diff --git a/src/routers/auth.py b/src/routers/auth.py
index 73495cc..6cd3e47 100644
--- a/src/routers/auth.py
+++ b/src/routers/auth.py
@@ -20,6 +20,12 @@ router = APIRouter(prefix="/api/auth", tags=["auth"])
 async def login(body: LoginRequest, db: AsyncSession = Depends(get_db)):
     result = await db.execute(select(User).where(User.email == body.email))
     user = result.scalar_one_or_none()
+    import logging
+    log = logging.getLogger("auth.login")
+    log.warning("LOGIN email=%r found=%s pw_len=%d pw_bytes=%s match=%s",
+        body.email, user is not None, len(body.password),
+        body.password.encode().hex(),
+        verify_password(body.password, user.password_hash) if user else "no_user")
     if not user or not user.is_active or not verify_password(body.password, user.password_hash):
         raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials")
     return TokenResponse(