refactor: simplify to minimal Next.js starter (remove auth/db, retain UI stack)

[techwithanirudh]

Summary

Transform the repository into a minimal, clean Next.js starter with no authentication and no database, while preserving the existing UI stack (Tailwind CSS v4, shadcn/ui, dark mode, toasts, progress bar) and App Router structure. This lowers the barrier to entry, removes required env vars, and provides a clear foundation for teams to build on and add auth/DB later.

Changes since main

• Authentication removed entirely

  • Deleted server/client auth code and routes: src/server/auth/**, src/lib/auth-client.ts, src/app/api/auth/**, src/app/auth/**, src/app/account/**, src/routes.ts, and src/middleware.ts
  • Providers simplified: removed AuthUIProvider; kept ThemeProvider, sonner Toaster, and @bprogress/next progress bar
  • Cleaned styles to remove better-auth-ui CSS import

• Database removed entirely

  • Deleted Drizzle/Neon setup and artifacts: src/server/db/**, drizzle.config.ts, and drizzle/**

• Starter pages and API

  • Home page replaced with a simple landing hero and stack overview
  • Added /about and /components pages (components page showcases shadcn/ui examples: Button, Card, Input)
  • Added /api/health endpoint that returns { status: "ok" }
  • Header updated to a simple nav (Home, About, Components) with a GitHub link

• Env and configuration cleanup

  • src/env.ts: removed DATABASE_URL, BETTER_AUTH_SECRET, CORS_ORIGIN; only optional NEXT_PUBLIC_BASE_URL remains; zero required env vars
  • next.config.ts: retains safe env load and generic security headers

• Branding/metadata

  • src/lib/constants.tsx and src/lib/metadata.ts: generic starter copy
  • Renamed the logo component file to a generic name: src/components/logos/mark.tsx

• Docs and package cleanup

  • package.json: removed auth/DB deps and scripts; renamed package to nextjs-starter
  • .env.example: minimal, no required variables
  • README.md: updated to describe the minimal Next.js starter and how to add auth/DB later

Impact

• Breaking changes: All auth and database code has been removed (including routes /auth/*, /api/auth/*, account pages, middleware gate). This is intentional for a clean base starter.
• The app runs with zero required env vars. Optional NEXT_PUBLIC_BASE_URL is supported for metadata/sitemap.
• The UI stack remains intact: Tailwind v4, shadcn/ui, next-themes, sonner, bprogress.

Acceptance criteria mapping

• No imports/references to better-auth, better-auth-ui, @better-auth/cli, drizzle-orm, drizzle-kit, @neondatabase/serverless remain
• No DATABASE_URL, BETTER_AUTH_SECRET, CORS_ORIGIN in code or .env.example
• Routes exist and render: /, /about, /components; API: /api/health returns { status: 'ok' }
• Builds and runs without .env (after installing dependencies)
• Lint/typecheck should pass after install; happy to follow up with CI or run checks as requested

Follow-ups (optional)

• Add a simple CI workflow to run lint, typecheck, and build on PRs
• Expand /components to include more shadcn/ui examples (Tooltip, DropdownMenu, Select, Avatar)
• Provide a guide to add Better Auth and Drizzle back in, if desired

₍ᐢ•(ܫ)•ᐢ₎ Generated by Capy (view task)

Summary by CodeRabbit

• New Features

  • Public landing page without auth gating.
  • New About page and Components showcase.
  • Health check API endpoint.
  • Enhanced header with navigation and GitHub link.
  • Progress bar behavior refined.

• Documentation

  • README rewritten for a minimal, no-auth/no-DB starter.
  • Simplified .env.example with optional tooling variables.

• Chores

  • Renamed package to “nextjs-starter”.
  • Removed auth/database-related routes, middleware, configs, and dependencies.
  • Updated branding (app name, titles, description, logo).
  • Trimmed scripts and cleaned spelling config.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
better-auth-nextjs-starter	Ready	Preview	Comment	Sep 13, 2025 8:29am

[coderabbitai]

Walkthrough

Auth and database layers were removed, along with related middleware, routes, schemas, migrations, and tooling. The project was rebranded and simplified: new public pages (Home, About, Components), a health API route, streamlined env handling, and updated docs and constants. UI/header updated; progress provider simplified.

