileToken, source: `profile: ${globalConfig.active_profile}` };
+    const profile = globalConfig.profiles?.[globalConfig.active_profile];
+    if (profile) {
+      const oauthToken = await resolveOAuthToken(globalConfig.active_profile, profile);
+      if (oauthToken) {
+        return { token: oauthToken, source: "oauth" };
+      }
+      if (profile.token) {
+        return { token: profile.token, source: `profile: ${globalConfig.active_profile}` };
+      }
     }
   }
   throw new CliError(
@@ -645,7 +1144,7 @@ function displayType(item) {
   return item.object === "data_source" ? "database" : item.object;
 }
 function searchCommand() {
-  const cmd = new Command6("search");
+  const cmd = new Command9("search");
   cmd.description("search Notion workspace by keyword").argument("<query>", "search keyword").option("--type <type>", "filter by object type (page or database)", (val) => {
     if (val !== "page" && val !== "database") {
       throw new Error('--type must be "page" or "database"');
@@ -690,7 +1189,7 @@ function searchCommand() {
 }
 
 // src/commands/ls.ts
-import { Command as Command7 } from "commander";
+import { Command as Command10 } from "commander";
 import { isFullPageOrDataSource as isFullPageOrDataSource2 } from "@notionhq/client";
 function getTitle2(item) {
   if (item.object === "data_source") {
@@ -706,7 +1205,7 @@ function displayType2(item) {
   return item.object === "data_source" ? "database" : item.object;
 }
 function lsCommand() {
-  const cmd = new Command7("ls");
+  const cmd = new Command10("ls");
   cmd.description("list accessible Notion pages and databases").option("--type <type>", "filter by object type (page or database)", (val) => {
     if (val !== "page" && val !== "database") {
       throw new Error('--type must be "page" or "database"');
@@ -756,7 +1255,7 @@ function lsCommand() {
 // src/commands/open.ts
 import { exec } from "child_process";
 import { promisify } from "util";
-import { Command as Command8 } from "commander";
+import { Command as Command11 } from "commander";
 
 // src/notion/url-parser.ts
 var NOTION_ID_REGEX = /^[0-9a-f]{32}$/i;
@@ -790,7 +1289,7 @@ function toUuid(id) {
 // src/commands/open.ts
 var execAsync = promisify(exec);
 function openCommand() {
-  const cmd = new Command8("open");
+  const cmd = new Command11("open");
   cmd.description("open a Notion page in the default browser").argument("<id/url>", "Notion page ID or URL").action(withErrorHandling(async (idOrUrl) => {
     const id = parseNotionId(idOrUrl);
     const url = `https://www.notion.so/${id}`;
@@ -804,7 +1303,7 @@ function openCommand() {
 }
 
 // src/commands/users.ts
-import { Command as Command9 } from "commander";
+import { Command as Command12 } from "commander";
 
 // src/output/paginate.ts
 async function paginateResults(fetcher) {
@@ -832,7 +1331,7 @@ function getEmailOrWorkspace(user) {
   return "\u2014";
 }
 function usersCommand() {
-  const cmd = new Command9("users");
+  const cmd = new Command12("users");
   cmd.description("list all users in the workspace").option("--json", "output as JSON").action(withErrorHandling(async (opts) => {
     if (opts.json) setOutputMode("json");
     const { token, source } = await resolveToken();
@@ -854,9 +1353,9 @@ function usersCommand() {
 }
 
 // src/commands/comments.ts
-import { Command as Command10 } from "commander";
+import { Command as Command13 } from "commander";
 function commentsCommand() {
-  const cmd = new Command10("comments");
+  const cmd = new Command13("comments");
   cmd.description("list comments on a Notion page").argument("<id/url>", "Notion page ID or URL").option("--json", "output as JSON").action(withErrorHandling(async (idOrUrl, opts) => {
     if (opts.json) setOutputMode("json");
     const id = parseNotionId(idOrUrl);
@@ -885,7 +1384,7 @@ function commentsCommand() {
 }
 
 // src/commands/read.ts
-import { Command as Command11 } from "commander";
+import { Command as Command14 } from "commander";
 
 // src/services/page.service.ts
 import { collectPaginatedAPI, isFullBlock } from "@notionhq/client";
@@ -1281,7 +1780,7 @@ function renderInline(text) {
 
