Bug: node space user create can silently seal passwords with auth keys the running supervisor cannot read

[manavjaiswal]

When I set up space-agent with node space supervise and then created a user with node space user create, login failed with a generic Invalid username or password even though the password was correct.

What I found:

• The supervisor and the CLI were using different auth-key stores.
• Password verifiers are sealed, so the running server could not open the verifier written by the CLI.
• The result was a login failure that looked like a bad password even though the password itself was correct.

What I expected:

• A user created with node space user create ... should be able to log in to the currently running supervised server, or the CLI/supervisor should make the auth-key dependency very explicit.

What I think should be improved:

• Document that node space user create must use the same auth secrets as the running supervisor.
• Consider making the CLI/supervisor auth-key source easier to share or detect so this mismatch cannot happen silently.
• Consider a clearer error than Invalid username or password when the verifier cannot be opened with the current auth keys.

Steps to reproduce:

1. Create a user with node space user create <username> --password "<password>" --groups _admin
2. Start the supervisor on port 3000
3. Try logging in with that user and password

Notes:

• After recreating the user with the same auth key pair used by the supervisor child, login worked.