Add dev-only /auto_sign_in path to sign in the first user (#37)

Signs in User.first without a password to speed up local development.
The route is only mounted in development and the controller also 404s
outside development, so it can never be a backdoor in production.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

Author: kcdragon

app/controllers/auto_sign_in_controller.rb

@@ -0,0 +1,21 @@
+class AutoSignInController < ApplicationController
+  allow_unauthenticated_access
+  allow_without_organization
+
+  before_action :ensure_development
+
+  def create
+    if (user = User.first)
+      start_new_session_for user
+      redirect_to root_path
+    else
+      redirect_to new_registration_path, alert: "No users exist yet."
+    end
+  end
+
+  private
+
+  def ensure_development
+    raise ActionController::RoutingError, "Not Found" unless Rails.env.development?
+  end
+end

config/routes.rb

@@ -6,6 +6,9 @@
   resource :email_confirmation, only: %i[ new create show ]
   resource :session
 
+  # Dev-only convenience: sign in as the first user without a password
+  get "auto_sign_in", to: "auto_sign_in#create" if Rails.env.development?
+
   resources :scenarios do
     resource :name, only: %i[ show edit update ], module: :scenarios
     resources :allocations, only: %i[ create update destroy ]