fix(storage): harden export review followups

Author: ndycode

lib/storage.ts

@@ -709,9 +709,12 @@ function getLegacyFlaggedAccountsPath(): string {
 	);
 }
 
-async function migrateLegacyProjectStorageIfNeeded(
-	persist: (storage: AccountStorageV3) => Promise<void> = saveAccounts,
-): Promise<AccountStorageV3 | null> {
+async function migrateLegacyProjectStorageIfNeeded(options?: {
+	persist?: (storage: AccountStorageV3) => Promise<void>;
+	commit?: boolean;
+}): Promise<AccountStorageV3 | null> {
+	const persist = options?.persist ?? saveAccounts;
+	const commit = options?.commit ?? true;
 	const state = getStoragePathState();
 	if (!state.currentStoragePath) {
 		return null;
@@ -782,43 +785,49 @@ async function migrateLegacyProjectStorageIfNeeded(
 		);
 		const fallbackStorage = targetStorage ?? legacyStorage;
 
-		try {
-			await persist(mergedStorage);
-			targetStorage = mergedStorage;
-			migrated = true;
-		} catch (error) {
-			targetStorage = fallbackStorage;
-			log.warn("Failed to persist migrated account storage", {
+		if (commit) {
+			try {
+				await persist(mergedStorage);
+				targetStorage = mergedStorage;
+				migrated = true;
+			} catch (error) {
+				targetStorage = fallbackStorage;
+				log.warn("Failed to persist migrated account storage", {
+					from: legacyPath,
+					to: state.currentStoragePath,
+					error: String(error),
+				});
+				continue;
+			}
+
+			try {
+				await fs.unlink(legacyPath);
+				log.info("Removed legacy account storage file after migration", {
+					path: legacyPath,
+				});
+			} catch (unlinkError) {
+				const code = (unlinkError as NodeJS.ErrnoException).code;
+				if (code !== "ENOENT") {
+					log.warn(
+						"Failed to remove legacy account storage file after migration",
+						{
+							path: legacyPath,
+							error: String(unlinkError),
+						},
+					);
+				}
+			}
+
+			log.info("Migrated legacy project account storage", {
 				from: legacyPath,
 				to: state.currentStoragePath,
-				error: String(error),
+				accounts: mergedStorage.accounts.length,
 			});
 			continue;
 		}
 
-		try {
-			await fs.unlink(legacyPath);
-			log.info("Removed legacy account storage file after migration", {
-				path: legacyPath,
-			});
-		} catch (unlinkError) {
-			const code = (unlinkError as NodeJS.ErrnoException).code;
-			if (code !== "ENOENT") {
-				log.warn(
-					"Failed to remove legacy account storage file after migration",
-					{
-						path: legacyPath,
-						error: String(unlinkError),
-					},
-				);
-			}
-		}
-
-		log.info("Migrated legacy project account storage", {
-			from: legacyPath,
-			to: state.currentStoragePath,
-			accounts: mergedStorage.accounts.length,
-		});
+		targetStorage = mergedStorage;
+		migrated = true;
 	}
 
 	if (migrated) {
@@ -1263,7 +1272,7 @@ async function loadAccountsInternal(
 	const resetMarkerPath = getIntentionalResetMarkerPath(path);
 	await cleanupStaleRotatingBackupArtifacts(path);
 	const migratedLegacyStorage = persistMigration
-		? await migrateLegacyProjectStorageIfNeeded(persistMigration)
+		? await migrateLegacyProjectStorageIfNeeded({ persist: persistMigration })
 		: null;
 
 	try {
@@ -1432,11 +1441,17 @@ async function loadAccountsInternal(
 	}
 }
 
-async function loadAccountsForExport(): Promise<AccountStorageV3 | null> {
+async function loadAccountsForExport(options?: {
+	persistMigrations?: boolean;
+}): Promise<AccountStorageV3 | null> {
+	const persistMigrations = options?.persistMigrations ?? true;
 	const path = getStoragePath();
 	const resetMarkerPath = getIntentionalResetMarkerPath(path);
-	const migratedLegacyStorage =
-		await migrateLegacyProjectStorageIfNeeded(saveAccountsUnlocked);
+	const migratedLegacyStorage = await migrateLegacyProjectStorageIfNeeded(
+		persistMigrations
+			? { persist: saveAccountsUnlocked }
+			: { commit: false },
+	);
 
 	if (existsSync(resetMarkerPath)) {
 		return createEmptyStorageWithMetadata(false, "intentional-reset");
@@ -1455,7 +1470,7 @@ async function loadAccountsForExport(): Promise<AccountStorageV3 | null> {
 				errors: schemaErrors.slice(0, 5),
 			});
 		}
-		if (normalized && storedVersion !== normalized.version) {
+		if (persistMigrations && normalized && storedVersion !== normalized.version) {
 			log.info("Migrating account storage to v3", {
 				from: storedVersion,
 				to: normalized.version,
@@ -1840,8 +1855,9 @@ export async function exportAccounts(
 		force,
 		currentStoragePath,
 		transactionState: getTransactionSnapshotState(),
-		readCurrentStorageUnlocked: loadAccountsForExport,
-		readCurrentStorage: () => withStorageLock(loadAccountsForExport),
+		readCurrentStorageUnlocked: () =>
+			loadAccountsForExport({ persistMigrations: false }),
+		readCurrentStorage: () => withStorageLock(() => loadAccountsForExport()),
 		exportAccountsToFile,
 		beforeCommit,
 		logInfo: (message, details) => {

test/account-port.test.ts

@@ -80,6 +80,38 @@ describe("account port helpers", () => {
 		);
 	});
 
