ADMIN · ONBOARDING

Claim admin.

On a fresh deployment, the first person to complete this flow becomes the superadmin. The check is on the database (users.role='admin') — once an admin exists, this page shuts down and refuses further claims.

Checking onboarding availability…

Safeguards

  • Database-state gate — availability is determined by SELECT COUNT(*) FROM users WHERE role='admin', not a config flag. Resetting config can't re-enable onboarding.
  • Hard rate limit — 1 attempt per IP per minute during the bootstrap window.
  • Same magic-link primitive — onboarding uses the regular magic-link path, just with an intent='onboarding' token flag. No bypass; the email click is required.
  • Audit-logged — initiate AND completion write rows to audit_log.