fix(accounts): back up snapshots before codex; restore after symlink clobber#25
Merged
Conversation
…link clobber restoreSessionSnapshotIfNeeded now copies every saved snapshot into a hidden .snapshot-backups vault before codex runs. syncExternalAuthSnapshotIfNeeded walks that vault before name resolution and restores any snapshot whose on-disk identity no longer matches the backup (codex wrote through a stale auth.json symlink) or whose file was removed entirely. After the new account is saved, the vault is cleared. Without this, identity-based name resolution kept reusing the clobbered file's *new* identity and silently overwrote the previous account's name in the registry, deleting it from the user's list. Notably this fires even when the shell hook is shadowed by a competing `codex()` function (e.g., a GH_TOKEN export wrapper) and restore-session never runs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
restoreSessionSnapshotIfNeededcopies every saved snapshot intoaccounts/.snapshot-backups/before codex runs.syncExternalAuthSnapshotIfNeededwalks the vault before name resolution; restores any snapshot whose on-disk identity no longer matches its backup (codex wrote through a staleauth.jsonsymlink) or whose file is missing.This survives the case where the shell hook is shadowed (e.g., a competing
codex()GH_TOKEN-export function) andrestore-sessionnever runs — the backup taken on any prior shell hook firing still protects future syncs that detect the clobber.Why this case existed
Without the vault, identity-based name resolution kept matching the clobbered file's new identity and silently overwrote the previous account's registry entry, removing it from
codex-auth list.Test plan
npm run buildnpm test— 77/77 passauth.jsonis a symlink, restore-session backs up snapshots, simulatedcodex loginoverwrites the previous snapshot through the symlink, sync recovers the original tokens and saves the new account under its own name🤖 Generated with Claude Code