Fix shared-account runtime cache identity

Author: ndycode

index.ts

@@ -1361,6 +1361,7 @@ export const OpenAIOAuthPlugin: Plugin = async ({ client }: PluginInput) => {
 										const accountCount = accountManager.getAccountCount();
 										const attempted = new Set<number>();
 										let restartAccountTraversalWithFallback = false;
+										let retryNextAccountBeforeFallback = false;
 										let usedPreferredSessionAccount = false;
 										const capabilityBoostByAccount: Record<number, number> = {};
 										type AccountSnapshotCandidate = {
@@ -1501,11 +1502,6 @@ while (attempted.size < Math.max(1, accountCount)) {
 						account.accountIdSource,
 						tokenAccountId,
 					);
-					const entitlementAccountKey = resolveEntitlementAccountKey({
-						accountId: hadAccountId ? account.accountId : undefined,
-						email: account.email,
-						index: account.index,
-					});
 						if (!accountId) {
 							accountManager.markAccountCoolingDown(
 								account,
@@ -1515,12 +1511,19 @@ while (attempted.size < Math.max(1, accountCount)) {
 							accountManager.saveToDiskDebounced();
 							continue;
 						}
+											const resolvedEmail =
+												extractAccountEmail(accountAuth.access) ?? account.email;
+											const entitlementAccountKey = resolveEntitlementAccountKey({
+												accountId: account.accountId ?? accountId,
+												email: account.email ?? resolvedEmail,
+												refreshToken: account.refreshToken,
+												index: account.index,
+											});
 											account.accountId = accountId;
 											if (!hadAccountId && tokenAccountId && accountId === tokenAccountId) {
 												account.accountIdSource = account.accountIdSource ?? "token";
 											}
-											account.email =
-												extractAccountEmail(accountAuth.access) ?? account.email;
+											account.email = resolvedEmail;
 											const entitlementBlock = entitlementCache.isBlocked(
 												entitlementAccountKey,
 												model ?? modelFamily,
@@ -1771,6 +1774,7 @@ while (attempted.size < Math.max(1, accountCount)) {
 						fallbackReason: "unsupported-model-entitlement",
 					},
 				);
+				retryNextAccountBeforeFallback = true;
 				break;
 			}
 
@@ -2292,7 +2296,10 @@ while (attempted.size < Math.max(1, accountCount)) {
 						if (successAccountForResponse.index !== account.index) {
 							accountManager.markSwitched(successAccountForResponse, "rotation", modelFamily);
 						}
-						const successAccountKey = resolveEntitlementAccountKey(successAccountForResponse);
+						const successAccountKey =
+							successAccountForResponse.index === account.index
+								? entitlementAccountKey
+								: resolveEntitlementAccountKey(successAccountForResponse);
 						accountManager.recordSuccess(successAccountForResponse, modelFamily, model);
 						capabilityPolicyStore.recordSuccess(
 							successAccountKey,
@@ -2311,6 +2318,11 @@ while (attempted.size < Math.max(1, accountCount)) {
 					}
 						return successResponse;
 																								}
+										if (retryNextAccountBeforeFallback) {
+											retryNextAccountBeforeFallback = false;
+											continue;
+										}
+
 										if (restartAccountTraversalWithFallback) {
 											break;
 										}

lib/codex-manager.ts

@@ -416,6 +416,27 @@ function normalizeQuotaEmail(email: string | undefined): string | null {
 	return normalized && normalized.length > 0 ? normalized : null;
 }
 
+function normalizeQuotaAccountId(accountId: string | undefined): string | null {
+	if (typeof accountId !== "string") return null;
+	const trimmed = accountId.trim();
+	return trimmed.length > 0 ? trimmed : null;
+}
+
+function hasUniqueQuotaAccountId(
+	accounts: readonly Pick<AccountMetadataV3, "accountId">[],
+	account: Pick<AccountMetadataV3, "accountId">,
+): boolean {
+	const accountId = normalizeQuotaAccountId(account.accountId);
+	if (!accountId) return false;
+	let matchCount = 0;
+	for (const candidate of accounts) {
+		if (normalizeQuotaAccountId(candidate.accountId) !== accountId) continue;
+		matchCount += 1;
+		if (matchCount > 1) return false;
+	}
+	return matchCount === 1;
+}
+
 function quotaCacheEntryToSnapshot(entry: QuotaCacheEntry): CodexQuotaSnapshot {
 	return {
 		status: entry.status,
@@ -490,21 +511,28 @@ function formatAccountQuotaSummary(entry: QuotaCacheEntry): string {
 function getQuotaCacheEntryForAccount(
 	cache: QuotaCacheData,
 	account: Pick<AccountMetadataV3, "accountId" | "email">,
+	accounts: readonly Pick<AccountMetadataV3, "accountId">[],
 ): QuotaCacheEntry | null {
-	if (account.accountId && cache.byAccountId[account.accountId]) {
-		return cache.byAccountId[account.accountId] ?? null;
-	}
 	const email = normalizeQuotaEmail(account.email);
 	if (email && cache.byEmail[email]) {
 		return cache.byEmail[email] ?? null;
 	}
+	const accountId = normalizeQuotaAccountId(account.accountId);
+	if (
+		accountId &&
+		hasUniqueQuotaAccountId(accounts, account) &&
+		cache.byAccountId[accountId]
+	) {
+		return cache.byAccountId[accountId] ?? null;
+	}
 	return null;
 }
 
