Initial commit

I asked claude to scaffold a project.
I also made changes to it afterwards but they were mostly in getting workflows and testing stuff.

surreal/auth.surql

@@ -0,0 +1,18 @@
+-- surreal/auth.surql
+-- Run after schema.surql.
+-- SURREAL_JWT_SECRET must be set as an env var when starting the SurrealDB process.
+-- The key is read at runtime via env::get() — nothing needs to be changed in this file.
+
+DEFINE ACCESS account ON DATABASE TYPE RECORD
+  SIGNUP (
+    CREATE user SET
+      email    = $email,
+      username = $username,
+      password = crypto::argon2::generate($password)
+  )
+  SIGNIN (
+    SELECT * FROM user
+    WHERE email = $email
+    AND crypto::argon2::compare(password, $password)
+  )
+  WITH JWT ALGORITHM HS512 KEY env::get("SURREAL_JWT_SECRET");