From 258b349e983d5b5c1b365c10a926ed0d49d16a84 Mon Sep 17 00:00:00 2001
From: 0xWheatyz <wyatt@leeworks.dev>
Date: Sat, 14 Mar 2026 13:49:44 -0400
Subject: [PATCH] feat(auth): seed default admin user on database init
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Generate a random 16-character password and create an admin user
(admin@sparc.local) during first database initialization. Credentials
are printed to stdout so they can be captured from container logs.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 scripts/init_database.py | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/scripts/init_database.py b/scripts/init_database.py
index 82e11bb..c9c7ea6 100644
--- a/scripts/init_database.py
+++ b/scripts/init_database.py
@@ -8,6 +8,8 @@ Usage:
     python scripts/init_database.py
 """
 
+import secrets
+import string
 import sys
 import os
 
@@ -17,6 +19,14 @@ sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
 from SPARC import config
 from SPARC.database import DatabaseClient
 
+DEFAULT_ADMIN_EMAIL = "admin@sparc.local"
+
+
+def generate_password(length: int = 16) -> str:
+    """Generate a secure random password."""
+    alphabet = string.ascii_letters + string.digits
+    return "".join(secrets.choice(alphabet) for _ in range(length))
+
 
 def main():
     """Initialize the database schema."""
@@ -29,9 +39,32 @@ def main():
         print("Database schema initialized successfully!")
         print("\nTables created:")
         print("  - llm_messages: Stores all LLM prompts and responses")
+        print("  - users: Stores user accounts")
         print("\nIndexes created:")
         print("  - idx_messages_timestamp: For time-based queries")
         print("  - idx_messages_company: For company-specific queries")
+        print("  - idx_users_email: For user lookups")
+
+        # Create default admin user if not exists
+        existing_admin = db_client.get_user_by_email(DEFAULT_ADMIN_EMAIL)
+        if existing_admin:
+            print(f"\nDefault admin user already exists: {DEFAULT_ADMIN_EMAIL}")
+        else:
+            password = generate_password()
+            admin_user = db_client.create_user(
+                email=DEFAULT_ADMIN_EMAIL,
+                password=password,
+                role="admin",
+            )
+            if admin_user:
+                print("\n" + "=" * 50)
+                print("DEFAULT ADMIN CREDENTIALS")
+                print("=" * 50)
+                print(f"Email:    {DEFAULT_ADMIN_EMAIL}")
+                print(f"Password: {password}")
+                print("=" * 50)
+                print("Please save these credentials securely!")
+                print("=" * 50)
 
     except Exception as e:
         print(f"Error initializing database: {e}")