# `Accrue.Auth.Default`
[🔗](https://github.com/szTheory/accrue/blob/accrue-v0.3.0/lib/accrue/auth/default.ex#L1)

Dev-permissive, prod-refuse-to-boot default `Accrue.Auth` adapter (D-40).

## Environment behaviour

- **`:dev` / `:test`** — `current_user/1` returns a stubbed
  `%{id: "dev", email: "dev@localhost", role: :admin}`. `boot_check!/0`
  is a no-op. The `require_admin_plug/0` function is a pass-through.
  This is deliberately wide-open so getting started is frictionless.
- **`:prod`** — `boot_check!/0` raises `Accrue.ConfigError` with a
  message pointing at install docs, **as long as `:auth_adapter` is
  still pointing at this module** (the default). Plan 06's
  `Accrue.Application.start/2` calls `boot_check!/0` BEFORE any
  supervisor starts, so a production deploy with no auth fails loud.

A host that configures a real adapter (`config :accrue, :auth_adapter,
MyApp.Auth`) bypasses the refusal entirely because `boot_check!/0`
checks the currently-configured adapter before raising.

## Test seam: `do_boot_check!/1`

`boot_check!/0` is the public API — it reads the env via
`Application.get_env(:accrue, :env, Mix.env())` and delegates to a
private/testable `do_boot_check!/1` helper. The helper is exposed
(`def`, not `defp`, with `@doc false`) so tests can simulate the
`:prod` branch without tampering with `Application.put_env(:accrue,
:env, :prod)` (which bleeds between async tests and has been a source
of Heisenbugs historically).

# `boot_check!`

```elixir
@spec boot_check!() :: :ok
```

Public API — validates that this dev-permissive adapter is not the
active auth adapter in `:prod`. Plan 06's `Accrue.Application.start/2`
calls this before the supervision tree boots.

Returns `:ok` in `:dev` / `:test`, or in `:prod` when a non-default
adapter is configured. Raises `Accrue.ConfigError` in `:prod` when
`:auth_adapter` still points at this module.

---

*Consult [api-reference.md](api-reference.md) for complete listing*