From 48ab5625770655bbf9e5ea33311a90953e35bfa9 Mon Sep 17 00:00:00 2001
From: mawkone <mark@getacquired.com>
Date: Thu, 4 Jun 2026 11:01:03 -0700
Subject: [PATCH] fix(frontend): remove infinite localStorage caching of
 mcp_token to prevent unauthorized lockout

---
 vibn-frontend/components/vibn-chat/chat-panel.tsx | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/vibn-frontend/components/vibn-chat/chat-panel.tsx b/vibn-frontend/components/vibn-chat/chat-panel.tsx
index fc02ef74..f0508216 100644
--- a/vibn-frontend/components/vibn-chat/chat-panel.tsx
+++ b/vibn-frontend/components/vibn-chat/chat-panel.tsx
@@ -924,25 +924,16 @@ export function ChatPanel({
     );
   }, [open, structural]);
 
-  // Load MCP token — prefer localStorage cache, fetch from API if missing.
-  // We use /api/workspaces (not the URL param) because the URL slug
-  // (e.g. "mark-account") differs from the actual workspace slug ("mark").
+  // Load MCP token — fetch fresh from API on mount to avoid stale, revoked tokens.
   useEffect(() => {
     if (!workspace || status !== "authenticated") return;
-    const cached = localStorage.getItem(`vibn-mcp-token-${workspace}`);
-    if (cached) {
-      setMcpToken(cached);
-      return;
-    }
     fetch("/api/workspaces?include_default_token=true")
       .then((r) => (r.ok ? r.json() : null))
       .then((d) => {
         if (d?.defaultToken) {
-          localStorage.setItem(`vibn-mcp-token-${workspace}`, d.defaultToken);
           setMcpToken(d.defaultToken);
         }
-      })
-      .catch(() => {});
+      });
   }, [workspace, status]);
 
   // Load threads (scoped to the current project when one is in the URL).