 function updateQuotaCacheForAccount(
 	cache: QuotaCacheData,
 	account: Pick<AccountMetadataV3, "accountId" | "email">,
 	snapshot: CodexQuotaSnapshot,
+	accounts: readonly Pick<AccountMetadataV3, "accountId">[],
 ): boolean {
 	const nextEntry: QuotaCacheEntry = {
 		updatedAt: Date.now(),
@@ -524,14 +552,16 @@ function updateQuotaCacheForAccount(
 	};
 
 	let changed = false;
-	if (account.accountId) {
-		cache.byAccountId[account.accountId] = nextEntry;
-		changed = true;
-	}
 	const email = normalizeQuotaEmail(account.email);
 	if (email) {
 		cache.byEmail[email] = nextEntry;
 		changed = true;
+		return changed;
+	}
+	const accountId = normalizeQuotaAccountId(account.accountId);
+	if (accountId && hasUniqueQuotaAccountId(accounts, account)) {
+		cache.byAccountId[accountId] = nextEntry;
+		changed = true;
 	}
 	return changed;
 }
@@ -550,11 +580,12 @@ function resolveMenuQuotaProbeInput(
 	cache: QuotaCacheData,
 	maxAgeMs: number,
 	now: number,
+	accounts: readonly Pick<AccountMetadataV3, "accountId">[],
 ): { accountId: string; accessToken: string } | null {
 	if (account.enabled === false) return null;
 	if (!hasUsableAccessToken(account, now)) return null;
 
-	const existing = getQuotaCacheEntryForAccount(cache, account);
+	const existing = getQuotaCacheEntryForAccount(cache, account, accounts);
 	if (
 		existing &&
 		typeof existing.updatedAt === "number" &&
@@ -580,7 +611,13 @@ function collectMenuQuotaRefreshTargets(
 ): MenuQuotaProbeTarget[] {
 	const targets: MenuQuotaProbeTarget[] = [];
 	for (const account of storage.accounts) {
-		const probeInput = resolveMenuQuotaProbeInput(account, cache, maxAgeMs, now);
+		const probeInput = resolveMenuQuotaProbeInput(
+			account,
+			cache,
+			maxAgeMs,
+			now,
+			storage.accounts,
+		);
 		if (!probeInput) continue;
 		targets.push({
 			account,
@@ -599,7 +636,7 @@ function countMenuQuotaRefreshTargets(
 ): number {
 	let count = 0;
 	for (const account of storage.accounts) {
-		if (resolveMenuQuotaProbeInput(account, cache, maxAgeMs, now)) {
+		if (resolveMenuQuotaProbeInput(account, cache, maxAgeMs, now, storage.accounts)) {
 			count += 1;
 		}
 	}
@@ -632,7 +669,9 @@ async function refreshQuotaCacheForMenu(
 				accessToken: target.accessToken,
 				model: MENU_QUOTA_REFRESH_MODEL,
 			});
-			changed = updateQuotaCacheForAccount(cache, target.account, snapshot) || changed;
+			changed =
+				updateQuotaCacheForAccount(cache, target.account, snapshot, storage.accounts) ||
+				changed;
 		} catch {
 			// Keep existing cached values if probing fails.
 		}
@@ -783,7 +822,9 @@ function toExistingAccountInfo(
 	const activeIndex = resolveActiveIndex(storage, "codex");
 	const layoutMode = resolveMenuLayoutMode(displaySettings);
 	const baseAccounts = storage.accounts.map((account, index) => {
-		const entry = quotaCache ? getQuotaCacheEntryForAccount(quotaCache, account) : null;
+		const entry = quotaCache
+			? getQuotaCacheEntryForAccount(quotaCache, account, storage.accounts)
+			: null;
 		return {
 			index,
 			sourceIndex: index,
@@ -1477,7 +1518,12 @@ async function runHealthCheck(options: HealthCheckOptions = {}): Promise<void> {
 						});
 						if (quotaCache) {
 							quotaCacheChanged =
-								updateQuotaCacheForAccount(quotaCache, account, snapshot) || quotaCacheChanged;
+								updateQuotaCacheForAccount(
+									quotaCache,
+									account,
+									snapshot,
+									storage.accounts,
+								) || quotaCacheChanged;
 						}
 						healthDetail = formatQuotaSnapshotForDashboard(snapshot, display);
 					} catch (error) {
@@ -1550,7 +1596,12 @@ async function runHealthCheck(options: HealthCheckOptions = {}): Promise<void> {
 						});
 						if (quotaCache) {
 							quotaCacheChanged =
-								updateQuotaCacheForAccount(quotaCache, account, snapshot) || quotaCacheChanged;
+								updateQuotaCacheForAccount(
+									quotaCache,
+									account,
+									snapshot,
+									storage.accounts,
+								) || quotaCacheChanged;
 						}
 						healthyMessage = formatQuotaSnapshotForDashboard(snapshot, display);
 					} catch (error) {
@@ -2048,7 +2099,12 @@ async function runForecast(args: string[]): Promise<number> {
 				const account = storage.accounts[i];
 				if (account) {
 					quotaCacheChanged =
-						updateQuotaCacheForAccount(quotaCache, account, liveQuota) || quotaCacheChanged;
+						updateQuotaCacheForAccount(
+							quotaCache,
+							account,
+							liveQuota,
+							storage.accounts,
+						) || quotaCacheChanged;
 				}
 			}
 		} catch (error) {
@@ -2803,7 +2859,12 @@ async function runFix(args: string[]): Promise<number> {
 						});
 						if (quotaCache) {
 							quotaCacheChanged =
-								updateQuotaCacheForAccount(quotaCache, account, snapshot) || quotaCacheChanged;
+								updateQuotaCacheForAccount(
+									quotaCache,
+									account,
+									snapshot,
+									storage.accounts,
+								) || quotaCacheChanged;
 						}
 						reports.push({
 							index: i,
@@ -2881,7 +2942,12 @@ async function runFix(args: string[]): Promise<number> {
 						});
 						if (quotaCache) {
 							quotaCacheChanged =
-								updateQuotaCacheForAccount(quotaCache, account, snapshot) || quotaCacheChanged;
+								updateQuotaCacheForAccount(
+									quotaCache,
+									account,
+									snapshot,
+									storage.accounts,
+								) || quotaCacheChanged;
 						}
 						reports.push({
 							index: i,

