fix refresh persistence review followups

Author: ndycode

lib/accounts.ts

@@ -19,7 +19,7 @@ import {
 	type HybridSelectionOptions,
 } from "./rotation.js";
 import { nowMs } from "./utils.js";
-import { ERROR_MESSAGES } from "./constants.js";
+import { ERROR_MESSAGES, HTTP_STATUS } from "./constants.js";
 import { CodexAuthError } from "./errors.js";
 import {
 	loadCodexCliState,
@@ -159,6 +159,37 @@ function findAccountIndexByIdentity<
 	return undefined;
 }
 
+const RETRYABLE_AUTH_PERSISTENCE_CODES = new Set(["EAGAIN", "EBUSY", "EPERM"]);
+
+function isRetryableAuthPersistenceError(error: unknown): boolean {
+	if (!error || typeof error !== "object") {
+		return false;
+	}
+
+	const candidate = error as {
+		code?: unknown;
+		status?: unknown;
+		cause?: unknown;
+	};
+	const code =
+		typeof candidate.code === "string"
+			? candidate.code.toUpperCase()
+			: undefined;
+	if (code && RETRYABLE_AUTH_PERSISTENCE_CODES.has(code)) {
+		return true;
+	}
+
+	if (candidate.status === HTTP_STATUS.TOO_MANY_REQUESTS) {
+		return true;
+	}
+
+	if (candidate.cause && candidate.cause !== error) {
+		return isRetryableAuthPersistenceError(candidate.cause);
+	}
+
+	return false;
+}
+
 export interface Workspace {
 	id: string;
 	name?: string;
@@ -845,25 +876,68 @@ export class AccountManager {
 				delete storedAccount.coolingDownUntil;
 				delete storedAccount.cooldownReason;
 
-				await persist(nextStorage);
-
 				const liveAccount = this.getAccountByIdentity(source, auth);
-				if (!liveAccount) {
-					log.warn("Unable to resolve refreshed live account after persistence", {
-						sourceIndex: source.index,
-					});
-					return null;
+				if (liveAccount) {
+					const previousLiveAccountState = {
+						access: liveAccount.access,
+						refreshToken: liveAccount.refreshToken,
+						expires: liveAccount.expires,
+						accountId: liveAccount.accountId,
+						accountIdSource: liveAccount.accountIdSource,
+						email: liveAccount.email,
+						enabled: liveAccount.enabled,
+						coolingDownUntil: liveAccount.coolingDownUntil,
+						cooldownReason: liveAccount.cooldownReason,
+						consecutiveAuthFailures: liveAccount.consecutiveAuthFailures,
+					};
+
+					this.updateFromAuth(liveAccount, auth);
+					liveAccount.enabled = true;
+					this.clearAccountCooldown(liveAccount);
+					this.clearAuthFailures(liveAccount);
+
+					try {
+						await persist(nextStorage);
+					} catch (error) {
+						liveAccount.access = previousLiveAccountState.access;
+						liveAccount.refreshToken = previousLiveAccountState.refreshToken;
+						liveAccount.expires = previousLiveAccountState.expires;
+						liveAccount.accountId = previousLiveAccountState.accountId;
+						liveAccount.accountIdSource =
+							previousLiveAccountState.accountIdSource;
+						liveAccount.email = previousLiveAccountState.email;
+						liveAccount.enabled = previousLiveAccountState.enabled;
+						liveAccount.consecutiveAuthFailures =
+							previousLiveAccountState.consecutiveAuthFailures;
+						if (
+							previousLiveAccountState.coolingDownUntil === undefined
+						) {
+							delete liveAccount.coolingDownUntil;
+						} else {
+							liveAccount.coolingDownUntil =
+								previousLiveAccountState.coolingDownUntil;
+						}
+						if (previousLiveAccountState.cooldownReason === undefined) {
+							delete liveAccount.cooldownReason;
+						} else {
+							liveAccount.cooldownReason =
+								previousLiveAccountState.cooldownReason;
+						}
+						throw error;
+					}
+
+					return liveAccount;
 				}
 
-				this.updateFromAuth(liveAccount, auth);
-				liveAccount.enabled = true;
-				this.clearAccountCooldown(liveAccount);
-				this.clearAuthFailures(liveAccount);
-				return liveAccount;
+				await persist(nextStorage);
+				log.warn("Unable to resolve refreshed live account after persistence", {
+					sourceIndex: source.index,
+				});
+				return null;
 			});
 		} catch (error) {
 			throw new CodexAuthError(ERROR_MESSAGES.TOKEN_REFRESH_FAILED, {
-				retryable: true,
+				retryable: isRetryableAuthPersistenceError(error),
 				cause: error,
 			});
 		}

lib/refresh-guardian.ts

@@ -205,7 +205,6 @@ export class RefreshGuardian {
 			}
 
 			let requiresSave = false;
-			const processed = new Set<number>();
 			const refreshResults = await refreshExpiringAccounts(
 				eligibleSnapshot,
 				this.bufferMs,
@@ -218,7 +217,6 @@ export class RefreshGuardian {
 					if (saveNeeded) {
 						requiresSave = true;
 					}
-					processed.add(sourceAccount.index);
 				},
 			);
 			if (refreshResults.size === 0) {
@@ -227,27 +225,6 @@ export class RefreshGuardian {
 				return;
 			}
 
