fix: ensure all API requests use user ID and fix missing data migration for existing users

packages/electron-app/electron/main/user-store.ts

@@ -124,6 +124,26 @@ export function ensureDefaultUsers(): UserRecord {
       roman.updatedAt = nowIso()
       writeStore(store)
     }
+
+    // NEW: Check if roman needs data migration (e.g. if he was created before migration logic was robust)
+    const userDir = getUserDir(roman.id)
+    const configPath = join(userDir, "config.json")
+    let needsMigration = !existsSync(configPath)
+    if (!needsMigration) {
+      try {
+        const config = JSON.parse(readFileSync(configPath, "utf-8"))
+        if (!config.recentFolders || config.recentFolders.length === 0) {
+          needsMigration = true
+        }
+      } catch (e) {
+        needsMigration = true
+      }
+    }
+
+    if (needsMigration) {
+      console.log(`[UserStore] Roman exists but seems to have missing data. Triggering migration to ${userDir}...`)
+      migrateLegacyData(userDir)
+    }
   }
 
   if (store.users.length > 0) {

packages/ui/src/App.tsx

@@ -11,8 +11,6 @@ import { RemoteAccessOverlay } from "./components/remote-access-overlay"
 import { InstanceMetadataProvider } from "./lib/contexts/instance-metadata-context"
 import { initMarkdown } from "./lib/markdown"
 import QwenOAuthCallback from "./pages/QwenOAuthCallback"
-import LoginView from "./components/auth/LoginView"
-import { isLoggedIn, initializeUserContext } from "./lib/user-context"
 
 import { useTheme } from "./lib/theme"
 import { useCommands } from "./lib/hooks/use-commands"
@@ -102,11 +100,6 @@ const App: Component = () => {
   })
 
   onMount(() => {
-    // Initialize user context from Electron IPC
-    import("./lib/user-context").then(({ initializeUserContext }) => {
-      initializeUserContext()
-    })
-
     updateInstanceTabBarHeight()
     const handleResize = () => updateInstanceTabBarHeight()
     window.addEventListener("resize", handleResize)
@@ -393,10 +386,6 @@ const App: Component = () => {
           </div>
         </Dialog.Portal>
       </Dialog>
-      <Show
-        when={isLoggedIn()}
-        fallback={<LoginView onLoginSuccess={() => initializeUserContext()} />}
-      >
       <div class="h-screen w-screen flex flex-col">
         <Show
           when={shouldShowFolderSelection()}
@@ -497,7 +486,6 @@ const App: Component = () => {
           }}
         />
       </div>
-      </Show>
     </>
   )
 }

packages/ui/src/lib/api-client.ts

@@ -28,6 +28,7 @@ import type {
   PortAvailabilityResponse,
 } from "../../../server/src/api-types"
 import { getLogger } from "./logger"
+import { getUserHeaders } from "./user-context"
 
 const FALLBACK_API_BASE = "http://127.0.0.1:9898"
 const RUNTIME_BASE = typeof window !== "undefined" ? window.location?.origin : undefined
@@ -87,8 +88,10 @@ function logHttp(message: string, context?: Record<string, unknown>) {
 
 async function request<T>(path: string, init?: RequestInit): Promise<T> {
   const url = API_BASE_ORIGIN ? new URL(path, API_BASE_ORIGIN).toString() : path
+  const userHeaders = getUserHeaders()
   const headers: HeadersInit = {
     "Content-Type": "application/json",
+    ...userHeaders,
     ...(init?.headers ?? {}),
   }
 

packages/ui/src/lib/user-context.ts

@@ -45,22 +45,55 @@ export function getUserHeaders(): Record<string, string> {
  */
 export function withUserHeaders(options: RequestInit = {}): RequestInit {
     const userHeaders = getUserHeaders()
+    if (Object.keys(userHeaders).length === 0) return options
+
+    const headers = new Headers(options.headers || {})
+    for (const [key, value] of Object.entries(userHeaders)) {
+        headers.set(key, value)
+    }
+
     return {
         ...options,
-        headers: {
+        headers,
-            ...options.headers,
-            ...userHeaders,
-        },
     }
 }
 
 /**
  * Fetch wrapper that automatically includes user headers
  */
-export async function userFetch(url: string, options: RequestInit = {}): Promise<Response> {
+export async function userFetch(url: string | URL | Request, options: RequestInit = {}): Promise<Response> {
     return fetch(url, withUserHeaders(options))
 }
 
+/**
+ * Globally patch fetch to include user headers for all internal /api/* requests
+ * This ensures compatibility with legacy code and 3rd party libraries.
+ */
+export function patchFetch(): void {
+    if ((window as any)._codenomad_fetch_patched) return
+    (window as any)._codenomad_fetch_patched = true
+
+    const originalFetch = window.fetch
+    window.fetch = async function (input: RequestInfo | URL, init?: RequestInit) {
+        let url = ""
+        if (typeof input === "string") {
+            url = input
+        } else if (input instanceof URL) {
+            url = input.toString()
+        } else if (input instanceof Request) {
+            url = input.url
+        }
+
+        // Only inject headers for internal API calls
+        if (url.startsWith("/api/") || url.includes(window.location.origin + "/api/")) {
+            return originalFetch(input, withUserHeaders(init))
+        }
+
+        return originalFetch(input, init)
+    }
+    console.log("[UserContext] Global fetch patched for /api/* requests")
+}
+
 /**
  * Initialize user context from Electron IPC
  * Call this on app startup

packages/ui/src/main.tsx

@@ -1,9 +1,12 @@
 import { render } from "solid-js/web"
+import { Show, onMount } from "solid-js"
 import App from "./App"
 import { ThemeProvider } from "./lib/theme"
 import { ConfigProvider } from "./stores/preferences"
 import { InstanceConfigProvider } from "./stores/instance-config"
 import { runtimeEnv } from "./lib/runtime-env"
+import LoginView from "./components/auth/LoginView"
+import { isLoggedIn, initializeUserContext, patchFetch } from "./lib/user-context"
 import "./index.css"
 import "@git-diff-view/solid/styles/diff-view-pure.css"
 
@@ -18,8 +21,17 @@ if (typeof document !== "undefined") {
   document.documentElement.dataset.runtimePlatform = runtimeEnv.platform
 }
 
-render(
+const Root = () => {
-  () => (
+  onMount(() => {
+    patchFetch()
+    initializeUserContext()
+  })
+
+  return (
+    <Show
+      when={isLoggedIn()}
+      fallback={<LoginView onLoginSuccess={() => initializeUserContext()} />}
+    >
       <ConfigProvider>
         <InstanceConfigProvider>
           <ThemeProvider>
@@ -27,6 +39,8 @@ render(
           </ThemeProvider>
         </InstanceConfigProvider>
       </ConfigProvider>
-  ),
+    </Show>
-  root,
+  )
-)
+}
+
+render(() => <Root />, root)