# Story 2.6: Database Seeding and Initialization

## Metadata
- **Story ID**: 2.6
- **Title**: Database Seeding and Initialization
- **Epic**: 2 - Authentication & Authorization
- **Status**: Pending
- **Priority**: Medium
- **Estimated Time**: 3-4 hours
- **Dependencies**: 1.2, 2.3, 2.4

## Goal
Provide database seeding functionality to create initial admin user, default roles, and core permissions.

## Description
This story implements a seeding system that creates the initial admin user, default roles (admin, user, guest), and assigns core permissions to enable the platform to be used immediately after setup.

## Deliverables

### 1. Seed Script (`internal/seed/seed.go`)
- Create default admin user (if doesn't exist)
- Create default roles (admin, user, guest)
- Assign core permissions to roles
- Set up initial role hierarchy
- Idempotent operations (safe to run multiple times)

### 2. Seed Command (`cmd/seed/main.go`)
- Command-line interface for seeding
- Configuration via environment variables
- Dry-run mode
- Verbose logging

### 3. Integration
- Optional: Auto-seed on first startup in development
- Manual seeding in production
- Integration with application startup

## Acceptance Criteria
- [ ] Seed script creates admin user successfully
- [ ] Default roles are created with proper permissions
- [ ] Seeding is idempotent (can run multiple times safely)
- [ ] Seed script can be run via CLI
- [ ] Admin user can login and manage system

## Related ADRs
- [ADR-0029: Microservices Architecture](../../adr/0029-microservices-architecture.md)

## Implementation Notes
- Seeding is typically done once per environment
- Can be run as a separate service or as part of deployment
- Uses service clients if accessing services (e.g., IdentityServiceClient for user creation)

## Files to Create/Modify
- `internal/seed/seed.go` - Seed functions
- `cmd/seed/main.go` - Seed command
- `Makefile` - Add seed command