@project-ajax/sdk 0.0.34 → 0.0.36

package/dist/cli/api/client.d.ts

@@ -122,14 +122,40 @@ export declare class ApiClient {
     /**
      * List all secrets for a worker (keys only, not values)
      */
-    listSecrets(workerId: string): Promise<Result<{
+    listSecrets(workerId: string, options?: {
+        secretKinds?: Array<"keyValue" | "oauth">;
+    }): Promise<Result<{
         secrets: Array<{
             spaceId: string;
             workerId: string;
             key: string;
             createdAt: string;
+            kind: "keyValue" | "oauth";
         }>;
     }, ApiError>>;
+    listOauthProviders(): Promise<Result<{
+        providers: Array<{
+            key: string;
+            displayName: string;
+        }>;
+    }, ApiError>>;
+    /**
+     * Start the OAuth flow for a provider
+     */
+    startOauth(args: {
+        workerId: string;
+        provider: string;
+    }): Promise<Result<{
+        authorizationUrl: string;
+        state: string;
+    }, ApiError>>;
+    /**
+     * Remove an OAuth connection for a worker
+     */
+    deleteOauthConnection(args: {
+        workerId: string;
+        provider: string;
+    }): Promise<Result<Record<string, never>, ApiError>>;
     /**
      * Delete a secret
      */

