@openparachute/app 0.2.0-rc.4

package/src/config.ts

@@ -0,0 +1,289 @@
+/**
+ * Config loading for parachute-app.
+ *
+ * Reads `$PARACHUTE_HOME/app/config.json` (default `~/.parachute/app/config.json`).
+ * Validates the shape against the on-disk Draft-07 schema in
+ * `.parachute/config/schema`. Missing-file is OK at MVP — app falls through
+ * to defaults so a fresh install can `parachute-app serve` without an explicit
+ * config step. Malformed JSON or wrong-typed fields are fail-fast.
+ *
+ * `PARACHUTE_HOME` env var overrides the parent directory — same convention
+ * every committed-core module uses (vault, runner, scribe, agent).
+ *
+ * No secrets live in app's config today, so there's no SecretsStore lift here
+ * (in contrast to runner's `vault_token` envelope). `auto_register_oauth_clients`
+ * is the closest thing to a credential-adjacent toggle and it lives in plaintext.
+ */
+
+import { existsSync, readFileSync } from "node:fs";
+import * as os from "node:os";
+import * as path from "node:path";
+
+export type AppConfig = {
+  /** Hub origin used for DCR registration in Phase 1.2+. */
+  hub_url: string;
+  /** Whether `add` triggers automatic DCR registration with hub. */
+  auto_register_oauth_clients: boolean;
+  /** Global kill switch — daemon stays running but unmounts all UIs. */
+  disabled: boolean;
+  /** Fallback scopes for UIs whose meta.json omits `scopes_required`. */
+  default_scope_required: string[];
+  /** Whether `parachute-app dev <name>` is permitted. */
+  dev_mode_allowed: boolean;
+  /**
+   * First-boot bootstrap. When `uis/` is empty on `serve` startup, apps
+   * auto-installs each entry in `apps` via the same npm-fetch pipeline
+   * `parachute-app add` uses. Defaults to `{enabled: true, apps:
+   * ["@openparachute/notes-ui"]}` — the friend-deploy story is "spin up
+   * a hub, get Notes for free."
+   *
+   * Operators who want a different default (or no default) can flip
+   * `enabled: false` or set `apps: []`. Per design doc Section 16:
+   * Notes is the canonical first app installed under parachute-app.
+   */
+  bootstrap_default_apps: {
+    enabled: boolean;
+    apps: string[];
+  };
+  /**
+   * When a UI's meta.json declares `required_schema`, auto-provision
+   * its tags in vault at install time (and on manual re-trigger via
+   * `POST /app/<name>/provision-schema`). Best-effort: errors log +
+   * warn but don't fail the install. Default true. Per patterns#57.
+   */
+  auto_provision_required_schema: boolean;
+};
+
+export class ConfigError extends Error {
+  override name = "ConfigError" as const;
+  readonly path: string;
+  constructor(message: string, configPath: string) {
+    super(`${message} (config: ${configPath})`);
+    this.path = configPath;
+  }
+}
+
+/**
+ * Resolve `$PARACHUTE_HOME/app/config.json`. Honors `PARACHUTE_HOME` so
+ * sandboxes + Render deployments can redirect the location.
+ *
+ * `os.homedir()` is cached at process start on Bun; we prefer the live env var
+ * so test-time `HOME=` overrides take effect.
+ */
+export function resolveConfigPath(env: Record<string, string | undefined> = process.env): string {
+  const parachuteHome = env.PARACHUTE_HOME ?? path.join(env.HOME ?? os.homedir(), ".parachute");
+  return path.join(parachuteHome, "app", "config.json");
+}
+
+/**
+ * Resolve `$PARACHUTE_HOME/app/uis/` — the directory app scans for declared
+ * hosted UIs. Honors `PARACHUTE_HOME` for tests + sandboxes.
