fix: preserve ApiError on 403 and add --dry-run support

- 403 error now throws ApiError (preserving status/detail/endpoint)
  instead of CliError, so upstream handlers can still match on status
- Add --dry-run / -n flag consistent with project create and other
  mutating commands — validates inputs and shows what would be deleted
- Extract resolveDeleteTarget() to reduce func() complexity
- Add 2 new dry-run tests (human + JSON output)

Author: MathurAditya724

src/commands/project/delete.ts

@@ -28,6 +28,7 @@ import { buildCommand } from "../../lib/command.js";
 import { ApiError, CliError, ContextError } from "../../lib/errors.js";
 import { logger } from "../../lib/logger.js";
 import { resolveProjectBySlug } from "../../lib/resolve-target.js";
+import { buildProjectUrl } from "../../lib/sentry-urls.js";
 
 const log = logger.withTag("project.delete");
 
@@ -36,10 +37,55 @@ const USAGE_HINT = "sentry project delete <org>/<project>";
 
 type DeleteFlags = {
   readonly yes: boolean;
+  readonly "dry-run": boolean;
   readonly json: boolean;
   readonly fields?: string[];
 };
 
+/**
+ * Resolve the target argument into an org/project pair.
+ *
+ * Only explicit (`org/project`) and project-search (`project`) modes are
+ * supported — auto-detect and org-all are rejected for safety.
+ *
+ * @param target - Raw positional argument from the CLI
+ * @returns Resolved org and project slugs
+ */
+function resolveDeleteTarget(
+  target: string
+): Promise<{ org: string; project: string }> {
+  const parsed = parseOrgProjectArg(target);
+
+  switch (parsed.type) {
+    case ProjectSpecificationType.Explicit:
+      return Promise.resolve({ org: parsed.org, project: parsed.project });
+
+    case ProjectSpecificationType.ProjectSearch:
+      return resolveProjectBySlug(
+        parsed.projectSlug,
+        USAGE_HINT,
+        `sentry project delete <org>/${parsed.projectSlug}`
+      );
+
+    case ProjectSpecificationType.OrgAll:
+      throw new ContextError(
+        "Specific project",
+        `${USAGE_HINT}\n\n` +
+          "Specify the full org/project target, not just the organization."
+      );
+
+    case ProjectSpecificationType.AutoDetect:
+      throw new ContextError("Project target", USAGE_HINT, [
+        "Auto-detection is disabled for delete — specify the target explicitly",
+      ]);
+
+    default: {
+      const _exhaustive: never = parsed;
+      throw new ContextError("Project", String(_exhaustive));
+    }
+  }
+}
+
 export const deleteCommand = buildCommand({
   docs: {
     brief: "Delete a project",
@@ -49,7 +95,8 @@ export const deleteCommand = buildCommand({
       "Examples:\n" +
       "  sentry project delete acme-corp/my-app\n" +
       "  sentry project delete my-app\n" +
-      "  sentry project delete acme-corp/my-app --yes",
+      "  sentry project delete acme-corp/my-app --yes\n" +
+      "  sentry project delete acme-corp/my-app --dry-run",
   },
   output: "json",
   parameters: {
@@ -69,54 +116,38 @@ export const deleteCommand = buildCommand({
         brief: "Skip confirmation prompt",
         default: false,
       },
+      "dry-run": {
+        kind: "boolean",
+        brief:
+          "Validate inputs and show what would be deleted without deleting it",
+        default: false,
+      },
     },
-    aliases: { y: "yes" },
+    aliases: { y: "yes", n: "dry-run" },
   },
   async func(this: SentryContext, flags: DeleteFlags, target: string) {
     const { stdout } = this;
-    const parsed = parseOrgProjectArg(target);
-
-    let orgSlug: string;
-    let projectSlug: string;
-
-    switch (parsed.type) {
-      case ProjectSpecificationType.Explicit:
-        orgSlug = parsed.org;
-        projectSlug = parsed.project;
-        break;
-
-      case ProjectSpecificationType.ProjectSearch: {
-        const resolved = await resolveProjectBySlug(
-          parsed.projectSlug,
-          USAGE_HINT,
-          `sentry project delete <org>/${parsed.projectSlug}`
-        );
-        orgSlug = resolved.org;
-        projectSlug = resolved.project;
-        break;
-      }
+    const { org: orgSlug, project: projectSlug } =
+      await resolveDeleteTarget(target);
 