package/dist/cli/api/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/cli/api/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC,MAAM,MAAM,WAAW,GAAG,OAAO,GAAG,SAAS,GAAG,KAAK,GAAG,MAAM,CAAC;AAE/D,UAAU,eAAe;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,WAAW,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CACf;AAID,MAAM,WAAW,QAAQ;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE;QACjB,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,YAAY,EAAE,MAAM,CAAC;QACrB,OAAO,EAAE,MAAM,CAAC;KAChB,CAAC;CACF;AAED;;GAEG;AACH,wBAAgB,OAAO,CAAC,EACvB,WAAW,EACX,QAAQ,GACR,EAAE;IACF,WAAW,EAAE,WAAW,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC9B,GAAG,MAAM,CAeT;AAeD;;GAEG;AACH,qBAAa,SAAS;;gBAOT,MAAM,EAAE,eAAe;IAQnC,OAAO,CAAC,UAAU;IAIlB;;OAEG;YACW,KAAK;IAoEnB;;OAEG;IACG,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CACxC,MAAM,CACL;QACC,MAAM,EAAE;YACP,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,MAAM,CAAC;YAChB,SAAS,EAAE,MAAM,CAAC;YAClB,SAAS,EAAE,MAAM,CAAC;YAClB,KAAK,EAAE,OAAO,CAAC;SACf,CAAC;QACF,GAAG,EAAE,MAAM,CAAC;QACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC/B,EACD,QAAQ,CACR,CACD;IASD;;OAEG;IACG,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAClD,MAAM,CACL;QACC,GAAG,EAAE,MAAM,CAAC;QACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC/B,EACD,QAAQ,CACR,CACD;IASD;;OAEG;IACG,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CACzC,MAAM,CACL;QACC,MAAM,EAAE;YACP,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,MAAM,CAAC;YAChB,KAAK,EAAE,OAAO,CAAC;YACf,KAAK,EAAE,OAAO,EAAE,CAAC;YACjB,SAAS,EAAE,MAAM,CAAC;YAClB,SAAS,EAAE,MAAM,CAAC;SAClB,CAAC;KACF,EACD,QAAQ,CACR,CACD;IASD;;OAEG;IACG,WAAW,IAAI,OAAO,CAC3B,MAAM,CACL;QACC,OAAO,EAAE,KAAK,CAAC;YACd,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,MAAM,CAAC;YAChB,KAAK,EAAE,OAAO,CAAC;YACf,SAAS,EAAE,MAAM,CAAC;YAClB,SAAS,EAAE,MAAM,CAAC;SAClB,CAAC,CAAC;KACH,EACD,QAAQ,CACR,CACD;IAOD;;OAEG;IACG,YAAY,CACjB,QAAQ,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC;IASnD;;OAEG;IACG,wBAAwB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CACxD,MAAM,CACL;QACC,YAAY,EAAE,aAAa,CAAC;YAC3B,IAAI,EAAE,MAAM,GAAG,cAAc,CAAC;YAC9B,OAAO,EAAE,MAAM,CAAC;YAChB,QAAQ,EAAE,MAAM,CAAC;YACjB,GAAG,EAAE,MAAM,CAAC;YACZ,MAAM,EAAE,OAAO,CAAC;SAChB,CAAC,CAAC;KACH,EACD,QAAQ,CACR,CACD;IASD;;OAEG;IACG,aAAa,CAClB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,GAC5C,OAAO,CACT,MAAM,CACL;QACC,OAAO,EAAE,KAAK,CAAC;YACd,OAAO,EAAE,MAAM,CAAC;YAChB,QAAQ,EAAE,MAAM,CAAC;YACjB,GAAG,EAAE,MAAM,CAAC;YACZ,SAAS,EAAE,MAAM,CAAC;SAClB,CAAC,CAAC;KACH,EACD,QAAQ,CACR,CACD;IAUD;;OAEG;IACG,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAC3C,MAAM,CACL;QACC,OAAO,EAAE,KAAK,CAAC;YACd,OAAO,EAAE,MAAM,CAAC;YAChB,QAAQ,EAAE,MAAM,CAAC;YACjB,GAAG,EAAE,MAAM,CAAC;YACZ,SAAS,EAAE,MAAM,CAAC;SAClB,CAAC,CAAC;KACH,EACD,QAAQ,CACR,CACD;IASD;;OAEG;IACG,YAAY,CACjB,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,MAAM,GACT,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC;IAUnD;;OAEG;IACG,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAChD,MAAM,CACL;QACC,YAAY,EAAE,KAAK,CAAC;YACnB,IAAI,EAAE,MAAM,GAAG,cAAc,CAAC;YAC9B,GAAG,EAAE,MAAM,CAAC;SACZ,CAAC,CAAC;KACH,EACD,QAAQ,CACR,CACD;IASD;;OAEG;IACG,aAAa,CAClB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,MAAM,GAAG,IAAI,EAC3B,IAAI,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,EAC5C,MAAM,EAAE,IAAI,GACV,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IACnE,aAAa,CAClB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,MAAM,GAAG,IAAI,EAC3B,IAAI,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,EAC5C,MAAM,CAAC,EAAE,KAAK,GAAG,SAAS,GACxB,OAAO,CAAC,MAAM,CAAC;QAAE,MAAM,EAAE,OAAO,CAAA;KAAE,EAAE,QAAQ,CAAC,CAAC;IA0CjD;;OAEG;IACG,oBAAoB,CACzB,QAAQ,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAazE;;OAEG;IACG,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CACjD,MAAM,CACL;QACC,IAAI,EAAE,KAAK,CAAC;YACX,QAAQ,EAAE,MAAM,CAAC;YACjB,OAAO,EAAE,MAAM,CAAC;YAChB,KAAK,EAAE,MAAM,CAAC;YACd,IAAI,EAAE,MAAM,CAAC;YACb,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;YACxB,SAAS,EAAE,MAAM,CAAC;YAClB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;SACvB,CAAC,CAAC;KACH,EACD,QAAQ,CACR,CACD;IASD;;OAEG;IACG,UAAU,CACf,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,GACX,OAAO,CACT,MAAM,CACL;QACC,IAAI,EAAE,MAAM,CAAC;KACb,EACD,QAAQ,CACR,CACD;CASD"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/cli/api/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC,MAAM,MAAM,WAAW,GAAG,OAAO,GAAG,SAAS,GAAG,KAAK,GAAG,MAAM,CAAC;AAE/D,UAAU,eAAe;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,WAAW,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CACf;AAID,MAAM,WAAW,QAAQ;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE;QACjB,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,YAAY,EAAE,MAAM,CAAC;QACrB,OAAO,EAAE,MAAM,CAAC;KAChB,CAAC;CACF;AAED;;GAEG;AACH,wBAAgB,OAAO,CAAC,EACvB,WAAW,EACX,QAAQ,GACR,EAAE;IACF,WAAW,EAAE,WAAW,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC9B,GAAG,MAAM,CAeT;AAeD;;GAEG;AACH,qBAAa,SAAS;;gBAOT,MAAM,EAAE,eAAe;IAQnC,OAAO,CAAC,UAAU;IAIlB;;OAEG;YACW,KAAK;IAoEnB;;OAEG;IACG,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CACxC,MAAM,CACL;QACC,MAAM,EAAE;YACP,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,MAAM,CAAC;YAChB,SAAS,EAAE,MAAM,CAAC;YAClB,SAAS,EAAE,MAAM,CAAC;YAClB,KAAK,EAAE,OAAO,CAAC;SACf,CAAC;QACF,GAAG,EAAE,MAAM,CAAC;QACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC/B,EACD,QAAQ,CACR,CACD;IASD;;OAEG;IACG,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAClD,MAAM,CACL;QACC,GAAG,EAAE,MAAM,CAAC;QACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC/B,EACD,QAAQ,CACR,CACD;IASD;;OAEG;IACG,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CACzC,MAAM,CACL;QACC,MAAM,EAAE;YACP,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,MAAM,CAAC;YAChB,KAAK,EAAE,OAAO,CAAC;YACf,KAAK,EAAE,OAAO,EAAE,CAAC;YACjB,SAAS,EAAE,MAAM,CAAC;YAClB,SAAS,EAAE,MAAM,CAAC;SAClB,CAAC;KACF,EACD,QAAQ,CACR,CACD;IASD;;OAEG;IACG,WAAW,IAAI,OAAO,CAC3B,MAAM,CACL;QACC,OAAO,EAAE,KAAK,CAAC;YACd,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,MAAM,CAAC;YAChB,KAAK,EAAE,OAAO,CAAC;YACf,SAAS,EAAE,MAAM,CAAC;YAClB,SAAS,EAAE,MAAM,CAAC;SAClB,CAAC,CAAC;KACH,EACD,QAAQ,CACR,CACD;IAOD;;OAEG;IACG,YAAY,CACjB,QAAQ,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC;IASnD;;OAEG;IACG,wBAAwB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CACxD,MAAM,CACL;QACC,YAAY,EAAE,aAAa,CAAC;YAC3B,IAAI,EAAE,MAAM,GAAG,cAAc,CAAC;YAC9B,OAAO,EAAE,MAAM,CAAC;YAChB,QAAQ,EAAE,MAAM,CAAC;YACjB,GAAG,EAAE,MAAM,CAAC;YACZ,MAAM,EAAE,OAAO,CAAC;SAChB,CAAC,CAAC;KACH,EACD,QAAQ,CACR,CACD;IASD;;OAEG;IACG,aAAa,CAClB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,GAC5C,OAAO,CACT,MAAM,CACL;QACC,OAAO,EAAE,KAAK,CAAC;YACd,OAAO,EAAE,MAAM,CAAC;YAChB,QAAQ,EAAE,MAAM,CAAC;YACjB,GAAG,EAAE,MAAM,CAAC;YACZ,SAAS,EAAE,MAAM,CAAC;SAClB,CAAC,CAAC;KACH,EACD,QAAQ,CACR,CACD;IAUD;;OAEG;IACG,WAAW,CAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,KAAK,CAAC,UAAU,GAAG,OAAO,CAAC,CAAA;KAAE,GACrD,OAAO,CACT,MAAM,CACL;QACC,OAAO,EAAE,KAAK,CAAC;YACd,OAAO,EAAE,MAAM,CAAC;YAChB,QAAQ,EAAE,MAAM,CAAC;YACjB,GAAG,EAAE,MAAM,CAAC;YACZ,SAAS,EAAE,MAAM,CAAC;YAClB,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC;SAC3B,CAAC,CAAC;KACH,EACD,QAAQ,CACR,CACD;IAUK,kBAAkB,IAAI,OAAO,CAClC,MAAM,CACL;QACC,SAAS,EAAE,KAAK,CAAC;YAChB,GAAG,EAAE,MAAM,CAAC;YACZ,WAAW,EAAE,MAAM,CAAC;SACpB,CAAC,CAAC;KACH,EACD,QAAQ,CACR,CACD;IAOD;;OAEG;IACG,UAAU,CAAC,IAAI,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CACtE,MAAM,CACL;QACC,gBAAgB,EAAE,MAAM,CAAC;QACzB,KAAK,EAAE,MAAM,CAAC;KACd,EACD,QAAQ,CACR,CACD;IAUD;;OAEG;IACG,qBAAqB,CAAC,IAAI,EAAE;QACjC,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;KACjB,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC;IAUpD;;OAEG;IACG,YAAY,CACjB,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,MAAM,GACT,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC;IAUnD;;OAEG;IACG,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAChD,MAAM,CACL;QACC,YAAY,EAAE,KAAK,CAAC;YACnB,IAAI,EAAE,MAAM,GAAG,cAAc,CAAC;YAC9B,GAAG,EAAE,MAAM,CAAC;SACZ,CAAC,CAAC;KACH,EACD,QAAQ,CACR,CACD;IASD;;OAEG;IACG,aAAa,CAClB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,MAAM,GAAG,IAAI,EAC3B,IAAI,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,EAC5C,MAAM,EAAE,IAAI,GACV,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IACnE,aAAa,CAClB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,MAAM,GAAG,IAAI,EAC3B,IAAI,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,EAC5C,MAAM,CAAC,EAAE,KAAK,GAAG,SAAS,GACxB,OAAO,CAAC,MAAM,CAAC;QAAE,MAAM,EAAE,OAAO,CAAA;KAAE,EAAE,QAAQ,CAAC,CAAC;IA0CjD;;OAEG;IACG,oBAAoB,CACzB,QAAQ,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAazE;;OAEG;IACG,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CACjD,MAAM,CACL;QACC,IAAI,EAAE,KAAK,CAAC;YACX,QAAQ,EAAE,MAAM,CAAC;YACjB,OAAO,EAAE,MAAM,CAAC;YAChB,KAAK,EAAE,MAAM,CAAC;YACd,IAAI,EAAE,MAAM,CAAC;YACb,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;YACxB,SAAS,EAAE,MAAM,CAAC;YAClB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;SACvB,CAAC,CAAC;KACH,EACD,QAAQ,CACR,CACD;IASD;;OAEG;IACG,UAAU,CACf,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,GACX,OAAO,CACT,MAAM,CACL;QACC,IAAI,EAAE,MAAM,CAAC;KACb,EACD,QAAQ,CACR,CACD;CASD"}

