From e7890b0be19b7acf44a6cb4b26306a32aa60b82c Mon Sep 17 00:00:00 2001
From: admin <admin@thebunkerops.ca>
Date: Thu, 5 Mar 2026 12:20:19 -0700
Subject: [PATCH] Add admin user creation to gancio-init container

The gancio-init container only seeded default color palettes but never
created an admin user, causing the settings sync to silently fail on
every API startup. Now creates an admin user via pgcrypto bcrypt hashing
using GANCIO_ADMIN_USER/GANCIO_ADMIN_PASSWORD env vars, with
ON CONFLICT DO NOTHING for idempotency.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 docker-compose.yml | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index fdc0bc90..d3b483ec 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -854,7 +854,7 @@ services:
     networks:
       - changemaker-lite
 
-  # Gancio Init — Seeds default theme settings after Gancio creates its tables
+  # Gancio Init — Creates admin user + seeds default theme settings after Gancio creates its tables
   # Runs once after Gancio is healthy, then exits. Idempotent (ON CONFLICT DO NOTHING).
   gancio-init:
     image: postgres:16-alpine
@@ -867,9 +867,24 @@ services:
       - PGUSER=${V2_POSTGRES_USER:-changemaker}
       - PGPASSWORD=${V2_POSTGRES_PASSWORD:-changemaker}
       - PGDATABASE=gancio
+      - GANCIO_ADMIN_USER=${GANCIO_ADMIN_USER:-admin}
+      - GANCIO_ADMIN_PASSWORD=${GANCIO_ADMIN_PASSWORD}
     entrypoint: ["sh", "-c"]
     command:
       - |
+        echo "Ensuring pgcrypto extension exists..."
+        psql -c "CREATE EXTENSION IF NOT EXISTS pgcrypto;"
+
+        echo "Creating Gancio admin user (if not exists)..."
+        if [ -n "$$GANCIO_ADMIN_PASSWORD" ]; then
+          psql -c "INSERT INTO users (email, password, display_name, role, is_admin, is_active, \"createdAt\", \"updatedAt\")
+            VALUES ('$$GANCIO_ADMIN_USER', crypt('$$GANCIO_ADMIN_PASSWORD', gen_salt('bf', 10)), 'Admin', 'admin', true, true, NOW(), NOW())
+            ON CONFLICT (email) DO NOTHING;"
+          echo "Gancio admin user ensured."
+        else
+          echo "WARNING: GANCIO_ADMIN_PASSWORD not set, skipping admin user creation."
+        fi
+
         echo "Seeding Gancio default theme settings..."
         psql -c "INSERT INTO settings (key, value, is_secret, \"createdAt\", \"updatedAt\") VALUES
           ('dark_colors', '{\"primary\": \"#FF6E40\", \"error\": \"#FF5252\", \"info\": \"#2196F3\", \"success\": \"#4CAF50\", \"warning\": \"#FB8C00\"}', false, NOW(), NOW()),