Fix backup pruning review follow-ups

Author: ndycode

index.ts

@@ -3444,9 +3444,17 @@ while (attempted.size < Math.max(1, accountCount)) {
 								}
 							};
 
-							const pruneOldSyncPruneBackups = async (
+							const pruneTimestampedBackups = async (
 								backupDir: string,
-								keepPaths: string[] = [],
+								{
+									prefix,
+									keepPaths = [],
+									logLabel,
+								}: {
+									prefix: string;
+									keepPaths?: string[];
+									logLabel: string;
+								},
 							): Promise<void> => {
 								const entries = await fsPromises.readdir(backupDir, { withFileTypes: true }).catch((error) => {
 									const code = (error as NodeJS.ErrnoException).code;
@@ -3465,7 +3473,7 @@ while (attempted.size < Math.max(1, accountCount)) {
 											.filter(
 												(entry) =>
 													entry.isFile() &&
-													entry.name.startsWith(`${SYNC_PRUNE_BACKUP_PREFIX}-`) &&
+													entry.name.startsWith(`${prefix}-`) &&
 													entry.name.endsWith(".json"),
 											)
 											.map(async (entry) => {
@@ -3491,7 +3499,12 @@ while (attempted.size < Math.max(1, accountCount)) {
 									)
 								)
 									.filter((candidate): candidate is { path: string; mtimeMs: number } => candidate !== null)
-									.sort((left, right) => right.path.localeCompare(left.path));
+									.sort((left, right) => {
+										if (right.mtimeMs !== left.mtimeMs) {
+											return right.mtimeMs - left.mtimeMs;
+										}
+										return left.path.localeCompare(right.path);
+									});
 								const staleBackupPaths = [
 									...backupCandidates
 										.filter((candidate) => now - candidate.mtimeMs > SYNC_PRUNE_BACKUP_MAX_AGE_MS)
@@ -3512,12 +3525,32 @@ while (attempted.size < Math.max(1, accountCount)) {
 										}
 										const message = error instanceof Error ? error.message : String(error);
 										logWarn(
-											`[${PLUGIN_NAME}] Failed to prune stale sync prune backup ${staleBackupPath}: ${message}`,
+											`[${PLUGIN_NAME}] Failed to prune stale ${logLabel} ${staleBackupPath}: ${message}`,
 										);
 									}
 								}
 							};
 
+							const pruneOldSyncPruneBackups = async (
+								backupDir: string,
+								keepPaths: string[] = [],
+							): Promise<void> =>
+								pruneTimestampedBackups(backupDir, {
+									prefix: SYNC_PRUNE_BACKUP_PREFIX,
+									keepPaths,
+									logLabel: "sync prune backup",
+								});
+
+							const pruneOldOverlapCleanupBackups = async (
+								backupDir: string,
+								keepPaths: string[] = [],
+							): Promise<void> =>
+								pruneTimestampedBackups(backupDir, {
+									prefix: "codex-maintenance-overlap-backup",
+									keepPaths,
+									logLabel: "overlap cleanup backup",
+								});
+
 							const createSyncPruneBackup = async (): Promise<{
 								backupPath: string;
 								restore: () => Promise<void>;
@@ -3974,6 +4007,16 @@ while (attempted.size < Math.max(1, accountCount)) {
 									backupPath = createTimestampedBackupPath("codex-maintenance-overlap-backup");
 									const result = await cleanupCodexMultiAuthSyncedOverlaps(backupPath);
 									invalidateAccountManagerCache();
+									if (backupPath) {
+										const backupDir = dirname(backupPath);
+										await pruneOldOverlapCleanupBackups(backupDir, [backupPath]).catch((cleanupError) => {
+											const cleanupMessage =
+												cleanupError instanceof Error ? cleanupError.message : String(cleanupError);
+											logWarn(
+												`[${PLUGIN_NAME}] Failed to prune old overlap cleanup backups in ${backupDir}: ${cleanupMessage}`,
+											);
+										});
+									}
 									console.log("");
 									console.log("Cleanup complete.");
 									console.log(`Before: ${result.before}`);

lib/sync-prune-backup.ts

@@ -15,7 +15,33 @@ type TokenBearingRecord = {
 	idToken?: string;
 };
 
-function redactCredentialRecord<TAccount extends object>(account: TAccount): TAccount {
+type ReplaceTokenField<
+	TAccount extends object,
+	TKey extends keyof TokenBearingRecord,
+	TValue,
+> = TKey extends keyof TAccount
+	? undefined extends TAccount[TKey]
+		? Omit<TAccount, TKey> & { [K in TKey]?: TValue }
+		: Omit<TAccount, TKey> & { [K in TKey]: TValue }
+	: TAccount;
+
+export type TokenRedacted<TAccount extends object> = ReplaceTokenField<
+	ReplaceTokenField<ReplaceTokenField<TAccount, "refreshToken", "__redacted__">, "accessToken", undefined>,
+	"idToken",
+	undefined
+>;
+
+type RedactedAccountStorage = Omit<AccountStorageV3, "accounts"> & {
+	accounts: Array<TokenRedacted<AccountStorageV3["accounts"][number]>>;
+};
+
+type SyncPruneBackupPayload<TAccountsStorage extends AccountStorageV3, TFlaggedAccount extends object> = {
+	version: 1;
+	accounts: TAccountsStorage;
+	flagged: FlaggedSnapshot<TFlaggedAccount>;
+};
+
+function redactCredentialRecord<TAccount extends object>(account: TAccount): TokenRedacted<TAccount> {
 	const clone = structuredClone(account) as TAccount & TokenBearingRecord;
 	if (typeof clone.refreshToken === "string") {
 		clone.refreshToken = "__redacted__";
@@ -26,30 +52,51 @@ function redactCredentialRecord<TAccount extends object>(account: TAccount): TAc
 	if ("idToken" in clone) {
 		clone.idToken = undefined;
 	}
-	return clone;
+	return clone as TokenRedacted<TAccount>;
 }
 
+export function createSyncPruneBackupPayload<TFlaggedAccount extends object>(
+	currentAccountsStorage: AccountStorageV3,
+	currentFlaggedStorage: FlaggedSnapshot<TFlaggedAccount>,
+	options?: { includeLiveTokens?: false | undefined },
+): SyncPruneBackupPayload<RedactedAccountStorage, TokenRedacted<TFlaggedAccount>>;
+export function createSyncPruneBackupPayload<TFlaggedAccount extends object>(
+	currentAccountsStorage: AccountStorageV3,
+	currentFlaggedStorage: FlaggedSnapshot<TFlaggedAccount>,
+	options: { includeLiveTokens: true },
+): SyncPruneBackupPayload<AccountStorageV3, TFlaggedAccount>;
 export function createSyncPruneBackupPayload<TFlaggedAccount extends object>(
 	currentAccountsStorage: AccountStorageV3,
 	currentFlaggedStorage: FlaggedSnapshot<TFlaggedAccount>,
 	options: SyncPruneBackupPayloadOptions = {},
-): {
-	version: 1;
-	accounts: AccountStorageV3;
-	flagged: FlaggedSnapshot<TFlaggedAccount>;
-} {
+):
+	| SyncPruneBackupPayload<RedactedAccountStorage, TokenRedacted<TFlaggedAccount>>
+	| SyncPruneBackupPayload<AccountStorageV3, TFlaggedAccount> {
 	const accounts = structuredClone(currentAccountsStorage);
 	const flagged = structuredClone(currentFlaggedStorage);
-	if (!options.includeLiveTokens) {
-		accounts.accounts = accounts.accounts.map((account) => redactCredentialRecord(account));
-		flagged.accounts = flagged.accounts.map((account) => redactCredentialRecord(account));
+	if (options.includeLiveTokens) {
+		return {
+			version: 1,
+			accounts,
+			flagged,
+		};
 	}
+
+	const redactedAccounts: RedactedAccountStorage = {
+		...accounts,
+		accounts: accounts.accounts.map((account) => redactCredentialRecord(account)),
+	};
+	const redactedFlagged: FlaggedSnapshot<TokenRedacted<TFlaggedAccount>> = {
+		...flagged,
+		accounts: flagged.accounts.map((account) => redactCredentialRecord(account)),
+	};
+
 	// Callers opt into live tokens only when crash recovery must fully restore pruned accounts.
 	// On Windows the eventual file write still relies on config-home ACLs because `mode: 0o600`
 	// is only a best-effort hint there.
 	return {
 		version: 1,
-		accounts,
-		flagged,
+		accounts: redactedAccounts,
+		flagged: redactedFlagged,
 	};
 }

test/index.test.ts

@@ -2167,11 +2167,89 @@ describe("OpenAIOAuthPlugin", () => {
 			}
 		});
 
