zgbrenner puts a lock on the front door of Gary

The fork swaps its homegrown login system for Clerk so Gary can run as a private, password-protected web app.

securityinfrastructure

zgbrenner rebuilt Gary's sign-in around Clerk - a hosted service that handles login screens and gates pages behind a password - rather than keep maintaining a hand-built auth flow. The old system was ripped out entirely, so there's only one way in now, and the login and signup pages were rebuilt on Clerk's hosted versions. The whole change shipped and merged in a single day.

The scope was deliberately narrow: just the front door. There's no billing, no teams or roles, no separation of one user's data from another's. zgbrenner is candid that this protects the app, not the data - Gary is treated as a single-person tool for now, and locking down the back-end so each user only sees their own files is flagged as the next job, not done here.

So what Worth a look if you're watching how solo builders stand up a private, deployable version of Mike - but note the data-isolation work is explicitly still ahead.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

1 commit from zgbrenner/gary, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date

aa9602ce feat: replace Supabase auth with Clerk Claude 2026-05-20 ↗ GitHub

SHA	Subject	Author	Date
`aa9602ce`	feat: replace Supabase auth with Clerk	Claude	2026-05-20	↗ GitHub
commit body Swap Gary's built-in Supabase login/signup flow for Clerk so the app can run as a protected one-person web app on Vercel. - Add @clerk/nextjs; wrap the root layout in ClerkProvider - Add Clerk middleware (proxy.ts) that protects every route except /login and /signup - Render Clerk SignIn/SignUp at the existing /login and /signup URLs - Back the useAuth() compatibility hook with Clerk instead of Supabase - Replace the sidebar account dropdown with Clerk UserButton - Send the Clerk session token on backend requests via a shared helper - Remove the Supabase client, JWT helper, and @supabase/* frontend deps - Document Clerk env vars and setup in the env examples and docs The separate Express backend still verifies Supabase JWTs; swapping it to verify Clerk tokens is a documented follow-up. https://claude.ai/code/session_018GMAE164ehpBTxzBdsof9r

commit body

Swap Gary's built-in Supabase login/signup flow for Clerk so the app can
run as a protected one-person web app on Vercel.

- Add @clerk/nextjs; wrap the root layout in ClerkProvider
- Add Clerk middleware (proxy.ts) that protects every route except
  /login and /signup
- Render Clerk SignIn/SignUp at the existing /login and /signup URLs
- Back the useAuth() compatibility hook with Clerk instead of Supabase
- Replace the sidebar account dropdown with Clerk UserButton
- Send the Clerk session token on backend requests via a shared helper
- Remove the Supabase client, JWT helper, and @supabase/* frontend deps
- Document Clerk env vars and setup in the env examples and docs

The separate Express backend still verifies Supabase JWTs; swapping it to
verify Clerk tokens is a documented follow-up.

https://claude.ai/code/session_018GMAE164ehpBTxzBdsof9r

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-568.md from inside the repo you want the changes in.

⬇ Download capture-thread-568.md