Fix auth persistence: web client session timeout + bot cache loss

Web client: trustDevice now defaults to true so a refresh token is always
issued on login, preventing deauth after the 1-hour access token expiry.
Users can still uncheck the box on shared devices.

Bot: cache file path is now env-configurable (BOT_CACHE_FILE) and
defaults to /app/cache/user_cache.pkl. Docker Compose mounts a named
volume at /app/cache so the session cache survives container restarts.
saveCache() now creates the directory if it doesn't exist.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

bot/bot.py

@@ -34,7 +34,7 @@ user_sessions = {}
 login_state = {}
 message_history = {}
 user_cache = {}
-CACHE_FILE = "/app/user_cache.pkl"
+CACHE_FILE = os.getenv("BOT_CACHE_FILE", "/app/cache/user_cache.pkl")
 
 intents = discord.Intents.default()
 intents.message_content = True
@@ -227,6 +227,7 @@ def loadCache():
 
 def saveCache():
     try:
+        os.makedirs(os.path.dirname(CACHE_FILE), exist_ok=True)
         with open(CACHE_FILE, "wb") as f:
             pickle.dump(user_cache, f)
     except Exception as e:

docker-compose.yml

@@ -42,6 +42,8 @@ services:
     depends_on:
       app:
         condition: service_started
+    volumes:
+      - botcache:/app/cache
 
   client:
     build:
@@ -56,3 +58,4 @@ services:
 
 volumes:
   pgdata:
+  botcache:

synculous-client/src/app/login/page.tsx

@@ -9,7 +9,7 @@ export default function LoginPage() {
   const [isLogin, setIsLogin] = useState(true);
   const [username, setUsername] = useState('');
   const [password, setPassword] = useState('');
-  const [trustDevice, setTrustDevice] = useState(false);
+  const [trustDevice, setTrustDevice] = useState(true);
   const [error, setError] = useState('');
   const [isLoading, setIsLoading] = useState(false);
   const { login, register } = useAuth();