opencode-openai-codex-multi-auth 4.5.6 → 4.5.10

package/dist/lib/storage.js

@@ -1,16 +1,135 @@
 import { randomBytes } from "node:crypto";
 import { existsSync, promises as fs } from "node:fs";
 import { homedir } from "node:os";
-import { dirname, join } from "node:path";
+import { dirname, join, resolve } from "node:path";
 import lockfile from "proper-lockfile";
 import { findAccountMatchIndex } from "./account-matching.js";
+const PLAN_TYPE_LABELS = {
+    free: "Free",
+    plus: "Plus",
+    pro: "Pro",
+    team: "Team",
+    business: "Business",
+    enterprise: "Enterprise",
+    edu: "Edu",
+};
+function normalizePlanType(planType) {
+    if (typeof planType !== "string")
+        return undefined;
+    const trimmed = planType.trim();
+    if (!trimmed)
+        return undefined;
+    const mapped = PLAN_TYPE_LABELS[trimmed.toLowerCase()];
+    return mapped ?? trimmed;
+}
 const STORAGE_FILE = "openai-codex-accounts.json";
 const AUTH_DEBUG_ENABLED = process.env.OPENCODE_OPENAI_AUTH_DEBUG === "1";
+const MAX_QUARANTINE_FILES = 20;
+const MAX_BACKUP_FILES = 20;
+let storagePathOverride = null;
+let storageScopeOverride = "global";
+function findClosestProjectAccountsFile(startDir) {
+    let current = resolve(startDir);
+    // Walk up to filesystem root.
+    while (true) {
+        const candidate = join(current, ".opencode", STORAGE_FILE);
+        if (existsSync(candidate))
+            return candidate;
+        const parent = dirname(current);
+        if (parent === current)
+            return null;
+        current = parent;
+    }
+}
+export function configureStorageForCwd(options) {
+    if (!options.perProjectAccounts) {
+        storagePathOverride = null;
+        storageScopeOverride = "global";
+        return { scope: "global", storagePath: getStoragePath() };
+    }
+    const projectPath = findClosestProjectAccountsFile(options.cwd);
+    if (projectPath) {
+        storagePathOverride = projectPath;
+        storageScopeOverride = "project";
+        return { scope: "project", storagePath: projectPath };
+    }
+    storagePathOverride = null;
+    storageScopeOverride = "global";
+    return { scope: "global", storagePath: getStoragePath() };
+}
+export function getStorageScope() {
+    return { scope: storageScopeOverride, storagePath: getStoragePath() };
+}
 function debug(...args) {
     if (!AUTH_DEBUG_ENABLED)
         return;
     console.debug(...args);
 }
+function hasCompleteIdentity(record) {
+    return Boolean(record.accountId && record.email && record.plan);
+}
+function normalizeAccountRecord(candidate, now) {
+    if (!candidate || typeof candidate !== "object")
+        return null;
+    const record = candidate;
+    const refreshTokenRaw = typeof record.refreshToken === "string"
+        ? record.refreshToken
+        : typeof record.refresh_token === "string"
+            ? record.refresh_token
+            : typeof record.refresh === "string"
+                ? record.refresh
+                : undefined;
+    const refreshToken = typeof refreshTokenRaw === "string" ? refreshTokenRaw.trim() : "";
+    if (!refreshToken)
+        return null;
+    const accountIdRaw = typeof record.accountId === "string"
+        ? record.accountId
+        : typeof record.account_id === "string"
+            ? record.account_id
+            : undefined;
+    const accountId = typeof accountIdRaw === "string" && accountIdRaw.trim() ? accountIdRaw : undefined;
+    const emailRaw = typeof record.email === "string" ? record.email : undefined;
+    const email = typeof emailRaw === "string" && emailRaw.trim() ? emailRaw : undefined;
+    const planRaw = typeof record.plan === "string"
+        ? record.plan
+        : typeof record.chatgpt_plan_type === "string"
+            ? record.chatgpt_plan_type
+            : undefined;
+    const plan = normalizePlanType(planRaw);
+    const enabled = typeof record.enabled === "boolean" ? record.enabled : undefined;
+    const addedAt = typeof record.addedAt === "number" && Number.isFinite(record.addedAt)
