Add auth helper functions (uid, role, jwt) to init.sql

These functions are normally created by GoTrue but our init.sql
runs first. Needed for RLS policies that use auth.uid().

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

deploy/init.sql

@@ -97,6 +97,47 @@ ALTER DATABASE postgres SET search_path TO public, extensions;
 CREATE EXTENSION IF NOT EXISTS "uuid-ossp" WITH SCHEMA extensions;
 CREATE EXTENSION IF NOT EXISTS "pgcrypto" WITH SCHEMA extensions;
 
+-- ============================================
+-- AUTH HELPER FUNCTIONS
+-- These are normally created by GoTrue, but we need them for RLS policies
+-- ============================================
+
+-- Get current user ID from JWT
+CREATE OR REPLACE FUNCTION auth.uid()
+RETURNS UUID
+LANGUAGE sql
+STABLE
+AS $$
+  SELECT COALESCE(
+    current_setting('request.jwt.claim.sub', true),
+    (current_setting('request.jwt.claims', true)::jsonb ->> 'sub')
+  )::uuid
+$$;
+
+-- Get current user role from JWT
+CREATE OR REPLACE FUNCTION auth.role()
+RETURNS TEXT
+LANGUAGE sql
+STABLE
+AS $$
+  SELECT COALESCE(
+    current_setting('request.jwt.claim.role', true),
+    (current_setting('request.jwt.claims', true)::jsonb ->> 'role')
+  )::text
+$$;
+
+-- Get JWT claim value
+CREATE OR REPLACE FUNCTION auth.jwt()
+RETURNS JSONB
+LANGUAGE sql
+STABLE
+AS $$
+  SELECT COALESCE(
+    current_setting('request.jwt.claims', true)::jsonb,
+    '{}'::jsonb
+  )
+$$;
+
 -- ============================================
 -- MIGRATION 001: Initial Schema
 -- ============================================