+ */
+export function resolveUisDir(env: Record<string, string | undefined> = process.env): string {
+  const parachuteHome = env.PARACHUTE_HOME ?? path.join(env.HOME ?? os.homedir(), ".parachute");
+  return path.join(parachuteHome, "app", "uis");
+}
+
+/** Defaults baked into the schema. Kept in sync with `.parachute/config/schema`. */
+export const DEFAULTS: AppConfig = {
+  hub_url: "http://127.0.0.1:1939",
+  auto_register_oauth_clients: true,
+  disabled: false,
+  default_scope_required: ["vault:*:read"],
+  dev_mode_allowed: true,
+  bootstrap_default_apps: {
+    enabled: true,
+    apps: ["@openparachute/notes-ui"],
+  },
+  auto_provision_required_schema: true,
+};
+
+export type LoadConfigOpts = {
+  /** Override the config path (tests). Defaults to `resolveConfigPath()`. */
+  configPath?: string;
+  /** Logger override; default console. */
+  logger?: Pick<Console, "log" | "warn" | "error">;
+};
+
+/**
+ * Load + validate app config from disk. When the file is absent, returns the
+ * built-in defaults (matches scribe's "no-config-yet means no-config-needed"
+ * behavior — app's config is all-optional). Malformed JSON or wrong-typed
+ * fields are fail-fast with a `ConfigError`.
+ */
+export function loadConfig(opts: LoadConfigOpts = {}): AppConfig {
+  const configPath = opts.configPath ?? resolveConfigPath();
+  const logger = opts.logger ?? console;
+
+  if (!existsSync(configPath)) {
+    logger.log(`[app] config file not found at ${configPath}; using defaults`);
+    return cloneDefaults();
+  }
+
+  let raw: Record<string, unknown>;
+  try {
+    const parsed = JSON.parse(readFileSync(configPath, "utf8"));
+    if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+      throw new ConfigError("config root must be a JSON object", configPath);
+    }
+    raw = parsed as Record<string, unknown>;
+  } catch (e) {
+    if (e instanceof ConfigError) throw e;
+    throw new ConfigError(`failed to parse JSON: ${(e as Error).message}`, configPath);
+  }
+
+  return validateConfig(raw, configPath);
+}
+
+/**
+ * Validate a parsed config object. Exported separately so tests can exercise
+ * the shape-validation path without a tempfile round-trip.
+ */
+export function validateConfig(raw: unknown, configPath = "<inline>"): AppConfig {
+  if (!raw || typeof raw !== "object" || Array.isArray(raw)) {
+    throw new ConfigError("config root must be a JSON object", configPath);
+  }
+  const o = raw as Record<string, unknown>;
+
+  // hub_url — string + uri-ish; default applied when absent.
+  let hub_url = DEFAULTS.hub_url;
+  if (o.hub_url !== undefined) {
+    if (typeof o.hub_url !== "string" || o.hub_url.length === 0) {
+      throw new ConfigError("`hub_url` must be a non-empty string", configPath);
+    }
+    // Soft URI check — fail fast on obvious typos but don't be pedantic.
+    try {
+      new URL(o.hub_url);
+    } catch {
+      throw new ConfigError(`\`hub_url\` is not a valid URL: ${o.hub_url}`, configPath);
+    }
+    hub_url = stripTrailingSlash(o.hub_url);
+  }
+
+  // auto_register_oauth_clients — bool; default true.
+  let auto_register_oauth_clients = DEFAULTS.auto_register_oauth_clients;
+  if (o.auto_register_oauth_clients !== undefined) {
+    if (typeof o.auto_register_oauth_clients !== "boolean") {
+      throw new ConfigError("`auto_register_oauth_clients` must be a boolean", configPath);
+    }
+    auto_register_oauth_clients = o.auto_register_oauth_clients;
+  }
+
+  // disabled — bool; default false.
+  let disabled = DEFAULTS.disabled;
+  if (o.disabled !== undefined) {
+    if (typeof o.disabled !== "boolean") {
+      throw new ConfigError("`disabled` must be a boolean", configPath);
+    }
+    disabled = o.disabled;
+  }
+
+  // default_scope_required — array of non-empty strings; default ["vault:*:read"].
+  let default_scope_required: string[] = [...DEFAULTS.default_scope_required];
+  if (o.default_scope_required !== undefined) {
+    if (!Array.isArray(o.default_scope_required)) {
+      throw new ConfigError("`default_scope_required` must be an array of strings", configPath);
+    }
+    const items: string[] = [];
+    for (let i = 0; i < o.default_scope_required.length; i++) {
+      const v = o.default_scope_required[i];
+      if (typeof v !== "string" || v.length === 0) {
+        throw new ConfigError(
+          `\`default_scope_required[${i}]\` must be a non-empty string`,
+          configPath,
+        );
+      }
+      items.push(v);
+    }
+    default_scope_required = items;
+  }
+
+  // dev_mode_allowed — bool; default true.