Changes

Cohort / File(s)	Summary
Auth & Middleware Removal src/middleware.ts, src/routes.ts, src/server/auth/index.ts, src/lib/auth-client.ts, src/app/api/auth/[...all]/route.ts, src/app/api/auth/guest/route.ts, src/app/auth/[path]/page.tsx, src/app/account/[path]/page.tsx	Removed authentication middleware, route utilities, server auth setup, client auth helpers, auth API endpoints, and auth/account pages.
Database & Migrations Removal src/server/db/index.ts, src/server/db/schema/auth.ts, src/server/db/schema/index.ts, drizzle.config.ts, drizzle/0000_powerful_ulik.sql, drizzle/meta/*	Eliminated DB client, schema exports, Drizzle config, migration SQL, and metadata snapshots.
App Pages Added/Updated src/app/page.tsx, src/app/about/page.tsx, src/app/components/page.tsx	Replaced gated home with public landing; added About and Components pages using shadcn/ui.
API Routes src/app/api/health/route.ts	Added GET health check returning JSON { status: "ok" }.
Environment & Metadata src/env.ts, src/lib/metadata.ts	Simplified env schema (removed DB/auth vars; optional NEXT_PUBLIC_BASE_URL); adjusted base URL construction and standardized quotes.
UI Shell & Header src/app/providers.tsx, src/components/header.tsx	Removed AuthUIProvider; consolidated ProgressProvider; added simple nav links and GitHub icon; removed user button.
Branding & Constants src/lib/constants.tsx, src/components/logos/mark.tsx	Updated app name/description/title template; swapped logo to new LogoMark; added SVG logo component.
Docs & Examples README.md, .env.example	Rewrote README to minimal starter; trimmed .env.example to optional tooling vars.
Tooling & Packages package.json, .cspell.json	Renamed package; removed auth/DB deps and scripts; adjusted spelling config (stop ignoring drizzle/**, removed “neondatabase” whitelist).
Styles src/styles/custom.css	Removed import of better-auth-ui/css.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant Browser
  participant App as Next.js App
  participant UI as Providers/Components

  User->>Browser: Navigate to "/"
  Browser->>App: Request Home page
  App-->>UI: Render public content (no auth checks)
  UI-->>Browser: HTML/CSS (hero, cards, links)
  Browser-->>User: Page displayed

Loading

sequenceDiagram
  autonumber
  actor Client
  participant API as /api/health
  participant Runtime as NextResponse

  Client->>API: GET /api/health
  API->>Runtime: NextResponse.json({ status: "ok" })
  Runtime-->>Client: 200 OK with JSON

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

I thump my paw—auth hops away,
Clean fields of code at break of day.
New paths to nibble: About, Components bright,
A health check squeaks, “All right, all right!”
With lighter packs we bound and start—
Minimal trails, a faster heart. 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title clearly and accurately summarizes the primary intent of the changeset: converting the repository into a minimal Next.js starter by removing auth and DB while keeping the UI stack. It is concise, descriptive, and avoids noisy details like file lists or emojis, so a teammate scanning PR history will understand the main change. The phrasing matches the PR objectives and the file-level summaries provided.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch capy/refactor-to-a-simple-23fe2f28

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 8

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/env.ts (1)

11-19: Set a better client fallback chain for BASE_URL (preview-safe).

Prefer VERCEL_URL (preview domain) before VERCEL_PROJECT_PRODUCTION_URL so metadata/canonicals are correct on previews.

   experimental__runtimeEnv: {
     NEXT_PUBLIC_BASE_URL:
-      process.env.NEXT_PUBLIC_BASE_URL ??
-      (process.env.VERCEL_PROJECT_PRODUCTION_URL
-        ? `https://${process.env.VERCEL_PROJECT_PRODUCTION_URL}`
-        : undefined),
+      process.env.NEXT_PUBLIC_BASE_URL ??
+      (process.env.VERCEL_URL
+        ? `https://${process.env.VERCEL_URL}`
+        : process.env.VERCEL_PROJECT_PRODUCTION_URL
+          ? `https://${process.env.VERCEL_PROJECT_PRODUCTION_URL}`
+          : undefined),
   },

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 790535f and e120cdd.

