Story: Authentication bootstrap follow-up

Goal
Status
Acceptance
Tasks
Decisions
Out of scope
See also

This page documents a story in Sprint 05. It captures the goal, current status, acceptance criteria, and the tasks that compose it.

Goal

Land the authentication bootstrap workflow that was POSTPONED in sprint 03's login_and_sessions. Add the closely-related delete- account flow. Pull feature flags out of the accounts component so the two surfaces can evolve independently.

Status

Field	Value
State	DONE
Parent sprint	Sprint 05
Now	Completed 2025-11-22.
Waiting on	None.
Next	None.
Last touched	2025-11-22

Continued from: Login and sessions.

Continued in: Session lifecycle follow-up (sprint 06) — the POSTPONED session-cancellation work lands there, along with logout and heartbeat.

Acceptance

Bootstrap mode creates the first admin account on an empty database; disables itself after.
Delete-account flow shipped end-to-end (protocol, repository, CLI).
Feature flags live in their own component.

Tasks

Task	State	Start	End	Description
Implement authentication bootstrap workflow	DONE	2025-11-22	2025-11-22	Implement the bootstrap workflow that creates the first admin account on a fresh database; POSTPONED in sprint 03.
Implement delete account	DONE	2025-11-22	2025-11-22	Add a delete-account flow end-to-end: protocol message, repository bitemporal soft delete, CLI command.
Split feature flags out of accounts	DONE	2025-11-22	2025-11-22	Extract feature flags from ores.accounts into their own component so they can be managed independently.

Decisions

Bootstrap mode auto-disables: once an admin account exists, the bootstrap entry point is shut. No flag flips to forget.
Feature flags as a peer component: accidentally coupling them to accounts was making the IAM surface larger than it needed to be.

Out of scope

MFA, OAuth, SSO (still all deferred from sprint 03).
Session cancellation (POSTPONED again).