Goal
Replace the current NextAuth-based authentication stack with Better Auth.
Current code context
package.json depends on next-auth.
app/api/auth/[...nextauth]/route.ts exports handlers from lib/auth.ts.
lib/auth.ts currently owns:
- password credentials with auto-registration
- Sealos credentials provider
- GitHub App OAuth provider
- JWT session callbacks exposing
session.user.id
- custom iframe-compatible
next-auth.* cookies
auth() is used broadly across server pages, API wrappers, server actions, and services:
lib/api-auth.ts
lib/actions/*.ts
lib/services/repoService.ts
app/(dashboard)/**
app/api/**
app/(auth)/login/page.tsx imports signIn from next-auth/react.
lib/fetch-client.ts manually clears next-auth.* cookies on 401.
lib/k8s/k8s-service-helper.ts imports the Session type from next-auth.
Work to scope
- Decide how Better Auth maps onto existing
User, UserIdentity, and UserConfig models.
- Add an app-level auth helper that preserves the current ergonomic contract: server code can obtain
{ user: { id, name } } without knowing provider details.
- Replace NextAuth route handlers with Better Auth handlers.
- Replace client login calls in
app/(auth)/login/page.tsx.
- Update API auth helpers in
lib/api-auth.ts.
- Replace NextAuth cookie cleanup in
lib/fetch-client.ts with Better Auth-compatible behavior.
- Remove all
next-auth imports, type augmentations, cookie names, and dependency entries.
Acceptance criteria
next-auth is no longer installed or imported anywhere.
- Authenticated server pages, server actions, and API routes can still get the current user ID.
- Password login/register behavior is preserved or intentionally replaced with documented product behavior.
- GitHub App auth/install/import flows still work, or deferred work is split into follow-up issues.
pnpm build passes.
Goal
Replace the current NextAuth-based authentication stack with Better Auth.
Current code context
package.jsondepends onnext-auth.app/api/auth/[...nextauth]/route.tsexports handlers fromlib/auth.ts.lib/auth.tscurrently owns:session.user.idnext-auth.*cookiesauth()is used broadly across server pages, API wrappers, server actions, and services:lib/api-auth.tslib/actions/*.tslib/services/repoService.tsapp/(dashboard)/**app/api/**app/(auth)/login/page.tsximportssignInfromnext-auth/react.lib/fetch-client.tsmanually clearsnext-auth.*cookies on 401.lib/k8s/k8s-service-helper.tsimports theSessiontype fromnext-auth.Work to scope
User,UserIdentity, andUserConfigmodels.{ user: { id, name } }without knowing provider details.app/(auth)/login/page.tsx.lib/api-auth.ts.lib/fetch-client.tswith Better Auth-compatible behavior.next-authimports, type augmentations, cookie names, and dependency entries.Acceptance criteria
next-authis no longer installed or imported anywhere.pnpm buildpasses.