Merge pull request #95 from ndycode/fix/storage-identity-contracts

fix: tighten storage identity and persistence contracts

Author: ndycode

lib/storage.ts

@@ -1,6 +1,6 @@
 import { promises as fs, existsSync } from "node:fs";
 import { randomBytes } from "node:crypto";
-import { dirname, join } from "node:path";
+import { basename, dirname, join } from "node:path";
 import { ACCOUNT_LIMITS } from "./constants.js";
 import { createLogger } from "./logger.js";
 import { MODEL_FAMILIES, type ModelFamily } from "./prompts/codex.js";
@@ -84,6 +84,12 @@ export interface ImportAccountsResult {
 	backupError?: string;
 }
 
+export interface ImportPreviewResult {
+	imported: number;
+	total: number;
+	skipped: number;
+}
+
 /**
  * Custom error class for storage operations with platform-aware hints.
  */
@@ -1199,31 +1205,47 @@ async function readAndNormalizeImportFile(filePath: string): Promise<{
 	return { resolvedPath, normalized };
 }
 
+function analyzeImportedAccounts(
+	existingAccounts: AccountMetadataV3[],
+	importedAccounts: AccountStorageV3["accounts"],
+): ImportPreviewResult & { accounts: AccountMetadataV3[] } {
+	const merged = [...existingAccounts, ...importedAccounts];
+	const accounts = deduplicateAccountsForStorage(merged);
+	if (accounts.length > ACCOUNT_LIMITS.MAX_ACCOUNTS) {
+		throw new Error(
+			`Import would exceed maximum of ${ACCOUNT_LIMITS.MAX_ACCOUNTS} accounts (would have ${accounts.length})`,
+		);
+	}
+	const imported = Math.max(0, accounts.length - existingAccounts.length);
+	const skipped = Math.max(0, importedAccounts.length - imported);
+	return {
+		accounts,
+		imported,
+		total: accounts.length,
+		skipped,
+	};
+}
+
+/**
+ * Import preview/apply analysis is pure in-memory work: it does not touch disk
+ * and it does not log token or workspace values. The surrounding
+ * `withAccountStorageTransaction` caller keeps Windows lock-retry and
+ * serialized read-modify-write behavior; see `test/storage.test.ts` for the
+ * overlapping transaction regression and pre-import backup lock coverage.
+ */
+
 export async function previewImportAccounts(
 	filePath: string,
-): Promise<{ imported: number; total: number; skipped: number }> {
+): Promise<ImportPreviewResult> {
 	const { normalized } = await readAndNormalizeImportFile(filePath);
 
 	return withAccountStorageTransaction((existing) => {
 		const existingAccounts = existing?.accounts ?? [];
-		const merged = [...existingAccounts, ...normalized.accounts];
-
-		if (merged.length > ACCOUNT_LIMITS.MAX_ACCOUNTS) {
-			const deduped = deduplicateAccountsForStorage(merged);
-			if (deduped.length > ACCOUNT_LIMITS.MAX_ACCOUNTS) {
-				throw new Error(
-					`Import would exceed maximum of ${ACCOUNT_LIMITS.MAX_ACCOUNTS} accounts (would have ${deduped.length})`,
-				);
-			}
-		}
-
-		const deduplicatedAccounts = deduplicateAccountsForStorage(merged);
-		const imported = deduplicatedAccounts.length - existingAccounts.length;
-		const skipped = normalized.accounts.length - imported;
+		const analysis = analyzeImportedAccounts(existingAccounts, normalized.accounts);
 		return Promise.resolve({
-			imported,
-			total: deduplicatedAccounts.length,
-			skipped,
+			imported: analysis.imported,
+			total: analysis.total,
+			skipped: analysis.skipped,
 		});
 	});
 }
@@ -1294,6 +1316,7 @@ export async function importAccounts(
       let backupStatus: ImportBackupStatus = "skipped";
       let backupPath: string | undefined;
       let backupError: string | undefined;
+      let backupLogError: string | undefined;
       if (backupMode !== "none" && existingAccounts.length > 0) {
         backupPath = createTimestampedBackupPath(backupPrefix);
         try {
@@ -1302,28 +1325,26 @@ export async function importAccounts(
         } catch (error) {
           backupStatus = "failed";
           backupError = error instanceof Error ? error.message : String(error);
+          const backupCode = (error as NodeJS.ErrnoException)?.code;
+          backupLogError = backupCode
+            ? `pre-import backup failed (${backupCode})`
+            : "pre-import backup failed";
           if (backupMode === "required") {
-            throw new Error(`Pre-import backup failed: ${backupError}`);
+            throw new Error(
+              backupCode
+                ? `Pre-import backup failed (${backupCode})`
+                : "Pre-import backup failed",
+            );
           }
           log.warn("Pre-import backup failed; continuing import apply", {
-            path: backupPath,
-            error: backupError,
+            backupFile: backupPath ? basename(backupPath) : undefined,
+            error: backupLogError,
           });
         }
       }
 
