openworkers
diff --git a/‎.vscode/settings.json‎
Lines changed: 1 addition & 0 deletions b/‎.vscode/settings.json‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎Cargo.lock‎
Lines changed: 32 additions & 1 deletion b/‎Cargo.lock‎
Lines changed: 32 additions & 1 deletion
diff --git a/‎Cargo.toml‎
Lines changed: 2 additions & 1 deletion b/‎Cargo.toml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎migrations/26_link_worker_environment.sql‎
Lines changed: 60 additions & 0 deletions b/‎migrations/26_link_worker_environment.sql‎
Lines changed: 60 additions & 0 deletions
diff --git a/‎migrations/27_normalize_platform_db_uuid.sql‎
Lines changed: 15 additions & 0 deletions b/‎migrations/27_normalize_platform_db_uuid.sql‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎src/backend/api.rs‎
Lines changed: 48 additions & 1 deletion b/‎src/backend/api.rs‎
Lines changed: 48 additions & 1 deletion
@@ -3,6 +3,7 @@
     "binstall",
     "chrono",
     "codegen",
+    "postgate",
     "prerendered",
     "psql",
     "reqwest",
 
@@ -1,6 +1,6 @@
 [package]
 name = "openworkers-cli"
-version = "0.3.3"
+version = "0.3.4"
 edition = "2024"
 license = "MIT"
 description = "CLI for OpenWorkers - Self-hosted Cloudflare Workers runtime"
@@ -63,6 +63,7 @@ futures = "0.3"
 url = "2"
 rmcp = { version = "0.15", features = ["macros", "server", "transport-io"], optional = true }
 schemars = { version = "1", optional = true }
+rpassword = "7.4.0"
 
 # https://doc.rust-lang.org/cargo/reference/profiles.html
 # https://github.com/johnthagen/min-sized-rust?tab=readme-ov-file#minimizing-rust-binary-size
 
@@ -0,0 +1,60 @@
+-- ============================================================================
+-- Procedure to link an environment to a worker.
+--
+-- If the worker belongs to a project, cascades the environment to the project
+-- and all sibling workers in a single transaction.
+-- Replaces the trigger-based constraint with an explicit procedure.
+-- ============================================================================
+
+-- Drop the old triggers that blocked the operation
+DROP TRIGGER IF EXISTS check_workers_project_environment ON workers;
+DROP TRIGGER IF EXISTS check_projects_environment ON projects;
+DROP FUNCTION IF EXISTS check_worker_project_environment();
+
+CREATE OR REPLACE FUNCTION link_worker_environment(
+    p_worker_id uuid,
+    p_environment_id uuid
+)
+RETURNS void AS $$
+DECLARE
+    v_project_id uuid;
+    v_worker_user_id uuid;
+    v_env_user_id uuid;
+BEGIN
+    SELECT project_id, user_id INTO v_project_id, v_worker_user_id
+    FROM workers
+    WHERE id = p_worker_id;
+
+    IF NOT FOUND THEN
+        RAISE EXCEPTION 'Worker not found';
+    END IF;
+
+    SELECT user_id INTO v_env_user_id
+    FROM environments
+    WHERE id = p_environment_id;
+
+    IF NOT FOUND THEN
+        RAISE EXCEPTION 'Environment not found';
+    END IF;
+
+    IF v_worker_user_id IS DISTINCT FROM v_env_user_id THEN
+        RAISE EXCEPTION 'Worker and environment must belong to the same user';
+    END IF;
+
+    IF v_project_id IS NOT NULL THEN
+        -- Worker is in a project: cascade to project + all its workers
+        UPDATE projects
+        SET environment_id = p_environment_id, updated_at = now()
+        WHERE id = v_project_id;
+
+        UPDATE workers
+        SET environment_id = p_environment_id, updated_at = now()
+        WHERE project_id = v_project_id;
+    ELSE
+        -- Standalone worker
+        UPDATE workers
+        SET environment_id = p_environment_id, updated_at = now()
+        WHERE id = p_worker_id;
+    END IF;
+END;
+$$ LANGUAGE plpgsql;
@@ -0,0 +1,15 @@
+-- Normalize platform database UUID from aaaa... to nil UUID (00000000-...)
+-- The aaaa UUID was arbitrary and fails strict RFC 4122 validation.
+-- database_tokens.database_id has ON UPDATE CASCADE so it propagates automatically.
+
+-- 1. Update environment_values that reference this DB (stored as text, no FK)
+UPDATE environment_values
+SET value = '00000000-0000-0000-0000-000000000000'
+WHERE value = 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa'
+  AND type = 'database';
+
+-- 2. Update the database config itself (cascades to database_tokens)
+UPDATE database_configs
+SET id = '00000000-0000-0000-0000-000000000000'
+WHERE id = 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa';
+
@@ -1,7 +1,7 @@
 use super::{
     AssetManifestEntry, Backend, BackendError, CreateDatabaseInput, CreateEnvironmentInput,
     CreateKvInput, CreateStorageInput, CreateWorkerInput, Database, DeployInput, Deployment,
-    Environment, KvNamespace, StorageConfig, UpdateEnvironmentInput, UpdateWorkerInput,
+    Environment, KvNamespace, Project, StorageConfig, UpdateEnvironmentInput, UpdateWorkerInput,
     UploadResult, Worker,
 };
 use crate::config::DEFAULT_API_URL;
@@ -175,6 +175,39 @@ impl Backend for ApiBackend {
         Ok(worker)
     }
 
+    async fn link_worker_environment(
+        &self,
+        worker_id: &str,
+        environment_id: &str,
+    ) -> Result<(), BackendError> {
+        let response = self
+            .request(
+                reqwest::Method::POST,
+                &format!("/workers/{}/link", worker_id),
+            )
+            .json(&serde_json::json!({ "environmentId": environment_id }))
+            .send()
+            .await?;
+
+        if response.status() == reqwest::StatusCode::NOT_FOUND {
+            return Err(BackendError::NotFound(format!(
+                "Worker '{}' or environment '{}' not found",
+                worker_id, environment_id
+            )));
+        }
+
+        if response.status() == reqwest::StatusCode::UNAUTHORIZED {
+            return Err(BackendError::Unauthorized);
+        }
+
+        if !response.status().is_success() {
+            let text = response.text().await.unwrap_or_default();
+            return Err(BackendError::Api(text));
+        }
+
+        Ok(())
+    }
+
     async fn deploy_worker(
         &self,
         name: &str,
@@ -209,6 +242,7 @@ impl Backend for ApiBackend {
     async fn upload_worker(
         &self,
         name: &str,
+        _path: &std::path::Path,
         zip_data: Vec<u8>,
         assets_manifest: &[AssetManifestEntry],
     ) -> Result<UploadResult, BackendError> {
@@ -259,6 +293,19 @@ impl Backend for ApiBackend {
         Ok(result)
     }
 
+    // Project methods
+    async fn list_projects(&self) -> Result<Vec<Project>, BackendError> {
+        Err(BackendError::Api(
+            "Projects require DB access. Use a DB alias.".to_string(),
+        ))
+    }
+
+    async fn delete_project(&self, _name: &str) -> Result<(), BackendError> {
+        Err(BackendError::Api(
+            "Projects require DB access. Use a DB alias.".to_string(),
+        ))
+    }
+
     async fn list_environments(&self) -> Result<Vec<Environment>, BackendError> {
         let response = self
             .request(reqwest::Method::GET, "/environments")