zgbrenner swaps Gary's front door from Supabase to Clerk

The sign-in and sign-up screens now run on a hosted identity service, with the database left untouched underneath.

securityinfrastructure

zgbrenner has pulled out Gary's homegrown login and signup pages and replaced them with Clerk, a third-party service that hosts polished sign-in screens and manages user sessions for you. The database stays on Supabase, the platform Gary already used; only the authentication layer moved. For a one-person, password-protected web app, this is mostly a UX upgrade rather than a technical necessity.

One caveat worth knowing before you adopt the pattern: this is the front half of a two-part change. The backend still checks the old Supabase credentials and doesn't yet recognise Clerk's, so on this commit alone the server would reject logins the browser thinks succeeded. It only works end-to-end once the second piece lands. If you're sizing up Gary, check whether both parts are in the version you're looking at.

So what Anyone self-hosting Gary or weighing Clerk for their own legal app gets a clean reference for wiring it in - but should adopt both halves, not one.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

1 commit from zgbrenner/gary, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date

aa9602ce feat: replace Supabase auth with Clerk Claude 2026-05-20 ↗ GitHub

SHA	Subject	Author	Date
`aa9602ce`	feat: replace Supabase auth with Clerk	Claude	2026-05-20	↗ GitHub
commit body Swap Gary's built-in Supabase login/signup flow for Clerk so the app can run as a protected one-person web app on Vercel. - Add @clerk/nextjs; wrap the root layout in ClerkProvider - Add Clerk middleware (proxy.ts) that protects every route except /login and /signup - Render Clerk SignIn/SignUp at the existing /login and /signup URLs - Back the useAuth() compatibility hook with Clerk instead of Supabase - Replace the sidebar account dropdown with Clerk UserButton - Send the Clerk session token on backend requests via a shared helper - Remove the Supabase client, JWT helper, and @supabase/* frontend deps - Document Clerk env vars and setup in the env examples and docs The separate Express backend still verifies Supabase JWTs; swapping it to verify Clerk tokens is a documented follow-up. https://claude.ai/code/session_018GMAE164ehpBTxzBdsof9r

commit body

Swap Gary's built-in Supabase login/signup flow for Clerk so the app can
run as a protected one-person web app on Vercel.

- Add @clerk/nextjs; wrap the root layout in ClerkProvider
- Add Clerk middleware (proxy.ts) that protects every route except
  /login and /signup
- Render Clerk SignIn/SignUp at the existing /login and /signup URLs
- Back the useAuth() compatibility hook with Clerk instead of Supabase
- Replace the sidebar account dropdown with Clerk UserButton
- Send the Clerk session token on backend requests via a shared helper
- Remove the Supabase client, JWT helper, and @supabase/* frontend deps
- Document Clerk env vars and setup in the env examples and docs

The separate Express backend still verifies Supabase JWTs; swapping it to
verify Clerk tokens is a documented follow-up.

https://claude.ai/code/session_018GMAE164ehpBTxzBdsof9r

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-568.md from inside the repo you want the changes in.

⬇ Download capture-thread-568.md