+        ? record.addedAt
+        : now;
+    const lastUsed = typeof record.lastUsed === "number" && Number.isFinite(record.lastUsed)
+        ? record.lastUsed
+        : now;
+    const lastSwitchReason = typeof record.lastSwitchReason === "string" ? record.lastSwitchReason : undefined;
+    const rateLimitResetTimes = record.rateLimitResetTimes && typeof record.rateLimitResetTimes === "object"
+        ? record.rateLimitResetTimes
+        : undefined;
+    const coolingDownUntil = typeof record.coolingDownUntil === "number" && Number.isFinite(record.coolingDownUntil)
+        ? record.coolingDownUntil
+        : undefined;
+    const cooldownReasonRaw = typeof record.cooldownReason === "string" ? record.cooldownReason : undefined;
+    const cooldownReason = cooldownReasonRaw === "auth-failure" ? "auth-failure" : undefined;
+    return {
+        refreshToken,
+        accountId,
+        email,
+        plan,
+        enabled,
+        addedAt: Math.max(0, Math.floor(addedAt)),
+        lastUsed: Math.max(0, Math.floor(lastUsed)),
+        lastSwitchReason: lastSwitchReason === "rate-limit" ||
+            lastSwitchReason === "initial" ||
+            lastSwitchReason === "rotation"
+            ? lastSwitchReason
+            : undefined,
+        rateLimitResetTimes,
+        coolingDownUntil,
+        cooldownReason,
+    };
+}
 const LOCK_OPTIONS = {
     stale: 10_000,
     retries: {
@@ -21,9 +140,16 @@ const LOCK_OPTIONS = {
     },
     realpath: false,
 };
+async function ensureFileExists(path) {
+    if (existsSync(path))
+        return;
+    await fs.mkdir(dirname(path), { recursive: true });
+    await fs.writeFile(path, JSON.stringify({ version: 3, accounts: [], activeIndex: 0, activeIndexByFamily: {} }, null, 2), "utf-8");
+}
 async function withFileLock(path, fn) {
     let release = null;
     try {
+        await ensureFileExists(path).catch(() => undefined);
         release = await lockfile.lock(path, LOCK_OPTIONS);
         return await fn();
     }
@@ -38,6 +164,79 @@ async function withFileLock(path, fn) {
         }
     }
 }
+async function ensurePrivateFileMode(path) {
+    try {
+        // Best-effort: make quarantine files readable only by the current user.
+        await fs.chmod(path, 0o600);
+    }
+    catch {
+        // ignore (unsupported on some platforms/filesystems)
+    }
+}
+async function cleanupQuarantineFiles(storagePath) {
+    try {
+        const dir = dirname(storagePath);
+        const entries = await fs.readdir(dir);
+        const prefix = `${STORAGE_FILE}.quarantine-`;
+        const matches = entries
+            .filter((name) => name.startsWith(prefix) && name.endsWith(".json"))
+            .map((name) => {
+            const stampRaw = name.slice(prefix.length, name.length - ".json".length);
+            const stamp = Number.parseInt(stampRaw, 10);
+            return {
+                name,
+                stamp: Number.isFinite(stamp) ? stamp : 0,
+            };
+        })
+            .sort((a, b) => a.stamp - b.stamp);
+        if (matches.length <= MAX_QUARANTINE_FILES)
+            return;
+        const toDelete = matches.slice(0, matches.length - MAX_QUARANTINE_FILES);
+        await Promise.all(toDelete.map(async (entry) => {
+            try {
+                await fs.unlink(join(dir, entry.name));
+            }
+            catch {
+                // ignore per-file deletion failures
+            }
+        }));
+    }
+    catch {
+        // ignore cleanup failures
+    }
+}
+async function cleanupBackupFiles(storagePath) {
+    try {
+        const dir = dirname(storagePath);
+        const entries = await fs.readdir(dir);
+        const prefix = `${STORAGE_FILE}.bak-`;
+        const matches = entries
+            .filter((name) => name.startsWith(prefix))
+            .map((name) => {
+            const stampRaw = name.slice(prefix.length);
+            const stamp = Number.parseInt(stampRaw, 10);
+            return {
+                name,
