@iann29/synapse 1.8.5 → 1.8.7

package/bin/synapse.js

@@ -30,7 +30,24 @@ async function main(argv) {
 
   const { cmd, rest } = resolve(REGISTRY, cleanArgv);
   if (!cmd) {
-    process.stderr.write(`Unknown command: ${cleanArgv.join(" ")}\n\nRun \`synapse help\` for the full list.\n`);
+    // v1.8.7: if the operator typed `synapse <prefix>` where one or
+    // more two-word commands exist under that prefix, suggest them.
+    // Turns "Unknown command: deployment" → an actionable list of
+    // verbs the operator can pick from.
+    const prefix = cleanArgv[0] + " ";
+    const verbs = [];
+    for (const name of REGISTRY.keys()) {
+      if (name.startsWith(prefix)) verbs.push(name);
+    }
+    process.stderr.write(`Unknown command: ${cleanArgv.join(" ")}\n`);
+    if (verbs.length > 0) {
+      verbs.sort();
+      process.stderr.write(`\nDid you mean one of:\n`);
+      for (const v of verbs) process.stderr.write(`  synapse ${v}\n`);
+      process.stderr.write(`\nRun \`synapse ${cleanArgv[0]} <verb> --help\` for usage.\n`);
+    } else {
+      process.stderr.write(`\nRun \`synapse help\` for the full list.\n`);
+    }
     process.exitCode = 1;
     return;
   }

package/lib/api.js

@@ -131,6 +131,60 @@ class SynapseAPI {
   cliCredentials(deploymentName) {
     return this.request("GET", `/v1/deployments/${encodeURIComponent(deploymentName)}/cli_credentials`);
   }
+
+  // ---- v1.8.7 control-plane methods ------------------------------
+
+  // GET /v1/deployments/{name}/ — single-deployment snapshot for the
+  // status command (faster than filtering listDeployments client-side
+  // when the operator already knows the name).
+  getDeployment(name) {
+    return this.request("GET", `/v1/deployments/${encodeURIComponent(name)}/`);
+  }
+
+  // GET /v1/deployments/{name}/backend_version — version of the running
+  // Convex backend inside the container. Cheap and useful in `status`.
+  // Falls back to {} if the deployment isn't ready (status: provisioning).
+  getDeploymentBackendVersion(name) {
+    return this.request("GET", `/v1/deployments/${encodeURIComponent(name)}/backend_version`);
+  }
+
+  // POST /v1/projects/{id}/create_deployment — body: { type, ha?, reference?, isDefault? }.
+  // Backend generates the deployment name; we surface it in the response.
+  createDeployment(projectId, body) {
+    return this.request("POST", `/v1/projects/${encodeURIComponent(projectId)}/create_deployment`, body);
+  }
+
+  // POST /v1/deployments/{name}/delete — irreversible; container + volume
+  // gone. Returns 200 with no body on success. The caller is responsible
+  // for typed-confirmation in the UI layer.
+  deleteDeployment(name) {
+    return this.request("POST", `/v1/deployments/${encodeURIComponent(name)}/delete`, {});
+  }
+
+  // POST /v1/deployments/{name}/reissue_admin_key — re-mints the admin
+  // key from the current instance_secret WITHOUT touching the secret.
+  // Use when stored credentials drift from the live container.
+  // Response: { deploymentName, adminKey, prefix }.
+  reissueAdminKey(name) {
+    return this.request("POST", `/v1/deployments/${encodeURIComponent(name)}/reissue_admin_key`, {});
+  }
+
+  // GET /v1/projects/{id}/list_default_environment_variables — returns
+  // { configs: [{ name, value, deploymentTypes[] }] }. We hand the raw
+  // shape back; the command formats it.
+  listProjectEnvVars(projectId) {
+    return this.request("GET", `/v1/projects/${encodeURIComponent(projectId)}/list_default_environment_variables`);
+  }
+
+  // POST /v1/projects/{id}/update_default_environment_variables — body:
+  // { changes: [{ op: "set"|"delete", name, value?, deploymentTypes? }] }.
+  // Cloud-spec shape; the backend applies the batch in a transaction so
+  // partial-failure is impossible.
+  updateProjectEnvVars(projectId, changes) {
+    return this.request("POST", `/v1/projects/${encodeURIComponent(projectId)}/update_default_environment_variables`, {
+      changes,
+    });
+  }
 }
 
