New connection flows

Rebuilt the source connection “connect” flow with a unified OAuth callback, stronger validation, and a new multi-step UI. Removed White Label entirely across API, data model, and docs.

• New Features

  • Unified OAuth flow with HMAC-signed state and short-lived redirect sessions; new pending connection statuses (not_yet_authorized, pending).
  • New ConnectionInitSession and RedirectSession models backing the connect flow.
  • Source.validate implemented and enabled across many connectors (Google, Microsoft, Dropbox, GitHub, Notion, Jira/Confluence, Linear, HubSpot, Stripe, PostgreSQL, Todoist, Asana) to verify credentials quickly.
  • Multi-step collection/source creation modal with form validation, AuthProvider selection, OAuth redirect view, and success screen.
  • Usage: added POST /usage/check-actions for batch checks.
  • Sync metadata fields renamed to last_sync_job_*.

• Migration

  • Database: run migrations (adds connection_init_session, redirect_session; removes white_label).
  • API removals/changes:
    • Removed all /white-labels endpoints and white_label_id from source connection schemas.
    • Renamed latest_sync_job_* → last_sync_job_*.
    • Added SourceConnectionStatus values: not_yet_authorized, pending.
    • New POST /usage/check-actions; single-action type renamed to SingleActionCheckResponse.
  • Frontend/SDK updates:
    • OAuth callback route is now /auth/callback.
    • Update code to handle new statuses and renamed sync fields.
    • White Label UI, routes, and docs removed.