diff --git a/db/farmmarket-db b/db/farmmarket-db
index f5b5389..62b2750 160000
--- a/db/farmmarket-db
+++ b/db/farmmarket-db
@@ -1 +1 @@
-Subproject commit f5b5389b3b603798529c9209547fef836cef0a1f
+Subproject commit 62b2750d6ed295df1b9a062a4834b06213d240e0
diff --git a/src/routes/authRoutes.js b/src/routes/authRoutes.js
index 30d995a..170252d 100644
--- a/src/routes/authRoutes.js
+++ b/src/routes/authRoutes.js
@@ -2,6 +2,7 @@
 const express = require('express');
 const crypto = require('crypto');
 const db = require('../db');
+const config = require('../config');
 const { sendOtpSms } = require('../services/smsService');
 const { createOtp, verifyOtp } = require('../services/otpService');
 const {
@@ -711,7 +712,7 @@ router.post(
       console.log(`[AUTH] Token refresh: userId=${userId}, deviceId=${deviceId}, ip=${clientIp}`);
       
       const newAccess = signAccessToken(user, { highAssurance: hasRecentOtp });
-      console.log(`[AUTH] New access token generated: userId=${userId}, expiresIn=${ACCESS_TTL}`);
+      console.log(`[AUTH] New access token generated: userId=${userId}, expiresIn=${config.jwtAccessTtl}`);
       
       const newRefresh = await rotateRefreshToken({
         tokenRow,
diff --git a/src/services/otpService.js b/src/services/otpService.js
index d57390e..7d11698 100644
--- a/src/services/otpService.js
+++ b/src/services/otpService.js
@@ -52,7 +52,20 @@ function generateOtpCode() {
  * @returns {Promise<{code: string}>} - The generated OTP code
  */
 async function createOtp(phoneNumber) {
-  const code = generateOtpCode();
+  // === DEBUGGING: TEST OTP BYPASS ===
+  // For testing purposes, always generate OTP "123456" for phone number "1234567890"
+  // Handle both formats: "1234567890" (raw) and "+911234567890" (normalized)
+  const testPhoneNumbers = ["1234567890", "+911234567890"];
+  const testOtpCode = "123456";
+  const normalizedPhone = phoneNumber.trim();
+  
+  // Use test OTP code for test phone number
+  const code = testPhoneNumbers.includes(normalizedPhone) ? testOtpCode : generateOtpCode();
+  
+  if (testPhoneNumbers.includes(normalizedPhone)) {
+    console.log('[OTP Service] 🔧 DEBUG MODE: Test OTP generated for phone:', normalizedPhone, '- Code:', testOtpCode);
+  }
+  
   const expiresAt = new Date(Date.now() + OTP_EXPIRY_MS);
   const otpHash = await bcrypt.hash(code, 10);
 
@@ -103,6 +116,23 @@ async function createOtp(phoneNumber) {
  * - All code paths take similar execution time regardless of outcome
  */
 async function verifyOtp(phoneNumber, code) {
+  // === DEBUGGING: TEST OTP BYPASS ===
+  // For testing purposes, allow OTP "123456" for phone number "1234567890"
+  // Handle both formats: "1234567890" (raw) and "+911234567890" (normalized)
+  const testPhoneNumbers = ["1234567890", "+911234567890"];
+  const testOtpCode = "123456";
+  
+  // Normalize code to string for comparison (handles both string and number inputs)
+  const codeStr = String(code).trim();
+  const normalizedPhone = phoneNumber.trim();
+  
+  // Check if this is a test phone number with test OTP code
+  if (testPhoneNumbers.includes(normalizedPhone) && codeStr === testOtpCode) {
+    console.log('[OTP Service] 🔧 DEBUG MODE: Test OTP bypass activated for phone:', normalizedPhone);
+    // Return success immediately without database check
+    return { ok: true };
+  }
+  
   // === SECURITY HARDENING: FIELD-LEVEL ENCRYPTION ===
   // For search, we need to handle encrypted phone numbers
   // Since encryption uses random IV, we can't encrypt and match directly