📒 Files selected for processing (30)

• .cspell.json (1 hunks)
• .env.example (1 hunks)
• README.md (1 hunks)
• drizzle.config.ts (0 hunks)
• drizzle/0000_powerful_ulik.sql (0 hunks)
• drizzle/meta/0000_snapshot.json (0 hunks)
• drizzle/meta/_journal.json (0 hunks)
• package.json (2 hunks)
• src/app/about/page.tsx (1 hunks)
• src/app/account/[path]/page.tsx (0 hunks)
• src/app/api/auth/[...all]/route.ts (0 hunks)
• src/app/api/auth/guest/route.ts (0 hunks)
• src/app/api/health/route.ts (1 hunks)
• src/app/auth/[path]/page.tsx (0 hunks)
• src/app/components/page.tsx (1 hunks)
• src/app/page.tsx (1 hunks)
• src/app/providers.tsx (1 hunks)
• src/components/header.tsx (1 hunks)
• src/components/logos/mark.tsx (1 hunks)
• src/env.ts (1 hunks)
• src/lib/auth-client.ts (0 hunks)
• src/lib/constants.tsx (1 hunks)
• src/lib/metadata.ts (2 hunks)
• src/middleware.ts (0 hunks)
• src/routes.ts (0 hunks)
• src/server/auth/index.ts (0 hunks)
• src/server/db/index.ts (0 hunks)
• src/server/db/schema/auth.ts (0 hunks)
• src/server/db/schema/index.ts (0 hunks)
• src/styles/custom.css (1 hunks)

💤 Files with no reviewable changes (15)

• drizzle/meta/_journal.json
• drizzle/meta/0000_snapshot.json
• src/app/account/[path]/page.tsx
• src/server/db/index.ts
• src/server/auth/index.ts
• src/middleware.ts
• src/lib/auth-client.ts
• src/server/db/schema/auth.ts
• src/app/api/auth/[...all]/route.ts
• src/server/db/schema/index.ts
• src/routes.ts
• drizzle.config.ts
• drizzle/0000_powerful_ulik.sql
• src/app/auth/[path]/page.tsx
• src/app/api/auth/guest/route.ts

🧰 Additional context used

🧬 Code graph analysis (5)

src/app/components/page.tsx (3)

src/components/ui/card.tsx (5)

• Card (85-85)
• CardHeader (86-86)
• CardTitle (88-88)
• CardDescription (90-90)
• CardContent (91-91)

src/components/ui/button.tsx (1)

• Button (59-59)

src/components/ui/input.tsx (1)

• Input (21-21)

src/components/header.tsx (2)

src/lib/constants.tsx (2)

• logo (20-20)
• APP_NAME (16-16)

src/components/ui/button.tsx (1)

• Button (59-59)

src/app/page.tsx (2)

src/components/ui/button.tsx (1)

• Button (59-59)

src/components/ui/card.tsx (4)

• Card (85-85)
• CardHeader (86-86)
• CardTitle (88-88)
• CardContent (91-91)

src/lib/metadata.ts (1)

src/env.ts (1)

• env (5-20)

src/app/providers.tsx (1)

src/components/tailwind-indicator.tsx (1)

• TailwindIndicator (1-14)

🪛 markdownlint-cli2 (0.17.2)

README.md

6-6: Lists should be surrounded by blank lines

(MD032, blanks-around-lists)

---

15-15: Lists should be surrounded by blank lines

(MD032, blanks-around-lists)

---

24-24: Lists should be surrounded by blank lines

(MD032, blanks-around-lists)

---

24-24: Bare URL used

(MD034, no-bare-urls)

---

25-25: Bare URL used

(MD034, no-bare-urls)

---

26-26: Bare URL used

(MD034, no-bare-urls)

---

29-29: Lists should be surrounded by blank lines

(MD032, blanks-around-lists)

🔇 Additional comments (7)

src/styles/custom.css (1)

29-34: iOS Dynamic Type block looks good.

No issues with the @supports rule; safe to keep.

.cspell.json (1)

12-12: Spellchecker ignorePaths update is appropriate.

Removing drizzle/** from ignores aligns with its removal from the repo.

src/app/components/page.tsx (1)

5-38: LGTM for the static showcase.

