Skip to main content

Rover BetterAuth Production Readiness

What Happened

The BetterAuth migration PR (#83) merged to main. This session resolved the remaining CI blockers and cleaned up an architectural issue on the rover app.

Key Outcomes

1. CI Pipeline Fully Green (Rover)

All three Rover gates — lint, typecheck, build — now pass for the first time since the migration branch was created. The Vercel deployment also succeeds. The remaining CI failures (BFF tests, E2E, Sparki) are pre-existing on main and unrelated to auth.

2. Public Landing Page Removed

The rover app (rover.so1.io) was serving a marketing landing page at /systems to unauthenticated visitors. This created confusion: the app domain showed marketing content with disabled nav items instead of a login redirect. Visitors expected the app, got a brochure. Resolution: Deleted the (public) route group entirely. The root URL now redirects to /dashboard, and the middleware redirects unauthenticated users to /auth/login. Marketing content belongs on so1.io.

3. Vercel Deployment Gap Identified

Auth will not function on production until PostgreSQL credentials and BetterAuth secrets are configured in the Vercel project settings. This is the last manual step before rover.so1.io has a working login flow.

Business Impact

  • Unblocked merge: PR #83 merged cleanly after 8 days of development
  • Reduced vendor cost: Clerk eliminated, BetterAuth is self-hosted and free
  • Auth consistency: All three products (sparki, smo1, so1) now share the same auth stack
  • Deployment readiness: Code is production-ready; only Vercel env config remains

Next Steps

  1. Configure DATABASE_URL + BETTER_AUTH_SECRET on Vercel
  2. Set up GitHub OAuth app for rover.so1.io callback
  3. Validate login flow on production
  4. Separate cleanup PR: remove 31 submodule gitlinks, delete stale package-lock.json