 // Known envelope keys, in priority order. We try these explicitly before

package/lib/commands/_context.js

@@ -23,6 +23,24 @@ const {
 } = require("../config");
 const { readProjectConfig } = require("../project");
 
+// v1.8.6 (A3): SessionExpiredError carries an operator-actionable
+// message when the refresh token itself is rejected (>30d old or
+// revoked at server side). bin/synapse.js prints err.message verbatim,
+// so a clear "your session expired, run `synapse login <url>`" lands
+// directly in front of the operator instead of a cryptic
+// "Synapse API returned 401" message.
+class SessionExpiredError extends Error {
+  constructor(baseUrl, cause) {
+    super(
+      `Your Synapse session expired. Run \`synapse login ${baseUrl}\` to sign in again.` +
+        (cause ? ` (refresh failed: ${cause})` : ""),
+    );
+    this.name = "SessionExpiredError";
+    this.baseUrl = baseUrl;
+    this.cause = cause;
+  }
+}
+
 // Wraps an API client so any 401 transparently retries against
 // /v1/auth/refresh once. Mirrors what bin/synapse.js had before the
 // refactor; lives here so every command shares it.
@@ -43,10 +61,30 @@ function makeRefreshableApi(cfg) {
           ) {
             throw err;
           }
-          const session = await new SynapseAPI({ baseUrl: cfg.baseUrl }).refresh(
-            cfg.refreshToken,
-          );
-          if (!session.accessToken) throw err;
+          // v1.8.6 (A3): catch refresh failures and surface a clear
+          // re-login instruction instead of the raw upstream 401.
+          // Refresh tokens expire (30d default) or get revoked
+          // server-side; either way the operator needs to log in
+          // again and the bare "Synapse API returned 401" gave them
+          // no path forward.
+          let session;
+          try {
+            session = await new SynapseAPI({ baseUrl: cfg.baseUrl }).refresh(
+              cfg.refreshToken,
+            );
+          } catch (refreshErr) {
+            const detail =
+              refreshErr instanceof SynapseAPIError
+                ? `${refreshErr.code} ${refreshErr.status}`
+                : String(refreshErr.message || refreshErr);
+            throw new SessionExpiredError(cfg.baseUrl, detail);
+          }
+          if (!session.accessToken) {
+            throw new SessionExpiredError(
+              cfg.baseUrl,
+              "no access token in refresh response",
+            );
+          }
           cfg.accessToken = session.accessToken;
           cfg.refreshToken = session.refreshToken || cfg.refreshToken;
           cfg.tokenType = session.tokenType || cfg.tokenType || "Bearer";
@@ -84,10 +122,19 @@ function createContext({ out, cwd = process.cwd(), env = process.env } = {}) {
 
     // Throws "Not logged in" with a helpful message when no session
     // exists. Commands that REQUIRE auth call this.
+    //
+    // v1.8.6 (A1): copy now points operators who don't know the URL
+    // at their admin instead of leaving them stuck. This message
+    // cascades through 7+ commands (whoami / status / select /
+    // credentials / dev / deploy / convex) because the error
+    // propagates verbatim through bin/synapse.js's top-level
+    // try/catch.
     get cfg() {
       const c = cfgLoad();
       if (!c || !c.baseUrl || !c.accessToken) {
-        throw new Error("Not logged in. Run `synapse login <url>` first.");
+        throw new Error(
+          "Not logged in. Run `synapse login <your-synapse-url>` (e.g. `synapse login https://synapsepanel.com`). If you don't know the URL, ask the admin who set up your Synapse host.",
+        );
       }
       _cfg = c;
       return c;
@@ -130,4 +177,9 @@ function createContext({ out, cwd = process.cwd(), env = process.env } = {}) {
   };
 }
 
-module.exports = { createContext, makeRefreshableApi, normalizeBaseUrl };
+module.exports = {
+  createContext,
+  makeRefreshableApi,
+  normalizeBaseUrl,
+  SessionExpiredError,
+};

package/lib/commands/_help.js

@@ -14,7 +14,7 @@ function renderRootHelp(registry, { stdout = process.stdout } = {}) {
     ["Session", ["login", "logout", "whoami"]],
     ["Project linking", ["select", "credentials"]],
     ["Day-to-day", ["dev", "deploy"]],
-    ["Visibility", ["version", "status", "doctor", "open", "logs"]],
+    ["Visibility", ["version", "status", "doctor", "open", "list", "logs"]],
     ["Deployments", "deployment"],
     ["Projects", "project"],
     ["Teams", "team"],

