Who can drive client Shopify backends from Claude Code, via the shopify-admin-mcp endpoint. Members hold a personal boco_sk_ token (the store tokens stay server-side) and a role per brand: read (queries only), theme_build (buildout writes), ad_ops (+discounts/marketing/segments), or owner(everything). Sensitive ops (refunds, customer PII, theme publish) are owner-only and enforced server-side. Disable cuts all of a member's access instantly.