local-dev: boot-time dev sandbox provisions a runnable game on up

Adds backend/internal/devsandbox: an idempotent boot-time hook that,
when BACKEND_DEV_SANDBOX_EMAIL is set, ensures (1) the configured
engine_version row, (2) the real dev user, (3) PlayerCount-1
deterministic dummy users, (4) a private "Dev Sandbox" game with a
year-out turn schedule, (5) memberships for every participant via
the new lobby.Service.InsertMembershipDirect helper, (6) a drive of
the lifecycle to running. Re-running on a populated DB is a no-op;
partial states from earlier crashes are recovered.

tools/local-dev gains the matching env vars in .env, surfaces them
in compose, and acquires a `make build-engine` target that builds
galaxy-engine:local-dev from game/Dockerfile (a prerequisite of
`up`/`rebuild`). The compose game-state mount is changed from a
named volume to a host bind on /tmp/galaxy-game-state so backend's
bind-mount source for spawned engine containers resolves on the
docker daemon.

After `make -C tools/local-dev up`, login as dev@local.test with
the dev code 123456 and the Dev Sandbox already shows up in My
Games. Per-user behaviour for the same email survives a backend
restart.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

tools/local-dev/.env

@@ -6,3 +6,13 @@
 # real bcrypt-verified code. Leave the value blank to disable the
 # override and force every login through Mailpit.
 BACKEND_AUTH_DEV_FIXED_CODE=123456
+
+# Boot-time dev sandbox (backend/internal/devsandbox). When EMAIL is
+# non-empty the backend ensures a real user with that address, the
+# configured number of dummy participants, a private "Dev Sandbox"
+# game, and drives the lifecycle to running on every boot. Leave
+# EMAIL blank to disable the bootstrap entirely.
+BACKEND_DEV_SANDBOX_EMAIL=dev@local.test
+BACKEND_DEV_SANDBOX_ENGINE_IMAGE=galaxy-engine:local-dev
+BACKEND_DEV_SANDBOX_ENGINE_VERSION=0.1.0
+BACKEND_DEV_SANDBOX_PLAYER_COUNT=20

tools/local-dev/Makefile

@@ -1,14 +1,17 @@
-.PHONY: help up down logs status rebuild clean psql logs-backend logs-gateway logs-mail wait
+.PHONY: help up down logs status rebuild clean psql logs-backend logs-gateway logs-mail build-engine wait
 
 .DEFAULT_GOAL := help
 
 COMPOSE := docker compose
+REPO_ROOT := $(realpath $(CURDIR)/../..)
+ENGINE_IMAGE := galaxy-engine:local-dev
 
 help:
 	@echo "Local development stack for the Galaxy UI:"
 	@echo "  make up             Build (if needed) and bring up the stack, wait until healthy"
 	@echo "  make down           Stop containers, keep volumes"
 	@echo "  make rebuild        Force rebuild of backend / gateway images and bring up"
+	@echo "  make build-engine   Build the engine image $(ENGINE_IMAGE) used by the dev sandbox"
 	@echo "  make clean          Stop and wipe volumes (postgres data, game state)"
 	@echo "  make logs           Tail all logs"
 	@echo "  make logs-backend   Tail only the backend logs"
@@ -20,14 +23,25 @@ help:
 	@echo "After 'make up', point the UI at the stack with:"
 	@echo "  pnpm -C ui/frontend dev"
 	@echo "and open http://localhost:5173 (UI) plus http://localhost:8025 (Mailpit)."
+	@echo ""
+	@echo "Default login for the auto-provisioned dev sandbox: dev@local.test"
+	@echo "(see BACKEND_DEV_SANDBOX_EMAIL in .env). Login code: 123456."
 
-up:
+up: build-engine
 	$(COMPOSE) up -d --wait
 
-rebuild:
+rebuild: build-engine
 	$(COMPOSE) build --no-cache backend gateway
 	$(COMPOSE) up -d --wait
 
+build-engine:
+	@if docker image inspect $(ENGINE_IMAGE) >/dev/null 2>&1; then \
+		echo "$(ENGINE_IMAGE) already built; skipping (use 'docker rmi $(ENGINE_IMAGE)' to force a rebuild)."; \
+	else \
+		echo "building $(ENGINE_IMAGE)…"; \
+		docker build -t $(ENGINE_IMAGE) -f $(REPO_ROOT)/game/Dockerfile $(REPO_ROOT); \
+	fi
+
 down:
 	$(COMPOSE) down
 

tools/local-dev/README.md

@@ -35,6 +35,11 @@ pnpm -C ui/frontend dev
 Open <http://localhost:5173> for the UI and
 <http://localhost:8025> for Mailpit.
 