package/dist/cli/api/client.js

@@ -160,11 +160,42 @@ class ApiClient {
   /**
    * List all secrets for a worker (keys only, not values)
    */
-  async listSecrets(workerId) {
+  async listSecrets(workerId, options) {
     return this.fetch("/workersListSecrets", {
       method: "POST",
       body: {
-        workerId
+        workerId,
+        secretKinds: options?.secretKinds
+      }
+    });
+  }
+  async listOauthProviders() {
+    return this.fetch("/workersListOauthProviders", {
+      method: "POST",
+      body: {}
+    });
+  }
+  /**
+   * Start the OAuth flow for a provider
+   */
+  async startOauth(args) {
+    return this.fetch("/workersStartOauth", {
+      method: "POST",
+      body: {
+        workerId: args.workerId,
+        provider: args.provider
+      }
+    });
+  }
+  /**
+   * Remove an OAuth connection for a worker
+   */
+  async deleteOauthConnection(args) {
+    return this.fetch("/workersDeleteOauthConnection", {
+      method: "POST",
+      body: {
+        workerId: args.workerId,
+        provider: args.provider
       }
     });
   }

package/dist/cli/commands/auth.impl.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.impl.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/auth.impl.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAGhD,UAAU,UAAU;IACnB,GAAG,CAAC,EAAE,WAAW,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACpB;AAqCD,eAAO,MAAM,KAAK,kJAqChB,CAAC;AAEH,eAAO,MAAM,IAAI,yGAEf,CAAC;AAEH,eAAO,MAAM,MAAM,yGAEjB,CAAC"}
+{"version":3,"file":"auth.impl.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/auth.impl.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAIhD,UAAU,UAAU;IACnB,GAAG,CAAC,EAAE,WAAW,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,eAAO,MAAM,KAAK,kJAqChB,CAAC;AAEH,eAAO,MAAM,IAAI,yGAEf,CAAC;AAEH,eAAO,MAAM,MAAM,yGAEjB,CAAC"}