+  let dev_mode_allowed = DEFAULTS.dev_mode_allowed;
+  if (o.dev_mode_allowed !== undefined) {
+    if (typeof o.dev_mode_allowed !== "boolean") {
+      throw new ConfigError("`dev_mode_allowed` must be a boolean", configPath);
+    }
+    dev_mode_allowed = o.dev_mode_allowed;
+  }
+
+  // bootstrap_default_apps — { enabled: bool, apps: string[] }; defaults applied.
+  let bootstrap_default_apps = {
+    enabled: DEFAULTS.bootstrap_default_apps.enabled,
+    apps: [...DEFAULTS.bootstrap_default_apps.apps],
+  };
+  if (o.bootstrap_default_apps !== undefined) {
+    if (
+      !o.bootstrap_default_apps ||
+      typeof o.bootstrap_default_apps !== "object" ||
+      Array.isArray(o.bootstrap_default_apps)
+    ) {
+      throw new ConfigError("`bootstrap_default_apps` must be an object", configPath);
+    }
+    const bda = o.bootstrap_default_apps as Record<string, unknown>;
+    let enabled = bootstrap_default_apps.enabled;
+    if (bda.enabled !== undefined) {
+      if (typeof bda.enabled !== "boolean") {
+        throw new ConfigError("`bootstrap_default_apps.enabled` must be a boolean", configPath);
+      }
+      enabled = bda.enabled;
+    }
+    let apps: string[] = [...bootstrap_default_apps.apps];
+    if (bda.apps !== undefined) {
+      if (!Array.isArray(bda.apps)) {
+        throw new ConfigError(
+          "`bootstrap_default_apps.apps` must be an array of strings",
+          configPath,
+        );
+      }
+      const items: string[] = [];
+      for (let i = 0; i < bda.apps.length; i++) {
+        const v = bda.apps[i];
+        if (typeof v !== "string" || v.length === 0) {
+          throw new ConfigError(
+            `\`bootstrap_default_apps.apps[${i}]\` must be a non-empty string`,
+            configPath,
+          );
+        }
+        items.push(v);
+      }
+      apps = items;
+    }
+    bootstrap_default_apps = { enabled, apps };
+  }
+
+  // auto_provision_required_schema — bool; default true.
+  let auto_provision_required_schema = DEFAULTS.auto_provision_required_schema;
+  if (o.auto_provision_required_schema !== undefined) {
+    if (typeof o.auto_provision_required_schema !== "boolean") {
+      throw new ConfigError("`auto_provision_required_schema` must be a boolean", configPath);
+    }
+    auto_provision_required_schema = o.auto_provision_required_schema;
+  }
+
+  return {
+    hub_url,
+    auto_register_oauth_clients,
+    disabled,
+    default_scope_required,
+    dev_mode_allowed,
+    bootstrap_default_apps,
+    auto_provision_required_schema,
+  };
+}
+
+/** Fresh deep-copy of `DEFAULTS` — used when no config file exists. */
+function cloneDefaults(): AppConfig {
+  return {
+    ...DEFAULTS,
+    default_scope_required: [...DEFAULTS.default_scope_required],
+    bootstrap_default_apps: {
+      enabled: DEFAULTS.bootstrap_default_apps.enabled,
+      apps: [...DEFAULTS.bootstrap_default_apps.apps],
+    },
+  };
+}
+
+function stripTrailingSlash(url: string): string {
+  return url.endsWith("/") ? url.slice(0, -1) : url;
+}

package/src/dcr.ts

@@ -0,0 +1,334 @@
+/**
+ * Dynamic Client Registration (RFC 7591) for hosted UIs.
+ *
+ * When `POST /app/add` succeeds with `config.auto_register_oauth_clients = true`,
+ * parachute-app registers the new UI as an OAuth public client of hub:
+ *
+ *   POST <hub_url>/oauth/register
+ *   Authorization: Bearer <operator-token>     (sourced via operator-token.ts)
+ *   Content-Type: application/json
+ *
+ *   {
+ *     "client_name": "<displayName>",
+ *     "redirect_uris": ["<hub_url><meta.path>/", "<hub_url><meta.path>/oauth-callback"],
+ *     "scope": "<scopes_required joined by space>",
+ *     "token_endpoint_auth_method": "none",
+ *     "grant_types": ["authorization_code"],
+ *     "response_types": ["code"]
+ *   }
+ *
+ * Hub returns `201 Created` with `{client_id, ...}`. We persist the `client_id`
+ * in `~/.parachute/app/uis/<name>/.oauth-client.json` (chmod 0o600).
