--- issue: 060 title: "Frontend contacts-popover reads userId from non-existent localStorage 'user' key" severity: high domain: Chat labels: [bug, frontend] status: open created: 2026-05-30 source: Full Codebase Audit 2026-05-30 --- # Frontend contacts-popover reads userId from non-existent localStorage 'user' key **Severity:** high **Domain:** Chat **Labels:** bug, frontend ## Description `src/layouts/components/contacts-popover.tsx:61` reads `currentUserId` from `localStorage.getItem('user')`, but no part of the auth flow writes a `'user'` key to localStorage. The result is always `null`, breaking any per-user contact filtering in the popover. ## Options 1. Use the auth context (`useAuthContext`) to get the real user id. 2. Decode the user id from the access token claims. 3. Add a real `'user'` object to storage on login and read it here. ## Recommendation Pull `currentUserId` from the live auth context rather than a non-existent storage key. Requires confirming the canonical user-id field name in the auth context. ## Affected Files - `frontend/src/layouts/components/contacts-popover.tsx:61` ## References - [Full Codebase Audit 2026-05-30](../09%20-%20Audits/Full%20Codebase%20Audit%20-%202026-05-30.md) — DEC-13