+	it("reads current storage via the locked reader when no transaction is active", async () => {
+		const exportAccountsToFile = vi.fn(async () => undefined);
+		const readCurrentStorageUnlocked = vi.fn();
+		const readCurrentStorage = vi.fn(async () => ({
+			version: 3 as const,
+			accounts: [{ refreshToken: "locked-read-token" }],
+			activeIndex: 0,
+			activeIndexByFamily: {},
+		}));
+
+		await exportAccountsSnapshot({
+			resolvedPath: "/tmp/out.json",
+			force: true,
+			currentStoragePath: "/tmp/accounts.json",
+			transactionState: undefined,
+			readCurrentStorageUnlocked,
+			readCurrentStorage,
+			exportAccountsToFile,
+			logInfo: vi.fn(),
+		});
+
+		expect(readCurrentStorageUnlocked).not.toHaveBeenCalled();
+		expect(readCurrentStorage).toHaveBeenCalledTimes(1);
+		expect(exportAccountsToFile).toHaveBeenCalledWith(
+			expect.objectContaining({
+				storage: expect.objectContaining({
+					accounts: [{ refreshToken: "locked-read-token" }],
+				}),
+			}),
+		);
+	});
+
 	it("imports through transaction helper and logs result", async () => {
 		const result = await importAccountsSnapshot({
 			resolvedPath: "/tmp/in.json",

test/experimental-sync-target-entry.test.ts

@@ -40,9 +40,27 @@ describe("experimental sync target entry", () => {
 		});
 	});
 
-	it("wires windows-safe retry options through readJson", async () => {
+	it("provides windows lock retry policy to the injected reader", async () => {
 		const sleep = vi.fn(async () => undefined);
-		const readFileWithRetry = vi.fn(async () => '{"hello":"world"}');
+		const retryAttempts: string[] = [];
+		const readFileWithRetry = vi.fn(async (_path, options) => {
+			expect(options.retryableCodes.has("EBUSY")).toBe(true);
+			expect(options.retryableCodes.has("EPERM")).toBe(true);
+			expect(options.retryableCodes.has("EAGAIN")).toBe(true);
+			expect(options.retryableCodes.has("EACCES")).toBe(false);
+			expect(options.retryableCodes.has("ENOTEMPTY")).toBe(false);
+			expect(options.maxAttempts).toBe(4);
+
+			while (retryAttempts.length < 2) {
+				retryAttempts.push("EBUSY");
+				if (!options.retryableCodes.has("EBUSY")) {
+					throw Object.assign(new Error("busy"), { code: "EBUSY" });
+				}
+				await options.sleep(25 * retryAttempts.length);
+			}
+
+			return '{"hello":"world"}';
+		});
 		const normalizeAccountStorage = vi.fn(() => null);
 		let capturedReadJson: ((path: string) => Promise<unknown>) | undefined;
 
@@ -66,14 +84,45 @@ describe("experimental sync target entry", () => {
 		});
 
 		expect(capturedReadJson).toBeDefined();
-		expect(readFileWithRetry).toHaveBeenCalledWith("C:\\state.json", {
-			retryableCodes: new Set(["EBUSY", "EPERM", "EAGAIN"]),
-			maxAttempts: 4,
-			sleep,
-		});
+		expect(readFileWithRetry).toHaveBeenCalledTimes(1);
+		expect(sleep).toHaveBeenNthCalledWith(1, 25);
+		expect(sleep).toHaveBeenNthCalledWith(2, 50);
 		expect(normalizeAccountStorage).toHaveBeenCalledWith({ hello: "world" });
 	});
 
+	it("propagates fail-fast lock errors that are outside the retryable set", async () => {
+		const sleep = vi.fn(async () => undefined);
+		const readFileWithRetry = vi.fn(async (_path, options) => {
+			expect(options.retryableCodes.has("EACCES")).toBe(false);
+			expect(options.retryableCodes.has("ENOTEMPTY")).toBe(false);
+			throw Object.assign(new Error("denied"), { code: "EACCES" });
+		});
+		const normalizeAccountStorage = vi.fn(() => null);
+
+		const loadExperimentalSyncTargetState = vi.fn(async (args) => {
+			await args.readJson("C:\\state.json");
+			return {
+				kind: "target" as const,
+				detection: { kind: "target" as const },
+				destination: null,
+			};
+		});
+
+		await expect(
+			loadExperimentalSyncTargetEntry({
+				loadExperimentalSyncTargetState,
+				detectTarget: createDetectedTarget,
+				readFileWithRetry,
+				normalizeAccountStorage,
+				sleep,
+			}),
+		).rejects.toMatchObject({ code: "EACCES" });
+
+		expect(readFileWithRetry).toHaveBeenCalledTimes(1);
+		expect(sleep).not.toHaveBeenCalled();
+		expect(normalizeAccountStorage).not.toHaveBeenCalled();
+	});
+
 	it("propagates malformed json parse failures to the caller", async () => {
 		const readFileWithRetry = vi.fn(async () => "not-valid-json{{{");
 		const normalizeAccountStorage = vi.fn(() => null);