CRITICAL: Implement Token Minting for local-dev-user Service Account

## Overview

**Priority:** 🔴 CRITICAL  
**Effort:** 2-3 hours  
**Related PR:** #246  
**Mentioned in:** All 6 automated code reviews

Implement proper token minting for `local-dev-user` service account in local development mode.

---

## Problem

Current implementation uses backend SA (cluster-admin) instead of minting scoped token.

**Security Impact:**
- Cannot test RBAC locally
- Dev mode uses unrestricted permissions  
- Violates CLAUDE.md standards

---

## Solution

Implement TokenRequest API to mint tokens for local-dev-user with namespace-scoped permissions.

**Location:** `components/backend/handlers/middleware.go:340-345`

---

## Acceptance Criteria

- [ ] Token minting using TokenRequest API
- [ ] Error handling for missing SA
- [ ] Tests 26, 28, 21.1, 21.2 pass
- [ ] Local dev workflow functions correctly
- [ ] RBAC boundaries testable

---

## References

- `docs/SECURITY_DEV_MODE.md:100-131`
- `tests/local-dev-test.sh:792-890` (Test 26)
- All 6 code reviews on PR #246

---

**Timeline:** Complete within 1 week of PR #246 merge

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CRITICAL: Implement Token Minting for local-dev-user Service Account #322

Overview

Problem

Solution

Acceptance Criteria

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CRITICAL: Implement Token Minting for local-dev-user Service Account #322

Description

Overview

Problem

Solution

Acceptance Criteria

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions