fix(auth): record usedByUser on invite redemption (stacked on #28)

[Sarah Simionescu (sarahsimionescu)]

Draft — stacked on top of #28. Base is a mirror of #28's head (feat/trustclaw-invite-only-signup), so the diff below is only the fix. After #28 merges into main, retarget this PR's base to main, then mark it ready.

What

Follow-up fix for #28. In #28's user.create.before hook, the invite code is claimed (sets usedAt) before the new user's id exists, so usedByUser was left null and the admin invite list at /dashboard/admin/invites couldn't show who redeemed a code.

This adds a user.create.after hook that backfills usedByUser once the user is created. Single-use enforcement is unchanged — still keyed off the atomic usedAt claim in the before hook.

Why it's safe / scoped

• No-ops entirely when ALLOW_OPEN_SIGNUP is true (the default), so open-signup and the default Vercel template are unaffected.
• Purely additive: one after hook, no schema change, no change to the before-hook claim logic.

Verified locally (real app, isolated Postgres + Redis)

• ✅ Invite-only signup with a valid code → succeeds, and usedByUser now equals the created user's id (bound_correctly = t).
• ✅ Reusing a spent code → 400 INVALID_OR_EXPIRED_INVITE_CODE (single-use intact).
• ✅ Default mode (ALLOW_OPEN_SIGNUP unset) → signup with no code still works; the after hook no-ops.

🤖 Generated with Claude Code