 // src/commands/read.ts
 function readCommand() {
-  return new Command11("read").description("Read a Notion page as markdown").argument("<id>", "Notion page ID or URL").option("--json", "Output raw JSON instead of markdown").option("--md", "Output raw markdown (no terminal styling)").action(
+  return new Command14("read").description("Read a Notion page as markdown").argument("<id>", "Notion page ID or URL").option("--json", "Output raw JSON instead of markdown").option("--md", "Output raw markdown (no terminal styling)").action(
     withErrorHandling(async (id, options) => {
       const { token } = await resolveToken();
       const client = createNotionClient(token);
@@ -1302,7 +1801,7 @@ function readCommand() {
 }
 
 // src/commands/db/schema.ts
-import { Command as Command12 } from "commander";
+import { Command as Command15 } from "commander";
 
 // src/services/database.service.ts
 import { isFullPage as isFullPage2 } from "@notionhq/client";
@@ -1465,7 +1964,7 @@ function displayPropertyValue(prop) {
 
 // src/commands/db/schema.ts
 function dbSchemaCommand() {
-  return new Command12("schema").description("Show database schema (property names, types, and options)").argument("<id>", "Notion database ID or URL").option("--json", "Output raw JSON").action(
+  return new Command15("schema").description("Show database schema (property names, types, and options)").argument("<id>", "Notion database ID or URL").option("--json", "Output raw JSON").action(
     withErrorHandling(async (id, options) => {
       const { token } = await resolveToken();
       const client = createNotionClient(token);
@@ -1487,7 +1986,7 @@ function dbSchemaCommand() {
 }
 
 // src/commands/db/query.ts
-import { Command as Command13 } from "commander";
+import { Command as Command16 } from "commander";
 var SKIP_TYPES_IN_AUTO = /* @__PURE__ */ new Set(["relation", "rich_text", "people"]);
 function autoSelectColumns(schema, entries) {
   const termWidth = process.stdout.columns || 120;
@@ -1512,7 +2011,7 @@ function autoSelectColumns(schema, entries) {
   return selected;
 }
 function dbQueryCommand() {
-  return new Command13("query").description("Query database entries with optional filtering and sorting").argument("<id>", "Notion database ID or URL").option("--filter <filter>", 'Filter entries (repeatable): --filter "Status=Done"', collect, []).option("--sort <sort>", 'Sort entries (repeatable): --sort "Name:asc"', collect, []).option("--columns <columns>", 'Comma-separated list of columns to display: --columns "Title,Status"').option("--json", "Output raw JSON").action(
+  return new Command16("query").description("Query database entries with optional filtering and sorting").argument("<id>", "Notion database ID or URL").option("--filter <filter>", 'Filter entries (repeatable): --filter "Status=Done"', collect, []).option("--sort <sort>", 'Sort entries (repeatable): --sort "Name:asc"', collect, []).option("--columns <columns>", 'Comma-separated list of columns to display: --columns "Title,Status"').option("--json", "Output raw JSON").action(
     withErrorHandling(
       async (id, options) => {
         const { token } = await resolveToken();
@@ -1547,11 +2046,291 @@ function collect(value, previous) {
   return previous.concat([value]);
 }
 
