webdev-pipeline/backlog/tasks/task-3 - Add-Better-Auth-admin-authentication.md

id, title, status, assignee, created_date, labels, dependencies, references, priority, ordinal

id	title	status	assignee	created_date	labels	dependencies	references	priority	ordinal
TASK-3	Add Better Auth admin authentication	To Do		2026-06-03 19:12	mvp auth security	TASK-2	PRD.md	high	3000

Description

Add the MVP authentication layer using Better Auth with Convex integration. The MVP is single-user focused: one admin user protects the dashboard while public audit pages remain accessible without login according to their publication status.

Acceptance Criteria

• #1 Better Auth is integrated with Convex and the Next.js app
• #2 Email/password login protects all internal dashboard routes
• #3 Public audit routes remain accessible without dashboard authentication
• #4 Session handling survives refreshes and rejects unauthenticated dashboard access
• #5 Password-change or admin-account maintenance path is available or explicitly documented for MVP operation

Implementation Plan

1. Install and configure Better Auth with Convex integration.
2. Add login/logout flows using shadcn-compatible UI.
3. Protect dashboard route groups with server-side/session checks.
4. Keep public audit pages outside the protected route boundary.
5. Test authenticated, unauthenticated, and logout flows.