docs(local-dev): document setup-dev-user + the three founder accounts

Adds a "Local Login & Dev Users" section to docs/LOCAL_DEVELOPMENT.md and a short pointer in services/mana-auth/CLAUDE.md so the next dev finds the script without first hitting the "why can't I log in?" wall: - Why it exists (no admin seed, requireEmailVerification + no SMTP) - The 3 default accounts + password - Single-account form + env overrides (TIER, AUTH_URL, …) - Idempotency promise - Prereqs (Postgres + mana-auth on :3001) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-14 21:41:09 +02:00 · 2026-04-09 12:26:37 +02:00 · 2026-04-09 12:26:37 +02:00 · b8f2d8f694
commit b8f2d8f694
parent 32b0bf9a18
2 changed files with 63 additions and 0 deletions
--- a/services/mana-auth/CLAUDE.md
+++ b/services/mana-auth/CLAUDE.md
@ -79,6 +79,23 @@ For the full architectural deep-dive, threat model, and rollout history (Phases
 |--------|------|-------------|
 | GET | `/org/:orgId/member/:userId` | Check membership (for mana-credits) |

+## Local Dev Login
+
+There is **no built-in admin seed** and **no auth-bypass env var**, and
+the local stack runs with `requireEmailVerification: true` against no
+real SMTP. Use the convenience script instead of hand-crafting SQL:
+
+```bash
+pnpm setup:dev-user                              # 3 founder accounts
+./scripts/dev/setup-dev-user.sh foo@x.de pass    # single account
+```
+
+Defaults to `tills95@gmail.com` / `tilljkb@gmail.com` / `rajiehq@gmail.com`,
+all with password `Aa-123456789` and `access_tier = founder`. The script
+calls `POST /api/v1/auth/register` (so Better Auth handles hashing),
+then runs an idempotent SQL `UPDATE auth.users SET email_verified = true,
+access_tier = 'founder'`. Full docs in `docs/LOCAL_DEVELOPMENT.md`.
+
 ## Cross-Domain SSO

 Session cookies shared across `*.mana.how` via `COOKIE_DOMAIN=.mana.how`.