fix: seed OIDC clients after DB init completes

Move OIDC client seeding into the database init IIFE to prevent
race condition where seeding runs before tables are created.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/encryptid/server.ts

@@ -5289,7 +5289,7 @@ app.get('/', (c) => {
   for (let attempt = 1; attempt <= maxRetries; attempt++) {
     try {
       await initDatabase();
-      return;
+      break;
     } catch (err) {
       console.error(`EncryptID: Database init attempt ${attempt}/${maxRetries} failed:`, (err as Error).message);
       if (attempt === maxRetries) {
@@ -5299,19 +5299,8 @@ app.get('/', (c) => {
       await new Promise(r => setTimeout(r, attempt * 2000));
     }
   }
-})();
 
-// Clean expired challenges, recovery tokens, fund claims, and OIDC codes every 10 minutes
+  // Seed OIDC clients from environment (after DB is ready)
-setInterval(() => {
-  cleanExpiredChallenges().catch(() => {});
-  cleanExpiredRecoveryTokens().catch(() => {});
-  cleanExpiredFundClaims().catch(() => {});
-  cleanExpiredOidcCodes().catch(() => {});
-  cleanExpiredIdentityInvites().catch(() => {});
-}, 10 * 60 * 1000);
-
-// Seed OIDC clients from environment (OIDC_CLIENTS=json array or individual env vars)
-(async () => {
   try {
     const clientsJson = process.env.OIDC_CLIENTS;
     if (clientsJson) {
@@ -5324,6 +5313,15 @@ setInterval(() => {
   }
 })();
 
+// Clean expired challenges, recovery tokens, fund claims, and OIDC codes every 10 minutes
+setInterval(() => {
+  cleanExpiredChallenges().catch(() => {});
+  cleanExpiredRecoveryTokens().catch(() => {});
+  cleanExpiredFundClaims().catch(() => {});
+  cleanExpiredOidcCodes().catch(() => {});
+  cleanExpiredIdentityInvites().catch(() => {});
+}, 10 * 60 * 1000);
+
 console.log(`
 ╔═══════════════════════════════════════════════════════════╗
 ║                                                           ║