-			const snapshotByIndex = new Map<number, (typeof snapshot)[number]>();
-			for (const candidate of eligibleSnapshot) {
-				snapshotByIndex.set(candidate.index, candidate);
-			}
-
-			for (const [accountIndex, result] of refreshResults.entries()) {
-				if (processed.has(accountIndex)) {
-					continue;
-				}
-				const sourceAccount = snapshotByIndex.get(accountIndex);
-				if (!sourceAccount) continue;
-				const saveNeeded = await this.applyRefreshOutcome(
-					manager,
-					sourceAccount,
-					result,
-				);
-				if (saveNeeded) {
-					requiresSave = true;
-				}
-			}
-
 			if (requiresSave) {
 				manager.saveToDiskDebounced();
 			}

lib/request/fetch-helpers.ts

@@ -449,6 +449,35 @@ function isRetryableRefreshFailure(
 	}
 }
 
+function isRetryableAuthSetterError(error: unknown): boolean {
+	if (!error || typeof error !== "object") {
+		return false;
+	}
+
+	const candidate = error as {
+		code?: unknown;
+		status?: unknown;
+		cause?: unknown;
+	};
+	const code =
+		typeof candidate.code === "string"
+			? candidate.code.toUpperCase()
+			: undefined;
+	if (code === "EAGAIN" || code === "EBUSY" || code === "EPERM") {
+		return true;
+	}
+
+	if (candidate.status === HTTP_STATUS.TOO_MANY_REQUESTS) {
+		return true;
+	}
+
+	if (candidate.cause && candidate.cause !== error) {
+		return isRetryableAuthSetterError(candidate.cause);
+	}
+
+	return false;
+}
+
 /**
  * Refreshes the OAuth token and updates stored credentials
  * @param currentAuth - Current auth state
@@ -492,7 +521,7 @@ export async function refreshAndUpdateToken(
 		});
 	} catch (error) {
 		throw new CodexAuthError(ERROR_MESSAGES.TOKEN_REFRESH_FAILED, {
-			retryable: true,
+			retryable: isRetryableAuthSetterError(error),
 			cause: error,
 		});
 	}

test/accounts.test.ts

@@ -1270,6 +1270,47 @@ describe("AccountManager", () => {
       expect(account.refreshToken).toBe("old-refresh");
     });
 
+    it("propagates non-transient storage write failure as terminal CodexAuthError", async () => {
+      const { withAccountStorageTransaction } = await import("../lib/storage.js");
+      const mockWithAccountStorageTransaction = vi.mocked(
+        withAccountStorageTransaction,
+      );
+      mockWithAccountStorageTransaction.mockRejectedValueOnce(
+        Object.assign(new Error("EACCES"), { code: "EACCES" }),
+      );
+
+      const now = Date.now();
+      const stored = {
+        version: 3 as const,
+        activeIndex: 0,
+        accounts: [
+          {
+            refreshToken: "old-refresh",
+            accessToken: "old-access",
+            expiresAt: now,
+            addedAt: now,
+            lastUsed: now,
+          },
+        ],
+      };
+      const manager = new AccountManager(undefined, stored as any);
+      const account = manager.getAccountByIndex(0)!;
+      const refreshedAuth: OAuthAuthDetails = {
+        type: "oauth",
+        access: "header.payload.signature",
+        refresh: "new-refresh",
+        expires: now + 3_600_000,
+      };
+
+      const error = await manager.commitRefreshedAuth(account, refreshedAuth).catch(
+        (err) => err as CodexAuthError,
+      );
+
+      expect(error).toBeInstanceOf(CodexAuthError);
+      expect(error.retryable).toBe(false);
+      expect(account.refreshToken).toBe("old-refresh");
+    });
+
     it("prevents debounced saves from writing stale auth during refresh persistence", async () => {
       vi.useFakeTimers();
       try {

test/fetch-helpers.test.ts

@@ -183,7 +183,9 @@ describe('Fetch Helpers Module', () => {
 			const auth: Auth = { type: 'oauth', access: 'old', refresh: 'oldr', expires: 0 };
 			const client = {
 				auth: {
-					set: vi.fn().mockRejectedValue(new Error('persist failed')),
+					set: vi.fn().mockRejectedValue(
+						Object.assign(new Error('persist failed'), { code: 'EBUSY' }),
+					),
 				},
 			} as any;
 			vi.spyOn(refreshQueueModule, 'queuedRefresh').mockResolvedValue({
@@ -199,6 +201,29 @@ describe('Fetch Helpers Module', () => {
 			expect(error).toBeInstanceOf(CodexAuthError);
 			expect(error.retryable).toBe(true);
 		});
+
+		it('throws terminal auth errors when auth persistence fails permanently', async () => {
+			const auth: Auth = { type: 'oauth', access: 'old', refresh: 'oldr', expires: 0 };
+			const client = {
+				auth: {
+					set: vi.fn().mockRejectedValue(
+						Object.assign(new Error('persist failed'), { code: 'EACCES' }),
+					),
+				},
+			} as any;
+			vi.spyOn(refreshQueueModule, 'queuedRefresh').mockResolvedValue({
+				type: 'success',
+				access: 'new',
+				refresh: 'newr',
+				expires: 123,
+			} as any);
+
+			const error = await refreshAndUpdateToken(auth, client).catch(
+				(err) => err as CodexAuthError,
+			);
+			expect(error).toBeInstanceOf(CodexAuthError);
+			expect(error.retryable).toBe(false);
+		});
 	});
 
 	describe('extractRequestUrl', () => {