+                stamp: Number.isFinite(stamp) ? stamp : 0,
+            };
+        })
+            .sort((a, b) => a.stamp - b.stamp);
+        if (matches.length <= MAX_BACKUP_FILES)
+            return;
+        const toDelete = matches.slice(0, matches.length - MAX_BACKUP_FILES);
+        await Promise.all(toDelete.map(async (entry) => {
+            try {
+                await fs.unlink(join(dir, entry.name));
+            }
+            catch {
+                // ignore per-file deletion failures
+            }
+        }));
+    }
+    catch {
+        // ignore cleanup failures
+    }
+}
 function getOpencodeConfigDir() {
     const xdgConfigHome = process.env.XDG_CONFIG_HOME;
     if (xdgConfigHome && xdgConfigHome.trim()) {
@@ -49,6 +248,8 @@ function getLegacyOpencodeDir() {
     return join(homedir(), ".opencode");
 }
 export function getStoragePath() {
+    if (storagePathOverride)
+        return storagePathOverride;
     return join(getOpencodeConfigDir(), STORAGE_FILE);
 }
 export async function backupAccountsFile() {
@@ -60,6 +261,8 @@ export async function backupAccountsFile() {
         if (!existsSync(filePath))
             return;
         await fs.copyFile(filePath, backupPath);
+        await ensurePrivateFileMode(backupPath);
+        await cleanupBackupFiles(filePath);
     });
     return backupPath;
 }
@@ -68,68 +271,6 @@ function getLegacyStoragePath() {
 }
 function normalizeStorage(parsed) {
     const now = Date.now();
-    const normalizeAccountRecord = (candidate) => {
-        if (!candidate || typeof candidate !== "object")
-            return null;
-        const record = candidate;
-        const refreshTokenRaw = typeof record.refreshToken === "string"
-            ? record.refreshToken
-            : typeof record.refresh_token === "string"
-                ? record.refresh_token
-                : typeof record.refresh === "string"
-                    ? record.refresh
-                    : undefined;
-        const refreshToken = typeof refreshTokenRaw === "string" ? refreshTokenRaw.trim() : "";
-        if (!refreshToken)
-            return null;
-        const accountIdRaw = typeof record.accountId === "string"
-            ? record.accountId
-            : typeof record.account_id === "string"
-                ? record.account_id
-                : undefined;
-        const accountId = typeof accountIdRaw === "string" && accountIdRaw.trim() ? accountIdRaw : undefined;
-        const emailRaw = typeof record.email === "string" ? record.email : undefined;
-        const email = typeof emailRaw === "string" && emailRaw.trim() ? emailRaw : undefined;
-        const planRaw = typeof record.plan === "string"
-            ? record.plan
-            : typeof record.chatgpt_plan_type === "string"
-                ? record.chatgpt_plan_type
-                : undefined;
-        const plan = typeof planRaw === "string" && planRaw.trim() ? planRaw : undefined;
-        const enabled = typeof record.enabled === "boolean" ? record.enabled : undefined;
-        const addedAt = typeof record.addedAt === "number" && Number.isFinite(record.addedAt)
-            ? record.addedAt
-            : now;
-        const lastUsed = typeof record.lastUsed === "number" && Number.isFinite(record.lastUsed)
-            ? record.lastUsed
-            : now;
-        const lastSwitchReason = typeof record.lastSwitchReason === "string" ? record.lastSwitchReason : undefined;
-        const rateLimitResetTimes = record.rateLimitResetTimes && typeof record.rateLimitResetTimes === "object"
-            ? record.rateLimitResetTimes
-            : undefined;
-        const coolingDownUntil = typeof record.coolingDownUntil === "number" && Number.isFinite(record.coolingDownUntil)
-            ? record.coolingDownUntil
-            : undefined;
-        const cooldownReasonRaw = typeof record.cooldownReason === "string" ? record.cooldownReason : undefined;
-        const cooldownReason = cooldownReasonRaw === "auth-failure" ? "auth-failure" : undefined;
-        return {