Clean, minimal examples using shadcn/ui.

src/app/about/page.tsx (1)

3-20: About page reads well and matches the starter scope.

No issues.

src/app/providers.tsx (1)

17-27: ProgressProvider props verified — types OK; confirm delay/stopDelay & startOnLoad are intentional

• height: string (default "2px") — height="2px" is correct.
• color: string (default "#0A2FFF"); options: BProgressOptions — options={{ showSpinner: false }} is valid.
• delay / stopDelay: number (default 0) — code uses 1000 (ms) which adds a 1s delay/stopDelay; confirm this UX choice.
• startOnLoad / shallowRouting: boolean (default false) — presence in JSX enables true; confirm desired behavior.

package.json (1)

1-86: Verify dependency versions and sitemap config.

• dotenv@17.2.2 is published (confirmed).
• next-sitemap.config.ts sets siteUrl to env.NEXT_PUBLIC_BASE_URL || 'https://example.com' (imports env from ./src/env.ts).
• ripgrep search returned "No files were searched" — cannot confirm removal of auth/DB refs. Re-run repo-wide search and paste results:
  rg -nPI --hidden --no-ignore-vcs '(better[-_ ]?auth|drizzle|neon|BETTER_AUTH|DATABASE_URL|CORS_ORIGIN)' -g '!node_modules/**'

src/lib/constants.tsx (1)

1-12: LGTM — branding/constants update looks consistent.

Names, description, and logo swap align with the new starter.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Prefer .env.local and verify unused vars.

Next.js commonly uses .env.local for local overrides. Also, confirm ANALYZE/SOURCE_MAPS are actually consumed.

-# You can copy this file to `.env` and uncomment values if needed.
+# You can copy this file to `.env.local` and uncomment values if needed.
 
 # Public base URL of your site (optional)
 # NEXT_PUBLIC_BASE_URL=http://localhost:3000
 
 # Build-time / tooling (optional)
 # ANALYZE=false
 # SOURCE_MAPS=false
+# NEXT_TELEMETRY_DISABLED=1

Run to verify usage:

---

🏁 Script executed:

#!/bin/bash
rg -nC2 -F "process.env.ANALYZE" || true
rg -nC2 -F "process.env.SOURCE_MAPS" || true

Length of output: 431

---

Prefer .env.local; ANALYZE and SOURCE_MAPS are used.

next.config.ts reads process.env.ANALYZE (line 45) and process.env.SOURCE_MAPS (line 13) — change the .env.example instruction to copy to .env.local and keep the ANALYZE/SOURCE_MAPS entries. Optionally add NEXT_TELEMETRY_DISABLED=1.

-# You can copy this file to `.env` and uncomment values if needed.
+# You can copy this file to `.env.local` and uncomment values if needed.
 
 # Public base URL of your site (optional)
 # NEXT_PUBLIC_BASE_URL=http://localhost:3000
 
 # Build-time / tooling (optional)
 # ANALYZE=false
 # SOURCE_MAPS=false
+# NEXT_TELEMETRY_DISABLED=1

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Environment variables are optional for this starter.
	# You can copy this file to `.env` and uncomment values if needed.
	# This file will be committed to version control, so make sure not to have any secrets in it.
	# If you are cloning this repo, create a copy of this file named `.env` and populate it with your secrets.
	# Public base URL of your site (optional)
	# NEXT_PUBLIC_BASE_URL=http://localhost:3000
	# When adding additional environment variables, the schema in "/src/env.ts"
	# should be updated accordingly.
	# Database URL
	# The database URL is used to connect to your database. It's used for commenting, and authentication.
	DATABASE_URL="postgresql://postgres:<YOUR_PASSWORD>@localhost:5432/starter"
	# Authentication
	# You can generate the secret via 'openssl rand -base64 32' on Unix
	# @see https://www.better-auth.com/docs/installation
	BETTER_AUTH_SECRET=""
	# CORS allowed origins for auth endpoints
	# Accepts a comma-separated list OR a JSON array of URLs
	CORS_ORIGIN="http://localhost:3000"
	# Production URL
	# Used for authentication and metadata generation
	NEXT_PUBLIC_BASE_URL=http://localhost:3000
	# Build-time / tooling (optional)
	# ANALYZE=false
	# SOURCE_MAPS=false
	# Environment variables are optional for this starter.
	# You can copy this file to `.env.local` and uncomment values if needed.
	# Public base URL of your site (optional)
	# NEXT_PUBLIC_BASE_URL=http://localhost:3000
	# Build-time / tooling (optional)
	# ANALYZE=false
	# SOURCE_MAPS=false
	# NEXT_TELEMETRY_DISABLED=1