-      const merged = [...existingAccounts, ...normalized.accounts];
-
-      if (merged.length > ACCOUNT_LIMITS.MAX_ACCOUNTS) {
-        const deduped = deduplicateAccountsForStorage(merged);
-        if (deduped.length > ACCOUNT_LIMITS.MAX_ACCOUNTS) {
-          throw new Error(
-            `Import would exceed maximum of ${ACCOUNT_LIMITS.MAX_ACCOUNTS} accounts (would have ${deduped.length})`
-          );
-        }
-      }
-
-      const deduplicatedAccounts = deduplicateAccountsForStorage(merged);
+      const analysis = analyzeImportedAccounts(existingAccounts, normalized.accounts);
+      const deduplicatedAccounts = analysis.accounts;
 
       const mappedActiveIndex = (() => {
         if (deduplicatedAccounts.length === 0) return 0;
@@ -1359,12 +1380,10 @@ export async function importAccounts(
 
       await persist(newStorage);
 
-      const imported = deduplicatedAccounts.length - existingAccounts.length;
-      const skipped = normalized.accounts.length - imported;
       return {
-        imported,
-        total: deduplicatedAccounts.length,
-        skipped,
+        imported: analysis.imported,
+        total: analysis.total,
+        skipped: analysis.skipped,
         backupStatus,
         backupPath,
         backupError,
@@ -1377,8 +1396,8 @@ export async function importAccounts(
     skipped: skippedCount,
     total,
     backupStatus,
-    backupPath,
-    backupError,
+    backupFile: backupPath ? basename(backupPath) : undefined,
+    backupError: backupError ? "available on command result" : undefined,
   });
 
   return {

test/storage.test.ts

@@ -2,7 +2,7 @@ import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
 import { promises as fs, existsSync } from "node:fs";
 import { basename, dirname, join } from "node:path";
 import { tmpdir } from "node:os";
-import { 
+import {
   deduplicateAccounts,
   deduplicateAccountsByEmail,
   normalizeAccountStorage, 
@@ -25,11 +25,6 @@ import {
   withFlaggedAccountStorageTransaction,
 } from "../lib/storage.js";
 
-// Mocking the behavior we're about to implement for TDD
-// Since the functions aren't in lib/storage.ts yet, we'll need to mock them or 
-// accept that this test won't even compile/run until we add them.
-// But Task 0 says: "Tests should fail initially (RED phase)"
-
 describe("storage", () => {
   describe("getWorkspaceIdentityKey", () => {
     it("uses organizationId and accountId when both are present", () => {
@@ -141,56 +136,43 @@ describe("storage", () => {
     });
 
     it("should export accounts to a file", async () => {
-      // @ts-ignore - exportAccounts doesn't exist yet
-      const { exportAccounts } = await import("../lib/storage.js");
-      
       const storage = {
         version: 3,
         activeIndex: 0,
         accounts: [{ accountId: "test", refreshToken: "ref", addedAt: 1, lastUsed: 2 }]
       };
-      // @ts-ignore
       await saveAccounts(storage);
-      
-      // @ts-ignore
+
       await exportAccounts(exportPath);
-      
+
       expect(existsSync(exportPath)).toBe(true);
       const exported = JSON.parse(await fs.readFile(exportPath, "utf-8"));
       expect(exported.accounts[0].accountId).toBe("test");
     });
 
     it("should fail export if file exists and force is false", async () => {
-      // @ts-ignore
-      const { exportAccounts } = await import("../lib/storage.js");
       await fs.writeFile(exportPath, "exists");
-      
-      // @ts-ignore
+
       await expect(exportAccounts(exportPath, false)).rejects.toThrow(/already exists/);
     });
 
