from sqlalchemy import select
from sqlalchemy.orm import Session

from app.auth.security import hash_password
from app.core.config import settings
from app.models import User


def ensure_initial_admin(db: Session) -> None:
    existing = db.scalar(select(User).where(User.email == settings.initial_admin_email))
    if existing:
        return

    user = User(
        email=settings.initial_admin_email,
        display_name="Initial Owner",
        hashed_password=hash_password(settings.initial_admin_password),
        role="owner",
        is_active=True,
    )
    db.add(user)
    db.commit()