fix(auth): verify SQLite auth migration before cleanup

fuller-stack-dev · velvet-shark · web-flow · commit e24c3df27d28 · 2026-06-10T17:18:18.000+02:00
Verify imported auth profiles and auth runtime state can be read back from the canonical SQLite store before doctor removes legacy JSON auth files. The migration now keeps legacy JSON in place with a warning when SQLite verification misses expected imported data, avoiding source cleanup before durable readback succeeds. Verification: - `scripts/pr review-tests 91740 src/commands/doctor-auth-flat-profiles.test.ts` - `./node_modules/.bin/oxfmt --check src/commands/doctor-auth-flat-profiles.ts src/commands/doctor-auth-flat-profiles.test.ts` - `./node_modules/.bin/oxlint src/commands/doctor-auth-flat-profiles.ts src/commands/doctor-auth-flat-profiles.test.ts` - `scripts/pr-prepare gates 91740` passed `pnpm build` and `pnpm check`; broad local `pnpm test` failed in unrelated baseline shards and was explicitly waived by maintainer. - Real behavior proof: https://github.com/openclaw/openclaw/actions/runs/27285927515/job/80593035530 Co-authored-by: fuller-stack-dev <263060202+fuller-stack-dev@users.noreply.github.com> Co-authored-by: Radek Sienkiewicz <velvet-shark@users.noreply.github.com>
diff --git a/src/commands/doctor-auth-flat-profiles.test.ts b/src/commands/doctor-auth-flat-profiles.test.ts
@@ -409,6 +409,39 @@ describe("maybeMigrateAuthProfileJsonStoresToSqlite", () => {
     expect(fs.existsSync(authPath)).toBe(false);
     expect(fs.existsSync(`${authPath}.sqlite-import.458.bak`)).toBe(true);
   });
+
+  it("keeps legacy JSON when SQLite verification misses an imported profile", async () => {
+    const state = await makeTestState();
+    const authPath = await writeLegacyAuthProfilesJson(state, {
+      version: 1,
+      profiles: {
+        "openrouter:default": {
+          type: "api_key",
+          provider: "openrouter",
+          key: "sk-openrouter",
+        },
+      },
+    });
+
+    const result = await maybeMigrateAuthProfileJsonStoresToSqlite({
+      cfg: {},
+      prompter: makePrompter(true),
+      now: () => 464,
+      deps: {
+        loadPersistedAuthProfileStore: () => ({
+          version: 1,
+          profiles: {},
+        }),
+      },
+    });
+
+    expect(result.changes).toStrictEqual([]);
+    expect(result.warnings).toStrictEqual([
+      `Left auth profile JSON in place for ${authPath} because SQLite verification did not find imported profile(s): openrouter:default.`,
+    ]);
+    expect(fs.existsSync(authPath)).toBe(true);
+    expect(fs.existsSync(`${authPath}.sqlite-import.464.bak`)).toBe(false);
+  });
 });
 
 describe("maybeRepairLegacyFlatAuthProfileStores", () => {
diff --git a/src/commands/doctor-auth-flat-profiles.ts b/src/commands/doctor-auth-flat-profiles.ts
@@ -354,6 +354,46 @@ function mergeImportedAuthProfileState(params: {
   };
 }
 
