fix: preserve DB auth when disk auth.json is absent during Codex provider switch

[BFlameSwift]

Summary

Fixes #87 — provider switch overwrites synced DB auth with empty disk state.

When switching Codex providers, backfill_codex_current() and refresh_provider_snapshot() read auth from ~/.codex/auth.json. If the file is missing (e.g. after a WebDAV sync that only populated the DB), the code previously used None, which overwrote valid DB-synced OAuth tokens with empty data.

Changes

• codex.rs / backfill_codex_current(): When auth.json doesn't exist on disk, fall back to current_provider.settings_config["auth"] (the DB snapshot) instead of None
• mod.rs / refresh_provider_snapshot(): Same fix — when auth.json doesn't exist on disk, fall back to provider.settings_config["auth"] (the DB snapshot) instead of None

Root Cause

The provider switch followed a flawed execution order:

1. Read ~/.codex/auth.json from disk (empty/missing after fresh WebDAV sync)
2. Write that empty disk state back into the DB, destroying valid synced auth
3. Write config files from the DB, which now contains empty auth

Fix

Both functions now check if auth.json exists on disk first (preferred, as it may be fresher). If absent, they fall back to the existing DB auth rather than using None. This ensures WebDAV-synced credentials survive a provider switch.

Backward Compatibility

The existing test switch_codex_succeeds_without_auth_json remains valid — when a provider has no auth in either disk or DB, the result is still None.

Test plan

• Verify existing test switch_codex_succeeds_without_auth_json still passes
• Verify codex_switch_removes_existing_auth_json_for_openai_official_provider still passes
• Reproduce the WebDAV sync scenario: sync OAuth tokens via WebDAV, delete auth.json, run provider switch, verify DB auth is preserved

🤖 Generated with Claude Code

[SaladDay]

thanks！🙂