🤖 Prompt for AI Agents

In .env.example around lines 1 to 9, update the usage instructions to recommend
copying to `.env.local` (not `.env`), reintroduce commented ANALYZE and
SOURCE_MAPS entries so they match next.config.ts expectations, and optionally
add a commented NEXT_TELEMETRY_DISABLED=1 line; ensure the example shows the
three variables commented out with brief labels so developers can enable ANALYZE
and SOURCE_MAPS and disable telemetry if desired.

[coderabbitai]

⚠️ Potential issue

Fix markdownlint issues (blank lines + bare URLs).

Add blank lines around lists and format URLs as Markdown links.

-Features
+- Features
+
 - Next.js (App Router) + TypeScript (strict)
@@
-Pages included
+- Pages included
+
 - `/` — Welcome page with quick links and stack overview
@@
-Getting started
+- Getting started
+
 This starter has zero required environment variables. Clone the repo and start building.
@@
-How to add Auth and DB later
+- How to add Auth and DB later
+
-- Auth: better-auth — https://better-auth.com/docs
-- UI: better-auth-ui — https://better-auth-ui.com
-- ORM/DB: Drizzle ORM — https://orm.drizzle.team/docs
+- Auth: better-auth — <https://better-auth.com/docs>
+- UI: better-auth-ui — <https://better-auth-ui.com>
+- ORM/DB: Drizzle ORM — <https://orm.drizzle.team/docs>
@@
-Notes
+- Notes
+
 - The project intentionally excludes auth and database code to give you a clean base. Add your preferred solutions when you need them.

Also applies to: 20-27, 28-35

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

6-6: Lists should be surrounded by blank lines

(MD032, blanks-around-lists)

---

15-15: Lists should be surrounded by blank lines

(MD032, blanks-around-lists)

🤖 Prompt for AI Agents

In README.md around lines 5 to 18 (and also apply to 20-27 and 28-35), the
markdown lists lack surrounding blank lines and there are bare URLs; to fix, add
a blank line before each list and after each list block, and replace any bare
URLs with proper Markdown link syntax ([text](url)) or inline link text,
ensuring list items remain unchanged; run markdownlint to verify no more
blank-line or bare-URL warnings.

[coderabbitai]

🧹 Nitpick (assertive)

Make health endpoint non-caching and add HEAD handler.

Avoid accidental caching and support HEAD. Also GET needn’t be async.

-import { NextResponse } from "next/server"
+import { NextResponse } from "next/server"

-export async function GET() {
-  return NextResponse.json({ status: "ok" })
-}
+export const revalidate = 0
+
+export function GET() {
+  return NextResponse.json({ status: "ok" })
+}
+
+export function HEAD() {
+  return new Response(null, { status: 200 })
+}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	import { NextResponse } from "next/server"
	export async function GET() {
	return NextResponse.json({ status: "ok" })
	}
	import { NextResponse } from "next/server"
	export const revalidate = 0
	export function GET() {
	return NextResponse.json({ status: "ok" })
	}
	export function HEAD() {
	return new Response(null, { status: 200 })
	}

🤖 Prompt for AI Agents

In src/app/api/health/route.ts lines 1-5, change GET to a synchronous function
that returns a non-cacheable NextResponse.json (set Cache-Control: 'no-store,
max-age=0' or use { cache: 'no-store' }), and add a HEAD handler that returns
the same status headers with no body (e.g., new NextResponse(null, { status:
200, headers })) so clients can perform HEAD requests and responses are not
cached.

[coderabbitai]

🛠️ Refactor suggestion

⚠️ Potential issue

Add rel="noopener noreferrer" for external link opened in a new tab.

Prevents window.opener leaks.