+		it("prunes stale overlap cleanup backups after a successful cleanup", async () => {
+			const cliModule = await import("../lib/cli.js");
+			const confirmModule = await import("../lib/ui/confirm.js");
+			const syncModule = await import("../lib/codex-multi-auth-sync.js");
+			const { promises: nodeFsPromises } = await import("node:fs");
+			const logSpy = vi.spyOn(console, "log").mockImplementation(() => {});
+
+			mockStorage.accounts = [
+				{
+					accountId: "existing-account",
+					email: "existing@example.com",
+					refreshToken: "existing-refresh",
+					addedAt: 1,
+					lastUsed: 1,
+				},
+			];
+
+			vi.mocked(cliModule.promptLoginMode)
+				.mockResolvedValueOnce({ mode: "experimental-cleanup-overlaps" })
+				.mockResolvedValueOnce({ mode: "cancel" })
+				.mockResolvedValue({ mode: "cancel" });
+			vi.mocked(confirmModule.confirm).mockResolvedValueOnce(true);
+			vi.mocked(syncModule.previewCodexMultiAuthSyncedOverlapCleanup).mockResolvedValueOnce({
+				before: 3,
+				after: 2,
+				removed: 1,
+				updated: 0,
+			});
+			vi.mocked(syncModule.cleanupCodexMultiAuthSyncedOverlaps).mockResolvedValueOnce({
+				before: 3,
+				after: 2,
+				removed: 1,
+				updated: 0,
+			});
+
+			const staleBackupPath = "/tmp/codex-maintenance-overlap-backup-20240201-000000.json";
+			const normalizePath = (value: string) => value.replace(/\\/g, "/");
+			const readdirSpy = vi.spyOn(nodeFsPromises, "readdir").mockResolvedValue([
+				{
+					name: "codex-maintenance-overlap-backup-20260101-000000.json",
+					isFile: () => true,
+				},
+				{
+					name: "codex-maintenance-overlap-backup-20240201-000000.json",
+					isFile: () => true,
+				},
+			] as never);
+			const statSpy = vi.spyOn(nodeFsPromises, "stat").mockImplementation(async (path) => {
+				return {
+					mtimeMs:
+						normalizePath(String(path)) === staleBackupPath ? Date.now() - 8 * 24 * 60 * 60 * 1000 : Date.now(),
+				} as never;
+			});
+			const unlinkSpy = vi.spyOn(nodeFsPromises, "unlink").mockResolvedValue(undefined);
+
+			try {
+				const autoMethod = plugin.auth.methods[0] as unknown as {
+					authorize: (inputs?: Record<string, string>) => Promise<{ instructions: string }>;
+				};
+
+				const result = await autoMethod.authorize();
+				expect(result.instructions).toBe("Authentication cancelled");
+				expect(vi.mocked(syncModule.cleanupCodexMultiAuthSyncedOverlaps)).toHaveBeenCalledWith(
+					"/tmp/codex-maintenance-overlap-backup-20260101-000000.json",
+				);
+				expect(unlinkSpy.mock.calls.map(([path]) => normalizePath(String(path)))).toEqual([staleBackupPath]);
+
+				const output = logSpy.mock.calls.flat().join("\n");
+				expect(output).toContain("Cleanup complete.");
+			} finally {
+				logSpy.mockRestore();
+				readdirSpy.mockRestore();
+				statSpy.mockRestore();
+				unlinkSpy.mockRestore();
+			}
+		});
+
 		it("writes a restorable sync prune backup before removing accounts", async () => {
 			const cliModule = await import("../lib/cli.js");
 			const confirmModule = await import("../lib/ui/confirm.js");
 			const configModule = await import("../lib/config.js");
 			const syncModule = await import("../lib/codex-multi-auth-sync.js");
+			const storageModule = await import("../lib/storage.js");
 			const { promises: nodeFsPromises } = await import("node:fs");
 