package/lib/commands/_resource.js

@@ -0,0 +1,152 @@
+// Shared helpers for v1.8.7 control-plane commands.
+//
+// Every command in the new "Deployments" + "Env vars" sections needs
+// to resolve a target project — either from the linked `.synapse/
+// project.json` (no flag) or from an explicit `--project=<id>` / team
+// flag (CI / scripted runs). Centralising the logic here keeps the
+// commands themselves slim and gives us one place to update if the
+// resolution rules change.
+
+// Extracts `--project=<id>` / `--project <id>` from argv. Returns the
+// id (or null) plus the remaining args. We accept the equals form
+// and the space-separated form — operators copy-paste from various
+// shells.
+function extractProjectFlag(args) {
+  const rest = [];
+  let projectId = null;
+  for (let i = 0; i < args.length; i += 1) {
+    const a = args[i];
+    if (a === "--project") {
+      projectId = args[i + 1];
+      i += 1;
+      continue;
+    }
+    if (a.startsWith("--project=")) {
+      projectId = a.slice("--project=".length);
+      continue;
+    }
+    rest.push(a);
+  }
+  return { projectId, rest };
+}
+
+// Same shape as extractProjectFlag for --team. team flag accepts either
+// a slug or an id (backend's loadTeamForRequest accepts both).
+function extractTeamFlag(args) {
+  const rest = [];
+  let teamRef = null;
+  for (let i = 0; i < args.length; i += 1) {
+    const a = args[i];
+    if (a === "--team") {
+      teamRef = args[i + 1];
+      i += 1;
+      continue;
+    }
+    if (a.startsWith("--team=")) {
+      teamRef = a.slice("--team=".length);
+      continue;
+    }
+    rest.push(a);
+  }
+  return { teamRef, rest };
+}
+
+// Generic flag extractor. Boolean flags (no value) and string flags
+// (with `--name=value` form) must be DECLARED separately so the parser
+// never has to guess whether `--default value-stays` means
+// `default=true, positional=value-stays` (operator intent) or
+// `default=value-stays` (greedy heuristic).
+//
+// Both spec shapes are accepted:
+//   extractFlags(args, ["foo", "bar"])
+//       → all flags string-or-true (legacy form; used by single-arg
+//       parsers that don't have boolean/string ambiguity)
+//   extractFlags(args, { string: ["type"], boolean: ["ha", "yes"] })
+//       → strict: boolean flags NEVER consume the next token; string
+//       flags require `--name=value` OR `--name <value>` (next-token).
+//
+// Unknown flags stay in `rest` (commands surface them with a Usage
+// error).
+function extractFlags(args, spec) {
+  let stringSet;
+  let booleanSet;
+  if (Array.isArray(spec)) {
+    // Legacy shape — keep the v1.8.x behaviour for `parseFlags`-style
+    // call sites that don't differentiate.
+    stringSet = new Set(spec);
+    booleanSet = new Set();
+  } else {
+    stringSet = new Set(spec.string || []);
+    booleanSet = new Set(spec.boolean || []);
+  }
+  const known = (n) => stringSet.has(n) || booleanSet.has(n);
+
+  const flags = {};
+  const rest = [];
+  for (let i = 0; i < args.length; i += 1) {
+    const a = args[i];
+    if (a.startsWith("--")) {
+      const eq = a.indexOf("=");
+      const name = eq >= 0 ? a.slice(2, eq) : a.slice(2);
+      if (known(name)) {
+        if (eq >= 0) {
+          // --name=value: always string (a boolean flag with `=` is
+          // unambiguous, e.g. `--yes=false`).
+          flags[name] = a.slice(eq + 1);
+          continue;
+        }
+        if (booleanSet.has(name) && !stringSet.has(name)) {
+          // Pure boolean. NEVER consumes the next token.
+          flags[name] = true;
+          continue;
+        }
+        // String (or legacy-spec) flag without `=`: consume next token
+        // if it isn't another flag. Boolean detection via the
+        // boolean-set above already short-circuited, so this branch
+        // is reached only for explicit string flags.
+        const next = args[i + 1];
+        if (next === undefined || next.startsWith("--")) {
+          flags[name] = true;
+        } else {
+          flags[name] = next;
+          i += 1;
+        }
+        continue;
+      }
+    }
+    rest.push(a);
+  }
+  return { flags, rest };
+}
+
+// Resolve the project the command should operate on. Result:
+//   { projectId, source: "flag" | "linked", projectConfig?, fallbackError? }
+// Throws when neither a flag NOR a linked project is available (the
+// error message tells the operator exactly what to do).
+function resolveProject(ctx, args) {
+  const { projectId, rest } = extractProjectFlag(args);
+  if (projectId) {
+    return { projectId, source: "flag", rest };
+  }
+  const linked = ctx.projectConfig;
+  if (linked && linked.project && linked.project.id) {
+    return {
+      projectId: linked.project.id,
+      source: "linked",
+      projectConfig: linked,
+      rest,
+    };
+  }
+  const err = new Error(
+    "No linked project in this directory. Pass --project=<id> or run `synapse select` first.",
+  );
+  err.code = "no_project";
+  throw err;
+}
+
+module.exports = {
+  extractFlags,
+  extractProjectFlag,
+  extractTeamFlag,
+  resolveProject,
+};