-            refreshToken,
-            accountId,
-            email,
-            plan,
-            enabled,
-            addedAt: Math.max(0, Math.floor(addedAt)),
-            lastUsed: Math.max(0, Math.floor(lastUsed)),
-            lastSwitchReason: lastSwitchReason === "rate-limit" ||
-                lastSwitchReason === "initial" ||
-                lastSwitchReason === "rotation"
-                ? lastSwitchReason
-                : undefined,
-            rateLimitResetTimes,
-            coolingDownUntil,
-            cooldownReason,
-        };
-    };
     let accountsSource;
     let activeIndexSource = 0;
     let activeIndexByFamilySource = undefined;
@@ -148,7 +289,7 @@ function normalizeStorage(parsed) {
     if (!Array.isArray(accountsSource))
         return null;
     const normalizedAccounts = accountsSource
-        .map(normalizeAccountRecord)
+        .map((entry) => normalizeAccountRecord(entry, now))
         .filter((a) => a !== null);
     const activeIndexRaw = typeof activeIndexSource === "number" && Number.isFinite(activeIndexSource)
         ? Math.max(0, Math.floor(activeIndexSource))
@@ -237,15 +378,18 @@ function dedupeRefreshTokens(accounts) {
     }
     return { accounts: deduped, changed };
 }
-function mergeAccounts(existing, incoming) {
+function mergeAccounts(existing, incoming, options) {
     const merged = existing.map((account) => ({ ...account }));
     let changed = false;
     for (const candidate of incoming) {
-        const matchIndex = findAccountMatchIndex(merged, {
+        let matchIndex = findAccountMatchIndex(merged, {
             accountId: candidate.accountId,
             plan: candidate.plan,
             email: candidate.email,
         });
+        if (matchIndex < 0 && (!candidate.accountId || !candidate.email || !candidate.plan)) {
+            matchIndex = merged.findIndex((account) => account.refreshToken === candidate.refreshToken);
+        }
         if (matchIndex < 0) {
             merged.push({ ...candidate });
             changed = true;
@@ -255,8 +399,11 @@ function mergeAccounts(existing, incoming) {
         const updated = { ...current };
         let didUpdate = false;
         if (candidate.refreshToken && candidate.refreshToken !== updated.refreshToken) {
-            updated.refreshToken = candidate.refreshToken;
-            didUpdate = true;
+            const shouldPreserve = options?.preserveRefreshTokens === true;
+            if (!shouldPreserve || !updated.refreshToken) {
+                updated.refreshToken = candidate.refreshToken;
+                didUpdate = true;
+            }
         }
         if (!updated.accountId && candidate.accountId) {
             updated.accountId = candidate.accountId;
@@ -340,18 +487,33 @@ function mergeAccounts(existing, incoming) {
         changed = true;
     return { accounts: deduped.accounts, changed };
 }
-function mergeAccountStorage(existing, incoming) {
-    const { accounts: mergedAccounts } = mergeAccounts(existing.accounts, incoming.accounts);
-    const incomingActive = incoming.activeIndex >= 0 && incoming.activeIndex < incoming.accounts.length
-        ? incoming.accounts[incoming.activeIndex]
-        : null;
-    const mappedIndex = incomingActive
-        ? findAccountMatchIndex(mergedAccounts, {
-            accountId: incomingActive.accountId,
-            plan: incomingActive.plan,
-            email: incomingActive.email,
-        })
-        : -1;
+function findAccountIndexByIdentityOrToken(accounts, candidate) {
+    if (!candidate)
+        return -1;
+    const matchIndex = findAccountMatchIndex(accounts, {
+        accountId: candidate.accountId,
+        plan: candidate.plan,
+        email: candidate.email,
+    });
+    if (matchIndex >= 0)
+        return matchIndex;
+    if (!candidate.accountId || !candidate.email || !candidate.plan) {
+        return accounts.findIndex((account) => account.refreshToken === candidate.refreshToken);
+    }
+    return -1;
+}
+function mergeAccountStorage(existing, incoming, options) {
