Namespace KadicAuth.Api.Infrastructure
Classes
- PlatformAdminBootstrap
One-time bootstrap of the very first platform admin at application startup.
Rules:
- Reads
Platform:BootstrapAdminUserIdfrom configuration. - Runs ONLY when
Platform:EnableBootstrapis true (false by default). In production, leave it false and grant the first admin manually via SQL on the day of deployment. - Idempotent: if ANY active platform admin already exists, it does nothing. You cannot use this to add a second admin — that's what the controller is for.
- Never throws on misconfiguration. Logs and moves on, so a missing or invalid value cannot take down the API.
- Always runs a database integrity scan: every active PlatformAdmin row must have a corresponding audit log entry. Missing entries emit a critical security alert (but do not block startup — Mitigation 1 already blocks hot-path access for tampered rows).
- Reads