+ *
+ * Auth posture for the call:
+ *   - When an operator bearer is available (`PARACHUTE_HUB_TOKEN` env or
+ *     `~/.parachute/operator.token`), the bearer is sent and the resulting
+ *     client lands `approved` (no human follow-up needed).
+ *   - When no operator bearer is available, the call still works — the client
+ *     lands `pending`, and the operator has to click approve in hub admin.
+ *     We surface this in the response so the CLI/admin SPA can render the
+ *     hint.
+ *
+ * Errors:
+ *   - Hub unreachable / 5xx → `DcrError` with `status: "hub_unreachable"`
+ *   - Hub returns 4xx (bad shape, scopes hub doesn't recognize, etc.) → the
+ *     full hub body is folded into the error so the operator sees what hub
+ *     said back. The caller decides whether to abort the add or proceed
+ *     without OAuth (UI still mounts, OAuth dance just fails at runtime).
+ *   - Local file write failure → propagated; the caller's `POST /app/add`
+ *     surfaces it.
+ *
+ * Revocation on remove. There's no spec'd RFC 7591 client-deletion endpoint
+ * that hub implements universally; for now `removeOauthClient()` is a no-op
+ * locally (just deletes the `.oauth-client.json` file), and the orphaned
+ * client record stays in hub's DB until an operator runs `parachute auth
+ * revoke-client <id>` or hub adds an `RFC 7592` /oauth/clients/<id> DELETE.
+ * If hub later adds the endpoint, this function fires a best-effort DELETE
+ * and ignores 404s.
+ */
+
+import { chmodSync, existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from "node:fs";
+import * as path from "node:path";
+
+/**
+ * Persisted client record. Saved at `~/.parachute/app/uis/<name>/.oauth-client.json`.
+ * `same_hub: true` is hub's auto-trust flag (per design doc section 6) — we
+ * carry it through so the admin SPA can show "auto-trusted" for these clients.
+ */
+export type OauthClientRecord = {
+  client_id: string;
+  client_name: string;
+  redirect_uris: string[];
+  scope: string;
+  status?: string;
+  registered_at: string;
+  hub_url: string;
+};
+
+/**
+ * Shape of a DCR-register response from hub. Per RFC 7591 + hub's actual
+ * response (see `handleRegister` in parachute-hub/src/oauth-handlers.ts).
+ */
+export type DcrRegisterResponse = {
+  client_id: string;
+  client_name?: string;
+  redirect_uris: string[];
+  scope?: string;
+  grant_types: string[];
+  response_types: string[];
+  token_endpoint_auth_method: string;
+  client_id_issued_at: number;
+  status?: string;
+  client_secret?: string;
+};
+
+/**
+ * Loose fetch signature. Bun's stricter `typeof fetch` requires the
+ * `preconnect` static method we never use; this alias keeps test stubs
+ * one-arg-and-init clean.
+ */
+export type FetchFn = (url: string | URL | Request, init?: RequestInit) => Promise<Response>;
+
+export class DcrError extends Error {
+  override name = "DcrError" as const;
+  readonly status: "hub_unreachable" | "hub_rejected" | "invalid_response";
+  readonly hubResponseStatus?: number;
+  readonly hubResponseBody?: string;
+  constructor(
+    message: string,
+    status: "hub_unreachable" | "hub_rejected" | "invalid_response",
+    extra: { hubResponseStatus?: number; hubResponseBody?: string } = {},
+  ) {
+    super(message);
+    this.status = status;
+    this.hubResponseStatus = extra.hubResponseStatus;
+    this.hubResponseBody = extra.hubResponseBody;
+  }
+}
+
+export type RegisterOauthClientOpts = {
+  /** Hub origin (e.g. `http://127.0.0.1:1939`). Stripped of trailing slash. */
+  hubUrl: string;
+  /** Human label — typically `meta.displayName`. */
+  clientName: string;
+  /** Where hub redirects back to after consent. Must be absolute (hub-origin-prefixed). */
+  redirectUris: string[];
+  /** Space-separated scope list — derived from `meta.scopes_required`. */
+  scopes: string[];
+  /** Operator bearer when available — sourced via `operator-token.ts`. */
+  operatorToken?: string;
+  /** Injected fetch (tests). Defaults to global `fetch`. */
+  fetchFn?: FetchFn;
+  /** Logger override; default console. */
+  logger?: Pick<Console, "log" | "warn" | "error">;
+};
+
+/**
+ * Hit hub's `/oauth/register` and return the parsed response.