+    const { accounts: mergedAccounts } = mergeAccounts(existing.accounts, incoming.accounts, options);
+    const getAccountAtIndex = (source, index) => {
+        if (typeof index !== "number" || !Number.isFinite(index))
+            return null;
+        if (source.accounts.length === 0)
+            return null;
+        const clamped = Math.min(Math.max(0, Math.floor(index)), source.accounts.length - 1);
+        return source.accounts[clamped] ?? null;
+    };
+    const incomingActive = getAccountAtIndex(incoming, incoming.activeIndex);
+    const mappedIndex = findAccountIndexByIdentityOrToken(mergedAccounts, incomingActive);
     const baseActiveIndex = mappedIndex >= 0
         ? mappedIndex
         : incoming.accounts.length > 0
@@ -360,10 +522,22 @@ function mergeAccountStorage(existing, incoming) {
     const activeIndex = mergedAccounts.length > 0
         ? Math.min(Math.max(0, baseActiveIndex), mergedAccounts.length - 1)
         : 0;
-    const activeIndexByFamily = {
-        ...(existing.activeIndexByFamily ?? {}),
-        ...(incoming.activeIndexByFamily ?? {}),
-    };
+    const activeIndexByFamily = {};
+    const families = new Set([
+        ...Object.keys(existing.activeIndexByFamily ?? {}),
+        ...Object.keys(incoming.activeIndexByFamily ?? {}),
+    ]);
+    for (const family of families) {
+        const incomingIndex = incoming.activeIndexByFamily?.[family];
+        const incomingAccount = getAccountAtIndex(incoming, incomingIndex);
+        let mappedFamilyIndex = findAccountIndexByIdentityOrToken(mergedAccounts, incomingAccount);
+        if (mappedFamilyIndex < 0) {
+            const existingIndex = existing.activeIndexByFamily?.[family];
+            const existingAccount = getAccountAtIndex(existing, existingIndex);
+            mappedFamilyIndex = findAccountIndexByIdentityOrToken(mergedAccounts, existingAccount);
+        }
+        activeIndexByFamily[family] = mappedFamilyIndex >= 0 ? mappedFamilyIndex : activeIndex;
+    }
     return {
         version: 3,
         accounts: mergedAccounts,
@@ -374,26 +548,17 @@ function mergeAccountStorage(existing, incoming) {
 async function migrateLegacyAccountsFileIfNeeded() {
     const newPath = getStoragePath();
     const legacyPath = getLegacyStoragePath();
-    const newExists = existsSync(newPath);
-    const legacyExists = existsSync(legacyPath);
-    if (!legacyExists)
+    if (!existsSync(legacyPath))
         return;
-    if (!newExists) {
-        await fs.mkdir(dirname(newPath), { recursive: true });
-        try {
-            await fs.rename(legacyPath, newPath);
-        }
-        catch {
-            try {
-                await fs.copyFile(legacyPath, newPath);
-                await fs.unlink(legacyPath);
-            }
-            catch {
-                // Best-effort; ignore.
-            }
-        }
+    await withFileLock(newPath, async () => {
+        await migrateLegacyAccountsFileIfNeededLocked(newPath, legacyPath);
+    });
+}
+async function migrateLegacyAccountsFileIfNeededLocked(newPath, legacyPath) {
+    if (getStorageScope().scope === "project")
+        return;
+    if (!existsSync(legacyPath))
         return;
-    }
     try {
         const [newRaw, legacyRaw] = await Promise.all([
             fs.readFile(newPath, "utf-8"),
@@ -406,6 +571,12 @@ async function migrateLegacyAccountsFileIfNeeded() {
         if (!newStorage) {
             debug("[StorageMigration] New storage invalid, adopting legacy accounts");
             await fs.writeFile(newPath, JSON.stringify(legacyStorage, null, 2), "utf-8");
+            try {
+                await fs.unlink(legacyPath);
+            }
+            catch {
+                // Best-effort; ignore.
+            }
             return;
         }
         const { accounts: mergedAccounts, changed } = mergeAccounts(newStorage.accounts, legacyStorage.accounts);
@@ -438,6 +609,209 @@ async function migrateLegacyAccountsFileIfNeeded() {
         // Best-effort; ignore.
