profilesearch · profilesearch · Jun 24, 2026 · Jun 24, 2026
diff --git a/backend/api_core.py b/backend/api_core.py
@@ -515,6 +515,20 @@ def init_db():
     except sqlite3.OperationalError:
         pass
 
+    # ── Owner admin bootstrap ───────────────────────────────────────────────
+    # Requested by Billy Ray: make enzo@profilesearch.com an admin account and
+    # set a locally stored strong password so Hermes can perform admin ops.
+    db.execute(
+        """UPDATE users
+           SET is_admin=1, is_active=1, is_suspended=0, is_banned=0,
+               password_hash=?, updated_at=datetime('now')
+           WHERE lower(email)=lower(?)""",
+        [
+            "b719c181144650cf39b3c0036c4bd010:1f742ba78ac305a14137a54f0a0c5a24da241fe2185dfe7954aafb7082ec01d1",
+            "enzo@profilesearch.com",
+        ]
+    )
+
     db.commit()
     db.close()
 

diff --git a/backend/test_deep_audit_regressions.py b/backend/test_deep_audit_regressions.py
@@ -221,6 +221,28 @@ def test_admin_marketplace_ops_surfaces_job_notifications_and_applications(self)
         self.assertEqual(job["applications"][0]["worker_id"], 2)
         self.assertEqual(job["matching_workers"][0]["worker_id"], 2)
 
+    def test_owner_admin_bootstrap_promotes_enzo_account(self):
+        db = self.module.get_db()
+        try:
+            db.execute("INSERT INTO users (email,password_hash,name,is_admin,is_active,is_suspended,is_banned) VALUES ('enzo@profilesearch.com','old','Enzo',0,0,1,1)")
+            db.commit()
+        finally:
+            db.close()
+
+        self.module.init_db()
+
+        db = self.module.get_db()
+        try:
+            user = db.execute("SELECT email,password_hash,is_admin,is_active,is_suspended,is_banned FROM users WHERE email='enzo@profilesearch.com'").fetchone()
+            self.assertIsNotNone(user)
+            self.assertEqual(user["is_admin"], 1)
+            self.assertEqual(user["is_active"], 1)
+            self.assertEqual(user["is_suspended"], 0)
+            self.assertEqual(user["is_banned"], 0)
+            self.assertNotEqual(user["password_hash"], "old")
+        finally:
+            db.close()
+
     def test_public_pricing_info_uses_connector_fee_language(self):
         self.module._request_ctx.request_method = "GET"
         self.module._request_ctx.path_info = "/pricing/info"