package/dist/cli/commands/auth.impl.js

@@ -1,31 +1,6 @@
-import { exec } from "node:child_process";
-import { existsSync } from "node:fs";
 import { baseUrl } from "../api/client.js";
 import { buildHandler } from "../handler.js";
-async function openUrl(env, url) {
-  const platform = process.platform;
-  try {
-    if (platform === "darwin") {
-      let notionAppName = null;
-      if (env === "prod" && existsSync("/Applications/Notion.app")) {
-        notionAppName = "Notion";
-      } else if (env === "dev" && existsSync("/Applications/Notion Dev.app")) {
-        notionAppName = "Notion Dev";
-      }
-      if (notionAppName) {
-        exec(`open -a "${notionAppName}" "${url}"`);
-      } else {
-        exec(`open "${url}"`);
-      }
-    } else if (platform === "win32") {
-      exec(`start "" "${url}"`);
-    } else {
-      exec(`xdg-open "${url}"`);
-    }
-  } catch (error) {
-    throw new Error(`Failed to open browser: ${error}`);
-  }
-}
+import { openNotionUrl } from "../utils/openNotionUrl.js";
 const login = buildHandler(async function(flags, token) {
   const environment = flags.env ?? "prod";
   if (flags["base-url"]) {
@@ -42,7 +17,7 @@ ${url}
     this.writer.writeErr("After creating a token, run:");
     this.writer.writeErr("	npx workers auth login <token>");
     try {
-      await openUrl(environment, url);
+      await openNotionUrl(environment, url);
     } catch (_error) {
       this.writer.writeErr(
         `Failed to open browser automatically. Please visit:

package/dist/cli/commands/connect.d.ts

@@ -0,0 +1,2 @@
+export declare const connectCommands: import("@stricli/core").RouteMap<import("../context.js").LocalContext>;
+//# sourceMappingURL=connect.d.ts.map

package/dist/cli/commands/connect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"connect.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/connect.ts"],"names":[],"mappings":"AAIA,eAAO,MAAM,eAAe,wEA2E1B,CAAC"}

package/dist/cli/commands/connect.impl.d.ts

@@ -0,0 +1,6 @@
+import type { FormatFlags, GlobalFlags } from "../flags.js";
+export declare const listProviders: (this: import("../context.js").LocalContext, flags: GlobalFlags & FormatFlags) => Promise<void>;
+export declare const addConnection: (this: import("../context.js").LocalContext, flags: GlobalFlags, provider: string) => Promise<void>;
+export declare const listConnections: (this: import("../context.js").LocalContext, flags: GlobalFlags & FormatFlags) => Promise<void>;
+export declare const removeConnection: (this: import("../context.js").LocalContext, flags: GlobalFlags, provider: string) => Promise<void>;
+//# sourceMappingURL=connect.impl.d.ts.map

package/dist/cli/commands/connect.impl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"connect.impl.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/connect.impl.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAI5D,eAAO,MAAM,aAAa,iGAuBxB,CAAC;AAEH,eAAO,MAAM,aAAa,qGAuCxB,CAAC;AAEH,eAAO,MAAM,eAAe,iGAiC1B,CAAC;AAEH,eAAO,MAAM,gBAAgB,qGAqB3B,CAAC"}