package/lib/commands/convex.js

@@ -117,10 +117,27 @@ async function runConvexCommand(args, ctx) {
     ctx.out.info(
       `Using Synapse ${resolved.target} deployment ${resolved.deploymentName}.`,
     );
+    // v1.8.6 (A5): the upstream Convex CLI emits "Can't safely modify
+    // .env.local for NEXT_PUBLIC_CONVEX_SITE_URL, please edit manually."
+    // because our value is a self-hosted URL that doesn't match its
+    // `.convex.site` pattern. The warning is benign (the file IS
+    // correct — we wrote it), but it's confusing without context.
+    // Pre-announce so the operator knows it's expected.
+    ctx.out.info(
+      "(npx convex may warn it can't modify NEXT_PUBLIC_CONVEX_SITE_URL — benign; Synapse owns those values.)",
+    );
   } else {
     resolved = await resolveConvexInvocation(args, { projectDir: ctx.cwd });
   }
   const code = await runConvex(resolved.args, { credentials: resolved.credentials });
+  // v1.8.6 (A5): when npx convex exits non-zero, surface a hint about
+  // where the failure came from — operators see a `[X]` from convex
+  // and assume Synapse broke. Point them at the right `--help`.
+  if (code !== 0) {
+    ctx.out.info(
+      `\n(npx convex exited ${code}. If this looks like an unknown-command typo, run \`synapse convex --help\` for the upstream Convex help.)`,
+    );
+  }
   process.exitCode = code;
 }
 

package/lib/commands/credentials.js

@@ -63,7 +63,28 @@ Formats:
     const { format, rest } = parseFormat(args);
     const deployment = rest[0];
     if (!deployment) {
-      throw new Error("Usage: synapse credentials <deployment> [--format env|shell|json]");
+      // v1.8.6 (A4): the operator already linked a project — we know
+      // which deployment names exist. Surfacing them turns a dead-end
+      // Usage line into an actionable hint without an extra API call.
+      // The plain Usage line stays as the fallback for unlinked
+      // directories.
+      const linked = ctx.projectConfig;
+      let hint = "";
+      if (linked && linked.deployments) {
+        const names = [];
+        if (linked.deployments.dev?.name) {
+          names.push(`dev=${linked.deployments.dev.name}`);
+        }
+        if (linked.deployments.prod?.name) {
+          names.push(`prod=${linked.deployments.prod.name}`);
+        }
+        if (names.length > 0) {
+          hint = `\n\nThis project has: ${names.join(", ")}. Try \`synapse credentials ${linked.deployments.dev?.name || linked.deployments.prod?.name}\`. Run \`synapse status\` to see them all.`;
+        }
+      }
+      throw new Error(
+        `Usage: synapse credentials <deployment> [--format env|shell|json]${hint}`,
+      );
     }
     if (!FORMATS.has(format)) {
       throw new Error("format must be one of: env, shell, json");

