feat: mirrorstack logout#16
Merged
Merged
Conversation
Revokes the current session via DELETE /v1/auth/sessions/current
(refresh token in body, CLI flow) and wipes the local credentials
file at ~/.config/mirrorstack/cli/credentials.json.
Behaviour:
- Already signed out (creds file missing) prints "✓ already signed
out" and exits 0. No server call.
- Server revoke succeeds → "✓ signed out".
- Server returns 401 → treat as already-revoked (the platform's
Revoke handler is idempotent), wipe local creds, success.
- Server fails (network, 5xx) → still wipe local creds, print a
yellow warning naming the error and noting the refresh token may
remain valid until expiry. Exit 0 — the user's intent is "log
me out" and refusing to clear local state because the platform
is unreachable would leave them stuck.
Implementation reuses the existing seams:
- \`api::revoke_session\` follows the &Client signature shape from
the recent api.rs cleanup, runs through \`unexpected_body_error\`
for non-401 failures.
- \`credentials::delete\` is idempotent (NotFound → Ok) so the
command body doesn't need to special-case missing files.
## Tests
- 27/27 (was 25). New:
- api::tests::revoke_session_204_is_ok — happy path with body match
- api::tests::revoke_session_401_is_unauthenticated — 401 mapping
- credentials_lifecycle now exercises delete() success + idempotent
second call. Single test by design — env-var mutation in
with_temp_config_dir would race if split.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Extract \`commands::ok_mark()\` and \`commands::warn_prefix()\` for the green-✓ and yellow-warning prefixes — same \`style(...).bold()\` chain was hand-rolled at 5 call sites across logout.rs and module.rs. - \`credentials::delete\` error includes the file path so the user can manually remove it on permission errors instead of seeing a bare "permission denied". - Drop the stale \`#[allow(dead_code)]\` on \`LoadError\` — \`NotFound\` is now matched in load(), load_or_login_hint(), and logout::run(). Confirmed unnecessary by clippy passing without it. - New test \`revoke_session_5xx_is_unexpected\` covers the unexpected body path that logout's \`server_warn\` branch exercises in practice. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
New `mirrorstack logout` subcommand: revokes the current session on the platform and wipes the local credentials file.
```
$ mirrorstack logout
✓ signed out.
```
Behaviour
Implementation notes
Test plan