feat(config): add nylas config reset to fully reset CLI state

Adds a global reset subcommand under `nylas config` that clears all
stored data (API credentials, dashboard session, grants, config file)
with a confirmation prompt. This ensures `IsFirstRun()` returns true
afterward so first-time setup guidance is shown.

Individual resets (`nylas auth config --reset`, `nylas dashboard logout`)
remain unchanged and scoped to their own domains.

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

Author: AaronDDM

internal/app/auth/config_test.go

@@ -0,0 +1,61 @@
+package auth
+
+import (
+	"testing"
+
+	"github.com/nylas/cli/internal/ports"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// mockSecretStore is a simple in-memory secret store for testing.
+type mockSecretStore struct {
+	data map[string]string
+}
+
+func newMockSecretStore() *mockSecretStore {
+	return &mockSecretStore{data: make(map[string]string)}
+}
+
+func (m *mockSecretStore) Set(key, value string) error { m.data[key] = value; return nil }
+func (m *mockSecretStore) Get(key string) (string, error) {
+	if v, ok := m.data[key]; ok {
+		return v, nil
+	}
+	return "", nil
+}
+func (m *mockSecretStore) Delete(key string) error { delete(m.data, key); return nil }
+func (m *mockSecretStore) IsAvailable() bool       { return true }
+func (m *mockSecretStore) Name() string             { return "mock" }
+
+func TestConfigService_ResetConfig(t *testing.T) {
+	t.Run("clears only API credentials", func(t *testing.T) {
+		secrets := newMockSecretStore()
+		configStore := newMockConfigStore()
+
+		// Populate API credentials
+		secrets.data[ports.KeyClientID] = "client-123"
+		secrets.data[ports.KeyClientSecret] = "secret-456"
+		secrets.data[ports.KeyAPIKey] = "nyl_abc"
+		secrets.data[ports.KeyOrgID] = "org-789"
+
+		// Populate dashboard credentials (should NOT be cleared)
+		secrets.data[ports.KeyDashboardUserToken] = "user-token"
+		secrets.data[ports.KeyDashboardAppID] = "app-id"
+
+		svc := NewConfigService(configStore, secrets)
+
+		err := svc.ResetConfig()
+		require.NoError(t, err)
+
+		// API credentials should be cleared
+		assert.Empty(t, secrets.data[ports.KeyClientID])
+		assert.Empty(t, secrets.data[ports.KeyClientSecret])
+		assert.Empty(t, secrets.data[ports.KeyAPIKey])
+		assert.Empty(t, secrets.data[ports.KeyOrgID])
+
+		// Dashboard credentials should be untouched
+		assert.Equal(t, "user-token", secrets.data[ports.KeyDashboardUserToken])
+		assert.Equal(t, "app-id", secrets.data[ports.KeyDashboardAppID])
+	})
+}

internal/cli/config/config.go

@@ -43,14 +43,18 @@ If the config file doesn't exist, sensible defaults are used automatically.`,
   nylas config set gpg.auto_sign true
 
   # Initialize config with defaults
-  nylas config init`,
+  nylas config init
+
+  # Reset everything (credentials, grants, config)
+  nylas config reset`,
 	}
 
 	cmd.AddCommand(newListCmd())
 	cmd.AddCommand(newGetCmd())
 	cmd.AddCommand(newSetCmd())
 	cmd.AddCommand(newInitCmd())
 	cmd.AddCommand(newPathCmd())
+	cmd.AddCommand(newResetCmd())
 
