fix(storage): keep export reads side-effect free

Author: ndycode

lib/storage.ts

@@ -1441,49 +1441,27 @@ async function loadAccountsInternal(
 	}
 }
 
-async function loadAccountsForExport(
-	mode: "locked" | "unlocked" = "locked",
-): Promise<AccountStorageV3 | null> {
-	// Export reuses this helper from both paths in `exportAccounts()`. Only the
-	// locked path may persist migrations; unlocked reads must remain side-effect
-	// free while another storage transaction holds the mutex for a different file.
-	const persistMigrations = mode === "locked";
+async function loadAccountsForExport(): Promise<AccountStorageV3 | null> {
+	// Export reuses this helper from both paths in `exportAccounts()`. Keep the
+	// read side effect free so export never clears a reset marker or races with
+	// concurrent writers while normalizing legacy storage for the snapshot.
 	const path = getStoragePath();
 	const resetMarkerPath = getIntentionalResetMarkerPath(path);
-	const migrationOptions = persistMigrations
-		? { persist: saveAccountsUnlocked }
-		: { commit: false };
 
 	if (existsSync(resetMarkerPath)) {
 		return createEmptyStorageWithMetadata(false, "intentional-reset");
 	}
 
 	try {
-		const { normalized, storedVersion, schemaErrors } = await loadAccountsFromPath(
-			path,
-			{
-				normalizeAccountStorage,
-				isRecord,
-			},
-		);
+		const { normalized, schemaErrors } = await loadAccountsFromPath(path, {
+			normalizeAccountStorage,
+			isRecord,
+		});
 		if (schemaErrors.length > 0) {
 			log.warn("Account storage schema validation warnings", {
 				errors: schemaErrors.slice(0, 5),
 			});
 		}
-		if (persistMigrations && normalized && storedVersion !== normalized.version) {
-			log.info("Migrating account storage to v3", {
-				from: storedVersion,
-				to: normalized.version,
-			});
-			try {
-				await saveAccountsUnlocked(normalized);
-			} catch (saveError) {
-				log.warn("Failed to persist migrated storage", {
-					error: String(saveError),
-				});
-			}
-		}
 		if (existsSync(resetMarkerPath)) {
 			return createEmptyStorageWithMetadata(false, "intentional-reset");
 		}
@@ -1495,7 +1473,7 @@ async function loadAccountsForExport(
 		}
 		if (code === "ENOENT") {
 			const migratedLegacyStorage =
-				await migrateLegacyProjectStorageIfNeeded(migrationOptions);
+				await migrateLegacyProjectStorageIfNeeded({ commit: false });
 			if (existsSync(resetMarkerPath)) {
 				return createEmptyStorageWithMetadata(false, "intentional-reset");
 			}
@@ -1861,9 +1839,8 @@ export async function exportAccounts(
 		force,
 		currentStoragePath,
 		transactionState: getTransactionSnapshotState(),
-		readCurrentStorageUnlocked: () => loadAccountsForExport("unlocked"),
-		readCurrentStorage: () =>
-			withStorageLock(() => loadAccountsForExport("locked")),
+		readCurrentStorageUnlocked: () => loadAccountsForExport(),
+		readCurrentStorage: () => withStorageLock(() => loadAccountsForExport()),
 		exportAccountsToFile,
 		beforeCommit,
 		logInfo: (message, details) => {

test/storage.test.ts

@@ -1407,6 +1407,41 @@ describe("storage", () => {
 			}
 		});
 
+		it("does not persist v3 normalization while export reads storage with the lock", async () => {
+			const currentStoragePath = join(testWorkDir, "accounts-v1-locked.json");
+			await fs.writeFile(
+				currentStoragePath,
+				JSON.stringify({
+					version: 1,
+					activeIndex: 0,
+					accounts: [
+						{
+							refreshToken: "legacy-token",
+							addedAt: 1,
+							lastUsed: 1,
+						},
+					],
+				}),
+			);
+
+			setStoragePathDirect(currentStoragePath);
+			try {
+				await exportAccounts(exportPath);
+
+				const onDisk = JSON.parse(
+					await fs.readFile(currentStoragePath, "utf-8"),
+				);
+				const exported = JSON.parse(await fs.readFile(exportPath, "utf-8"));
+				expect(onDisk.version).toBe(1);
+				expect(exported.version).toBe(3);
+				expect(exported.accounts).toEqual([
+					expect.objectContaining({ refreshToken: "legacy-token" }),
+				]);
+			} finally {
+				setStoragePathDirect(testStoragePath);
+			}
+		});
+
 		it.each(["EBUSY", "EPERM"] as const)(
 			"rethrows %s when export cannot read the current storage file",
 			async (code) => {
@@ -1456,6 +1491,92 @@ describe("storage", () => {
 			},
 		);
 
