fix: separate auth-file cache identity from fingerprint

Author: linhay

docs-linhay/memory/2026-05-27.md

@@ -28,11 +28,13 @@
 
 ## Auth-file metadata cache
 
-- 修复方向：桌面客户端普通展示场景不再反复下载同一 auth-file 原文；`ListAuthFiles` 首次 fresh 推断后按 `name + size + modified` 缓存展示元数据。
+- 修复方向：桌面客户端普通展示场景不再反复下载同一 auth-file 原文；`ListAuthFiles` 首次 fresh 推断后按 canonical `name` 归一缓存展示元数据，`size + modified` 只作为 freshness fingerprint。
+- 归一化边界：auth-file 身份仍是 `auth-file:<name>`；`size` 不是账号身份、不能参与前端选择态/禁用态/排序/modal detail 的 ID 归一，只用于判断缓存是否过期。
+- 验证：构造 10,000 次同名 auth-file fingerprint churn 的 benchmark 中，新实现约 `16.9 KB/op / 164 allocs/op`，旧 `name|size|modified` composite-key 基线约 `4.68 MB/op / 30070 allocs/op`。
 
-## Codex live sessions 单指标 ECG 切换
-- 决策：`#frame=codex&workspace=live-sessions` 的请求耗时趋势图不再把多个 timing 维度同时画进同一张图里，而是改成“一个指标一条 ECG 线”；最终图表类型定为 `heartbeat strip chart / rolling strip chart`，最新 request 锚在右侧，按稳定时间密度向左回看。
-- 实现：`SessionDetail` 维护当前 `selectedTimingMetric`，`TimingMetrics` 把可绘图项变成可点击按钮并用 `aria-pressed` 标示选中态，`TimingTrendChart` 只按当前 metric 计算 y 轴和单条波形；图表去掉横向滚动，按容器宽度决定可见窗口，宽屏回看更多、窄屏只显示更近样本。动画改为“指标切换时短淡入 + live 点光圈呼吸”，不再对整条线做 sweep 重扫。
+## Codex live sessions 单指标音频波形图
+- 决策：`#frame=codex&workspace=live-sessions` 的请求耗时趋势图不再把多个 timing 维度同时画进同一张图里，而是改成“一个指标一组音频波形条”；最终图表类型定为 forward-moving audio waveform chart，一柱一请求，x 轴是请求序号而不是真实时间间隔。
+- 实现：`SessionDetail` 维护当前 `selectedTimingMetric`，`TimingMetrics` 把可绘图项变成可点击按钮并用 `aria-pressed` 标示选中态，`TimingTrendChart` 只按当前 metric 计算 y 轴和单组垂直振幅条；图表去掉横向滚动，按容器宽度决定可见请求数，宽屏显示更多最近请求、窄屏显示更少，最新 request 靠右密集推进。动画改为“指标切换时短淡入 + live 点光圈呼吸”，不再对整条波形做 sweep 重扫。
 - 补充：`请求时间线` 是扫描区而非完整历史列表，页面内只展示排序后的最近 15 条 request，标题行数按实际可见行数展示。
 - 验证：`node --test frontend/src/features/codex-live-sessions/model.test.mjs`、`npm --prefix frontend run typecheck`、`npm --prefix frontend run build` 通过；早前 Playwright 复核确认点击 `TTFT 562ms` 后图表切到蓝色单线，点击 `流式` 后切到绿色单线。本轮最终浏览器复核被 Browser URL policy 拦截，未绕过执行。
 - 失效边界：上传、删除、启停状态修改成功后按文件名清理缓存；文件大小或修改时间变化会自然触发重新下载与缓存刷新。

docs-linhay/spaces/20260526-auth-file-metadata-cache/README.md

@@ -49,7 +49,8 @@
 
 ### 2026-05-27
 
-- 在 `internal/wailsapp` 增加 auth-file 元数据进程缓存，缓存键为 `name + size + modified`。
+- 在 `internal/wailsapp` 增加 auth-file 元数据进程缓存；缓存身份按 canonical `name` 归一，`size + modified` 只作为 freshness fingerprint。
 - `ListAuthFiles` 对普通列表场景优先使用缓存；首次 fresh 下载后只缓存展示元数据，不缓存完整 auth 原文。
 - 上传、删除、启停状态修改成功后按文件名失效缓存；文件大小或修改时间变化会自然绕过旧缓存。
 - 补充 sidecar mock 测试，覆盖重复列表不重复下载、元数据仍不完整也不重复下载、fingerprint 变化后重新下载。
+- 补充同名 fingerprint churn 构造测试与 benchmark，确认同一 auth-file 名称不会因 `size/modified` 变化累积多条 cache entry。

internal/wailsapp/auth_files_cache.go

@@ -1,61 +1,69 @@
 package wailsapp
 
 import (
-	"fmt"
 	"strings"
 )
 
