feat(cli): add relayfile logout

[khaliqgant]

Summary

• add a root relayfile logout command and help text
• clear Relayfile-owned auth stores: legacy API-key credentials, legacy cloud credentials, delegated credentials, and delegated per-workspace cache
• preserve the shared Agent Relay cloud session by default and print agent-relay cloud logout guidance for full sign-out

Verification

• go test ./cmd/relayfile-cli
• git diff --check

Notes

This is intentionally separate from #229 and does not touch the mount UX conflict-fix PR.

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Warning

Review limit reached

@khaliqgant, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 18 minutes and 8 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 4c6e3534-bc61-4a8a-a4b9-38389154b28c

📥 Commits

Reviewing files that changed from the base of the PR and between 5dcc0c3 and 6b84d13.

📒 Files selected for processing (2)

• cmd/relayfile-cli/main.go
• cmd/relayfile-cli/main_test.go

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/relayfile-logout

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Relayfile Eval Review

Run: .relayfile/evals/runs/2026-06-18T15-00-14-481Z-HEAD-provider
Mode: provider
Git SHA: c00f5ad

Passed: 4 | Needs human: 0 | Reviewable: 0 | Missing output: 0 | Failed: 0 | Skipped: 0

Human Review Cases

No reviewable human-review cases captured Relayfile output.

[agent-relay-code]

ℹ️ pr-reviewer: review only — no file changes were applied to the PR (nothing to commit after review). The notes below are advisory and were not pushed.

Note: the OpenAPI/contract rule in CLAUDE.md applies to internal/httpapi/server.go. This PR only touches the CLI (cmd/relayfile-cli), adds no HTTP handlers/params/fields, so no spec update is required. Same for the digest runtime contract — no ingest/provider mutation paths are touched.

Review: PR #313 — feat(cli): add relayfile logout

Summary

This PR adds a relayfile logout subcommand that clears local Relayfile credential artifacts from the machine while deliberately preserving the shared agent-relay cloud session and the workspace catalog. The change is well-scoped, contained entirely to cmd/relayfile-cli, and accompanied by three focused tests.

Verification

• go build ./... → passes (all three binaries build)
• go test ./... → all packages pass (full CI suite, ~3 min runtime)
• go vet ./cmd/relayfile-cli/ → clean
• gofmt -l on both changed files → no formatting issues
• New tests (TestLogoutClearsAuthCredentialsOnly, TestLogoutIsIdempotentWhenNoCredentialsExist, TestLogoutRejectsExtraArguments, plus the logout help case) → all pass

Correctness notes (verified against current checkout)

• clearAuthCredentials() removes exactly the local Relayfile artifacts: credentials.json, cloud-credentials.json, delegated-credentials.json, and the delegated/ cache dir. The per-request delegated caches written by delegatedCredentialsPathForRequest (main.go:6902) all live under that delegated/ dir, so they're correctly swept.
• The shared cloud session at ~/.agentworkforce/relay/cloud-auth.json (agentRelayCloudAuthPath, main.go:7245) is left untouched — correct fail-safe behavior; the user-facing message accurately directs to agent-relay cloud logout.
• The removed == 0 branch gives an accurate idempotent message; counting a dir removal as 1 is fine for the binary "did/didn't do anything" distinction the message relies on.
• Error wrapping (remove %s: %w) preserves the underlying error; errors.Is(err, os.ErrNotExist) handling is correct in both helpers.
• New imports (errors, os, path/filepath) are already present. Command dispatch (main.go:516) and all three help/usage surfaces are wired consistently.

No semantic, safety, or lifecycle-critical code is involved. No fail-closed→fail-open changes. No mechanical fixes were needed (formatting and vet were already clean), so no files were edited.

Addressed comments

• No bot or human review comments are present in the provided PR metadata (.workforce/context.json) and no comments file was supplied — nothing to address.

Advisory Notes

• Minor (non-blocking): clearAuthCredentials treats removing the delegated/ directory as a single unit (removed++ once). If a future requirement wanted an exact count of cleared artifacts, this would under-count, but it does not affect the current message logic. No change recommended for this PR.

The PR builds clean, the full CI test command passes, and the change is correct and well-tested. The remaining step (merge approval) is a human decision.