 	return cmd
 }

internal/cli/config/reset.go

@@ -0,0 +1,102 @@
+package config
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+
+	adapterconfig "github.com/nylas/cli/internal/adapters/config"
+	"github.com/nylas/cli/internal/adapters/keyring"
+	authapp "github.com/nylas/cli/internal/app/auth"
+	"github.com/nylas/cli/internal/cli/common"
+	"github.com/nylas/cli/internal/domain"
+	"github.com/nylas/cli/internal/ports"
+)
+
+func newResetCmd() *cobra.Command {
+	var force bool
+
+	cmd := &cobra.Command{
+		Use:   "reset",
+		Short: "Reset all CLI configuration and credentials",
+		Long: `Reset the Nylas CLI to a clean state by clearing all stored data:
+
+  - API credentials (API key, client ID, client secret)
+  - Dashboard session (login tokens, selected app)
+  - Grants (authenticated email accounts)
+  - Config file (reset to defaults)
+
+After reset, run 'nylas init' to set up again.
+
+To reset only part of the CLI:
+  nylas auth config --reset    Reset API credentials only
+  nylas dashboard logout       Log out of Dashboard only`,
+		Example: `  # Reset with confirmation prompt
+  nylas config reset
+
+  # Reset without confirmation
+  nylas config reset --force`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if !force {
+				fmt.Println("This will remove all stored credentials, grants, and configuration.")
+				fmt.Println()
+				if !common.Confirm("Are you sure you want to reset the CLI?", false) {
+					fmt.Println("Reset cancelled.")
+					return nil
+				}
+				fmt.Println()
+			}
+
+			secretStore, err := keyring.NewSecretStore(adapterconfig.DefaultConfigDir())
+			if err != nil {
+				return fmt.Errorf("access secret store: %w", err)
+			}
+
+			// 1. Clear API credentials
+			configSvc := authapp.NewConfigService(configStore, secretStore)
+			if err := configSvc.ResetConfig(); err != nil {
+				return fmt.Errorf("reset API config: %w", err)
+			}
+			_, _ = common.Green.Println("  ✓ API credentials cleared")
+
+			// 2. Clear dashboard credentials
+			clearDashboardCredentials(secretStore)
+			_, _ = common.Green.Println("  ✓ Dashboard session cleared")
+
+			// 3. Clear grants
+			grantStore := keyring.NewGrantStore(secretStore)
+			if err := grantStore.ClearGrants(); err != nil {
+				return fmt.Errorf("clear grants: %w", err)
+			}
+			_, _ = common.Green.Println("  ✓ Grants cleared")
+
+			// 4. Reset config file to defaults
+			if err := configStore.Save(domain.DefaultConfig()); err != nil {
+				return fmt.Errorf("reset config file: %w", err)
+			}
+			_, _ = common.Green.Println("  ✓ Config file reset")
+
+			fmt.Println()
+			_, _ = common.Green.Println("CLI has been reset.")
+			fmt.Println()
+			fmt.Println("Run 'nylas init' to set up again.")
+
+			return nil
+		},
+	}
+
+	cmd.Flags().BoolVar(&force, "force", false, "Skip confirmation prompt")
+
+	return cmd
+}
+
+// clearDashboardCredentials removes all dashboard-related keys from the secret store.
+func clearDashboardCredentials(secrets ports.SecretStore) {
+	_ = secrets.Delete(ports.KeyDashboardUserToken)
+	_ = secrets.Delete(ports.KeyDashboardOrgToken)
+	_ = secrets.Delete(ports.KeyDashboardUserPublicID)
+	_ = secrets.Delete(ports.KeyDashboardOrgPublicID)
+	_ = secrets.Delete(ports.KeyDashboardDPoPKey)
+	_ = secrets.Delete(ports.KeyDashboardAppID)
+	_ = secrets.Delete(ports.KeyDashboardAppRegion)
+}

internal/cli/config/reset_test.go

@@ -0,0 +1,65 @@
+package config
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNewResetCmd(t *testing.T) {
+	t.Run("command name and flags", func(t *testing.T) {
+		cmd := newResetCmd()
+
+		assert.Equal(t, "reset", cmd.Use)
+		assert.NotEmpty(t, cmd.Short)
+		assert.NotEmpty(t, cmd.Long)
+		assert.NotEmpty(t, cmd.Example)
+
+		flag := cmd.Flags().Lookup("force")
+		require.NotNil(t, flag, "expected --force flag")
+		assert.Equal(t, "false", flag.DefValue)
+	})
+}
+
+func TestClearDashboardCredentials(t *testing.T) {
+	t.Run("clears all dashboard keys", func(t *testing.T) {
+		store := &memStore{data: map[string]string{
+			"dashboard_user_token":     "tok",
+			"dashboard_org_token":      "org-tok",
+			"dashboard_user_public_id": "uid",
+			"dashboard_org_public_id":  "oid",
+			"dashboard_dpop_key":       "dpop",
+			"dashboard_app_id":         "app",
+			"dashboard_app_region":     "us",
+			"api_key":                  "keep-me",
+		}}
+
+		clearDashboardCredentials(store)
+
+		// Dashboard keys should be gone
+		assert.Empty(t, store.data["dashboard_user_token"])
+		assert.Empty(t, store.data["dashboard_org_token"])
+		assert.Empty(t, store.data["dashboard_user_public_id"])
+		assert.Empty(t, store.data["dashboard_org_public_id"])
+		assert.Empty(t, store.data["dashboard_dpop_key"])
+		assert.Empty(t, store.data["dashboard_app_id"])
+		assert.Empty(t, store.data["dashboard_app_region"])
+
+		// Non-dashboard keys should be untouched
+		assert.Equal(t, "keep-me", store.data["api_key"])
+	})
+}
+
+// memStore is a minimal in-memory SecretStore for testing.
+type memStore struct {
+	data map[string]string
+}
+
+func (m *memStore) Set(key, value string) error { m.data[key] = value; return nil }
+func (m *memStore) Get(key string) (string, error) {
+	return m.data[key], nil
+}
+func (m *memStore) Delete(key string) error { delete(m.data, key); return nil }
+func (m *memStore) IsAvailable() bool       { return true }
+func (m *memStore) Name() string             { return "mem" }