-type authFileMetadataCacheEntry struct {
-	Name     string
+type authFileMetadataFingerprint struct {
 	Size     int64
 	Modified int64
-	Type     string
-	Provider string
-	Priority int
-	Email    string
-	PlanType string
 }
 
-func authFileMetadataCacheKey(name string, size int64, modified int64) string {
-	return fmt.Sprintf("%s|%d|%d", strings.TrimSpace(name), size, modified)
+type authFileMetadataCacheEntry struct {
+	Name        string
+	Fingerprint authFileMetadataFingerprint
+	Type        string
+	Provider    string
+	Priority    int
+	Email       string
+	PlanType    string
+}
+
+func authFileMetadataCacheName(name string) string {
+	return strings.TrimSpace(name)
+}
+
+func authFileMetadataFingerprintFor(file AuthFileItem) authFileMetadataFingerprint {
+	return authFileMetadataFingerprint{
+		Size:     file.Size,
+		Modified: file.Modified,
+	}
 }
 
 func (a *App) cachedAuthFileMetadata(file AuthFileItem) (authFileMetadataCacheEntry, bool) {
-	name := strings.TrimSpace(file.Name)
+	name := authFileMetadataCacheName(file.Name)
 	if name == "" {
 		return authFileMetadataCacheEntry{}, false
 	}
-	key := authFileMetadataCacheKey(name, file.Size, file.Modified)
+	fingerprint := authFileMetadataFingerprintFor(file)
 	a.authFileCacheMu.RLock()
-	entry, ok := a.authFileMetadataCache[key]
+	entry, ok := a.authFileMetadataCache[name]
 	a.authFileCacheMu.RUnlock()
-	if !ok {
+	if !ok || entry.Fingerprint != fingerprint {
 		return authFileMetadataCacheEntry{}, false
 	}
 	return entry, true
 }
 
 func (a *App) storeAuthFileMetadata(file AuthFileItem) {
-	name := strings.TrimSpace(file.Name)
+	name := authFileMetadataCacheName(file.Name)
 	if name == "" {
 		return
 	}
 	entry := authFileMetadataCacheEntry{
-		Name:     name,
-		Size:     file.Size,
-		Modified: file.Modified,
-		Type:     strings.TrimSpace(file.Type),
-		Provider: strings.TrimSpace(file.Provider),
-		Priority: file.Priority,
-		Email:    strings.TrimSpace(file.Email),
-		PlanType: strings.TrimSpace(file.PlanType),
+		Name:        name,
+		Fingerprint: authFileMetadataFingerprintFor(file),
+		Type:        strings.TrimSpace(file.Type),
+		Provider:    strings.TrimSpace(file.Provider),
+		Priority:    file.Priority,
+		Email:       strings.TrimSpace(file.Email),
+		PlanType:    strings.TrimSpace(file.PlanType),
 	}
-	key := authFileMetadataCacheKey(name, file.Size, file.Modified)
 	a.authFileCacheMu.Lock()
 	if a.authFileMetadataCache == nil {
 		a.authFileMetadataCache = map[string]authFileMetadataCacheEntry{}
 	}
-	a.authFileMetadataCache[key] = entry
+	a.authFileMetadataCache[name] = entry
 	a.authFileCacheMu.Unlock()
 }
 
@@ -94,16 +102,16 @@ func (a *App) invalidateAuthFileMetadataCache(names ...string) {
 	}
 	targets := map[string]struct{}{}
 	for _, name := range names {
-		if trimmed := strings.TrimSpace(name); trimmed != "" {
+		if trimmed := authFileMetadataCacheName(name); trimmed != "" {
 			targets[trimmed] = struct{}{}
 		}
 	}
 	if len(targets) == 0 {
 		return
 	}
-	for key, entry := range a.authFileMetadataCache {
-		if _, ok := targets[entry.Name]; ok {
-			delete(a.authFileMetadataCache, key)
+	for name := range targets {
+		if _, ok := a.authFileMetadataCache[name]; ok {
+			delete(a.authFileMetadataCache, name)
 		}
 	}
 }

internal/wailsapp/auth_files_test.go

@@ -8,6 +8,7 @@ import (
 	"mime/multipart"
 	"net/http"
 	"net/url"
+	"strconv"
 	"strings"
 	"testing"
 )
@@ -227,6 +228,105 @@ func TestListAuthFilesRefreshesMetadataCacheWhenFingerprintChanges(t *testing.T)
 	}
 }
 
