feat: add openboot delete command

Delete configs from openboot.dev by slug. Prompts for confirmation
unless --force is used. Handles 200/204/401/404 status codes with
clear error messages.

Author: fullstackjam

internal/cli/delete.go

@@ -0,0 +1,102 @@
+package cli
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	neturl "net/url"
+	"os"
+	"time"
+
+	"github.com/openbootdotdev/openboot/internal/auth"
+	"github.com/openbootdotdev/openboot/internal/httputil"
+	"github.com/openbootdotdev/openboot/internal/ui"
+	"github.com/spf13/cobra"
+)
+
+var deleteCmd = &cobra.Command{
+	Use:   "delete <slug>",
+	Short: "Delete a config from openboot.dev",
+	Long:  `Delete a config from your openboot.dev account by its slug.`,
+	Example: `  # Delete a config (with confirmation prompt)
+  openboot delete my-config
+
+  # Delete without confirmation (for scripting)
+  openboot delete my-config --force`,
+	Args: cobra.ExactArgs(1),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		force, _ := cmd.Flags().GetBool("force")
+		return runDelete(args[0], force)
+	},
+}
+
+func init() {
+	deleteCmd.Flags().BoolP("force", "f", false, "skip confirmation prompt")
+	rootCmd.AddCommand(deleteCmd)
+}
+
+func runDelete(slug string, force bool) error {
+	apiBase := auth.GetAPIBase()
+
+	if !auth.IsAuthenticated() {
+		fmt.Fprintln(os.Stderr)
+		ui.Info("You need to log in to delete configs.")
+		fmt.Fprintln(os.Stderr)
+		if _, err := auth.LoginInteractive(apiBase); err != nil {
+			return fmt.Errorf("authentication failed: %w", err)
+		}
+	}
+
+	stored, err := auth.LoadToken()
+	if err != nil {
+		return fmt.Errorf("load auth token: %w", err)
+	}
+	if stored == nil {
+		return fmt.Errorf("no valid auth token found — please log in again")
+	}
+
+	if !force {
+		confirmed, err := ui.Confirm(
+			fmt.Sprintf("Delete config '%s'? This cannot be undone", slug), false)
+		if err != nil {
+			return fmt.Errorf("confirm: %w", err)
+		}
+		if !confirmed {
+			ui.Info("Delete cancelled.")
+			return nil
+		}
+	}
+
+	url := fmt.Sprintf("%s/api/configs/%s", apiBase, neturl.PathEscape(slug))
+
+	req, err := http.NewRequest(http.MethodDelete, url, nil)
+	if err != nil {
+		return fmt.Errorf("create request: %w", err)
+	}
+	req.Header.Set("Authorization", "Bearer "+stored.Token)
+
+	client := &http.Client{Timeout: 30 * time.Second}
+	resp, err := httputil.Do(client, req)
+	if err != nil {
+		return fmt.Errorf("delete request: %w", err)
+	}
+	defer resp.Body.Close()
+
+	switch resp.StatusCode {
+	case http.StatusOK, http.StatusNoContent:
+		fmt.Fprintln(os.Stderr)
+		ui.Success(fmt.Sprintf("Config '%s' deleted.", slug))
+		fmt.Fprintln(os.Stderr)
+		return nil
+	case http.StatusUnauthorized:
+		return fmt.Errorf("not authorized — please log in again with 'openboot login'")
+	case http.StatusNotFound:
+		return fmt.Errorf("config '%s' not found", slug)
+	default:
+		body, readErr := io.ReadAll(io.LimitReader(resp.Body, 64<<10))
+		if readErr != nil {
+			return fmt.Errorf("delete failed (status %d): read response: %w", resp.StatusCode, readErr)
+		}
+		return fmt.Errorf("delete failed (status %d): %s", resp.StatusCode, string(body))
+	}
+}

internal/cli/delete_test.go

@@ -0,0 +1,107 @@
+package cli
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDeleteCmd_CommandStructure(t *testing.T) {
+	assert.Equal(t, "delete <slug>", deleteCmd.Use)
+	assert.NotEmpty(t, deleteCmd.Short)
+	assert.NotEmpty(t, deleteCmd.Long)
+	assert.NotEmpty(t, deleteCmd.Example)
+	assert.NotNil(t, deleteCmd.RunE)
+
+	flag := deleteCmd.Flags().Lookup("force")
+	assert.NotNil(t, flag, "should have --force flag")
+	assert.Equal(t, "f", flag.Shorthand)
+	assert.Equal(t, "false", flag.DefValue)
+}
+
+func TestDeleteCmd_RequiresSlugArg(t *testing.T) {
+	err := deleteCmd.Args(deleteCmd, []string{})
+	assert.Error(t, err, "should require exactly one argument")
+
+	err = deleteCmd.Args(deleteCmd, []string{"my-slug"})
+	assert.NoError(t, err, "should accept exactly one argument")
+
+	err = deleteCmd.Args(deleteCmd, []string{"slug1", "slug2"})
+	assert.Error(t, err, "should reject more than one argument")
+}
+
+func TestRunDelete_NotAuthenticated(t *testing.T) {
+	setupTestAuth(t, false)
+
+	t.Setenv("OPENBOOT_API_URL", "http://localhost:9999")
+
+	err := runDelete("test-slug", true)
+
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "authentication failed")
+}
+
+func TestRunDelete_Success(t *testing.T) {
+	setupTestAuth(t, true)
+
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method)
+		assert.Equal(t, "/api/configs/my-config", r.URL.Path)
+		assert.Contains(t, r.Header.Get("Authorization"), "Bearer ")
+		w.WriteHeader(http.StatusOK)
+	}))
+	defer server.Close()
+
+	t.Setenv("OPENBOOT_API_URL", server.URL)
+
+	err := runDelete("my-config", true)
+	assert.NoError(t, err)
+}
+
+func TestRunDelete_NotFound(t *testing.T) {
+	setupTestAuth(t, true)
+
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusNotFound)
+	}))
+	defer server.Close()
+
+	t.Setenv("OPENBOOT_API_URL", server.URL)
+
+	err := runDelete("nonexistent", true)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "not found")
+}
+
+func TestRunDelete_Unauthorized(t *testing.T) {
+	setupTestAuth(t, true)
+
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusUnauthorized)
+	}))
+	defer server.Close()
+
+	t.Setenv("OPENBOOT_API_URL", server.URL)
+
+	err := runDelete("my-config", true)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "not authorized")
+}
+
+func TestRunDelete_ServerError(t *testing.T) {
+	setupTestAuth(t, true)
+
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusInternalServerError)
+		w.Write([]byte("internal server error"))
+	}))
+	defer server.Close()
+
+	t.Setenv("OPENBOOT_API_URL", server.URL)
+
+	err := runDelete("my-config", true)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "delete failed (status 500)")
+}