Index: app/lib/actions.ts
===================================================================
--- app/lib/actions.ts	(revision 54323a7e8e5026db0c04665efb042a95f414da58)
+++ app/lib/actions.ts	(revision 9cae1de7ef0657285866cbba6d2bb5c7c7323d05)
@@ -61,4 +61,8 @@
     const { name, email, password, redirectTo } = parsed.data;
 
+    // sanitize redirect
+    const safeRedirect =
+        redirectTo?.startsWith('/') ? redirectTo : '/home';
+
     const existing =
         await sql`SELECT id FROM users WHERE email=${email}`;
@@ -70,15 +74,25 @@
     const hashed = await bcrypt.hash(password, 10);
 
-    await sql`
-    INSERT INTO users (name, email, password)
-    VALUES (${name}, ${email}, ${hashed})
-  `;
+    try {
+        await sql`
+            INSERT INTO users (name, email, password)
+            VALUES (${name}, ${email}, ${hashed})
+        `;
+    } catch {
+        return 'Failed to create user.';
+    }
 
-    // auto-login
-    await signIn('credentials', {
-        email,
-        password,
-        redirectTo: redirectTo || '/home',
-    });
+    try {
+        await signIn('credentials', {
+            email,
+            password,
+            redirectTo: safeRedirect,
+        });
+    } catch (error) {
+        if (error instanceof AuthError) {
+            return 'Account created, but auto-login failed. Please log in.';
+        }
+        throw error;
+    }
 }