package/dist/cli/commands/connect.impl.js

@@ -0,0 +1,116 @@
+import { Result } from "../api/result.js";
+import { buildAuthedHandler } from "../handler.js";
+import { openNotionUrl } from "../utils/openNotionUrl.js";
+const listProviders = buildAuthedHandler(async function(flags) {
+  this.process.stderr.write("Fetching providers...");
+  const providersResult = await this.apiClient.listOauthProviders();
+  if (Result.isFail(providersResult)) {
+    this.process.stderr.write("ERROR\n\n");
+    reportApiError(this, providersResult.error, "list providers");
+  } else {
+    this.process.stderr.write("OK\n\n");
+    const providers = providersResult.value.providers;
+    if (providers.length === 0) {
+      this.writer.writeErr("No OAuth providers are currently available.");
+      return;
+    }
+    this.writer.writeTableOut({
+      headers: ["Provider", "Description"],
+      rows: providers.map((provider) => [provider.key, provider.displayName]),
+      plain: flags.plain
+    });
+  }
+});
+const addConnection = buildAuthedHandler(async function(_flags, provider) {
+  const workerId = requireWorkerId(this);
+  this.process.stderr.write(
+    `Starting OAuth flow with provider "${provider}"...`
+  );
+  const startResult = await this.apiClient.startOauth({ workerId, provider });
+  if (Result.isFail(startResult)) {
+    this.process.stderr.write("ERROR\n\n");
+    reportApiError(this, startResult.error, "start OAuth flow");
+    return;
+  }
+  this.process.stderr.write("OK\n\n");
+  const { authorizationUrl } = startResult.value;
+  this.writer.writeErr("Opening your browser to continue the OAuth flow...");
+  try {
+    await openNotionUrl(this.config.environment ?? "prod", authorizationUrl);
+  } catch (error) {
+    this.writer.writeErr(
+      `Unable to open the browser automatically (${String(
+        error
+      )}). Please open the link below manually.`
+    );
+  }
+  this.writer.writeErr("");
+  this.writer.writeErr("If the browser did not open, visit:");
+  this.writer.writeErr(`  ${authorizationUrl}`);
+  this.writer.writeErr("");
+  this.writer.writeErr(
+    "After completing the flow in your browser, return to the CLI."
+  );
+});
+const listConnections = buildAuthedHandler(async function(flags) {
+  const workerId = requireWorkerId(this);
+  this.process.stderr.write("Fetching OAuth connections...");
+  const secretsResult = await this.apiClient.listSecrets(workerId, {
+    secretKinds: ["oauth"]
+  });
+  if (Result.isFail(secretsResult)) {
+    this.process.stderr.write("ERROR\n\n");
+    reportApiError(this, secretsResult.error, "list OAuth connections");
+    return;
+  }
+  this.process.stderr.write("OK\n\n");
+  const secrets = secretsResult.value.secrets;
+  if (secrets.length === 0) {
+    this.writer.writeErr("No OAuth connections found for this worker.");
+    return;
+  }
+  this.writer.writeTableOut({
+    headers: ["Env Var", "Created At"],
+    rows: secrets.map((secret) => [
+      `process.env.${secret.key}`,
+      secret.createdAt
+    ]),
+    plain: flags.plain
+  });
+});
+const removeConnection = buildAuthedHandler(async function(_flags, provider) {
+  const workerId = requireWorkerId(this);
+  this.process.stderr.write(
+    `Removing OAuth connection for provider "${provider}"...`
+  );
+  const result = await this.apiClient.deleteOauthConnection({
+    workerId,
+    provider
+  });
+  if (Result.isFail(result)) {
+    this.process.stderr.write("ERROR\n\n");
+    reportApiError(this, result.error, "remove connection");
+    return;
+  }
+  this.process.stderr.write("OK\n");
+});
+function requireWorkerId(context) {
+  const workerId = context.config.workerId;
+  if (!workerId) {
+    throw new Error(
+      "No worker configured. Run 'workers deploy' first to create a worker."
+    );
+  }
+  return workerId;
+}
+function reportApiError(context, error, action) {
+  context.writer.writeErr(`\u2717 Failed to ${action}`);
+  context.writer.writeErr(`\u2717 ${error.message}`);
+  throw new Error(error.message);
+}
+export {
+  addConnection,
+  listConnections,
+  listProviders,
+  removeConnection
+};

package/dist/cli/commands/connect.js

@@ -0,0 +1,78 @@
+import { buildCommand, buildRouteMap } from "@stricli/core";
+import { formatFlags, globalFlags } from "../flags.js";
+const connectCommands = buildRouteMap({
+  docs: {
+    brief: "Manage OAuth connections for your worker"
+  },
+  routes: {
+    providers: buildCommand({
+      docs: {
+        brief: "List available OAuth providers"
+      },
+      parameters: {
+        flags: {
+          ...globalFlags,
+          ...formatFlags
+        }
+      },
+      loader: () => import("./connect.impl.js").then((m) => m.listProviders)
+    }),
+    add: buildCommand({
+      docs: {
+        brief: "Start an OAuth flow for a provider"
+      },
+      parameters: {
+        positional: {
+          kind: "tuple",
+          parameters: [
+            {
+              brief: "Provider name (see `providers` command)",
+              parse: String,
+              placeholder: "provider"
+            }
+          ]
+        },
+        flags: {
+          ...globalFlags
+        }
+      },
+      loader: () => import("./connect.impl.js").then((m) => m.addConnection)
+    }),
+    list: buildCommand({
+      docs: {
+        brief: "List active OAuth connections"
+      },
+      parameters: {
+        flags: {
+          ...globalFlags,
+          ...formatFlags
+        }
+      },
+      loader: () => import("./connect.impl.js").then((m) => m.listConnections)
+    }),
+    rm: buildCommand({
+      docs: {
+        brief: "Remove an OAuth connection"
+      },
+      parameters: {
+        positional: {
+          kind: "tuple",
+          parameters: [
+            {
+              brief: "Provider name to remove",
+              parse: String,
+              placeholder: "provider"
+            }
+          ]
+        },
+        flags: {
+          ...globalFlags
+        }
+      },
+      loader: () => import("./connect.impl.js").then((m) => m.removeConnection)
+    })
+  }
+});
+export {
+  connectCommands
+};

package/dist/cli/commands/secrets.impl.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"secrets.impl.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/secrets.impl.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAK5D,eAAO,MAAM,UAAU,sGA0BrB,CAAC;AAEH,eAAO,MAAM,WAAW,iGAkCtB,CAAC;AAEH,eAAO,MAAM,YAAY,gGAwBvB,CAAC"}
+{"version":3,"file":"secrets.impl.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/secrets.impl.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAK5D,eAAO,MAAM,UAAU,sGA0BrB,CAAC;AAEH,eAAO,MAAM,WAAW,iGAwCtB,CAAC;AAEH,eAAO,MAAM,YAAY,gGAwBvB,CAAC"}

package/dist/cli/commands/secrets.impl.js

@@ -36,12 +36,18 @@ const listSecrets = buildAuthedHandler(async function(flags) {
     const data = Result.unwrap(result);
     if (data.secrets.length === 0) {
       this.writer.writeErr("No secrets for this worker.");
+      this.writer.writeErr(
+        "To list OAuth connect secrets, use `npx workers connect list`"
+      );
     } else {
       this.writer.writeTableOut({
         headers: ["Key", "Created At"],
         rows: data.secrets.map((secret) => [secret.key, secret.createdAt]),
         plain: flags.plain
       });
+      this.writer.writeErr(
+        "To list OAuth connect secrets, use `npx workers connect list`"
+      );
     }
   } else {
     this.process.stderr.write("ERROR\n\n");