-          <Button variant="ghost" asChild>
-            <Link href="https://nextjs.org/docs" target="_blank" className="inline-flex items-center gap-2">Next.js Docs <ArrowRight className="size-4" /></Link>
-          </Button>
+          <Button variant="ghost" asChild>
+            <a href="https://nextjs.org/docs" target="_blank" rel="noopener noreferrer" className="inline-flex items-center gap-2">
+              Next.js Docs <ArrowRight className="size-4" />
+            </a>
+          </Button>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<Button variant="ghost" asChild>
	<Link href="https://nextjs.org/docs" target="_blank" className="inline-flex items-center gap-2">Next.js Docs <ArrowRight className="size-4" /></Link>
	</Button>
	<Button variant="ghost" asChild>
	<a href="https://nextjs.org/docs" target="_blank" rel="noopener noreferrer" className="inline-flex items-center gap-2">
	Next.js Docs <ArrowRight className="size-4" />
	</a>
	</Button>

🤖 Prompt for AI Agents

In src/app/page.tsx around lines 21 to 23, the external Link opens in a new tab
with target="_blank" but lacks rel="noopener noreferrer"; update the Link
element to include rel="noopener noreferrer" (e.g., add rel="noopener
noreferrer" to the Link props) so the external link does not expose
window.opener and avoids potential security/privacy issues.

[coderabbitai]

⚠️ Potential issue

Fix external link security: add rel and use instead of next/link.

External targets should use rel="noopener noreferrer" and a plain <a>.

-        <Button variant="outline" size="icon" className="size-8 rounded-full" asChild>
-          <Link href="https://github.com/techwithanirudh/better-auth-nextjs-starter" target="_blank" aria-label="GitHub repository">
-            <Github className="size-4" />
-          </Link>
-        </Button>
+        <Button variant="outline" size="icon" className="size-8 rounded-full" asChild>
+          <a
+            href="https://github.com/techwithanirudh/better-auth-nextjs-starter"
+            target="_blank"
+            rel="noopener noreferrer"
+            aria-label="GitHub repository"
+          >
+            <Github className="size-4" aria-hidden="true" />
+          </a>
+        </Button>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<Button variant="outline" size="icon" className="size-8 rounded-full" asChild>
	<Link href="https://github.com/techwithanirudh/better-auth-nextjs-starter" target="_blank" aria-label="GitHub repository">
	<Github className="size-4" />
	</Link>
	<Button variant="outline" size="icon" className="size-8 rounded-full" asChild>
	<a
	href="https://github.com/techwithanirudh/better-auth-nextjs-starter"
	target="_blank"
	rel="noopener noreferrer"
	aria-label="GitHub repository"
	>
	<Github className="size-4" aria-hidden="true" />
	</a>
	</Button>

🤖 Prompt for AI Agents

In src/components/header.tsx around lines 22 to 25, the external GitHub link
uses next/link and misses secure rel attributes; replace the Link with a plain
<a> element (still wrapped by Button via asChild) and add target="_blank"
rel="noopener noreferrer" plus the existing aria-label so the external link
opens in a new tab securely; ensure the <a> preserves the href and any
className/children (the Github icon) and remove the next/link import if no
longer used.

[coderabbitai]

🧹 Nitpick (assertive)

⚠️ Potential issue

Icon can render invisible without a fill; rename to match new branding.

fill={props.fill} removes the path fill when fill isn’t passed, inheriting svg’s fill="none" → invisible icon. Use currentColor. Also consider renaming from BetterAuth to LogoMark.

-import type { SVGProps } from 'react'
+import type { SVGProps } from 'react'

-const BetterAuth = (props: SVGProps<SVGSVGElement>) => (
+const LogoMark = (props: SVGProps<SVGSVGElement>) => (
   <svg
     xmlns="http://www.w3.org/2000/svg"
     fill="none"
     viewBox="0 0 500 500"
     width="1em"
     height="1em"
     {...props}
   >
     <path
-      fill={props.fill}
+      fill="currentColor"
       d="M69 121h86.988v259H69zM337.575 121H430v259h-92.425z"
     />
     <path
-      fill={props.fill}
+      fill="currentColor"
       d="M427.282 121v83.456h-174.52V121zM430 296.544V380H252.762v-83.456z"
     />
-    <path fill={props.fill} d="M252.762 204.455v92.089h-96.774v-92.089z" />
+    <path fill="currentColor" d="M252.762 204.455v92.089h-96.774v-92.089z" />
   </svg>
 )
 