+The first `make up` builds the engine image (`galaxy-engine:local-dev`)
+from `game/Dockerfile`. Subsequent invocations skip the build when the
+image already exists; force a rebuild with `docker rmi galaxy-engine:local-dev`
+followed by `make build-engine`.
+
 ## Daily flow
 
 ```sh
@@ -69,6 +74,42 @@ To force the second path (no fast-bypass), edit
 `make rebuild` (or simply `docker compose up -d backend` to recreate
 the backend with the new env).
 
+## Auto-provisioned dev sandbox
+
+`make up` provisions a private game called **Dev Sandbox** owned by
+the dev user (default `dev@local.test`). The flow is implemented in
+`backend/internal/devsandbox` and runs on every backend boot when
+`BACKEND_DEV_SANDBOX_EMAIL` is non-empty in `tools/local-dev/.env`.
+
+Bootstrap is idempotent — re-running `make up` after a `make down`
+finds the existing user, dummy participants, game, and memberships
+without creating duplicates. If a previous boot crashed mid-way
+(game stuck in `enrollment_open` or `ready_to_start`), the next boot
+resumes the lifecycle.
+
+To log in straight into the sandbox:
+
+1. `make -C tools/local-dev up`
+2. `pnpm -C ui/frontend dev` (in another terminal)
+3. Open <http://localhost:5173/login>, enter `dev@local.test`, then
+   the dev code `123456`.
+4. The lobby shows **Dev Sandbox** in *My Games*; click in.
+
+To disable the bootstrap, clear `BACKEND_DEV_SANDBOX_EMAIL` in
+`tools/local-dev/.env` and `docker compose up -d backend` (or
+`make rebuild`). Existing users / games are not removed.
+
+The bootstrap requires:
+- `galaxy-engine:local-dev` Docker image (`make build-engine`).
+- `BACKEND_DEV_SANDBOX_ENGINE_VERSION` parses as plain semver
+  (`MAJOR.MINOR.PATCH`); the default `0.1.0` is what the bootstrap
+  registers in the `engine_versions` row that points at the image.
+- `BACKEND_DEV_SANDBOX_PLAYER_COUNT` ≥ 20 (the engine's minimum;
+  19 deterministic dummies fill the slots so the single real user
+  can start the game).
+- A frozen turn schedule (`0 0 1 1 *` — once a year) so the visible
+  game state stays at turn 1 until you explicitly progress it.
+
 ## Network map
 
 ```
@@ -105,8 +146,9 @@ To point the proxy at a non-local gateway, run
 ## Make targets
 
 ```text
-make up             Bring up the stack (build if needed) and wait for health
+make up             Bring up the stack (build engine + compose images if needed) and wait for health
 make rebuild        Rebuild the backend / gateway images (ignores cache)
+make build-engine   Build galaxy-engine:local-dev from game/Dockerfile (no-op if image already present)
 make down           Stop containers, keep volumes
 make clean          Stop and wipe volumes (postgres + game-state)
 make logs           Tail every service's logs

tools/local-dev/docker-compose.yml

@@ -102,7 +102,7 @@ services:
       BACKEND_SMTP_FROM: "galaxy-backend@galaxy.local"
       BACKEND_SMTP_TLS_MODE: none
       BACKEND_DOCKER_NETWORK: galaxy-local-dev-net
-      BACKEND_GAME_STATE_ROOT: /var/lib/galaxy/game-state
+      BACKEND_GAME_STATE_ROOT: /tmp/galaxy-game-state
       BACKEND_GEOIP_DB_PATH: /var/lib/galaxy/geoip.mmdb
       BACKEND_NOTIFICATION_ADMIN_EMAIL: admin@galaxy.local
       BACKEND_AUTH_CHALLENGE_THROTTLE_MAX: "100"
@@ -111,9 +111,22 @@ services:
       BACKEND_OTEL_TRACES_EXPORTER: none
       BACKEND_OTEL_METRICS_EXPORTER: none
       BACKEND_AUTH_DEV_FIXED_CODE: ${BACKEND_AUTH_DEV_FIXED_CODE:-}
+      BACKEND_DEV_SANDBOX_EMAIL: ${BACKEND_DEV_SANDBOX_EMAIL:-}
+      BACKEND_DEV_SANDBOX_ENGINE_IMAGE: ${BACKEND_DEV_SANDBOX_ENGINE_IMAGE:-}
+      BACKEND_DEV_SANDBOX_ENGINE_VERSION: ${BACKEND_DEV_SANDBOX_ENGINE_VERSION:-}
+      BACKEND_DEV_SANDBOX_PLAYER_COUNT: ${BACKEND_DEV_SANDBOX_PLAYER_COUNT:-}
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-      - game-state:/var/lib/galaxy/game-state
+      # Per-game state directories live under the same absolute path
+      # both inside the backend container and on the Docker daemon
+      # host (colima VM), so the bind-mount source the backend hands
+      # to the daemon resolves correctly when spawning engine
+      # containers. See backend/internal/runtime/service.go:454.
+      - type: bind
+        source: /tmp/galaxy-game-state
+        target: /tmp/galaxy-game-state
+        bind:
+          create_host_path: true
       - ../../pkg/geoip/test-data/test-data/GeoIP2-Country-Test.mmdb:/var/lib/galaxy/geoip.mmdb:ro
     networks:
       - galaxy-net
@@ -182,5 +195,3 @@ networks:
 volumes:
   postgres-data:
     name: galaxy-local-dev-postgres-data
-  game-state:
-    name: galaxy-local-dev-game-state