     }
 }
+export async function loadAccountsUnsafe(filePath) {
+    try {
+        const raw = await fs.readFile(filePath, "utf-8");
+        const parsed = JSON.parse(raw);
+        return normalizeStorage(parsed);
+    }
+    catch {
+        return null;
+    }
+}
+export async function saveAccountsWithLock(mergeFn) {
+    const filePath = getStoragePath();
+    debug(`[SaveAccountsWithLock] Saving to ${filePath}`);
+    try {
+        await withFileLock(filePath, async () => {
+            await migrateLegacyAccountsFileIfNeededLocked(filePath, getLegacyStoragePath());
+            const existing = await loadAccountsUnsafe(filePath);
+            const mergedStorage = mergeFn(existing);
+            const jsonContent = JSON.stringify(mergedStorage, null, 2);
+            debug(`[SaveAccountsWithLock] Writing ${jsonContent.length} bytes`);
+            const tmpPath = `${filePath}.${randomBytes(6).toString("hex")}.tmp`;
+            try {
+                await fs.writeFile(tmpPath, jsonContent, "utf-8");
+                await fs.rename(tmpPath, filePath);
+            }
+            catch (error) {
+                try {
+                    await fs.unlink(tmpPath);
+                }
+                catch {
+                    // ignore cleanup errors
+                }
+                throw error;
+            }
+        });
+    }
+    catch (error) {
+        console.error("[SaveAccountsWithLock] Error saving accounts:", error);
+        throw error;
+    }
+}
+function extractAccountsSource(parsed) {
+    if (Array.isArray(parsed)) {
+        return { accountsSource: parsed, activeIndexSource: 0, activeIndexByFamilySource: undefined };
+    }
+    if (parsed && typeof parsed === "object") {
+        const storage = parsed;
+        if (!Array.isArray(storage.accounts))
+            return null;
+        return {
+            accountsSource: storage.accounts,
+            activeIndexSource: storage.activeIndex,
+            activeIndexByFamilySource: storage.activeIndexByFamily,
+        };
+    }
+    return null;
+}
+export async function inspectAccountsFile() {
+    const filePath = getStoragePath();
+    if (!existsSync(filePath)) {
+        return { status: "missing", corruptEntries: [], legacyEntries: [], validEntries: [] };
+    }
+    try {
+        const raw = await fs.readFile(filePath, "utf-8");
+        const parsed = JSON.parse(raw);
+        const source = extractAccountsSource(parsed);
+        if (!source) {
+            return {
+                status: "corrupt-file",
+                reason: "invalid-shape",
+                corruptEntries: [],
+                legacyEntries: [],
+                validEntries: [],
+            };
+        }
+        const now = Date.now();
+        const corruptEntries = [];
+        const legacyEntries = [];
+        const validEntries = [];
+        for (const entry of source.accountsSource) {
+            const normalized = normalizeAccountRecord(entry, now);
+            if (!normalized) {
+                corruptEntries.push(entry);
+                continue;
+            }
+            if (!hasCompleteIdentity(normalized)) {
+                legacyEntries.push(normalized);
+                continue;
+            }
+            validEntries.push(normalized);
+        }
+        if (corruptEntries.length > 0 || legacyEntries.length > 0) {
+            return {
+                status: "needs-repair",
+                corruptEntries,
+                legacyEntries,
+                validEntries,
+            };
+        }
+        return { status: "ok", corruptEntries: [], legacyEntries: [], validEntries };
+    }
+    catch {
+        return {
+            status: "corrupt-file",
+            reason: "parse-error",
+            corruptEntries: [],
+            legacyEntries: [],
+            validEntries: [],
+        };
+    }
+}
+async function writeAccountsFile(storage) {
+    const filePath = getStoragePath();
+    await withFileLock(filePath, async () => {
+        const jsonContent = JSON.stringify(storage, null, 2);
+        const tmpPath = `${filePath}.${randomBytes(6).toString("hex")}.tmp`;
+        try {
+            await fs.writeFile(tmpPath, jsonContent, "utf-8");
+            await fs.rename(tmpPath, filePath);
+        }
+        catch (error) {
+            try {
+                await fs.unlink(tmpPath);
+            }
+            catch {
+                // ignore cleanup errors
+            }
+            throw error;
+        }
+    });
+}
+export async function writeQuarantineFile(records, reason) {
+    const filePath = getStoragePath();
+    const quarantinePath = `${filePath}.quarantine-${Date.now()}.json`;
+    await fs.mkdir(dirname(filePath), { recursive: true });
+    const payload = {
+        reason,
