Skip to content

For the complete documentation index, see llms.txt.

Promptless Promptless | Automatic updates for your customer-facing docs
Get a demo Start for free

Test spec: logout edge cases

What to do with this file

Section titled “What to do with this file”

You are a coding agent. Your job is to execute this test spec by running commands in a shell, step by step, from Phase 0 through Phase 5. For each step:

  1. Run the command shown in the code block.
  2. Read the output.
  3. Check every Assert listed for that step.
  4. Record the result: PASS or FAIL with the actual output.

At the end, produce a summary table showing which phases passed and which failed.

What this test is checking

Section titled “What this test is checking”

promptless logout has more behavior than “delete the file.” It has to:

  • Remove only the PROMPTLESS_CLI_API_SECRET line, leaving any other KEY=VALUE entries the user (or a future CLI feature) may have written to the same file.
  • Delete the file entirely when no other keys remain, rather than leaving a zero-byte artifact that would look like a corrupted config.
  • Be idempotent: a second logout with no cached key is a clean no-op, not an error.
  • Warn the user if $PROMPTLESS_CLI_API_SECRET is still set in the current shell after the file is removed — otherwise the next command in the same shell will silently keep using the old value.

State transitions in this spec are entirely about the contents of the config file as logout runs. Every phase is a small, focused mutation followed by an inspection.

The fixture contract (promptless-test-fixture start-fake-server, stop-fake-server) is defined in Test spec: authentication happy path. For the linear login → whoami → logout happy path, see the same file. For path resolution rules, see Test spec: config file paths. For env-var precedence, see Test spec: env-var precedence.

Prerequisites

Section titled “Prerequisites”

The promptless binary and promptless-test-fixture must be on $PATH.

$ promptless --help | head -1

Shared helper (define once)

Section titled “Shared helper (define once)”
$ drive_login() {
    local stderr_file=$1
    promptless login --no-browser > "$stderr_file" 2>&1 &
    local pid=$!
    local url=""
    for i in 1 2 3 4 5; do
      url=$(grep -o "$URL/cli/auth?[^ ]*" "$stderr_file" 2>/dev/null | head -1)
      [ -n "$url" ] && break
      sleep 0.2
    done
    [ -z "$url" ] && { echo "no auth URL captured" >&2; return 1; }
    curl -sL "$url" -o /dev/null
    wait $pid
  }

Phase 0: Setup — fake server, isolated config, login to populate

Section titled “Phase 0: Setup — fake server, isolated config, login to populate”
$ export PROMPTLESS_CLI_DEVELOPER_CONFIG_FILE=$(mktemp -u /tmp/promptless-logout-XXXXXX.env)
$ unset PROMPTLESS_CLI_API_SECRET
$ unset XDG_CONFIG_HOME
$ eval "$(promptless-test-fixture start-fake-server)"
$ export PROMPTLESS_APP_BASE_URL=$URL
$ export PROMPTLESS_API_BASE_URL=$URL
$ drive_login /tmp/promptless-logout-login.stderr
$ cat $PROMPTLESS_CLI_DEVELOPER_CONFIG_FILE

Assert:

  • Login exits 0.
  • File contains PROMPTLESS_CLI_API_SECRET=$API_KEY (and nothing else).

Phase 1: Logout preserves unrelated keys

Section titled “Phase 1: Logout preserves unrelated keys”

Plant a second key in the config file by hand. logout should remove only the API key line and leave the rest intact. If this behavior breaks, a user who keeps unrelated config in the same file will lose it every time they re-authenticate.

$ printf "OTHER_KEY=keep\n" >> $PROMPTLESS_CLI_DEVELOPER_CONFIG_FILE
$ cat $PROMPTLESS_CLI_DEVELOPER_CONFIG_FILE

Assert: File now contains both PROMPTLESS_CLI_API_SECRET=... and OTHER_KEY=keep.

$ promptless logout; echo "exit: $?"
$ cat $PROMPTLESS_CLI_DEVELOPER_CONFIG_FILE

Assert:

  • Exit code is 0.
  • stderr contains Removed API key from $PROMPTLESS_CLI_DEVELOPER_CONFIG_FILE.
  • PROMPTLESS_CLI_API_SECRET is gone.
  • OTHER_KEY=keep is still present, unchanged.