     it("should import accounts from a file and merge", async () => {
-      // @ts-ignore
-      const { importAccounts } = await import("../lib/storage.js");
-      
       const existing = {
         version: 3,
         activeIndex: 0,
         accounts: [{ accountId: "existing", refreshToken: "ref1", addedAt: 1, lastUsed: 2 }]
       };
-      // @ts-ignore
       await saveAccounts(existing);
-      
+
       const toImport = {
         version: 3,
         activeIndex: 0,
         accounts: [{ accountId: "new", refreshToken: "ref2", addedAt: 3, lastUsed: 4 }]
       };
       await fs.writeFile(exportPath, JSON.stringify(toImport));
-      
-      // @ts-ignore
+
       await importAccounts(exportPath);
-      
+
       const loaded = await loadAccounts();
       expect(loaded?.accounts).toHaveLength(2);
       expect(loaded?.accounts.map(a => a.accountId)).toContain("new");
@@ -222,6 +204,32 @@ describe("storage", () => {
       expect(loaded?.accounts[0]?.accountId).toBe("existing");
     });
 
+    it("keeps preview and apply counts aligned for the same import fixture", async () => {
+      await saveAccounts({
+        version: 3,
+        activeIndex: 0,
+        accounts: [{ accountId: "existing", refreshToken: "ref1", addedAt: 1, lastUsed: 2 }],
+      });
+
+      await fs.writeFile(
+        exportPath,
+        JSON.stringify({
+          version: 3,
+          activeIndex: 0,
+          accounts: [{ accountId: "preview", refreshToken: "ref2", addedAt: 3, lastUsed: 4 }],
+        }),
+      );
+
+      const preview = await previewImportAccounts(exportPath);
+      const applied = await importAccounts(exportPath);
+
+      expect(preview).toMatchObject({
+        imported: applied.imported,
+        skipped: applied.skipped,
+        total: applied.total,
+      });
+    });
+
     it("creates timestamped backup paths in storage backups directory", () => {
       const path = createTimestampedBackupPath();
       const expectedBackupDir = join(dirname(testStoragePath), "backups");
@@ -625,9 +633,6 @@ describe("storage", () => {
     });
 
     it("should enforce MAX_ACCOUNTS during import", async () => {
-       // @ts-ignore
-      const { importAccounts } = await import("../lib/storage.js");
-      
       const manyAccounts = Array.from({ length: 21 }, (_, i) => ({
         accountId: `acct${i}`,
         refreshToken: `ref${i}`,
@@ -641,31 +646,26 @@ describe("storage", () => {
         accounts: manyAccounts
       };
       await fs.writeFile(exportPath, JSON.stringify(toImport));
-      
-      // @ts-ignore
+
       await expect(importAccounts(exportPath)).rejects.toThrow(/exceed maximum/);
     });
 
     it("should fail export when no accounts exist", async () => {
-      const { exportAccounts } = await import("../lib/storage.js");
       setStoragePathDirect(testStoragePath);
       await expect(exportAccounts(exportPath)).rejects.toThrow(/No accounts to export/);
     });
 
     it("should fail import when file does not exist", async () => {
-      const { importAccounts } = await import("../lib/storage.js");
       const nonexistentPath = join(testWorkDir, "nonexistent-file.json");
       await expect(importAccounts(nonexistentPath)).rejects.toThrow(/Import file not found/);
     });
 
     it("should fail import when file contains invalid JSON", async () => {
-      const { importAccounts } = await import("../lib/storage.js");
       await fs.writeFile(exportPath, "not valid json {[");
       await expect(importAccounts(exportPath)).rejects.toThrow(/Invalid JSON/);
     });
 
     it("should fail import when file contains invalid format", async () => {
-      const { importAccounts } = await import("../lib/storage.js");
       await fs.writeFile(exportPath, JSON.stringify({ invalid: "format" }));
       await expect(importAccounts(exportPath)).rejects.toThrow(/Invalid account storage format/);
     });
@@ -756,7 +756,7 @@ describe("storage", () => {
             preImportBackupPrefix: "codex-pre-import-backup",
             backupMode: "required",
           }),
-        ).rejects.toThrow(/Pre-import backup failed: Timed out writing file/);
+        ).rejects.toThrow("Pre-import backup failed");
       } finally {
         writeSpy.mockRestore();
       }