Add db/dev-snapshot.sql with Stephan's local working state

Full mariadb-dump (schema + data) from the live develop instance,
post-NFP-18 migration. Includes test data new devs can immediately
poke at instead of staring at an empty dashboard.

Contents:
  - 36 tables (full schema)
  - 2 users (admin@finetune.ai/admin123, testuser@example.com/test123)
  - 5 datasets, 1 job (Support Bot v1, completed), 1 model
  - 1 user_billing row, 5 user_settings rows
  - 8 email_templates, 3 ACL roles, all migrations table state

Sanitization applied at the end of the dump (POST-LOAD block):
  - user.user_pass set to NULL (legacy AES-encrypted passwords;
    post-NFP-18 auth uses user_password_hash only)
  - user_settings values for keys matching token/key/secret/password/api
    set to empty string (devs add their own HF token, etc.)
  - user_password_hash for both default users reset to freshly-generated
    argon2id hashes that verify against the documented plaintexts

bootstrap-db.sh adds NFP_USE_SNAPSHOT=1 to load this instead of the
clean 3-file path. Both routes arrive at the same credentials.

Verified end-to-end:
  - dump loads on a fresh DB (exit 0)
  - both default credentials authenticate via password_verify
  - all data rows preserved
  - no credential-shaped strings in non-comment lines

README.md

@@ -12,8 +12,25 @@ bootstrap-db.sh        ← one-command DB initialization
 db/01-schema.sql       ← MariaDB schema (no data)
 db/02-seed.sql         ← reference data: ACL, email templates, API registry
 db/03-default-users.sql ← admin@finetune.ai / admin123 and testuser@example.com / test123
+db/dev-snapshot.sql    ← Stephan's working state with test data — 5 datasets, 1 job,
+                         1 model, etc. Secrets pre-scrubbed. Use this if you want
+                         a populated platform instead of an empty one.
 ```
 
+## Two bootstrap modes
+
+**Clean install** (default) — empty platform, just users + reference data:
+```bash
+./bootstrap-db.sh
+```
+
+**Dev snapshot** — Stephan's local state with test data preloaded:
+```bash
+NFP_USE_SNAPSHOT=1 ./bootstrap-db.sh
+```
+
+Both arrive at the same credentials (`admin@finetune.ai/admin123`, `testuser@example.com/test123`). The snapshot just gives you something to look at on day 1.
+
 ## TL;DR (10 min for experienced devs)
 
 ```bash

bootstrap-db.sh

@@ -8,13 +8,16 @@
 # Defaults to the sibling repo at ../finetuning-plattform if not given.
 #
 # Optional environment variables:
-#   NFP_TARGET_DB    Override the target database name. Useful for testing
-#                    the bootstrap against a sandbox DB without wiping the
-#                    platform's live data. Default: the value of
-#                    MARIADB_DATABASE from local/.env.
-#   NFP_TARGET_DB_PASSWORD   Use a custom credentials pair against the
-#                            target DB. Defaults to MARIADB_USER /
-#                            MARIADB_PASSWORD from local/.env.
+#   NFP_TARGET_DB        Override the target database name. Useful for testing
+#                        the bootstrap against a sandbox DB without wiping the
+#                        platform's live data. Default: MARIADB_DATABASE from
+#                        local/.env (i.e. neuronetz_finetune).
+#
+#   NFP_USE_SNAPSHOT=1   Load db/dev-snapshot.sql (Stephan's working state with
+#                        test data — 5 datasets, 1 job, 1 model, etc.) instead
+#                        of the clean 3-file path. Default: 0 (clean install).
+#                        Secrets are pre-scrubbed; both default credentials
+#                        still authenticate (admin/admin123, test/test123).
 
 set -euo pipefail
 
@@ -31,8 +34,8 @@ fi
 # shellcheck disable=SC1091
 set -a; . "$PLATFORM_DIR/local/.env"; set +a
 
-# Allow target DB override (NFP_TARGET_DB) for sandbox tests
 TARGET_DB="${NFP_TARGET_DB:-$MARIADB_DATABASE}"
+USE_SNAPSHOT="${NFP_USE_SNAPSHOT:-0}"
 
 CONTAINER="neuro-finetuning-platform-mariadb-1"
 
@@ -41,7 +44,12 @@ if ! docker ps --format '{{.Names}}' | grep -q "^${CONTAINER}$"; then
     exit 2
 fi
 
-echo "[1/4] Waiting for MariaDB to accept connections (target DB: ${TARGET_DB})..."
+run_sql() {
+    local file=$1
+    docker exec -i "$CONTAINER" mariadb -u "$MARIADB_USER" -p"$MARIADB_PASSWORD" "$TARGET_DB" < "$file"
+}
+
+echo "Waiting for MariaDB to accept connections (target: ${TARGET_DB})..."
 for i in {1..30}; do
     if docker exec "$CONTAINER" mariadb -u "$MARIADB_USER" -p"$MARIADB_PASSWORD" -e "SELECT 1" "$TARGET_DB" >/dev/null 2>&1; then
         break
@@ -49,20 +57,25 @@ for i in {1..30}; do
     sleep 1
 done
 
-echo "[2/4] Loading schema (01-schema.sql)..."
-docker exec -i "$CONTAINER" mariadb -u "$MARIADB_USER" -p"$MARIADB_PASSWORD" "$TARGET_DB" \
-    < "$DELTA_DIR/db/01-schema.sql"
-
-echo "[3/4] Loading seed data (02-seed.sql)..."
-docker exec -i "$CONTAINER" mariadb -u "$MARIADB_USER" -p"$MARIADB_PASSWORD" "$TARGET_DB" \
-    < "$DELTA_DIR/db/02-seed.sql"
-
-echo "[4/4] Loading default users (03-default-users.sql)..."
-docker exec -i "$CONTAINER" mariadb -u "$MARIADB_USER" -p"$MARIADB_PASSWORD" "$TARGET_DB" \
-    < "$DELTA_DIR/db/03-default-users.sql"
+if [[ "$USE_SNAPSHOT" == "1" ]]; then
+    echo "[snapshot] Loading dev-snapshot.sql (Stephan's working state)..."
+    run_sql "$DELTA_DIR/db/dev-snapshot.sql"
+else
+    echo "[1/3] Loading schema (01-schema.sql)..."
+    run_sql "$DELTA_DIR/db/01-schema.sql"
+    echo "[2/3] Loading seed data (02-seed.sql)..."
+    run_sql "$DELTA_DIR/db/02-seed.sql"
+    echo "[3/3] Loading default users (03-default-users.sql)..."
+    run_sql "$DELTA_DIR/db/03-default-users.sql"
+fi
 
 echo
-echo "✓ Database '${TARGET_DB}' bootstrapped."
+if [[ "$USE_SNAPSHOT" == "1" ]]; then
+    echo "✓ Database '${TARGET_DB}' bootstrapped from dev snapshot."
+    echo "  Includes Stephan's test data: 5 datasets, 1 job (Support Bot v1), 1 model."
+else
+    echo "✓ Database '${TARGET_DB}' bootstrapped from clean install."
+fi
 echo
 echo "  admin@finetune.ai     / admin123    (superuser)"
 echo "  testuser@example.com  / test123     (user)"