Skip to content

Ensure bootstrap admin is enforced on each init run #75

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
initstring merged 6 commits into from
Jan 17, 2026
Merged

Ensure bootstrap admin is enforced on each init run #75

initstring merged 6 commits into from
Jan 17, 2026
+53 −10

Conversation

@initstring
Copy link
Owner

@initstring initstring commented Jan 17, 2026

Motivation

  • Ensure that the env-specified INITIAL_ADMIN_EMAIL admin account is present on every initialization so an SSO-configured admin can sign in even if demo mode previously seeded a different account, while preserving the policy that SSO does not auto-create arbitrary users.

Description

  • Always upsert the bootstrap admin during initialization by changing src/server/init/ensure-initialized.ts to unconditionally upsert the INITIAL_ADMIN_EMAIL, and update the unit test in src/test/init.test.ts to match the new behavior.

Testing

  • Updated the unit test src/test/init.test.ts to assert the unconditional upsert of the bootstrap admin, and no automated test runs were executed as part of this change.

Codex Task

@initstring
Copy link
Owner Author

initstring commented Jan 17, 2026

@codex review

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Jan 17, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8d61923c7f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@initstring
Copy link
Owner Author

initstring commented Jan 17, 2026

This MR fixes the plausible edge case where:

  • someone tests in demo mode
  • they then implement SSO with a real email
  • they update the env file
  • initial admin user not created again, as it already exists in DB
  • user cannot log in

I tested manually and it works well now.

@initstring initstring merged commit f181ced into main Jan 17, 2026
5 checks passed
@initstring initstring deleted the codex/investigate-sso-user-creation-implications branch January 17, 2026 10:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@initstring