fix(auth): tighten onboarding restore review followups

Author: ndycode

docs/upgrade.md

@@ -70,7 +70,7 @@ For maintainer/debug flows, see advanced/internal controls in [development/CONFI
 
 - `Recover saved accounts` appears only when at least one valid named backup exists.
 - No new CLI flags or npm scripts were added for this flow.
-- The backup root remains `~/.codex/multi-auth/backups` by default, or `%CODEX_MULTI_AUTH_DIR%\\backups` when `CODEX_MULTI_AUTH_DIR` is set.
+- The backup root remains `~/.codex/multi-auth/backups` by default, or `%CODEX_MULTI_AUTH_DIR%\backups` when `CODEX_MULTI_AUTH_DIR` is set.
 
 ---
 

lib/accounts.ts

@@ -92,12 +92,12 @@ export interface ManagedAccount {
 	expires?: number;
 	addedAt: number;
 	lastUsed: number;
-        lastSwitchReason?:
-                | "rate-limit"
-                | "initial"
-                | "rotation"
-                | "best"
-                | "restore";
+	lastSwitchReason?:
+		| "rate-limit"
+		| "initial"
+		| "rotation"
+		| "best"
+		| "restore";
 	lastRateLimitReason?: RateLimitReason;
 	rateLimitResetTimes: RateLimitStateV3;
 	coolingDownUntil?: number;

lib/codex-manager.ts

@@ -4355,21 +4355,31 @@ async function runAuthLogin(): Promise<number> {
 		}
 
 		const refreshedStorage = await loadAccounts();
-		const existingCount = refreshedStorage?.accounts.length ?? 0;
+		let existingCount = refreshedStorage?.accounts.length ?? 0;
 		let forceNewLogin = existingCount > 0;
-		let namedBackups: NamedBackupSummary[] = [];
-		if (existingCount === 0) {
+		const loadNamedBackupsForOnboarding = async (): Promise<NamedBackupSummary[]> => {
+			if (existingCount > 0) {
+				return [];
+			}
 			try {
-				namedBackups = await getNamedBackups();
+				return await getNamedBackups();
 			} catch (error) {
+				const code = (error as NodeJS.ErrnoException).code;
 				log.debug("getNamedBackups failed, skipping restore option", {
+					code,
 					error: error instanceof Error ? error.message : String(error),
 				});
-				namedBackups = [];
+				if (code && code !== "ENOENT") {
+					console.warn(
+						"Named backup discovery failed. Continuing with browser or manual sign-in only.",
+					);
+				}
+				return [];
 			}
-		}
-		const latestNamedBackup = namedBackups[0] ?? null;
+		};
+		let namedBackups = await loadNamedBackupsForOnboarding();
 		while (true) {
+			const latestNamedBackup = namedBackups[0] ?? null;
 			const signInMode = await promptOAuthSignInMode(latestNamedBackup);
 			if (signInMode === "cancel") {
 				if (existingCount > 0) {
@@ -4379,15 +4389,20 @@ async function runAuthLogin(): Promise<number> {
 				console.log("Cancelled.");
 				return 0;
 			}
-			if (signInMode === "restore-backup" && latestNamedBackup) {
-				const restoreMode = await promptBackupRestoreMode(latestNamedBackup);
+			if (signInMode === "restore-backup") {
+				namedBackups = await loadNamedBackupsForOnboarding();
+				const latestAvailableBackup = namedBackups[0] ?? null;
+				if (!latestAvailableBackup) {
+					continue;
+				}
+				const restoreMode = await promptBackupRestoreMode(latestAvailableBackup);
 				if (restoreMode === "back") {
 					continue;
 				}
 
 				const selectedBackup = restoreMode === "manual"
 					? await promptManualBackupSelection(namedBackups)
-					: latestNamedBackup;
+					: latestAvailableBackup;
 				if (!selectedBackup) {
 					continue;
 				}
@@ -4473,6 +4488,8 @@ async function runAuthLogin(): Promise<number> {
 
 			const latestStorage = await loadAccounts();
 			const count = latestStorage?.accounts.length ?? 1;
+			existingCount = count;
+			namedBackups = [];
 			console.log(`Added account. Total: ${count}`);
 			if (count >= ACCOUNT_LIMITS.MAX_ACCOUNTS) {
 				console.log(`Reached maximum account limit (${ACCOUNT_LIMITS.MAX_ACCOUNTS}).`);

lib/schemas.ts

@@ -83,11 +83,11 @@ export type CooldownReasonFromSchema = z.infer<typeof CooldownReasonSchema>;
  * Last switch reason for account rotation tracking.
  */
 export const SwitchReasonSchema = z.enum([
-        "rate-limit",
-        "initial",
-        "rotation",
-        "best",
-        "restore",
+	"rate-limit",
+	"initial",
+	"rotation",
+	"best",
+	"restore",
 ]);
 
 export type SwitchReasonFromSchema = z.infer<typeof SwitchReasonSchema>;

lib/storage.ts

@@ -142,14 +142,23 @@ async function collectNamedBackups(storagePath: string): Promise<NamedBackupSumm
 		if (!entry.name.toLowerCase().endsWith(".json")) continue;
 		const candidatePath = join(backupRoot, entry.name);
 		try {
-			const stats = await fs.stat(candidatePath);
+			const statsBefore = await fs.stat(candidatePath);
 			const { normalized } = await loadAccountsFromPath(candidatePath);
 			if (!normalized || normalized.accounts.length === 0) continue;
+			const statsAfter = await fs.stat(candidatePath).catch(() => null);
+			if (statsAfter && statsAfter.mtimeMs !== statsBefore.mtimeMs) {
+				log.debug("backup file changed between stat and load, mtime may be stale", {
+					candidatePath,
+					fileName: entry.name,
+					beforeMtimeMs: statsBefore.mtimeMs,
+					afterMtimeMs: statsAfter.mtimeMs,
+				});
+			}
 			candidates.push({
 				path: candidatePath,
 				fileName: entry.name,
 				accountCount: normalized.accounts.length,
-				mtimeMs: stats.mtimeMs,
+				mtimeMs: statsBefore.mtimeMs,
 			});
 		} catch (error) {
 			log.debug("Skipping named backup candidate after loadAccountsFromPath/fs.stat failure", {

lib/storage/migrations.ts

@@ -25,12 +25,12 @@ export interface AccountMetadataV1 {
 	enabled?: boolean;
 	addedAt: number;
 	lastUsed: number;
-        lastSwitchReason?:
-                | "rate-limit"
-                | "initial"
-                | "rotation"
-                | "best"
-                | "restore";
+	lastSwitchReason?:
+		| "rate-limit"
+		| "initial"
+		| "rotation"
+		| "best"
+		| "restore";
 	rateLimitResetTime?: number;
 	coolingDownUntil?: number;
 	cooldownReason?: CooldownReason;
@@ -55,12 +55,12 @@ export interface AccountMetadataV3 {
 	enabled?: boolean;
 	addedAt: number;
 	lastUsed: number;
-        lastSwitchReason?:
-                | "rate-limit"
-                | "initial"
-                | "rotation"
-                | "best"
-                | "restore";
+	lastSwitchReason?:
+		| "rate-limit"
+		| "initial"
+		| "rotation"
+		| "best"
+		| "restore";
 	rateLimitResetTimes?: RateLimitStateV3;
 	coolingDownUntil?: number;
 	cooldownReason?: CooldownReason;