fix(storage): suppress flagged reset revival

Co-authored-by: Codex <noreply@openai.com>

Author: ndycode

lib/storage.ts

@@ -1971,6 +1971,7 @@ function normalizeFlaggedStorage(data: unknown): FlaggedAccountStorageV1 {
 
 export async function loadFlaggedAccounts(): Promise<FlaggedAccountStorageV1> {
 	const path = getFlaggedAccountsPath();
+	const resetMarkerPath = getIntentionalResetMarkerPath(path);
 	const empty: FlaggedAccountStorageV1 = { version: 1, accounts: [] };
 
 	try {
@@ -1983,6 +1984,10 @@ export async function loadFlaggedAccounts(): Promise<FlaggedAccountStorageV1> {
 		}
 	}
 
+	if (existsSync(resetMarkerPath) && !existsSync(path)) {
+		return empty;
+	}
+
 	const recovered = storageBackupEnabled ? await recoverFlaggedAccountsFromBackups(path) : null;
 	if (recovered) {
 		return recovered;
@@ -2042,6 +2047,7 @@ export async function saveFlaggedAccounts(storage: FlaggedAccountStorageV1): Pro
 			const content = JSON.stringify(normalizeFlaggedStorage(storage), null, 2);
 			await fs.writeFile(tempPath, content, { encoding: "utf-8", mode: 0o600 });
 			await fs.rename(tempPath, path);
+			await removeIntentionalResetMarker(path);
 		} catch (error) {
 			try {
 				await fs.unlink(tempPath);
@@ -2057,6 +2063,18 @@ export async function saveFlaggedAccounts(storage: FlaggedAccountStorageV1): Pro
 export async function clearFlaggedAccounts(): Promise<void> {
 	return withStorageLock(async () => {
 		const path = getFlaggedAccountsPath();
+		const markerPath = getIntentionalResetMarkerPath(path);
+		try {
+			await fs.mkdir(dirname(path), { recursive: true });
+			await writeIntentionalResetMarker(path);
+		} catch (error) {
+			log.error("Failed to write flagged reset marker", {
+				path,
+				markerPath,
+				error: String(error),
+			});
+			throw error;
+		}
 		const backupPaths = await getAccountsBackupRecoveryCandidatesWithDiscovery(path);
 		for (const candidate of [path, ...backupPaths]) {
 			try {

test/storage-flagged.test.ts

@@ -287,6 +287,52 @@ describe("flagged account storage", () => {
 		expect(flagged.accounts).toHaveLength(0);
 	});
 
+	it("suppresses flagged backup revival when clear only partially deletes backup artifacts", async () => {
+		await saveFlaggedAccounts({
+			version: 1,
+			accounts: [
+				{
+					refreshToken: "partial-delete-primary",
+					flaggedAt: 1,
+					addedAt: 1,
+					lastUsed: 1,
+				},
+			],
+		});
+
+		await saveFlaggedAccounts({
+			version: 1,
+			accounts: [
+				{
+					refreshToken: "partial-delete-secondary",
+					flaggedAt: 2,
+					addedAt: 2,
+					lastUsed: 2,
+				},
+			],
+		});
+
+		const flaggedPath = getFlaggedAccountsPath();
+		const backupPath = `${flaggedPath}.bak`;
+		const originalUnlink = fs.unlink.bind(fs);
+		const unlinkSpy = vi.spyOn(fs, "unlink").mockImplementation(async (targetPath) => {
+			if (targetPath === backupPath) {
+				const error = new Error("EACCES backup delete") as NodeJS.ErrnoException;
+				error.code = "EACCES";
+				throw error;
+			}
+			return originalUnlink(targetPath);
+		});
+
+		await clearFlaggedAccounts();
+
+		const flagged = await loadFlaggedAccounts();
+		expect(existsSync(backupPath)).toBe(true);
+		expect(flagged.accounts).toHaveLength(0);
+
+		unlinkSpy.mockRestore();
+	});
+
 	it("emits snapshot metadata for flagged account backups", async () => {
 		await saveFlaggedAccounts({
 			version: 1,