From b540f6924809686c45eda6534008f5ba33fe643f Mon Sep 17 00:00:00 2001
From: A <258483684+la14-1@users.noreply.github.com>
Date: Mon, 16 Feb 2026 17:28:35 -0800
Subject: [PATCH] fix: track OAuth temp directories for cleanup on exit (#1344)

Security review complete. Merge conflict resolved (combined error handling + track_temp_file). All tests passed (80/80). Low-risk reliability fix.
---
 shared/common.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/shared/common.sh b/shared/common.sh
index f44729af..eb3f14c1 100644
--- a/shared/common.sh
+++ b/shared/common.sh
@@ -943,6 +943,9 @@ _init_oauth_session() {
         return 1
     fi
 
+    # Track directory for cleanup on exit
+    track_temp_file "${oauth_dir}"
+
     # SECURITY: Generate random CSRF state token (32 hex chars = 128 bits)
     local csrf_state
     csrf_state=$(_generate_csrf_state)
@@ -1253,7 +1256,7 @@ track_temp_file() {
     CLEANUP_TEMP_FILES+=("${temp_file}")
 }
 
-# Cleanup function for temporary files
+# Cleanup function for temporary files and directories
 # Called automatically on EXIT, INT, TERM signals
 cleanup_temp_files() {
     local exit_code=$?
@@ -1262,6 +1265,9 @@ cleanup_temp_files() {
         if [[ -f "${temp_file}" ]]; then
             # Securely remove temp files (may contain credentials)
             shred -f -u "${temp_file}" 2>/dev/null || rm -f "${temp_file}"
+        elif [[ -d "${temp_file}" ]]; then
+            # Remove temp directories (e.g., OAuth session dirs)
+            rm -rf "${temp_file}"
         fi
     done