nfs-add-authlisted
Install: claude install-skill juncoding/nextjs-fullstack-starter
# Add Better Auth to an existing scaffold
Use when the user has a project from `nextjs-fullstack-starter` that initially chose `auth=skip` and now wants to wire in real authentication.
## Pre-flight checks
Refuse if any of these is true:
1. `src/server/modules/` doesn't exist — the project wasn't scaffolded with this plugin.
2. `src/server/auth/index.ts` already exists — auth is already wired. Suggest `/nfs-review-project` instead.
3. The Prisma schema already has a `User` model and the user hasn't asked to merge — clarify first whether to extend their model or replace it.
## Plan, then confirm
Walk the user through what you're about to do and ask for confirmation before running anything:
1. Add Better Auth packages to `package.json`:
- `better-auth`
- `better-auth/adapters/prisma` (peer)
2. Add Prisma models for `User`, `Session`, `Account`, `Verification`.
3. Add RBAC models (`Role`, `Permission`, `UserRole`, `RolePermission`).
4. Write `src/server/auth/index.ts` (Better Auth config).
5. Write `src/server/auth/session.ts` (`requireSession`).
6. Write `src/server/auth/permissions.ts` (`requirePermission`).
7. Write `src/app/api/auth/[...all]/route.ts`.
8. Write `src/app/(auth)/login/page.tsx`.
9. Update `src/app/(dashboard)/layout.tsx` to call `requireSession()`.
10. Add `BETTER_AUTH_URL` and `BETTER_AUTH_SECRET` to `src/env.ts` and `.env.example`.
11. Seed default roles (`admin`, `viewer`) and one permission scope (`example:read`) so the example service has som