Few improvements

Author: ramilamparo

src/api/deviceAuth.ts

@@ -45,7 +45,7 @@ const createFetcher = (baseUrl: string) =>
 		withHttpRetry
 	)
 
-export async function checkTenant(teamName: string): Promise<CheckTenantResponse> {
+export async function checkTenant(teamName: string): Promise<{ tenantUrl: string }> {
 	const fetcher = createFetcher(LOGIN_SERVICE_URL)
 	const response = await fetcher(`/api/check-tenant?name=${encodeURIComponent(teamName)}`, {
 		method: 'GET',
@@ -55,7 +55,7 @@ export async function checkTenant(teamName: string): Promise<CheckTenantResponse
 	// The check-tenant endpoint returns a redirect URL (e.g. http://tenant.localhost:5173/login).
 	// Extract just the origin for use as the API base URL.
 	const origin = new URL(data.redirectUrl).origin
-	return { redirectUrl: origin }
+	return { tenantUrl: origin }
 }
 
 export async function requestDeviceCode(tenantUrl: string): Promise<DeviceCodeResponse> {

src/commands/auth.ts

@@ -3,7 +3,13 @@ import chalk from 'chalk'
 import { ensureInteractive, prompt, promptHidden } from '../utils/prompt'
 import { openBrowser } from '../utils/browser'
 import { twirlLoader } from '../utils/misc'
-import { saveCredentials, clearCredentials, type CredentialSource } from '../utils/credentials'
+import {
+	saveCredentials,
+	clearCredentials,
+	loadCredentialsFromKeyring,
+	loadCredentialsFromFile,
+	type CredentialSource,
+} from '../utils/credentials'
 import { createApi } from '../api'
 import {
 	checkTenant,
@@ -25,8 +31,8 @@ async function resolveTenantUrl(): Promise<string> {
 	}
 
 	try {
-		const result = await checkTenant(teamName)
-		return result.redirectUrl
+		const { tenantUrl } = await checkTenant(teamName)
+		return tenantUrl
 	} catch (e) {
 		const message = e instanceof Error ? e.message : String(e)
 		console.error(chalk.red('Error:') + ` Could not find team "${teamName}": ${message}`)
@@ -46,7 +52,7 @@ async function validateApiKey(tenantUrl: string, apiKey: string): Promise<boolea
 
 async function handleApiKeyLogin(): Promise<void> {
 	const tenantUrl = await resolveTenantUrl()
-	const apiKey = await promptHidden('API Key: ')
+	const apiKey = await promptHidden(`API Key ${chalk.gray('(Input Hidden)')}: `)
 	if (!apiKey) {
 		console.error(chalk.red('Error:') + ' API key is required.')
 		process.exit(1)
@@ -156,10 +162,26 @@ const sourceLabels: Partial<Record<CredentialSource, string>> = {
 	'.env': 'a .env file in the current directory',
 	'.qaspherecli': 'a .qaspherecli file',
 }
+async function findClearableSource(): Promise<'keyring' | 'credentials.json' | null> {
+	if (await loadCredentialsFromKeyring()) return 'keyring'
+	if (loadCredentialsFromFile()) return 'credentials.json'
+	return null
+}
+
 async function handleLogout(): Promise<void> {
-	const result = await clearCredentials()
+	const clearable = await findClearableSource()
+
+	if (clearable) {
+		try {
+			await clearCredentials(clearable)
+		} catch (e) {
+			const message = e instanceof Error ? e.message : String(e)
+			console.error(
+				chalk.red('Error:') + ` Could not clear credentials from ${clearable}: ${message}`
+			)
+			process.exit(1)
+		}
 
-	if (result.cleared) {
 		console.log('Logged out.')
 
 		// Warn if credentials are still available from another source
@@ -175,7 +197,7 @@ async function handleLogout(): Promise<void> {
 		return
 	}
 
-	// Check if credentials come from a non-clearable source
+	// No clearable source — check if credentials come from a non-clearable source
 	const source = await resolveCredentialSource()
 	if (source) {
 		const label = sourceLabels[source.source] || source.source

src/utils/credentials.ts

@@ -108,27 +108,12 @@ export function loadCredentialsFromFile(): StoredCredentials | null {
 	}
 }
 
-export async function clearCredentials(): Promise<{
-	cleared: boolean
-	source?: CredentialSource
-}> {
-	// Try keyring first
-	const entry = await getKeyringEntry()
-	if (entry) {
-		try {
-			entry.getPassword() // Throws if no entry exists
-			entry.deletePassword()
-			return { cleared: true, source: 'keyring' }
-		} catch {
-			// No keyring entry or keyring unavailable, continue to file
-		}
-	}
-
-	// Try file
-	if (existsSync(CREDENTIALS_FILE)) {
+export async function clearCredentials(source: 'keyring' | 'credentials.json'): Promise<void> {
+	if (source === 'keyring') {
+		const entry = await getKeyringEntry()
+		if (!entry) throw new Error('Keyring is not available')
+		entry.deletePassword()
+	} else {
 		unlinkSync(CREDENTIALS_FILE)
-		return { cleared: true, source: 'credentials.json' }
 	}
-
-	return { cleared: false }
 }