AGENTS.md — Better Auth

Setup

• One server instance: export const auth = betterAuth({ … }) in lib/auth.ts (server-only).
• Secrets from env: BETTER_AUTH_SECRET, BETTER_AUTH_URL.
• Persist via a database adapter (drizzleAdapter / prismaAdapter); generate schema with npx @better-auth/cli generate.

Conventions

• Mount the handler once (Next App Router: app/api/auth/[...all]/route.ts → toNextJsHandler(auth)).
• Client via createAuthClient() from better-auth/react; mirror each server plugin with its client plugin.
• In Next, nextCookies() is the last plugin.
• Server session: auth.api.getSession({ headers: await headers() }).
• Add features through official plugins (twoFactor, passkey, organization, magicLink, admin).

Banned

• Importing the server auth instance into client bundles.
• Hardcoded secrets instead of env.
• Manually parsing the session cookie instead of auth.api.getSession.
• nextCookies() not placed last; hand-edited auth tables.