package/lib/commands/deployment-create.js

@@ -0,0 +1,122 @@
+// `synapse deployment create [--type=dev|prod|preview|custom] [--ha]
+//   [--default] [--project=<id>] [--json]`
+//
+// Provisions a new Convex backend container under the linked (or
+// --project=) project. The backend generates the deployment name
+// (animal-adjective-NNNN) — we don't accept it as an arg, matching
+// Convex Cloud's contract.
+//
+// Safety: prod creation prompts for `--yes` (or stdin "yes") because
+// the container is real, gets a host port, and counts against quota.
+// dev creates straight through.
+
+const colors = require("../colors");
+const { extractFlags, resolveProject } = require("./_resource");
+const { confirm } = require("../prompts");
+
+const VALID_TYPES = new Set(["dev", "prod", "preview", "custom"]);
+
+module.exports = {
+  name: "deployment create",
+  summary: "Create a new Convex deployment under the linked project.",
+  usage:
+    "synapse deployment create [--type=dev|prod|preview|custom] [--ha] [--default] [--project=<id>] [--yes] [--json]",
+  description: `Provisions a real Convex backend container. The backend generates the deployment name (animal-adjective-NNNN); you receive it in the response.
+
+Flags:
+  --type=<dev|prod|preview|custom>  Deployment type. Default: dev.
+  --ha                              Provision HA (2 replicas + Postgres + S3).
+                                    Requires SYNAPSE_HA_ENABLED on the host.
+  --default                         Mark as the project's default deployment.
+  --project=<id>                    Operate on a non-linked project.
+  --yes                             Skip the prod-confirmation prompt.
+  --json                            Machine-readable output.
+
+Examples:
+  synapse deployment create
+  synapse deployment create --type=prod --yes
+  synapse deployment create --type=dev --ha --default --project=<uuid>`,
+
+  async run(args, ctx) {
+    const { flags, rest } = extractFlags(args, {
+      string: ["type", "project"],
+      boolean: ["ha", "default", "yes"],
+    });
+    if (rest.length > 0) {
+      throw new Error(
+        `Unexpected positional: ${rest[0]}. The backend generates the deployment name; flags only.`,
+      );
+    }
+    // resolveProject reads from --project= via extractProjectFlag. We
+    // already consumed --project above; thread it back through args so
+    // resolveProject can see it.
+    const resolveArgs = flags.project ? [`--project=${flags.project}`] : [];
+    const { projectId, source } = resolveProject(ctx, resolveArgs);
+
+    const type = (flags.type || "dev").toLowerCase();
+    if (!VALID_TYPES.has(type)) {
+      throw new Error(
+        `Invalid --type: ${type}. Must be one of: ${[...VALID_TYPES].join(", ")}.`,
+      );
+    }
+    const ha = flags.ha === true || flags.ha === "true";
+    const isDefault = flags.default === true || flags.default === "true";
+    const yes = flags.yes === true || flags.yes === "true";
+
+    // Prod confirmation. Mirrors `synapse deploy`'s prompt — operator
+    // muscle-memory expects the same friction. Skipped in --json mode
+    // (CI scripts must pass --yes explicitly anyway).
+    if (type === "prod" && !yes && !ctx.out.json) {
+      const confirmed = await confirm(
+        `Create a NEW PROD deployment under ${source === "linked" ? "this directory's linked project" : projectId}? [y/N] `,
+        { defaultAnswer: false },
+      );
+      if (!confirmed) {
+        ctx.out.info("Aborted.");
+        process.exitCode = 1;
+        return;
+      }
+    }
+    if (type === "prod" && !yes && ctx.out.json) {
+      // Fail closed in JSON mode so a script can't accidentally
+      // provision prod without an explicit --yes.
+      throw new Error(
+        "Refusing to create a prod deployment in --json mode without --yes.",
+      );
+    }
+
+    if (!ctx.out.json) {
+      ctx.out.info(
+        `Creating ${type}${ha ? " (HA)" : ""}${isDefault ? " [default]" : ""} deployment in project ${projectId}…`,
+      );
+    }
+    const body = { type };
+    if (ha) body.ha = true;
+    if (isDefault) body.isDefault = true;
+    const created = await ctx.api.createDeployment(projectId, body);
+
+    ctx.out.result(
+      {
+        projectId,
+        projectSource: source,
+        deployment: created,
+      },
+      (_d, { stdout }) => {
+        stdout.write(
+          `${colors.green("Created")} ${colors.bold(created.name)} ${colors.dim(`(${created.deploymentType || type})`)}\n`,
+        );
+        if (created.deploymentUrl || created.url) {
+          stdout.write(colors.dim(`URL: ${created.deploymentUrl || created.url}\n`));
+        }
+        if (created.status) {
+          stdout.write(colors.dim(`Status: ${created.status}\n`));
+        }
+        stdout.write(
+          colors.dim(
+            `Tip: run \`synapse deployment status ${created.name} --watch\` to track readiness, or \`synapse select\` to link this directory to it.\n`,
+          ),
+        );
+      },
+    );
+  },
+};