+ *
+ * Failure modes (each thrown as `DcrError`):
+ *   - Network error / hub unreachable → `status: "hub_unreachable"`
+ *   - 4xx/5xx response → `status: "hub_rejected"` with body folded in
+ *   - 2xx but unparseable JSON → `status: "invalid_response"`
+ */
+export async function registerOauthClient(
+  opts: RegisterOauthClientOpts,
+): Promise<DcrRegisterResponse> {
+  const logger = opts.logger ?? console;
+  const fetchFn = opts.fetchFn ?? fetch;
+  const hubUrl = opts.hubUrl.replace(/\/$/, "");
+  const url = `${hubUrl}/oauth/register`;
+
+  const body = {
+    client_name: opts.clientName,
+    redirect_uris: opts.redirectUris,
+    scope: opts.scopes.join(" "),
+    token_endpoint_auth_method: "none",
+    grant_types: ["authorization_code"],
+    response_types: ["code"],
+  };
+
+  const headers: Record<string, string> = {
+    "content-type": "application/json",
+  };
+  if (opts.operatorToken) {
+    headers.authorization = `Bearer ${opts.operatorToken}`;
+  }
+
+  let res: Response;
+  try {
+    res = await fetchFn(url, {
+      method: "POST",
+      headers,
+      body: JSON.stringify(body),
+    });
+  } catch (e) {
+    const msg = (e as Error).message;
+    logger.warn(`[app-dcr] hub unreachable at ${url}: ${msg}`);
+    throw new DcrError(
+      `hub unreachable at ${url}: ${msg}. Retry once hub is running, or set auto_register_oauth_clients=false.`,
+      "hub_unreachable",
+    );
+  }
+
+  const text = await res.text();
+  if (res.status >= 400) {
+    logger.warn(`[app-dcr] hub rejected DCR (${res.status}): ${text.slice(0, 500)}`);
+    throw new DcrError(
+      `hub rejected DCR registration (status ${res.status}): ${text.slice(0, 200)}`,
+      "hub_rejected",
+      { hubResponseStatus: res.status, hubResponseBody: text },
+    );
+  }
+
+  let parsed: DcrRegisterResponse;
+  try {
+    parsed = JSON.parse(text) as DcrRegisterResponse;
+  } catch (e) {
+    throw new DcrError(
+      `hub returned ${res.status} but body was not valid JSON: ${(e as Error).message}`,
+      "invalid_response",
+      { hubResponseStatus: res.status, hubResponseBody: text },
+    );
+  }
+
+  if (typeof parsed.client_id !== "string" || parsed.client_id.length === 0) {
+    throw new DcrError(
+      `hub returned ${res.status} but response is missing client_id`,
+      "invalid_response",
+      { hubResponseStatus: res.status, hubResponseBody: text },
+    );
+  }
+
+  return parsed;
+}
+
+/**
+ * Persist the OAuth client record to disk under the UI's directory.
+ *
+ * Mode 0o600 — only the running daemon's user reads it. The client_id is
+ * not technically a secret (public OAuth clients), but mode 0o600 mirrors
+ * the operator-token-file pattern and keeps the file out of casual reads.
+ */
+export function writeOauthClientFile(uiDir: string, record: OauthClientRecord): string {
+  mkdirSync(uiDir, { recursive: true });
+  const filePath = path.join(uiDir, ".oauth-client.json");
+  writeFileSync(filePath, `${JSON.stringify(record, null, 2)}\n`);
+  try {
+    chmodSync(filePath, 0o600);
+  } catch {
+    // chmod may fail on Windows / odd filesystems; the file is still written.
+  }
+  return filePath;
+}
+
+/**
+ * Read the persisted OAuth client record for a UI. Returns `undefined` when
+ * the file is missing (UI was added before DCR, or DCR failed).