package/dist/cli/routes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../../src/cli/routes.ts"],"names":[],"mappings":"AA0BA,eAAO,MAAM,GAAG,0EAgBd,CAAC"}
+{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../../src/cli/routes.ts"],"names":[],"mappings":"AA4BA,eAAO,MAAM,GAAG,0EAgBd,CAAC"}

package/dist/cli/routes.js

@@ -3,6 +3,7 @@ import packageJson from "../../package.json" with { type: "json" };
 import { authCommands } from "./commands/auth.js";
 import { bundleCommands } from "./commands/bundle.js";
 import { capabilitiesCommands } from "./commands/capabilities.js";
+import { connectCommands } from "./commands/connect.js";
 import deploy from "./commands/deploy.js";
 import exec from "./commands/exec.js";
 import { runsCommands } from "./commands/runs.js";
@@ -17,6 +18,7 @@ const routes = buildRouteMap({
     capabilities: capabilitiesCommands,
     deploy,
     exec,
+    connect: connectCommands,
     runs: runsCommands,
     secrets: secretsCommands,
     bundle: bundleCommands

package/dist/cli/utils/openNotionUrl.d.ts

@@ -0,0 +1,3 @@
+import type { Environment } from "../config.js";
+export declare function openNotionUrl(env: Environment, url: string): Promise<void>;
+//# sourceMappingURL=openNotionUrl.d.ts.map

package/dist/cli/utils/openNotionUrl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openNotionUrl.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/openNotionUrl.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAEhD,wBAAsB,aAAa,CAClC,GAAG,EAAE,WAAW,EAChB,GAAG,EAAE,MAAM,GACT,OAAO,CAAC,IAAI,CAAC,CAmBf"}

package/dist/cli/utils/openNotionUrl.js

@@ -0,0 +1,33 @@
+import { exec } from "node:child_process";
+import { existsSync } from "node:fs";
+async function openNotionUrl(env, url) {
+  const platform = process.platform;
+  try {
+    if (platform === "darwin") {
+      const appName = preferredNotionApp(env);
+      if (appName) {
+        exec(`open -a "${appName}" "${url}"`);
+      } else {
+        exec(`open "${url}"`);
+      }
+    } else if (platform === "win32") {
+      exec(`start "" "${url}"`);
+    } else {
+      exec(`xdg-open "${url}"`);
+    }
+  } catch (error) {
+    throw new Error(`Failed to open browser: ${error}`);
+  }
+}
+function preferredNotionApp(env) {
+  if (env === "prod" && existsSync("/Applications/Notion.app")) {
+    return "Notion";
+  }
+  if (env === "dev" && existsSync("/Applications/Notion Dev.app")) {
+    return "Notion Dev";
+  }
+  return null;
+}
+export {
+  openNotionUrl
+};

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@project-ajax/sdk",
-	"version": "0.0.34",
+	"version": "0.0.36",
 	"description": "An SDK for building workers for the Project Ajax platform",
 	"license": "UNLICENSED",
 	"type": "module",

package/src/cli/api/client.ts

@@ -330,7 +330,10 @@ export class ApiClient {
 	/**
 	 * List all secrets for a worker (keys only, not values)
 	 */
-	async listSecrets(workerId: string): Promise<
+	async listSecrets(
+		workerId: string,
+		options?: { secretKinds?: Array<"keyValue" | "oauth"> },
+	): Promise<
 		Result<
 			{
 				secrets: Array<{
@@ -338,6 +341,7 @@ export class ApiClient {
 					workerId: string;
 					key: string;
 					createdAt: string;
+					kind: "keyValue" | "oauth";
 				}>;
 			},
 			ApiError
@@ -347,6 +351,61 @@ export class ApiClient {
 			method: "POST",
 			body: {
 				workerId,
+				secretKinds: options?.secretKinds,
+			},
+		});
+	}
+
+	async listOauthProviders(): Promise<
+		Result<
+			{
+				providers: Array<{
+					key: string;
+					displayName: string;
+				}>;
+			},
+			ApiError
+		>
+	> {
+		return this.fetch("/workersListOauthProviders", {
+			method: "POST",
+			body: {},
+		});
+	}
+
+	/**
+	 * Start the OAuth flow for a provider
+	 */
+	async startOauth(args: { workerId: string; provider: string }): Promise<
+		Result<
+			{
+				authorizationUrl: string;
+				state: string;
+			},
+			ApiError
+		>
+	> {
+		return this.fetch("/workersStartOauth", {
+			method: "POST",
+			body: {
+				workerId: args.workerId,
+				provider: args.provider,
+			},
+		});
+	}
+
+	/**
+	 * Remove an OAuth connection for a worker
+	 */
+	async deleteOauthConnection(args: {
+		workerId: string;
+		provider: string;
+	}): Promise<Result<Record<string, never>, ApiError>> {
+		return this.fetch("/workersDeleteOauthConnection", {
+			method: "POST",
+			body: {
+				workerId: args.workerId,
+				provider: args.provider,
 			},
 		});
 	}

package/src/cli/commands/auth.impl.ts

@@ -1,49 +1,13 @@
-import { exec } from "node:child_process";
-import { existsSync } from "node:fs";
 import { baseUrl } from "../api/client.js";
 import type { Environment } from "../config.js";
 import { buildHandler, type HandlerContext } from "../handler.js";
+import { openNotionUrl } from "../utils/openNotionUrl.js";
 