package/lib/commands/deployment-delete.js

@@ -0,0 +1,117 @@
+// `synapse deployment delete <name> [--yes] [--confirm=<name>] [--json]`
+//
+// Destroys the container + storage volume. Irreversible.
+//
+// Safety levels:
+//   - dev: single `--yes` confirms (or interactive y/N prompt)
+//   - prod: typed-confirmation REQUIRED — operator must re-type the
+//     deployment name. `--yes` is NOT enough for prod (mirrors the
+//     dashboard's v1.7.2 typed-confirm flow). Non-interactive callers
+//     pass `--confirm=<exact-name>` instead.
+//
+// The deployment type is fetched from the backend before the delete
+// fires so we know whether to ask for typed-confirm. One extra GET is
+// cheap and prevents the "I thought this was dev" footgun.
+
+const colors = require("../colors");
+const { extractFlags } = require("./_resource");
+const { confirm, typedConfirm } = require("../prompts");
+const { SynapseAPIError } = require("../api");
+
+module.exports = {
+  name: "deployment delete",
+  summary: "Delete a deployment (container + volume — irreversible).",
+  usage:
+    "synapse deployment delete <name> [--yes] [--confirm=<name>] [--json]",
+  description: `Calls POST /v1/deployments/{name}/delete. The container is destroyed and the storage volume is wiped. Production deployments require typed confirmation — re-type the deployment name.
+
+Flags:
+  --yes                Skip the y/N prompt for dev deployments.
+  --confirm=<name>     Pre-supply the typed confirmation (CI usage). For
+                       prod deployments this is mandatory in --json mode.
+  --json               Machine-readable output.
+
+Examples:
+  synapse deployment delete brave-dolphin-1060
+  synapse deployment delete brave-dolphin-1060 --yes              # dev only
+  synapse deployment delete wise-otter-2200 --confirm=wise-otter-2200`,
+
+  async run(args, ctx) {
+    const { flags, rest } = extractFlags(args, {
+      string: ["confirm"],
+      boolean: ["yes", "json"],
+    });
+    const name = rest[0];
+    if (!name) {
+      throw new Error(
+        "Usage: synapse deployment delete <name> [--yes|--confirm=<name>]",
+      );
+    }
+    if (rest.length > 1) {
+      throw new Error(`Unexpected positional: ${rest[1]}.`);
+    }
+    const yes = flags.yes === true || flags.yes === "true";
+    const typed = typeof flags.confirm === "string" ? flags.confirm : null;
+
+    // Look up the deployment to learn its type. 404 here is the most
+    // common operator typo case — surface a clear error before any
+    // destructive call.
+    let dep;
+    try {
+      dep = await ctx.api.getDeployment(name);
+    } catch (err) {
+      if (err instanceof SynapseAPIError && err.status === 404) {
+        throw new Error(
+          `Deployment "${name}" not found. Run \`synapse list deployments\` to see your deployments.`,
+        );
+      }
+      throw err;
+    }
+    const type = dep.deploymentType || dep.type || "unknown";
+
+    if (type === "prod") {
+      // Typed-confirmation MANDATORY. --yes alone does not bypass it.
+      if (!typed && ctx.out.json) {
+        throw new Error(
+          `Refusing to delete prod deployment "${name}" in --json mode without --confirm=${name}.`,
+        );
+      }
+      const ok = await typedConfirm("delete", name, { typed });
+      if (!ok) {
+        ctx.out.info(`Aborted (confirmation didn't match "${name}").`);
+        process.exitCode = 1;
+        return;
+      }
+    } else {
+      // Dev / preview / custom — y/N prompt unless --yes was passed.
+      if (!yes && !typed && !ctx.out.json) {
+        const confirmed = await confirm(
+          `Delete ${type} deployment ${colors.bold(name)}? [y/N] `,
+          { defaultAnswer: false },
+        );
+        if (!confirmed) {
+          ctx.out.info("Aborted.");
+          process.exitCode = 1;
+          return;
+        }
+      }
+      if (!yes && !typed && ctx.out.json) {
+        throw new Error(
+          `Refusing to delete "${name}" in --json mode without --yes.`,
+        );
+      }
+    }
+
+    if (!ctx.out.json) {
+      ctx.out.info(`Deleting ${type} deployment ${name}…`);
+    }
+    await ctx.api.deleteDeployment(name);
+
+    ctx.out.result(
+      { deleted: true, name, type },
+      (_d, { stdout }) => {
+        stdout.write(`${colors.red("Deleted")} ${colors.bold(name)} ${colors.dim(`(${type})`)}\n`);
+      },
+    );
+  },
+};