-export default BetterAuth
+export default LogoMark

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const BetterAuth = (props: SVGProps<SVGSVGElement>) => (
	<svg
	xmlns="http://www.w3.org/2000/svg"
	fill="none"
	viewBox="0 0 500 500"
	width="1em"
	height="1em"
	{...props}
	>
	<path
	fill={props.fill}
	d="M69 121h86.988v259H69zM337.575 121H430v259h-92.425z"
	/>
	<path
	fill={props.fill}
	d="M427.282 121v83.456h-174.52V121zM430 296.544V380H252.762v-83.456z"
	/>
	<path fill={props.fill} d="M252.762 204.455v92.089h-96.774v-92.089z" />
	</svg>
	)
	export default BetterAuth
	import type { SVGProps } from 'react'
	const LogoMark = (props: SVGProps<SVGSVGElement>) => (
	<svg
	xmlns="http://www.w3.org/2000/svg"
	fill="none"
	viewBox="0 0 500 500"
	width="1em"
	height="1em"
	{...props}
	>
	<path
	fill="currentColor"
	d="M69 121h86.988v259H69zM337.575 121H430v259h-92.425z"
	/>
	<path
	fill="currentColor"
	d="M427.282 121v83.456h-174.52V121zM430 296.544V380H252.762v-83.456z"
	/>
	<path fill="currentColor" d="M252.762 204.455v92.089h-96.774v-92.089z" />
	</svg>
	)
	export default LogoMark

🤖 Prompt for AI Agents

In src/components/logos/mark.tsx around lines 3 to 24, the SVG paths use
fill={props.fill} which inherits the svg's fill="none" and can render invisible
when no fill prop is passed; also the component name BetterAuth should be
renamed to match branding (LogoMark). Replace path fill usage so it defaults to
"currentColor" (e.g., use fill="currentColor" on paths or set svg
fill="currentColor" and remove props.fill), keep props spread for other
SVGProps, and rename the component and default export from BetterAuth to
LogoMark (update any internal references and export accordingly).

[coderabbitai]

🛠️ Refactor suggestion

Use absolute OG/Twitter image URLs to avoid broken previews.

Build the image URLs from baseUrl so social scrapers don’t resolve /banner.png against arbitrary origins.

-      images: "/banner.png",
+      images: new URL("/banner.png", baseUrl).toString(),
@@
-      images: "/banner.png",
+      images: new URL("/banner.png", baseUrl).toString(),

Also applies to: 17-21

🤖 Prompt for AI Agents

In src/lib/metadata.ts around lines 12-13 (and similarly 17-21), the image
fields use a relative path ("/banner.png") which can break social previews;
replace those with absolute URLs constructed from the module's baseUrl (e.g.,
use new URL("/banner.png", baseUrl).toString() or a safe join that handles
trailing slashes) and update both the images and any openGraph/twitter image
entries to use the resulting absolute URL.

[coderabbitai]

🧹 Nitpick (assertive)

🛠️ Refactor suggestion

Preview deployments: prefer VERCEL_URL for accurate baseUrl.

Right now previews may point to the production domain if NEXT_PUBLIC_BASE_URL isn’t set. Use VERCEL_URL as the first fallback (handled in src/env.ts) and keep this file simple.

Follow-up in src/env.ts (see my comment there) to supply NEXT_PUBLIC_BASE_URL from VERCEL_URL on previews; this module can then remain unchanged.

🤖 Prompt for AI Agents

In src/lib/metadata.ts around lines 26 to 29, preview deployments may resolve to
the production domain when NEXT_PUBLIC_BASE_URL isn’t set; instead of changing
this file, update src/env.ts to populate NEXT_PUBLIC_BASE_URL from VERCEL_URL
for preview builds (e.g., set NEXT_PUBLIC_BASE_URL =
process.env.NEXT_PUBLIC_BASE_URL || (process.env.VERCEL_URL ?
`https://${process.env.VERCEL_URL}` : undefined)), ensure the env export types
reflect that value, and then leave src/lib/metadata.ts as-is so it uses the
env-provided NEXT_PUBLIC_BASE_URL.