+ */
+export function readOauthClientFile(uiDir: string): OauthClientRecord | undefined {
+  const filePath = path.join(uiDir, ".oauth-client.json");
+  if (!existsSync(filePath)) return undefined;
+  try {
+    const body = readFileSync(filePath, "utf8");
+    const parsed = JSON.parse(body);
+    if (
+      !parsed ||
+      typeof parsed !== "object" ||
+      Array.isArray(parsed) ||
+      typeof (parsed as Record<string, unknown>).client_id !== "string"
+    ) {
+      return undefined;
+    }
+    return parsed as OauthClientRecord;
+  } catch {
+    return undefined;
+  }
+}
+
+/**
+ * Best-effort revocation of a UI's OAuth client.
+ *
+ * Three pieces:
+ *   1. Try `DELETE <hub_url>/oauth/clients/<client_id>` (RFC 7592). 4xx other
+ *      than 404 → log + carry on; 404 → fine, already gone.
+ *   2. Remove the local `.oauth-client.json`.
+ *
+ * Never throws — removal must complete even if hub is unreachable. Returns
+ * a status object the caller surfaces in the response.
+ */
+export type UnregisterResult = {
+  /** True when the local file was removed (or didn't exist to begin with). */
+  localFileRemoved: boolean;
+  /** Status of the upstream DELETE call. `"unsupported"` covers 404 from hub (the route doesn't exist yet). */
+  hubDeleteStatus: "ok" | "not_found" | "unsupported" | "error" | "unreachable" | "skipped";
+  /** Optional human-readable detail. */
+  detail?: string;
+};
+
+export type UnregisterOauthClientOpts = {
+  hubUrl: string;
+  clientId?: string;
+  uiDir: string;
+  operatorToken?: string;
+  fetchFn?: FetchFn;
+  logger?: Pick<Console, "log" | "warn" | "error">;
+};
+
+export async function unregisterOauthClient(
+  opts: UnregisterOauthClientOpts,
+): Promise<UnregisterResult> {
+  const logger = opts.logger ?? console;
+  const fetchFn = opts.fetchFn ?? fetch;
+  const hubUrl = opts.hubUrl.replace(/\/$/, "");
+
+  let hubDeleteStatus: UnregisterResult["hubDeleteStatus"] = "skipped";
+  let detail: string | undefined;
+
+  if (opts.clientId) {
+    const url = `${hubUrl}/oauth/clients/${encodeURIComponent(opts.clientId)}`;
+    const headers: Record<string, string> = {};
+    if (opts.operatorToken) headers.authorization = `Bearer ${opts.operatorToken}`;
+    try {
+      const res = await fetchFn(url, { method: "DELETE", headers });
+      if (res.status === 204 || res.status === 200) {
+        hubDeleteStatus = "ok";
+      } else if (res.status === 404) {
+        // Hub doesn't have an RFC 7592 endpoint yet, OR the client was
+        // already removed. Either way: no work to do.
+        hubDeleteStatus = res.headers.get("content-type")?.includes("json")
+          ? "not_found"
+          : "unsupported";
+        detail = "hub returned 404 — endpoint may not exist or client already gone";
+      } else if (res.status === 405) {
+        // Method not allowed — hub doesn't expose DELETE here.
+        hubDeleteStatus = "unsupported";
+        detail = `hub returned ${res.status}; DELETE not supported`;
+      } else {
+        hubDeleteStatus = "error";
+        const body = await res.text();
+        detail = `hub returned ${res.status}: ${body.slice(0, 200)}`;
+        logger.warn(`[app-dcr] revoke ${opts.clientId} failed: ${detail}`);
+      }
+    } catch (e) {
+      hubDeleteStatus = "unreachable";
+      detail = `hub unreachable: ${(e as Error).message}`;
+      logger.warn(`[app-dcr] revoke ${opts.clientId} failed: ${detail}`);
+    }
+  }
+
+  // Always remove the local file last so a re-run of `remove` after a hub
+  // restore re-attempts the upstream delete.
+  const filePath = path.join(opts.uiDir, ".oauth-client.json");
+  let localFileRemoved = true;
+  if (existsSync(filePath)) {
+    try {
+      unlinkSync(filePath);
+    } catch (e) {
+      localFileRemoved = false;
+      detail = `${detail ? `${detail}; ` : ""}local file unlink failed: ${(e as Error).message}`;
+    }
+  }
+
+  return { localFileRemoved, hubDeleteStatus, detail };
+}