+// src/commands/comment-add.ts
+import { Command as Command17 } from "commander";
+
+// src/services/write.service.ts
+async function addComment(client, pageId, text, options = {}) {
+  await client.comments.create({
+    parent: { page_id: pageId },
+    rich_text: [
+      {
+        type: "text",
+        text: { content: text, link: null },
+        annotations: {
+          bold: false,
+          italic: false,
+          strikethrough: false,
+          underline: false,
+          code: false,
+          color: "default"
+        }
+      }
+    ],
+    ...options.asUser && { display_name: { type: "user" } }
+  });
+}
+async function appendBlocks(client, blockId, blocks) {
+  await client.blocks.children.append({
+    block_id: blockId,
+    children: blocks
+  });
+}
+async function createPage(client, parentId, title, blocks) {
+  const response = await client.pages.create({
+    parent: { type: "page_id", page_id: parentId },
+    properties: {
+      title: {
+        title: [{ type: "text", text: { content: title, link: null } }]
+      }
+    },
+    children: blocks
+  });
+  return response.url;
+}
+
+// src/commands/comment-add.ts
+function commentAddCommand() {
+  const cmd = new Command17("comment");
+  cmd.description("add a comment to a Notion page").argument("<id/url>", "Notion page ID or URL").requiredOption("-m, --message <text>", "comment text to post").action(withErrorHandling(async (idOrUrl, opts) => {
+    const { token, source } = await resolveToken();
+    reportTokenSource(source);
+    const client = createNotionClient(token);
+    const id = parseNotionId(idOrUrl);
+    const uuid = toUuid(id);
+    await addComment(client, uuid, opts.message, { asUser: source === "oauth" });
+    process.stdout.write("Comment added.\n");
+  }));
+  return cmd;
+}
+
+// src/commands/append.ts
+import { Command as Command18 } from "commander";
+
+// src/blocks/md-to-blocks.ts
+var INLINE_RE = /(\*\*[^*]+\*\*|_[^_]+_|\*[^*]+\*|`[^`]+`|\[[^\]]+\]\([^)]+\)|[^*_`\[]+)/g;
+function parseInlineMarkdown(text) {
+  const result = [];
+  let match;
+  INLINE_RE.lastIndex = 0;
+  while ((match = INLINE_RE.exec(text)) !== null) {
+    const segment = match[0];
+    if (segment.startsWith("**") && segment.endsWith("**")) {
+      const content = segment.slice(2, -2);
+      result.push({
+        type: "text",
+        text: { content, link: null },
+        annotations: { bold: true, italic: false, strikethrough: false, underline: false, code: false, color: "default" }
+      });
+      continue;
+    }
+    if (segment.startsWith("_") && segment.endsWith("_") || segment.startsWith("*") && segment.endsWith("*")) {
+      const content = segment.slice(1, -1);
+      result.push({
+        type: "text",
+        text: { content, link: null },
+        annotations: { bold: false, italic: true, strikethrough: false, underline: false, code: false, color: "default" }
+      });
+      continue;
+    }
+    if (segment.startsWith("`") && segment.endsWith("`")) {
+      const content = segment.slice(1, -1);
+      result.push({
+        type: "text",
+        text: { content, link: null },
+        annotations: { bold: false, italic: false, strikethrough: false, underline: false, code: true, color: "default" }
+      });
+      continue;
+    }
+    const linkMatch = segment.match(/^\[([^\]]+)\]\(([^)]+)\)$/);
+    if (linkMatch) {
+      const [, label, url] = linkMatch;
+      result.push({
+        type: "text",
+        text: { content: label, link: { url } },
+        annotations: { bold: false, italic: false, strikethrough: false, underline: false, code: false, color: "default" }
+      });
+      continue;
+    }
+    result.push({
+      type: "text",
+      text: { content: segment, link: null },
+      annotations: { bold: false, italic: false, strikethrough: false, underline: false, code: false, color: "default" }
+    });
+  }
+  return result;
+}
+function makeRichText(text) {
+  return parseInlineMarkdown(text);
+}
+function mdToBlocks(md) {
+  if (!md) return [];
+  const lines = md.split("\n");
+  const blocks = [];
+  let inFence = false;
+  let fenceLang = "";
+  const fenceLines = [];
+  for (const line of lines) {
+    if (!inFence && line.startsWith("```")) {
+      inFence = true;
+      fenceLang = line.slice(3).trim() || "plain text";
+      fenceLines.length = 0;
+      continue;
+    }
+    if (inFence) {
+      if (line.startsWith("```")) {
+        const content = fenceLines.join("\n");
+        blocks.push({
+          type: "code",
+          code: {
+            rich_text: [
+              {
+                type: "text",
+                text: { content, link: null },
+                annotations: { bold: false, italic: false, strikethrough: false, underline: false, code: false, color: "default" }
+              }
+            ],
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            language: fenceLang
+          }
+        });
+        inFence = false;
+        fenceLang = "";
+        fenceLines.length = 0;
+      } else {
+        fenceLines.push(line);
+      }
+      continue;
+    }
+    if (line.trim() === "") continue;
+    const h1 = line.match(/^# (.+)$/);
+    if (h1) {
+      blocks.push({
+        type: "heading_1",
+        heading_1: { rich_text: makeRichText(h1[1]) }
+      });
+      continue;
+    }
+    const h2 = line.match(/^## (.+)$/);
+    if (h2) {
+      blocks.push({
+        type: "heading_2",
