- Add HasUsers() method to AuthService to check for existing users
- Add setupRootAccount() logic that only triggers when:
- No users exist in database AND no seed nodes are configured
- AuthEnabled is true (respects feature toggle)
- Create root user with UUID, admin group, and comprehensive scopes
- Generate 24-hour JWT token with full administrative permissions
- Display token prominently on console for initial setup
- Prevent duplicate root account creation on subsequent starts
- Skip root account creation in cluster mode (with seed nodes)
Root account includes all administrative scopes:
- admin:users:*, admin:groups:*, admin:tokens:*
- Standard read/write/delete permissions
This resolves the bootstrap problem for authentication-enabled deployments
and provides secure initial access for administrative operations.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
ryyst
3aff0ab5ef