 interface LoginFlags {
 	env?: Environment;
 	"base-url"?: string;
 }
 
-/**
- * Open a URL in the user's default browser or Notion app (if app available)
- */
-async function openUrl(env: Environment, url: string): Promise<void> {
-	const platform = process.platform;
-
-	try {
-		if (platform === "darwin") {
-			// Check if we should try to open Notion app on macOS
-			let notionAppName: string | null = null;
-
-			if (env === "prod" && existsSync("/Applications/Notion.app")) {
-				notionAppName = "Notion";
-			} else if (env === "dev" && existsSync("/Applications/Notion Dev.app")) {
-				notionAppName = "Notion Dev";
-			}
-
-			if (notionAppName) {
-				// Open the app first, then the URL (which will open in the app)
-				exec(`open -a "${notionAppName}" "${url}"`);
-			} else {
-				// Fall back to opening in default browser
-				exec(`open "${url}"`);
-			}
-		} else if (platform === "win32") {
-			exec(`start "" "${url}"`);
-		} else {
-			// Linux and other Unix-like systems
-			exec(`xdg-open "${url}"`);
-		}
-	} catch (error) {
-		throw new Error(`Failed to open browser: ${error}`);
-	}
-}
-
 export const login = buildHandler(async function (
 	this: HandlerContext,
 	flags: LoginFlags,
@@ -67,7 +31,7 @@ export const login = buildHandler(async function (
 		this.writer.writeErr("\tnpx workers auth login <token>");
 
 		try {
-			await openUrl(environment, url);
+			await openNotionUrl(environment, url);
 		} catch (_error) {
 			this.writer.writeErr(
 				`Failed to open browser automatically. Please visit:\n  ${url}`,

package/src/cli/commands/connect.impl.ts

@@ -0,0 +1,149 @@
+import type { ApiError } from "../api/client.js";
+import { Result } from "../api/result.js";
+import type { FormatFlags, GlobalFlags } from "../flags.js";
+import { type AuthedContext, buildAuthedHandler } from "../handler.js";
+import { openNotionUrl } from "../utils/openNotionUrl.js";
+
+export const listProviders = buildAuthedHandler(async function (
+	flags: FormatFlags,
+) {
+	this.process.stderr.write("Fetching providers...");
+	const providersResult = await this.apiClient.listOauthProviders();
+
+	if (Result.isFail(providersResult)) {
+		this.process.stderr.write("ERROR\n\n");
+		reportApiError(this, providersResult.error, "list providers");
+	} else {
+		this.process.stderr.write("OK\n\n");
+		const providers = providersResult.value.providers;
+		if (providers.length === 0) {
+			this.writer.writeErr("No OAuth providers are currently available.");
+			return;
+		}
+
+		this.writer.writeTableOut({
+			headers: ["Provider", "Description"],
+			rows: providers.map((provider) => [provider.key, provider.displayName]),
+			plain: flags.plain,
+		});
+	}
+});
+
+export const addConnection = buildAuthedHandler(async function (
+	_flags: GlobalFlags,
+	provider: string,
+) {
+	const workerId = requireWorkerId(this);
+
+	this.process.stderr.write(
+		`Starting OAuth flow with provider "${provider}"...`,
+	);
+	const startResult = await this.apiClient.startOauth({ workerId, provider });
+
+	if (Result.isFail(startResult)) {
+		this.process.stderr.write("ERROR\n\n");
+		reportApiError(this, startResult.error, "start OAuth flow");
+		return;
+	}
+
+	this.process.stderr.write("OK\n\n");
+
+	const { authorizationUrl } = startResult.value;
+
+	this.writer.writeErr("Opening your browser to continue the OAuth flow...");
+	try {
+		await openNotionUrl(this.config.environment ?? "prod", authorizationUrl);
+	} catch (error) {
+		this.writer.writeErr(
+			`Unable to open the browser automatically (${String(
+				error,
+			)}). Please open the link below manually.`,
+		);
+	}
+
+	this.writer.writeErr("");
+	this.writer.writeErr("If the browser did not open, visit:");
+	this.writer.writeErr(`  ${authorizationUrl}`);
+	this.writer.writeErr("");
+	this.writer.writeErr(
+		"After completing the flow in your browser, return to the CLI.",
+	);
+});
+
+export const listConnections = buildAuthedHandler(async function (
+	flags: FormatFlags,
+) {
+	const workerId = requireWorkerId(this);
+
+	this.process.stderr.write("Fetching OAuth connections...");
+	const secretsResult = await this.apiClient.listSecrets(workerId, {
+		secretKinds: ["oauth"],
+	});
+
+	if (Result.isFail(secretsResult)) {
+		this.process.stderr.write("ERROR\n\n");
+		reportApiError(this, secretsResult.error, "list OAuth connections");
+		return;
+	}
+
+	this.process.stderr.write("OK\n\n");
+
+	const secrets = secretsResult.value.secrets;
+
+	if (secrets.length === 0) {
+		this.writer.writeErr("No OAuth connections found for this worker.");
+		return;
+	}
+
+	this.writer.writeTableOut({
+		headers: ["Env Var", "Created At"],
+		rows: secrets.map((secret) => [
+			`process.env.${secret.key}`,
+			secret.createdAt,
+		]),
+		plain: flags.plain,
+	});
+});
+
+export const removeConnection = buildAuthedHandler(async function (
+	_flags: GlobalFlags,
+	provider: string,
+) {
+	const workerId = requireWorkerId(this);
+
+	this.process.stderr.write(
+		`Removing OAuth connection for provider "${provider}"...`,
+	);
+	const result = await this.apiClient.deleteOauthConnection({
+		workerId,
+		provider,
+	});
+
+	if (Result.isFail(result)) {
+		this.process.stderr.write("ERROR\n\n");
+		reportApiError(this, result.error, "remove connection");
+		return;
+	}
+
+	this.process.stderr.write("OK\n");
+});
+
+function requireWorkerId(context: AuthedContext): string {
+	const workerId = context.config.workerId;
+	if (!workerId) {
+		throw new Error(
+			"No worker configured. Run 'workers deploy' first to create a worker.",
+		);
+	}
+	return workerId;
+}
+
+function reportApiError(
+	context: AuthedContext,
+	error: ApiError,
+	action: string,
+): never {
+	context.writer.writeErr(`✗ Failed to ${action}`);
+	context.writer.writeErr(`✗ ${error.message}`);
+	throw new Error(error.message);
+}