+        heading_2: { rich_text: makeRichText(h2[1]) }
+      });
+      continue;
+    }
+    const h3 = line.match(/^### (.+)$/);
+    if (h3) {
+      blocks.push({
+        type: "heading_3",
+        heading_3: { rich_text: makeRichText(h3[1]) }
+      });
+      continue;
+    }
+    const bullet = line.match(/^[-*] (.+)$/);
+    if (bullet) {
+      blocks.push({
+        type: "bulleted_list_item",
+        bulleted_list_item: { rich_text: makeRichText(bullet[1]) }
+      });
+      continue;
+    }
+    const numbered = line.match(/^\d+\. (.+)$/);
+    if (numbered) {
+      blocks.push({
+        type: "numbered_list_item",
+        numbered_list_item: { rich_text: makeRichText(numbered[1]) }
+      });
+      continue;
+    }
+    const quote = line.match(/^> (.+)$/);
+    if (quote) {
+      blocks.push({
+        type: "quote",
+        quote: { rich_text: makeRichText(quote[1]) }
+      });
+      continue;
+    }
+    blocks.push({
+      type: "paragraph",
+      paragraph: { rich_text: makeRichText(line) }
+    });
+  }
+  if (inFence && fenceLines.length > 0) {
+    const content = fenceLines.join("\n");
+    blocks.push({
+      type: "code",
+      code: {
+        rich_text: [
+          {
+            type: "text",
+            text: { content, link: null },
+            annotations: { bold: false, italic: false, strikethrough: false, underline: false, code: false, color: "default" }
+          }
+        ],
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        language: fenceLang
+      }
+    });
+  }
+  return blocks;
+}
+
+// src/commands/append.ts
+function appendCommand() {
+  const cmd = new Command18("append");
+  cmd.description("append markdown content to a Notion page").argument("<id/url>", "Notion page ID or URL").requiredOption("-m, --message <markdown>", "markdown content to append").action(withErrorHandling(async (idOrUrl, opts) => {
+    const { token, source } = await resolveToken();
+    reportTokenSource(source);
+    const client = createNotionClient(token);
+    const pageId = parseNotionId(idOrUrl);
+    const uuid = toUuid(pageId);
+    const blocks = mdToBlocks(opts.message);
+    if (blocks.length === 0) {
+      process.stdout.write("Nothing to append.\n");
+      return;
+    }
+    await appendBlocks(client, uuid, blocks);
+    process.stdout.write(`Appended ${blocks.length} block(s).
+`);
+  }));
+  return cmd;
+}
+
+// src/commands/create-page.ts
+import { Command as Command19 } from "commander";
+async function readStdin() {
+  const chunks = [];
+  for await (const chunk of process.stdin) {
+    chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+  }
+  return Buffer.concat(chunks).toString("utf-8");
+}
+function createPageCommand() {
+  const cmd = new Command19("create-page");
+  cmd.description("create a new Notion page under a parent page").requiredOption("--parent <id/url>", "parent page ID or URL").requiredOption("--title <title>", "page title").option("-m, --message <markdown>", "inline markdown content for the page body").action(withErrorHandling(async (opts) => {
+    const { token, source } = await resolveToken();
+    reportTokenSource(source);
+    const client = createNotionClient(token);
+    let markdown = "";
+    if (opts.message) {
+      markdown = opts.message;
+    } else if (!process.stdin.isTTY) {
+      markdown = await readStdin();
+    }
+    const blocks = mdToBlocks(markdown);
+    const parentUuid = toUuid(parseNotionId(opts.parent));
+    const url = await createPage(client, parentUuid, opts.title, blocks);
+    process.stdout.write(url + "\n");
+  }));
+  return cmd;
+}
+
 // src/cli.ts
 var __filename = fileURLToPath(import.meta.url);
 var __dirname = dirname(__filename);
 var pkg = JSON.parse(readFileSync(join3(__dirname, "../package.json"), "utf-8"));
-var program = new Command14();
+var program = new Command20();
 program.name("notion").description("Notion CLI \u2014 read Notion pages and databases from the terminal").version(pkg.version);
 program.option("--verbose", "show API requests/responses").option("--color", "force color output").option("--json", "force JSON output (overrides TTY detection)").option("--md", "force markdown output for page content");
 program.configureOutput({
@@ -1573,7 +2352,12 @@ program.hook("preAction", (thisCommand) => {
   }
 });
 program.addCommand(initCommand());
-var profileCmd = new Command14("profile").description("manage authentication profiles");
+var authCmd = new Command20("auth").description("manage Notion authentication");
+authCmd.addCommand(loginCommand());
+authCmd.addCommand(logoutCommand());
+authCmd.addCommand(statusCommand());
+program.addCommand(authCmd);
+var profileCmd = new Command20("profile").description("manage authentication profiles");
 profileCmd.addCommand(profileListCommand());
 profileCmd.addCommand(profileUseCommand());
 profileCmd.addCommand(profileRemoveCommand());
@@ -1584,7 +2368,10 @@ program.addCommand(openCommand());
 program.addCommand(usersCommand());
 program.addCommand(commentsCommand());
 program.addCommand(readCommand());
-var dbCmd = new Command14("db").description("Database operations");
+program.addCommand(commentAddCommand());
+program.addCommand(appendCommand());
+program.addCommand(createPageCommand());
+var dbCmd = new Command20("db").description("Database operations");
 dbCmd.addCommand(dbSchemaCommand());
 dbCmd.addCommand(dbQueryCommand());
 program.addCommand(dbCmd);