Turn bootstrap access into a real operating system.
This first-run flow establishes the permanent owner account, shop identity, invoice baseline, and the security posture the production app will depend on.
Security first
The bootstrap owner password exists only to unlock initial setup. After that, staff access should use managed credentials and session cookies.
Operational baseline
Shop code, owner details, and contact information become part of the invoice and deployment identity from day one.
Production-minded setup
If the environment or database is not ready yet, the UI calls that out clearly instead of failing silently.
First-time secure setup
Create the owner account
Complete this once to activate the app and retire the bootstrap-only entry point.