+        quarantinedAt: new Date().toISOString(),
+        records,
+    };
+    if (existsSync(filePath)) {
+        await withFileLock(filePath, async () => {
+            await fs.writeFile(quarantinePath, JSON.stringify(payload, null, 2), "utf-8");
+            await ensurePrivateFileMode(quarantinePath);
+            await cleanupQuarantineFiles(filePath);
+        });
+        return quarantinePath;
+    }
+    await fs.writeFile(quarantinePath, JSON.stringify(payload, null, 2), "utf-8");
+    await ensurePrivateFileMode(quarantinePath);
+    await cleanupQuarantineFiles(filePath);
+    return quarantinePath;
+}
+export async function replaceAccountsFile(storage) {
+    await writeAccountsFile(storage);
+}
+export async function quarantineCorruptFile() {
+    const filePath = getStoragePath();
+    if (!existsSync(filePath))
+        return null;
+    const quarantinePath = `${filePath}.quarantine-${Date.now()}.json`;
+    await withFileLock(filePath, async () => {
+        if (!existsSync(filePath))
+            return;
+        await fs.copyFile(filePath, quarantinePath);
+        await ensurePrivateFileMode(quarantinePath);
+        await cleanupQuarantineFiles(filePath);
+    });
+    await writeAccountsFile({
+        version: 3,
+        accounts: [],
+        activeIndex: 0,
+        activeIndexByFamily: {},
+    });
+    return quarantinePath;
+}
+export async function autoQuarantineCorruptAccountsFile() {
+    const inspection = await inspectAccountsFile();
+    if (inspection.status !== "corrupt-file")
+        return null;
+    return await quarantineCorruptFile();
+}
+export async function quarantineAccounts(storage, entries, reason) {
+    if (!entries.length) {
+        return { storage, quarantinePath: await writeQuarantineFile([], reason) };
+    }
+    const tokens = new Set(entries.map((entry) => entry.refreshToken));
+    const remaining = storage.accounts.filter((account) => !tokens.has(account.refreshToken));
+    const normalized = normalizeStorage({
+        accounts: remaining,
+        activeIndex: storage.activeIndex,
+        activeIndexByFamily: storage.activeIndexByFamily,
+    });
+    const updated = normalized ?? {
+        version: 3,
+        accounts: [],
+        activeIndex: 0,
+        activeIndexByFamily: {},
+    };
+    const quarantinePath = await writeQuarantineFile(entries, reason);
+    await writeAccountsFile(updated);
+    return { storage: updated, quarantinePath };
+}
 export async function loadAccounts() {
     await migrateLegacyAccountsFileIfNeeded();
     const filePath = getStoragePath();
@@ -471,27 +845,32 @@ export function toggleAccountEnabled(storage, index) {
     });
     return { ...storage, accounts };
 }
-export async function saveAccounts(storage) {
+export async function saveAccounts(storage, options) {
     const filePath = getStoragePath();
     debug(`[SaveAccounts] Saving to ${filePath} with ${storage.accounts.length} accounts`);
     try {
-        await fs.mkdir(dirname(filePath), { recursive: true });
-        if (!existsSync(filePath)) {
-            await fs.writeFile(filePath, JSON.stringify({
-                version: 3,
-                accounts: [],
-                activeIndex: 0,
-                activeIndexByFamily: {},
-            }, null, 2), "utf-8");
-        }
         await withFileLock(filePath, async () => {
-            const existing = await loadAccounts().catch(() => null);
-            const mergedStorage = existing ? mergeAccountStorage(existing, storage) : storage;
+            await migrateLegacyAccountsFileIfNeededLocked(filePath, getLegacyStoragePath());
+            const existing = await loadAccountsUnsafe(filePath);
+            const mergedStorage = existing && !options?.replace
+                ? mergeAccountStorage(existing, storage, options)
+                : storage;
             const jsonContent = JSON.stringify(mergedStorage, null, 2);
             debug(`[SaveAccounts] Writing ${jsonContent.length} bytes`);
             const tmpPath = `${filePath}.${randomBytes(6).toString("hex")}.tmp`;
-            await fs.writeFile(tmpPath, jsonContent, "utf-8");
-            await fs.rename(tmpPath, filePath);
+            try {
+                await fs.writeFile(tmpPath, jsonContent, "utf-8");
+                await fs.rename(tmpPath, filePath);
+            }
+            catch (error) {
+                try {
+                    await fs.unlink(tmpPath);
+                }
+                catch {
+                    // ignore cleanup errors
+                }
+                throw error;
+            }
             if (AUTH_DEBUG_ENABLED) {
                 const verifyContent = await fs.readFile(filePath, "utf-8");
                 const verifyStorage = normalizeStorage(JSON.parse(verifyContent));