+		it.each(["EBUSY", "EPERM"] as const)(
+			"does not write an export file when %s happens while reading another storage path during a transaction",
+			async (code) => {
+				const transactionStoragePath = join(
+					testWorkDir,
+					`accounts-transaction-${code}.json`,
+				);
+				const currentStoragePath = join(testWorkDir, `accounts-live-${code}.json`);
+				await fs.writeFile(
+					transactionStoragePath,
+					JSON.stringify({
+						version: 3,
+						activeIndex: 0,
+						activeIndexByFamily: {},
+						accounts: [
+							{
+								accountId: "transaction",
+								refreshToken: "transaction-token",
+								addedAt: 1,
+								lastUsed: 1,
+							},
+						],
+					}),
+				);
+				await fs.writeFile(
+					currentStoragePath,
+					JSON.stringify({
+						version: 3,
+						activeIndex: 0,
+						activeIndexByFamily: {},
+						accounts: [
+							{
+								accountId: "live",
+								refreshToken: "live-token",
+								addedAt: 1,
+								lastUsed: 1,
+							},
+						],
+					}),
+				);
+
+				const actualStorageParser = await vi.importActual<
+					typeof import("../lib/storage/storage-parser.js")
+				>("../lib/storage/storage-parser.js");
+				vi.resetModules();
+				vi.doMock("../lib/storage/storage-parser.js", () => ({
+					...actualStorageParser,
+					loadAccountsFromPath: vi.fn(async (path, deps) => {
+						if (path === currentStoragePath) {
+							throw Object.assign(new Error(`locked ${code}`), { code });
+						}
+						return actualStorageParser.loadAccountsFromPath(path, deps);
+					}),
+				}));
+
+				try {
+					const isolatedStorageModule = await import("../lib/storage.js");
+					const isolatedPathState = await import("../lib/storage/path-state.js");
+					isolatedStorageModule.setStoragePathDirect(transactionStoragePath);
+					await expect(
+						isolatedStorageModule.withAccountStorageTransaction(async () => {
+							isolatedPathState.setStoragePathState({
+								currentStoragePath,
+								currentLegacyProjectStoragePath: null,
+								currentLegacyWorktreeStoragePath: null,
+								currentProjectRoot: null,
+							});
+							await isolatedStorageModule.exportAccounts(exportPath);
+						}),
+					).rejects.toMatchObject({ code });
+
+					const transactionStorage = JSON.parse(
+						await fs.readFile(transactionStoragePath, "utf-8"),
+					);
+					expect(transactionStorage.accounts).toEqual([
+						expect.objectContaining({ refreshToken: "transaction-token" }),
+					]);
+					expect(existsSync(exportPath)).toBe(false);
+				} finally {
+					vi.doUnmock("../lib/storage/storage-parser.js");
+					vi.resetModules();
+					setStoragePathDirect(testStoragePath);
+				}
+			},
+		);
+
 		it("does not revive legacy accounts when the current storage exists but is empty", async () => {
 			const currentStoragePath = join(testWorkDir, "accounts-empty-current.json");
 			const legacyStoragePath = join(testWorkDir, "accounts-empty-legacy.json");
@@ -1509,6 +1630,48 @@ describe("storage", () => {
 			}
 		});
 
+		it("exports legacy storage without persisting it when current storage is missing", async () => {
+			const currentStoragePath = join(testWorkDir, "accounts-missing-current.json");
+			const legacyStoragePath = join(testWorkDir, "accounts-missing-legacy.json");
+			await fs.writeFile(
+				legacyStoragePath,
+				JSON.stringify({
+					version: 3,
+					activeIndex: 0,
+					activeIndexByFamily: {},
+					accounts: [
+						{
+							accountId: "legacy",
+							refreshToken: "legacy-token",
+							addedAt: 1,
+							lastUsed: 1,
+						},
+					],
+				}),
+			);
+
+			setStoragePathDirect(currentStoragePath);
+			try {
+				setStoragePathState({
+					currentStoragePath,
+					currentLegacyProjectStoragePath: legacyStoragePath,
+					currentLegacyWorktreeStoragePath: null,
+					currentProjectRoot: null,
+				});
+
+				await exportAccounts(exportPath);
+
+				const exported = JSON.parse(await fs.readFile(exportPath, "utf-8"));
+				expect(exported.accounts).toEqual([
+					expect.objectContaining({ refreshToken: "legacy-token" }),
+				]);
+				expect(existsSync(currentStoragePath)).toBe(false);
+				expect(existsSync(legacyStoragePath)).toBe(true);
+			} finally {
+				setStoragePathDirect(testStoragePath);
+			}
+		});
+
 		it("does not revive legacy accounts when the current storage has an intentional reset marker", async () => {
 			const currentStoragePath = join(testWorkDir, "accounts-reset-current.json");
 			const legacyStoragePath = join(testWorkDir, "accounts-reset-legacy.json");