fix(database): prevent duplicate admin creation during database initialization

server/config/database.js

@@ -444,13 +444,17 @@ export async function initDatabase() {
     const adminEmail = process.env.ADMIN_EMAIL || 'admin@example.com';
     const adminPassword = process.env.ADMIN_PASSWORD || 'admin123';
 
-    const hash = bcrypt.hashSync(adminPassword, 12);
-    await db.run(
-      'INSERT INTO users (name, display_name, email, password_hash, role, email_verified) VALUES (?, ?, ?, ?, ?, 1)',
-      ['Administrator', 'Administrator', adminEmail, hash, 'admin']
-    );
+    // Check if admin already exists (upgrade from older version without the flag)
+    const existing = await db.get('SELECT id FROM users WHERE email = ?', [adminEmail]);
+    if (!existing) {
+      const hash = bcrypt.hashSync(adminPassword, 12);
+      await db.run(
+        'INSERT INTO users (name, display_name, email, password_hash, role, email_verified) VALUES (?, ?, ?, ?, ?, 1)',
+        ['Administrator', 'Administrator', adminEmail, hash, 'admin']
+      );
+      log.db.info(`Default admin created: ${adminEmail}`);
+    }
     // Mark as seeded so it never runs again, even if the admin email is changed
     await db.run("INSERT INTO settings (key, value) VALUES ('admin_seeded', '1')");
-    log.db.info(`Default admin created: ${adminEmail}`);
   }
 }