lib/entitlement-cache.ts

@@ -19,6 +19,7 @@ const MAX_ACCOUNT_BUCKETS = 512;
 export interface EntitlementAccountRef {
 	accountId?: string;
 	email?: string;
+	refreshToken?: string;
 	index?: number;
 }
 
@@ -39,25 +40,41 @@ function normalizeModel(model: string | undefined): string | null {
 	return stripped.replace(/-(none|minimal|low|medium|high|xhigh)$/i, "");
 }
 
+function normalizeEntitlementEmail(email: string | undefined): string | undefined {
+	if (!email) return undefined;
+	const trimmed = email.trim();
+	if (!trimmed) return undefined;
+	return trimmed.toLowerCase();
+}
+
 /**
  * Derives a stable cache key for an entitlement account reference.
  *
- * Produces one of three deterministic keys:
- * - `id:<trimmed accountId>` when `accountId` is present,
- * - `email:<lowercased trimmed email>` when `email` is present and no `accountId`,
+ * Produces one of six deterministic keys:
+ * - `account:<trimmed accountId>::email:<lowercased trimmed email>` when both are present,
+ * - `email:<lowercased trimmed email>` when only `email` is present,
+ * - `account:<trimmed accountId>::idx:<non-negative integer>` when `accountId` is present without email,
+ * - `account:<trimmed accountId>` when only `accountId` is present and no index is available,
+ * - `refresh:<trimmed refreshToken>` when no accountId/email exists but a refresh token is available,
  * - `idx:<non-negative integer>` otherwise (index defaults to 0).
  *
  * This function is pure and concurrency-safe; it performs no I/O and is not affected by Windows filesystem semantics. It does not redact secrets or tokens — values are only trimmed and, for emails, lowercased.
  *
  * @param ref - Reference identifying an account (may include `accountId`, `email`, or `index`)
- * @returns A deterministic string key prefixed with `id:`, `email:`, or `idx:` as described above
+ * @returns A deterministic string key prefixed with `account:`, `email:`, `refresh:`, or `idx:` as described above
  */
 export function resolveEntitlementAccountKey(ref: EntitlementAccountRef): string {
 	const accountId = typeof ref.accountId === "string" ? ref.accountId.trim() : "";
-	if (accountId) return `id:${accountId}`;
-	const email = typeof ref.email === "string" ? ref.email.trim().toLowerCase() : "";
+	const hasIndex = Number.isFinite(ref.index);
+	const index = hasIndex ? Math.max(0, Math.floor(ref.index ?? 0)) : 0;
+	const email = normalizeEntitlementEmail(ref.email);
+	const refreshToken =
+		typeof ref.refreshToken === "string" ? ref.refreshToken.trim() : "";
+	if (accountId && email) return `account:${accountId}::email:${email}`;
 	if (email) return `email:${email}`;
-	const index = Number.isFinite(ref.index) ? Math.max(0, Math.floor(ref.index ?? 0)) : 0;
+	if (accountId && hasIndex) return `account:${accountId}::idx:${index}`;
+	if (accountId) return `account:${accountId}`;
+	if (refreshToken) return `refresh:${refreshToken}`;
 	return `idx:${index}`;
 }