+function formatMissingAuthProfileSqliteVerification(params: {
+  expected: AuthProfileStore;
+  importedProfileIds: ReadonlySet<string>;
+  loaded: AuthProfileStore | null;
+}): string | null {
+  const missingProfileIds = [...params.importedProfileIds].filter(
+    (profileId) => !params.loaded?.profiles[profileId],
+  );
+  const missingStateFields: string[] = [];
+  for (const [provider, profileIds] of Object.entries(params.expected.order ?? {})) {
+    const loadedProfileIds = params.loaded?.order?.[provider];
+    if (
+      !loadedProfileIds ||
+      loadedProfileIds.length !== profileIds.length ||
+      loadedProfileIds.some((profileId, index) => profileId !== profileIds[index])
+    ) {
+      missingStateFields.push(`order.${provider}`);
+    }
+  }
+  for (const [provider, profileId] of Object.entries(params.expected.lastGood ?? {})) {
+    if (params.loaded?.lastGood?.[provider] !== profileId) {
+      missingStateFields.push(`lastGood.${provider}`);
+    }
+  }
+  for (const profileId of Object.keys(params.expected.usageStats ?? {})) {
+    if (!params.loaded?.usageStats?.[profileId]) {
+      missingStateFields.push(`usageStats.${profileId}`);
+    }
+  }
+
+  const parts: string[] = [];
+  if (missingProfileIds.length > 0) {
+    parts.push(`imported profile(s): ${missingProfileIds.toSorted().join(", ")}`);
+  }
+  if (missingStateFields.length > 0) {
+    parts.push(`auth state field(s): ${missingStateFields.toSorted().join(", ")}`);
+  }
+  return parts.length > 0 ? parts.join("; ") : null;
+}
+
 function filterRawAuthProfileState(
   raw: Record<string, unknown>,
   shouldKeepProfileId: (profileId: string) => boolean,
@@ -483,9 +523,14 @@ export async function maybeMigrateAuthProfileJsonStoresToSqlite(params: {
   prompter: Pick<DoctorPrompter, "confirmAutoFix">;
   now?: () => number;
   env?: NodeJS.ProcessEnv;
+  deps?: {
+    loadPersistedAuthProfileStore?: typeof loadPersistedAuthProfileStore;
+  };
 }): Promise<LegacyFlatAuthProfileRepairResult> {
   const now = params.now ?? Date.now;
   const env = params.env ?? process.env;
+  const loadMigratedStore =
+    params.deps?.loadPersistedAuthProfileStore ?? loadPersistedAuthProfileStore;
   const candidates = listAuthProfileSqliteMigrationCandidates(params.cfg, env);
   const detected = candidates.filter(
     (candidate) =>
@@ -582,23 +627,30 @@ export async function maybeMigrateAuthProfileJsonStoresToSqlite(params: {
         continue;
       }
 
-      const existing = loadPersistedAuthProfileStore(candidate.agentDir) ?? {
+      const existing = loadMigratedStore(candidate.agentDir) ?? {
         version: AUTH_STORE_VERSION,
         profiles: {},
       };
       const existingProfileIds = new Set(Object.keys(existing.profiles));
       const existingState = coerceAuthProfileState(existing);
       let next: AuthProfileStore = { ...existing };
+      const importedProfileIds = new Set<string>();
       if (legacyStore) {
         const legacyAsStore: AuthProfileStore = { version: AUTH_STORE_VERSION, profiles: {} };
         applyLegacyAuthStore(legacyAsStore, legacyStore);
+        for (const profileId of Object.keys(legacyAsStore.profiles)) {
+          importedProfileIds.add(profileId);
+        }
         next = mergeImportedAuthProfiles({
           store: next,
           profiles: legacyAsStore.profiles,
           existingProfileIds,
         });
       }
       if (canonicalStore) {
+        for (const profileId of Object.keys(canonicalStore.profiles)) {
+          importedProfileIds.add(profileId);
+        }
         next = {
           ...next,
           version: Math.max(next.version, canonicalStore.version),
@@ -631,6 +683,17 @@ export async function maybeMigrateAuthProfileJsonStoresToSqlite(params: {
           preserveStateProfileIds: stateProfileIds,
           syncExternalCli: false,
         });
+        const verificationFailure = formatMissingAuthProfileSqliteVerification({
+          expected: next,
+          importedProfileIds,
+          loaded: loadMigratedStore(candidate.agentDir),
+        });
+        if (verificationFailure) {
+          result.warnings.push(
+            `Left auth profile JSON in place for ${shortenHomePath(candidate.authPath)} because SQLite verification did not find ${verificationFailure}.`,
+          );
+          continue;
+        }
       }
 
       const backups: string[] = [];