Phase 2: Logout deletes the file when no other keys remain

Section titled “Phase 2: Logout deletes the file when no other keys remain”

Drop the placeholder key, re-login so the file contains only the API key, then logout. The file itself should be deleted — not left as a zero-byte artifact that would look suspicious in ls -la.

$ sed -i.bak '/OTHER_KEY/d' $PROMPTLESS_CLI_DEVELOPER_CONFIG_FILE && rm -f $PROMPTLESS_CLI_DEVELOPER_CONFIG_FILE.bak
$ cat $PROMPTLESS_CLI_DEVELOPER_CONFIG_FILE

Assert: File is empty (no lines) — but does still exist.

$ drive_login /tmp/promptless-logout-login2.stderr
$ promptless logout
$ test -e $PROMPTLESS_CLI_DEVELOPER_CONFIG_FILE && echo "exists" || echo "missing"

Assert:

  • Output is missing — the file was removed entirely, not left zero-byte.

Phase 3: Logout with no config is a clean no-op

Section titled “Phase 3: Logout with no config is a clean no-op”

A second logout (or a logout from a never-logged-in shell) must exit 0 and not recreate the file as a side effect.

$ promptless logout; echo "exit: $?"
$ test -e $PROMPTLESS_CLI_DEVELOPER_CONFIG_FILE && echo "exists" || echo "missing"

Assert:

  • Exit code is 0.
  • stderr mentions already logged out (or “no API key in config”).
  • File still does not exist — no zero-byte recreation.

Phase 4: Warn when env var is still set in the shell

Section titled “Phase 4: Warn when env var is still set in the shell”

If $PROMPTLESS_CLI_API_SECRET is exported in the current shell, the file-based logout doesn’t actually unset the in-process value — the next whoami will keep working with the env-var token. The CLI should warn about this rather than appear to succeed silently.

$ drive_login /tmp/promptless-logout-login3.stderr
$ export PROMPTLESS_CLI_API_SECRET=$API_KEY
$ promptless logout 2>&1

Assert: stderr contains a warning along the lines of PROMPTLESS_CLI_API_SECRET is also set in your environment (the precise wording lives in src/commands/logout.ts).

$ test -e $PROMPTLESS_CLI_DEVELOPER_CONFIG_FILE && echo "exists" || echo "missing"
$ promptless whoami; echo "exit: $?"

Assert:

  • File is missing — the file removal still happened.
  • whoami exits 0 and matches $EMAIL — the env var is still in effect for this shell, exactly as the warning claimed.

Unsetting the env var should restore the “not logged in” state.

$ unset PROMPTLESS_CLI_API_SECRET
$ promptless whoami; echo "exit: $?"

Assert:

  • Exit code is non-zero.
  • stderr contains not logged in.

Phase 5: Teardown

Section titled “Phase 5: Teardown”
$ promptless-test-fixture stop-fake-server $PID
$ rm -f $PROMPTLESS_CLI_DEVELOPER_CONFIG_FILE \
        /tmp/promptless-logout-login.stderr \
        /tmp/promptless-logout-login2.stderr \
        /tmp/promptless-logout-login3.stderr
$ unset PROMPTLESS_CLI_DEVELOPER_CONFIG_FILE PROMPTLESS_APP_BASE_URL PROMPTLESS_API_BASE_URL

Assert:

  • Fake server stopped.
  • No /tmp/promptless-logout-* files remain.

Summary of Key Assertions

Section titled “Summary of Key Assertions”
PhaseWhat is testedKey assertion
0SetupCached key present in isolated config
1Selective removalLogout removes only the API key; unrelated OTHER_KEY survives
2Empty-file deletionLogout deletes the file when no other keys remain
3IdempotencySecond logout exits 0; file not recreated
4Env-var warningLogout warns when PROMPTLESS_CLI_API_SECRET is still exported
5TeardownServer stopped, temp files removed