+func TestAuthFileMetadataCacheUsesNameForIdentityAndFingerprintForFreshness(t *testing.T) {
+	app := New("", "", "")
+	first := AuthFileItem{
+		Name:     " codex-team.json ",
+		Size:     91,
+		Modified: 1760000000,
+		Type:     "codex",
+		Provider: "codex",
+		Email:    "team@example.com",
+		PlanType: "plus",
+		Priority: 7,
+	}
+	second := first
+	second.Size = 92
+	second.Modified = 1760000001
+	second.PlanType = "pro"
+	second.Priority = 9
+
+	app.storeAuthFileMetadata(first)
+	if _, ok := app.cachedAuthFileMetadata(AuthFileItem{Name: "codex-team.json", Size: 91, Modified: 1760000000}); !ok {
+		t.Fatal("expected original fingerprint to hit the metadata cache")
+	}
+
+	app.storeAuthFileMetadata(second)
+	if len(app.authFileMetadataCache) != 1 {
+		t.Fatalf("metadata cache entries = %d, want 1 keyed by auth-file name", len(app.authFileMetadataCache))
+	}
+	if _, ok := app.cachedAuthFileMetadata(AuthFileItem{Name: "codex-team.json", Size: 91, Modified: 1760000000}); ok {
+		t.Fatal("old fingerprint should miss after the same auth-file name is refreshed")
+	}
+	cached, ok := app.cachedAuthFileMetadata(AuthFileItem{Name: "codex-team.json", Size: 92, Modified: 1760000001})
+	if !ok {
+		t.Fatal("expected refreshed fingerprint to hit the metadata cache")
+	}
+	if cached.PlanType != "pro" || cached.Priority != 9 {
+		t.Fatalf("cached metadata = %#v, want refreshed pro priority 9", cached)
+	}
+}
+
+func BenchmarkAuthFileMetadataCacheSameNameFingerprintChurn(b *testing.B) {
+	files := buildAuthFileMetadataCacheBenchmarkFiles(10_000)
+	b.ReportAllocs()
+
+	for i := 0; i < b.N; i++ {
+		app := New("", "", "")
+		for _, file := range files {
+			app.storeAuthFileMetadata(file)
+		}
+		if got := len(app.authFileMetadataCache); got != 1 {
+			b.Fatalf("metadata cache entries = %d, want 1 keyed by auth-file name", got)
+		}
+	}
+}
+
+func BenchmarkAuthFileMetadataCacheCompositeKeyFingerprintChurnBaseline(b *testing.B) {
+	files := buildAuthFileMetadataCacheBenchmarkFiles(10_000)
+	b.ReportAllocs()
+
+	for i := 0; i < b.N; i++ {
+		cache := map[string]authFileMetadataCacheEntry{}
+		for _, file := range files {
+			name := authFileMetadataCacheName(file.Name)
+			cache[authFileMetadataCompositeKeyBaseline(name, file.Size, file.Modified)] = authFileMetadataCacheEntry{
+				Name:        name,
+				Fingerprint: authFileMetadataFingerprintFor(file),
+				Type:        file.Type,
+				Provider:    file.Provider,
+				Priority:    file.Priority,
+				Email:       file.Email,
+				PlanType:    file.PlanType,
+			}
+		}
+		if got := len(cache); got != len(files) {
+			b.Fatalf("baseline metadata cache entries = %d, want %d", got, len(files))
+		}
+	}
+}
+
+func buildAuthFileMetadataCacheBenchmarkFiles(count int) []AuthFileItem {
+	files := make([]AuthFileItem, 0, count)
+	for index := 0; index < count; index++ {
+		files = append(files, AuthFileItem{
+			Name:     "codex-team.json",
+			Size:     int64(91 + index),
+			Modified: int64(1760000000 + index),
+			Type:     "codex",
+			Provider: "codex",
+			Email:    "team@example.com",
+			PlanType: "plus",
+			Priority: 7,
+		})
+	}
+	return files
+}
+
+func authFileMetadataCompositeKeyBaseline(name string, size int64, modified int64) string {
+	return name + "|" + strconv.FormatInt(size, 10) + "|" + strconv.FormatInt(modified, 10)
+}
+
 func TestUniqueAuthFileUploadName(t *testing.T) {
 	existing := map[string]struct{}{
 		"auth.json": {},