fix(ui): override token from URL

ui/src/ui/app-settings.ts

@@ -64,7 +64,7 @@ export function applySettingsFromUrl(host: SettingsHost) {
 
   if (tokenRaw != null) {
     const token = tokenRaw.trim();
-    if (token && !host.settings.token) {
+    if (token && token !== host.settings.token) {
       applySettings(host, { ...host.settings, token });
     }
     params.delete("token");

ui/src/ui/navigation.browser.test.ts

@@ -167,7 +167,7 @@ describe("control UI routing", () => {
     expect(window.location.search).toBe("");
   });
 
-  it("strips auth params even when settings already set", async () => {
+  it("hydrates token from URL params even when settings already set", async () => {
     localStorage.setItem(
       "clawdbot.control.settings.v1",
       JSON.stringify({ token: "existing-token" }),
@@ -175,7 +175,7 @@ describe("control UI routing", () => {
     const app = mountApp("/ui/overview?token=abc123");
     await app.updateComplete;
 
-    expect(app.settings.token).toBe("existing-token");
+    expect(app.settings.token).toBe("abc123");
     expect(window.location.pathname).toBe("/ui/overview");
     expect(window.location.search).toBe("");
   });