package/src/cli/commands/connect.ts

@@ -0,0 +1,80 @@
+import { buildCommand, buildRouteMap } from "@stricli/core";
+
+import { formatFlags, globalFlags } from "../flags.js";
+
+export const connectCommands = buildRouteMap({
+	docs: {
+		brief: "Manage OAuth connections for your worker",
+	},
+	routes: {
+		providers: buildCommand({
+			docs: {
+				brief: "List available OAuth providers",
+			},
+			parameters: {
+				flags: {
+					...globalFlags,
+					...formatFlags,
+				},
+			},
+			loader: () => import("./connect.impl.js").then((m) => m.listProviders),
+		}),
+
+		add: buildCommand({
+			docs: {
+				brief: "Start an OAuth flow for a provider",
+			},
+			parameters: {
+				positional: {
+					kind: "tuple",
+					parameters: [
+						{
+							brief: "Provider name (see `providers` command)",
+							parse: String,
+							placeholder: "provider",
+						},
+					],
+				},
+				flags: {
+					...globalFlags,
+				},
+			},
+			loader: () => import("./connect.impl.js").then((m) => m.addConnection),
+		}),
+
+		list: buildCommand({
+			docs: {
+				brief: "List active OAuth connections",
+			},
+			parameters: {
+				flags: {
+					...globalFlags,
+					...formatFlags,
+				},
+			},
+			loader: () => import("./connect.impl.js").then((m) => m.listConnections),
+		}),
+
+		rm: buildCommand({
+			docs: {
+				brief: "Remove an OAuth connection",
+			},
+			parameters: {
+				positional: {
+					kind: "tuple",
+					parameters: [
+						{
+							brief: "Provider name to remove",
+							parse: String,
+							placeholder: "provider",
+						},
+					],
+				},
+				flags: {
+					...globalFlags,
+				},
+			},
+			loader: () => import("./connect.impl.js").then((m) => m.removeConnection),
+		}),
+	},
+});

package/src/cli/commands/secrets.impl.ts

@@ -52,12 +52,18 @@ export const listSecrets = buildAuthedHandler(async function (
 		const data = Result.unwrap(result);
 		if (data.secrets.length === 0) {
 			this.writer.writeErr("No secrets for this worker.");
+			this.writer.writeErr(
+				"To list OAuth connect secrets, use `npx workers connect list`",
+			);
 		} else {
 			this.writer.writeTableOut({
 				headers: ["Key", "Created At"],
 				rows: data.secrets.map((secret) => [secret.key, secret.createdAt]),
 				plain: flags.plain,
 			});
+			this.writer.writeErr(
+				"To list OAuth connect secrets, use `npx workers connect list`",
+			);
 		}
 	} else {
 		this.process.stderr.write("ERROR\n\n");

package/src/cli/routes.ts

@@ -3,6 +3,7 @@ import packageJson from "../../package.json" with { type: "json" };
 import { authCommands } from "./commands/auth.js";
 import { bundleCommands } from "./commands/bundle.js";
 import { capabilitiesCommands } from "./commands/capabilities.js";
+import { connectCommands } from "./commands/connect.js";
 import deploy from "./commands/deploy.js";
 import exec from "./commands/exec.js";
 import { runsCommands } from "./commands/runs.js";
@@ -18,6 +19,7 @@ const routes = buildRouteMap({
 		capabilities: capabilitiesCommands,
 		deploy: deploy,
 		exec: exec,
+		connect: connectCommands,
 		runs: runsCommands,
 		secrets: secretsCommands,
 		bundle: bundleCommands,

package/src/cli/utils/openNotionUrl.ts

@@ -0,0 +1,40 @@
+import { exec } from "node:child_process";
+import { existsSync } from "node:fs";
+
+import type { Environment } from "../config.js";
+
+export async function openNotionUrl(
+	env: Environment,
+	url: string,
+): Promise<void> {
+	const platform = process.platform;
+
+	try {
+		if (platform === "darwin") {
+			const appName = preferredNotionApp(env);
+			if (appName) {
+				exec(`open -a "${appName}" "${url}"`);
+			} else {
+				exec(`open "${url}"`);
+			}
+		} else if (platform === "win32") {
+			exec(`start "" "${url}"`);
+		} else {
+			exec(`xdg-open "${url}"`);
+		}
+	} catch (error) {
+		throw new Error(`Failed to open browser: ${error}`);
+	}
+}
+
+function preferredNotionApp(env: Environment): string | null {
+	if (env === "prod" && existsSync("/Applications/Notion.app")) {
+		return "Notion";
+	}
+
+	if (env === "dev" && existsSync("/Applications/Notion Dev.app")) {
+		return "Notion Dev";
+	}
+
+	return null;
+}