 			mockStorage.accounts = [
@@ -2218,6 +2296,9 @@ describe("OpenAIOAuthPlugin", () => {
 				.mockResolvedValue({ mode: "cancel" });
 			vi.mocked(cliModule.promptCodexMultiAuthSyncPrune).mockResolvedValueOnce([0]);
 			vi.mocked(confirmModule.confirm).mockResolvedValue(true);
+			vi.mocked(storageModule.createTimestampedBackupPath).mockImplementation(
+				(prefix?: string) => `\\tmp\\${prefix ?? "codex-backup"}-20260101-000000.json`,
+			);
 			vi.mocked(syncModule.previewSyncFromCodexMultiAuth)
 				.mockRejectedValueOnce(
 					new CodexMultiAuthSyncCapacityError({
@@ -2262,6 +2343,53 @@ describe("OpenAIOAuthPlugin", () => {
 				.spyOn(nodeFsPromises, "rename")
 				.mockRejectedValueOnce(Object.assign(new Error("rename locked"), { code: "EPERM" }))
 				.mockResolvedValueOnce(undefined);
+			const normalizePath = (value: string) => value.replace(/\\/g, "/");
+			const now = Date.now();
+			const statTimes = new Map<string, number>([
+				["/tmp/codex-sync-prune-backup-z.json", now - 3_000],
+				["/tmp/codex-sync-prune-backup-y.json", now - 2_000],
+				["/tmp/codex-sync-prune-backup-a.json", now - 1_000],
+			]);
+			const readdirSpy = vi
+				.spyOn(nodeFsPromises, "readdir")
+				.mockResolvedValueOnce([
+					{
+						name: "codex-sync-prune-backup-20260101-000000.json",
+						isFile: () => true,
+					},
+					{
+						name: "codex-sync-prune-backup-z.json",
+						isFile: () => true,
+					},
+					{
+						name: "codex-sync-prune-backup-y.json",
+						isFile: () => true,
+					},
+					{
+						name: "codex-sync-prune-backup-a.json",
+						isFile: () => true,
+					},
+				] as never)
+				.mockResolvedValueOnce([
+					{
+						name: "codex-sync-prune-backup-z.json",
+						isFile: () => true,
+					},
+					{
+						name: "codex-sync-prune-backup-y.json",
+						isFile: () => true,
+					},
+					{
+						name: "codex-sync-prune-backup-a.json",
+						isFile: () => true,
+					},
+				] as never);
+			const statSpy = vi.spyOn(nodeFsPromises, "stat").mockImplementation(async (path) => {
+				return {
+					mtimeMs: statTimes.get(normalizePath(String(path))) ?? Date.now(),
+				} as never;
+			});
+			const unlinkSpy = vi.spyOn(nodeFsPromises, "unlink").mockResolvedValue(undefined);
 
 			try {
 				const autoMethod = plugin.auth.methods[0] as unknown as {
@@ -2285,10 +2413,18 @@ describe("OpenAIOAuthPlugin", () => {
 				expect(mockFlaggedStorage.accounts).toHaveLength(0);
 				expect(renameSpy).toHaveBeenCalledTimes(2);
 				expect(mkdirSpy).toHaveBeenCalled();
+				const normalizedUnlinks = unlinkSpy.mock.calls.map(([path]) => normalizePath(String(path)));
+				expect(normalizedUnlinks).toContain("/tmp/codex-sync-prune-backup-20260101-000000.json");
+				expect(normalizedUnlinks.filter((path) => path.endsWith("codex-sync-prune-backup-z.json"))).toHaveLength(2);
+				expect(normalizedUnlinks.some((path) => path.endsWith("codex-sync-prune-backup-a.json"))).toBe(false);
+				expect(normalizedUnlinks.some((path) => path.endsWith("codex-sync-prune-backup-y.json"))).toBe(false);
 			} finally {
 				mkdirSpy.mockRestore();
 				writeSpy.mockRestore();
 				renameSpy.mockRestore();
+				readdirSpy.mockRestore();
+				statSpy.mockRestore();
+				unlinkSpy.mockRestore();
 			}
 		});
 

test/storage.test.ts

@@ -1986,6 +1986,10 @@ describe("storage", () => {
         firstTransactionReady = resolve;
       });
       let secondEntered = false;
+      let resolveSecondStarted!: () => void;
+      const secondStarted = new Promise<void>((resolve) => {
+        resolveSecondStarted = resolve;
+      });
 
       const firstTransaction = withAccountAndFlaggedStorageTransaction(async (current, persist) => {
         events.push("first:start");
@@ -2026,9 +2030,17 @@ describe("storage", () => {
       const secondTransaction = withAccountAndFlaggedStorageTransaction(async () => {
         secondEntered = true;
         events.push("second:start");
+        resolveSecondStarted();
       });
 
-      await new Promise((resolve) => setTimeout(resolve, 25));
+      const secondProgress = await Promise.race([
+        secondStarted.then(() => "started" as const),
+        Promise.resolve()
+          .then(() => Promise.resolve())
+          .then(() => "waiting" as const),
+      ]);
+
+      expect(secondProgress).toBe("waiting");
       expect(secondEntered).toBe(false);
       expect(events).toEqual(["first:start", "first:after-flagged"]);