-      case ProjectSpecificationType.OrgAll:
-        throw new ContextError(
-          "Specific project",
-          `${USAGE_HINT}\n\n` +
-            "Specify the full org/project target, not just the organization."
-        );
-
-      case ProjectSpecificationType.AutoDetect:
-        throw new ContextError("Project target", USAGE_HINT, [
-          "Auto-detection is disabled for delete — specify the target explicitly",
-        ]);
+    // Verify project exists before prompting — also used to display the project name
+    const project = await getProject(orgSlug, projectSlug);
 
-      default: {
-        const _exhaustive: never = parsed;
-        throw new ContextError("Project", String(_exhaustive));
+    // Dry-run mode: show what would be deleted without deleting it
+    if (flags["dry-run"]) {
+      if (flags.json) {
+        stdout.write(
+          `${JSON.stringify({ dryRun: true, org: orgSlug, project: project.slug, name: project.name, url: buildProjectUrl(orgSlug, project.slug) })}\n`
+        );
+      } else {
+        stdout.write(
+          `Would delete project '${project.name}' (${orgSlug}/${project.slug}).\n` +
+            `  URL: ${buildProjectUrl(orgSlug, project.slug)}\n`
+        );
       }
+      return;
     }
 
-    // Verify project exists before prompting — also used to display the project name
-    const project = await getProject(orgSlug, projectSlug);
-
     // Confirmation gate
     if (!flags.yes) {
       if (!isatty(0)) {
@@ -142,10 +173,13 @@ export const deleteCommand = buildCommand({
       await deleteProject(orgSlug, project.slug);
     } catch (error) {
       if (error instanceof ApiError && error.status === 403) {
-        throw new CliError(
+        throw new ApiError(
           `Permission denied: You don't have permission to delete '${orgSlug}/${project.slug}'.\n\n` +
             "Project deletion requires the 'project:admin' scope.\n" +
-            "  Re-authenticate:  sentry auth login"
+            "  Re-authenticate:  sentry auth login",
+          403,
+          error.detail,
+          error.endpoint
         );
       }
       throw error;

test/commands/project/delete.test.ts

@@ -31,6 +31,9 @@ const sampleProject: SentryProject = {
   dateCreated: "2026-02-12T10:00:00Z",
 };
 
+/** Default flags for non-dry-run, non-JSON, confirmed deletion */
+const defaultFlags = { yes: true, "dry-run": false, json: false };
+
 function createMockContext() {
   const stdoutWrite = mock(() => true);
   const stderrWrite = mock(() => true);
@@ -76,7 +79,7 @@ describe("project delete", () => {
   test("deletes project with explicit org/project and --yes", async () => {
     const { context, stdoutWrite } = createMockContext();
     const func = await deleteCommand.loader();
-    await func.call(context, { yes: true, json: false }, "acme-corp/my-app");
+    await func.call(context, defaultFlags, "acme-corp/my-app");
 
     expect(getProjectSpy).toHaveBeenCalledWith("acme-corp", "my-app");
     expect(deleteProjectSpy).toHaveBeenCalledWith("acme-corp", "my-app");
@@ -89,7 +92,7 @@ describe("project delete", () => {
   test("deletes project with bare slug and --yes", async () => {
     const { context } = createMockContext();
     const func = await deleteCommand.loader();
-    await func.call(context, { yes: true, json: false }, "my-app");
+    await func.call(context, defaultFlags, "my-app");
 
     expect(resolveProjectBySlugSpy).toHaveBeenCalledWith(
       "my-app",
@@ -104,7 +107,7 @@ describe("project delete", () => {
     const func = await deleteCommand.loader();
 
     await expect(
-      func.call(context, { yes: true, json: false }, "acme-corp/")
+      func.call(context, defaultFlags, "acme-corp/")
     ).rejects.toThrow(ContextError);
 
     expect(deleteProjectSpy).not.toHaveBeenCalled();
@@ -116,7 +119,7 @@ describe("project delete", () => {
 
