fix(dev): unify dev admin seed in-process; remove port-drift HTTP seed#1503
Merged
Conversation
feat(studio): AI-draft review/diff mode in the object designer (v1) (#1456) objectui@fdd083657e2da9832059492d4c88e818a5990a8d
`pnpm dev:showcase` often failed to provision a usable admin. The CLI
seeded over HTTP against a hard-coded localhost:3000, but dev auto-shifts
off a busy port — so the POST hit the wrong server (or nothing) and the
showcase instance never got an admin. A second, divergent seed in
plugin-dev inserted a raw sys_user row with no credential, producing an
un-loginable ghost admin (admin@dev.local).
Consolidate to a single in-process seed in the runtime:
- plugin-auth: maybeSeedDevAdmin() runs on kernel:ready, creates the admin
(admin@objectos.ai / admin123) through better-auth's real signUpEmail
pipeline (hashed credential + hooks), so it is fully loginable;
plugin-security's first-user middleware promotes it to platform admin.
Empty-DB only (excludes the SystemUserId.SYSTEM account), idempotent,
never overwrites an existing account. Hard-gated to NODE_ENV=development;
opt out with OS_SEED_ADMIN=0. No port, no readiness race.
- cli/dev: delete the HTTP seedAdminAccount entirely; --seed-admin now just
passes OS_SEED_ADMIN[_EMAIL|_PASSWORD] to the serve child. Drop the dead
`port` param from the watch loop.
- cli/serve: publish the actually-bound port — process.send({type:
'objectstack:listening', port, url}) over IPC + a runtime.<env>.json
state file under OS_HOME for external supervisors.
- plugin-dev: remove the credential-less raw sys_user insert; seedAdminUser
now maps to the unified OS_SEED_ADMIN toggle.
Verified on the showcase: loginable admin + platform-admin promotion,
correct seed under port auto-shift (3999 busy -> 4000), runtime.json
written, --no-seed-admin opt-out, and idempotency on a persistent DB (no
duplicate user / permission set). Tests: plugin-auth 88, plugin-dev 7,
cli 144 — all green.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
github-actions
Bot
added
documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
pnpm dev:showcaseoften failed to auto-seed a usable admin:os devseeded over HTTP against a hard-codedlocalhost:3000. In dev,serveauto-shifts off a busy port (3000 → 3001), but the parent never learned the new port and POSTed to 3000 — hitting the wrong server (or nothing). The showcase instance never got an admin.plugin-devinserted a rawsys_userrow with no credential (admin@dev.local), producing an un-loginable account. It also wasn't even loaded by the showcase.So we had two seeds: one in the right place (in-process) but broken (no credential, no promotion), and one correct (real auth path, promoted) but in the wrong place (HTTP, racing readiness, hard-coded port).
Fix — consolidate to one in-process seed
plugin-auth:maybeSeedDevAdmin()runs onkernel:ready. Createsadmin@objectos.ai/admin123through better-auth's real server-sidesignUpEmailpipeline (hashed credential + hooks) → fully loginable;plugin-security's first-user middleware promotes it to platform admin. Empty-DB only (excludes theSystemUserId.SYSTEMservice account), idempotent, never overwrites an existing account. Hard-gated toNODE_ENV=development; opt out withOS_SEED_ADMIN=0. No port, no readiness race.cli/dev: deleted the HTTPseedAdminAccount;--seed-adminnow only passesOS_SEED_ADMIN[_EMAIL|_PASSWORD]to the serve child. Removed a deadportparam from the watch loop.cli/serve: publishes the actually-bound port —process.send({type:'objectstack:listening', port, url})over IPC + aruntime.<env>.jsonstate file underOS_HOMEfor external supervisors.plugin-dev: removed the credential-less raw insert;seedAdminUsernow maps to the unifiedOS_SEED_ADMINtoggle.Verification (real showcase runs)
admin@objectos.ai/admin123→ 200sys_user_permission_set→admin_full_access,organization_id: null✓runtime.jsonwritten{pid, port, url, environmentId, startedAt}✓--no-seed-admin)OS_SEED_ADMIN=0→ no seed → 401Tests: plugin-auth 88, plugin-dev 7, cli 144 — all green. Typecheck/build clean.
🤖 Generated with Claude Code