Release v0.0.47

## What's New

### Improvements & Fixes
- **MCP Cache Fix** — Fixed MCP caching issues
- **Tool UI Polish** — Improved expand button spacing in bash/edit tools
- **Onboarding Cleanup** — Removed welcome dialog and streamlined sidebar

Author: serafimcloud

bun.lock

@@ -1,6 +1,6 @@
 {
   "name": "21st-desktop",
-  "version": "0.0.46",
+  "version": "0.0.47",
   "private": true,
   "description": "1Code - UI for parallel work with AI agents",
   "author": {
@@ -68,6 +68,7 @@
     "@xterm/addon-web-links": "^0.12.0",
     "@xterm/addon-webgl": "^0.19.0",
     "ai": "^6.0.14",
+    "async-mutex": "^0.5.0",
     "better-sqlite3": "^11.8.1",
     "chokidar": "^5.0.0",
     "class-variance-authority": "^0.7.1",

package.json

@@ -870,8 +870,8 @@ if (gotTheLock) {
     // This populates the cache so all future sessions can use filtered MCP servers
     setTimeout(async () => {
       try {
-        const { warmupMcpCache } = await import("./lib/trpc/routers/claude")
-        await warmupMcpCache()
+        const { getAllMcpConfigHandler } = await import("./lib/trpc/routers/claude")
+        await getAllMcpConfigHandler()
       } catch (error) {
         console.error("[App] MCP warmup failed:", error)
       }

src/main/index.ts

@@ -1,6 +1,7 @@
 /**
  * Helpers for reading and writing ~/.claude.json configuration
  */
+import { Mutex } from "async-mutex"
 import { eq } from "drizzle-orm"
 import { existsSync, readFileSync, writeFileSync } from "fs"
 import * as fs from "fs/promises"
@@ -9,6 +10,13 @@ import * as path from "path"
 import { getDatabase } from "./db"
 import { chats, projects } from "./db/schema"
 
+/**
+ * Mutex for protecting read-modify-write operations on ~/.claude.json
+ * This prevents race conditions when multiple concurrent operations
+ * (e.g., token refreshes for different MCP servers) try to update the config.
+ */
+const configMutex = new Mutex()
+
 export const CLAUDE_CONFIG_PATH = path.join(os.homedir(), ".claude.json")
 
 export interface McpServerConfig {
@@ -76,6 +84,28 @@ export function writeClaudeConfigSync(config: ClaudeConfig): void {
   writeFileSync(CLAUDE_CONFIG_PATH, JSON.stringify(config, null, 2), "utf-8")
 }
 
+/**
+ * Execute a read-modify-write operation on ~/.claude.json atomically.
+ * This is the ONLY safe way to update the config when concurrent writes are possible.
+ *
+ * Uses a mutex to ensure that only one read-modify-write cycle happens at a time,
+ * preventing race conditions where concurrent token refreshes could overwrite
+ * each other's updates.
+ *
+ * @param updater Function that receives current config and returns updated config
+ * @returns The updated config
+ */
+export async function updateClaudeConfigAtomic(
+  updater: (config: ClaudeConfig) => ClaudeConfig | Promise<ClaudeConfig>
+): Promise<ClaudeConfig> {
+  return configMutex.runExclusive(async () => {
+    const config = await readClaudeConfig()
+    const updatedConfig = await updater(config)
+    await writeClaudeConfig(updatedConfig)
+    return updatedConfig
+  })
+}
+
 /**
  * Check if ~/.claude.json exists
  */

src/main/lib/claude-config.ts

@@ -6,8 +6,8 @@ import {
   getMcpServerConfig,
   GLOBAL_MCP_PATH,
   readClaudeConfig,
+  updateClaudeConfigAtomic,
   updateMcpServerConfig,
-  writeClaudeConfig
 } from './claude-config';
 import { getClaudeShellEnvironment } from './claude/env';
 import { CraftOAuth, fetchOAuthMetadata, getMcpBaseUrl, type OAuthMetadata, type OAuthTokens } from './oauth';
@@ -389,42 +389,45 @@ export async function ensureMcpTokensFresh(
   return updatedServers;
 }
 
+/**
+ * Save OAuth tokens to ~/.claude.json atomically.
+ * Uses a mutex to prevent race conditions when multiple concurrent
+ * token refreshes try to update the config simultaneously.
+ */
 async function saveTokensToClaudeJson(
   serverName: string,
   projectPath: string,
   tokens: OAuthTokens,
   clientId?: string
 ): Promise<void> {
-  let config = await readClaudeConfig();
-
-  // Get existing server config to preserve existing headers and determine type
-  const existingConfig = getMcpServerConfig(config, projectPath, serverName) || {};
-  const serverUrl = existingConfig.url as string | undefined;
-
-  // Determine transport type from URL (SDK expects explicit type for HTTP servers)
-  const serverType = serverUrl?.endsWith('/sse') ? 'sse' : 'http';
-
-  // Build headers with Authorization (preserve any existing headers)
-  const existingHeaders = (existingConfig.headers as Record<string, string>) || {};
-  const headers = {
-    ...existingHeaders,
-    Authorization: `Bearer ${tokens.accessToken}`,
-  };
-
-  config = updateMcpServerConfig(config, projectPath, serverName, {
-    // SDK-required fields
-    type: serverType,
-    headers,
-    // Internal tracking (for token refresh, status checking)
-    _oauth: {
-      accessToken: tokens.accessToken,
-      refreshToken: tokens.refreshToken,
-      clientId,
-      expiresAt: tokens.expiresAt,
-    },
+  await updateClaudeConfigAtomic((config) => {
+    // Get existing server config to preserve existing headers and determine type
+    const existingConfig = getMcpServerConfig(config, projectPath, serverName) || {};
+    const serverUrl = existingConfig.url as string | undefined;
+
+    // Determine transport type from URL (SDK expects explicit type for HTTP servers)
+    const serverType = serverUrl?.endsWith('/sse') ? 'sse' : 'http';
+
+    // Build headers with Authorization (preserve any existing headers)
+    const existingHeaders = (existingConfig.headers as Record<string, string>) || {};
+    const headers = {
+      ...existingHeaders,
+      Authorization: `Bearer ${tokens.accessToken}`,
+    };
+
+    return updateMcpServerConfig(config, projectPath, serverName, {
+      // SDK-required fields
+      type: serverType,
+      headers,
+      // Internal tracking (for token refresh, status checking)
+      _oauth: {
+        accessToken: tokens.accessToken,
+        refreshToken: tokens.refreshToken,
+        clientId,
+        expiresAt: tokens.expiresAt,
+      },
+    });
   });
-
-  await writeClaudeConfig(config);
 }
 
 export function cancelAllPendingOAuth(): void {