avameo/skillguard
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
skillguard/.agents/memory
History
amertensreplit 441c828a17 Replace Clerk with custom email+password authentication 
Task: Replace Clerk (Replit-managed) with a standalone JWT/cookie-based auth system.

## What changed

### Backend (api-server)
- Added `admin_users` table (lib/db/src/schema/adminUsers.ts) with id, email (unique), password_hash, created_at; pushed to DB with drizzle-kit push
- Replaced `resolveAuth`/`requireAdmin` in auth.ts middleware: now reads a signed HS256 JWT from the `session` httpOnly cookie (via `jose`) instead of Clerk tokens
- Added `POST /api/auth/login` (bcrypt password check → sets httpOnly cookie), `POST /api/auth/logout` (clears cookie), `GET /api/me` (unchanged contract)
- Added `seedAdminUser()` in lib/seedAdmin.ts: on startup, if no admin exists, creates one from ADMIN_EMAIL + ADMIN_PASSWORD env vars (bcrypt-hashed)
- Removed all Clerk imports from app.ts: clerkMiddleware, publishableKeyFromHost, clerkProxyMiddleware deleted
- Deleted clerkProxyMiddleware.ts entirely
- Added cookie-parser middleware to app.ts
- Removed @clerk/express, @clerk/shared from package.json; added jose, bcryptjs, @types/bcryptjs

### Frontend (skillguard)
- Removed ClerkProvider, SignIn, SignUp, ClerkQueryClientCacheInvalidator from App.tsx; replaced with plain wouter routes
- Replaced /sign-in and /sign-up routes with a single /sign-in route pointing to new LoginPage
- New LoginPage (src/pages/login.tsx): email+password form using shadcn Input/Button/Card, calls POST /api/auth/login, redirects to /admin on success
- layout.tsx: replaced useClerk/useUser with useGetMe() + fetch POST /api/auth/logout
- require-admin.tsx: unchanged logic (already used useGetMe()), updated comment
- Removed @clerk/react, @clerk/localizations, @clerk/themes from package.json
- Added signInButton + loginError i18n keys to all 3 locales (de/en/es)

## New secrets required
- SESSION_SECRET (already existed)
- ADMIN_EMAIL (new — first admin email)
- ADMIN_PASSWORD (new — first admin password, stored as bcrypt hash)

## Removed env vars
- CLERK_SECRET_KEY, CLERK_PUBLISHABLE_KEY, VITE_CLERK_PUBLISHABLE_KEY, VITE_CLERK_PROXY_URL (can be deleted from secrets)

## Test results
All 79 tests pass.

Replit-Task-Id: 41d32d48-8f20-44bc-b665-a2becb83e503
2026-06-16 21:22:55 +00:00
..
api-client-codegen-staleness.md Unpack .skill files & show folder tree with copyable hashes 2026-06-11 01:27:21 +00:00
api-server-fetch-mocking-in-tests.md Add automated tests for model discovery (POST /providers/list-models) 2026-06-10 21:20:17 +00:00
api-server-local-curl.md Add skill version timeline (fingerprint lineage) 2026-06-10 19:47:39 +00:00
clerk-shadcn-theme-tailwind.md Merged changes from qt0ebghx/main 2026-06-11 05:23:53 +00:00
custom-jwt-auth.md Replace Clerk with custom email+password authentication 2026-06-16 21:22:55 +00:00
lucide-icon-name-collisions.md SkillGuard: complete frontend wiring and harden backend 2026-06-08 14:59:17 +00:00
MEMORY.md Replace Clerk with custom email+password authentication 2026-06-16 21:22:55 +00:00
ndjson-streaming-express-replit.md Add live progress updates and detailed scan checkpoints to scan results 2026-06-10 18:53:17 +00:00
openai-temperature-gpt5.md Add live progress updates and detailed scan checkpoints to scan results 2026-06-10 18:53:17 +00:00
rules-endpoint-localization.md Add DE/EN/ES multilingual support to SkillGuard (Task #49) 2026-06-13 09:05:57 +00:00
skill-fingerprint-matching.md Add Skill-Fingerprint database & report comparison 2026-06-10 19:34:46 +00:00
skillguard-stale-codegen-and-migrations.md Show skill description excerpt in scan overview (Task #23) 2026-06-10 21:19:54 +00:00