     // isatty(0) returns false in test environments (non-TTY)
     await expect(
-      func.call(context, { yes: false, json: false }, "acme-corp/my-app")
+      func.call(context, { ...defaultFlags, yes: false }, "acme-corp/my-app")
     ).rejects.toThrow("non-interactive mode");
 
     expect(deleteProjectSpy).not.toHaveBeenCalled();
@@ -125,7 +128,11 @@ describe("project delete", () => {
   test("outputs JSON when --json flag is set", async () => {
     const { context, stdoutWrite } = createMockContext();
     const func = await deleteCommand.loader();
-    await func.call(context, { yes: true, json: true }, "acme-corp/my-app");
+    await func.call(
+      context,
+      { ...defaultFlags, json: true },
+      "acme-corp/my-app"
+    );
 
     const output = stdoutWrite.mock.calls.map((c) => c[0]).join("");
     const parsed = JSON.parse(output.trim());
@@ -145,33 +152,79 @@ describe("project delete", () => {
     const func = await deleteCommand.loader();
 
     await expect(
-      func.call(context, { yes: true, json: false }, "acme-corp/my-app")
+      func.call(context, defaultFlags, "acme-corp/my-app")
     ).rejects.toThrow(ApiError);
 
     expect(deleteProjectSpy).not.toHaveBeenCalled();
   });
 
-  test("shows actionable message on 403 from deleteProject", async () => {
+  test("shows actionable ApiError on 403 from deleteProject", async () => {
     deleteProjectSpy.mockRejectedValue(
       new ApiError("Forbidden", 403, "You do not have permission")
     );
 
     const { context } = createMockContext();
     const func = await deleteCommand.loader();
 
-    await expect(
-      func.call(context, { yes: true, json: false }, "acme-corp/my-app")
-    ).rejects.toThrow("project:admin");
+    try {
+      await func.call(context, defaultFlags, "acme-corp/my-app");
+      expect.unreachable("should have thrown");
+    } catch (error) {
+      expect(error).toBeInstanceOf(ApiError);
+      const apiErr = error as ApiError;
+      expect(apiErr.status).toBe(403);
+      expect(apiErr.message).toContain("project:admin");
+      expect(apiErr.message).toContain("sentry auth login");
+    }
   });
 
   test("verifies project exists before attempting delete", async () => {
     const { context } = createMockContext();
     const func = await deleteCommand.loader();
-    await func.call(context, { yes: true, json: false }, "acme-corp/my-app");
+    await func.call(context, defaultFlags, "acme-corp/my-app");
 
     // getProject must be called before deleteProject
     const getProjectOrder = getProjectSpy.mock.invocationCallOrder[0];
     const deleteProjectOrder = deleteProjectSpy.mock.invocationCallOrder[0];
     expect(getProjectOrder).toBeLessThan(deleteProjectOrder ?? 0);
   });
+
+  // Dry-run tests
+
+  test("dry-run shows what would be deleted without calling deleteProject", async () => {
+    const { context, stdoutWrite } = createMockContext();
+    const func = await deleteCommand.loader();
+    await func.call(
+      context,
+      { ...defaultFlags, "dry-run": true },
+      "acme-corp/my-app"
+    );
+
+    expect(getProjectSpy).toHaveBeenCalledWith("acme-corp", "my-app");
+    expect(deleteProjectSpy).not.toHaveBeenCalled();
+
+    const output = stdoutWrite.mock.calls.map((c) => c[0]).join("");
+    expect(output).toContain("Would delete project 'My App'");
+    expect(output).toContain("acme-corp/my-app");
+  });
+
+  test("dry-run outputs JSON when --json is also set", async () => {
+    const { context, stdoutWrite } = createMockContext();
+    const func = await deleteCommand.loader();
+    await func.call(
+      context,
+      { ...defaultFlags, "dry-run": true, json: true },
+      "acme-corp/my-app"
+    );
+
+    const output = stdoutWrite.mock.calls.map((c) => c[0]).join("");
+    const parsed = JSON.parse(output.trim());
+    expect(parsed.dryRun).toBe(true);
+    expect(parsed.org).toBe("acme-corp");
+    expect(parsed.project).toBe("my-app");
+    expect(parsed.name).toBe("My App");
+    expect(parsed.url).toContain("acme-corp");
+
+    expect(deleteProjectSpy).not.toHaveBeenCalled();
+  });
 });