@knowcode/doc-builder 1.7.6 → 1.8.1

package/html/guides/authentication-guide.html

@@ -3,19 +3,19 @@
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <meta name="description" content="&gt; SECURITY WARNING: This basic authentication method has been deprecated and removed due to security vulnerabilities.">
-    <title>⚠️ DEPRECATED: Basic Authentication Guide</title>
+    <meta name="description" content="@knowcode/doc-builder supports enterprise-grade authentication through Supabase - a secure, scalable authentication platform. This guide explains how to...">
+    <title>Authentication Guide for @knowcode/doc-builder</title>
     
     <meta name="author" content="Lindsay Smith">
-    <meta name="keywords" content="documentation, markdown, static site generator, vercel, notion-style, authentication, login">
+    <meta name="keywords" content="documentation, markdown, static site generator, vercel, notion-style, supabase, authentication">
     <meta name="robots" content="index, follow">
     <link rel="canonical" href="https://doc-builder-delta.vercel.app/guides/authentication-guide.html">
     
     <!-- Open Graph / Facebook -->
     <meta property="og:type" content="article">
     <meta property="og:url" content="https://doc-builder-delta.vercel.app/guides/authentication-guide.html">
-    <meta property="og:title" content="⚠️ DEPRECATED: Basic Authentication Guide">
-    <meta property="og:description" content="&gt; SECURITY WARNING: This basic authentication method has been deprecated and removed due to security vulnerabilities.">
+    <meta property="og:title" content="Authentication Guide for @knowcode/doc-builder">
+    <meta property="og:description" content="@knowcode/doc-builder supports enterprise-grade authentication through Supabase - a secure, scalable authentication platform. This guide explains how to...">
     <meta property="og:image" content="https://doc-builder-delta.vercel.app/og-default.png">
     <meta property="og:site_name" content="@knowcode/doc-builder">
     <meta property="og:locale" content="en_US">
@@ -24,8 +24,8 @@
     <meta name="twitter:card" content="summary_large_image">
     <meta name="twitter:site" content="@planbbackups">
     <meta name="twitter:creator" content="@planbbackups">
-    <meta name="twitter:title" content="⚠️ DEPRECATED: Basic Authentication Guide">
-    <meta name="twitter:description" content="&gt; SECURITY WARNING: This basic authentication method has been deprecated and removed due to security vulnerabilities.">
+    <meta name="twitter:title" content="Authentication Guide for @knowcode/doc-builder">
+    <meta name="twitter:description" content="@knowcode/doc-builder supports enterprise-grade authentication through Supabase - a secure, scalable authentication platform. This guide explains how to...">
     <meta name="twitter:image" content="https://doc-builder-delta.vercel.app/og-default.png">
     
     <!-- Custom Meta Tags -->
@@ -46,6 +46,39 @@
     <link rel="stylesheet" href="/css/notion-style.css">
     
     
+    <!-- Hide content until auth check -->
+    <style>
+      body { 
+        visibility: hidden; 
+        opacity: 0; 
+        transition: opacity 0.3s ease;
+      }
+      body.authenticated { 
+        visibility: visible; 
+        opacity: 1; 
+      }
+      /* Show login/logout pages immediately */
+      body.auth-page {
+        visibility: visible;
+        opacity: 1;
+      }
+      /* Style auth button consistently */
+      .auth-btn {
+        background: none;
+        border: none;
+        color: var(--text-secondary);
+        cursor: pointer;
+        padding: 0.5rem;
+        border-radius: 0.5rem;
+        transition: all 0.2s;
+        font-size: 1.1rem;
+      }
+      .auth-btn:hover {
+        background: var(--bg-secondary);
+        color: var(--text-primary);
+      }
+    </style>
+    
     
     <!-- Favicon -->
     <link rel="icon" href="data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22 viewBox=%220 0 100 100%22><text y=%22.9em%22 font-size=%2290%22>✨</text></svg>">
@@ -54,8 +87,8 @@
 {
   "@context": "https://schema.org",
   "@type": "TechArticle",
-  "headline": "⚠️ DEPRECATED: Basic Authentication Guide",
-  "description": "> SECURITY WARNING: This basic authentication method has been deprecated and removed due to security vulnerabilities.",
+  "headline": "Authentication Guide for @knowcode/doc-builder",
+  "description": "@knowcode/doc-builder supports enterprise-grade authentication through Supabase - a secure, scalable authentication platform. This guide explains how to...",
   "author": {
     "@type": "Person",
     "name": "Lindsay Smith"
@@ -65,8 +98,8 @@
     "name": "Knowcode Ltd",
     "url": "https://knowcode.tech"
   },
-  "datePublished": "2025-07-25T13:49:06.520Z",
-  "dateModified": "2025-07-25T13:49:06.520Z",
+  "datePublished": "2025-07-26T10:20:52.380Z",
+  "dateModified": "2025-07-26T10:20:52.380Z",
   "mainEntityOfPage": {
     "@type": "WebPage",
     "@id": "https://doc-builder-delta.vercel.app/guides/authentication-guide.html"
@@ -105,10 +138,14 @@
             
             <div class="header-actions">
                 <div class="deployment-info">
-                    <span class="deployment-date" title="Built with doc-builder v1.7.5">Last updated: Jul 25, 2025, 01:49 PM UTC</span>
+                    <span class="deployment-date" title="Built with doc-builder v1.8.0">Last updated: Jul 26, 2025, 10:20 AM UTC</span>
                 </div>
                 
                 
+                <a href="../../login.html" class="auth-btn" title="Login/Logout">
+                    <i class="fas fa-sign-in-alt"></i>
+                </a>
+                
                 
                 <button id="theme-toggle" class="theme-toggle" aria-label="Toggle theme">
                     <i class="fas fa-moon"></i>
@@ -164,31 +201,17 @@
         </a>
         <div class="nav-content" id="nav-guides-1">
         <a href="/guides/authentication-default-change.html" class="nav-item" data-tooltip="Starting from version 1.7.4, @knowcode/doc-builder now defaults to no authentication for all documentation sites."><i class="fas fa-file-alt"></i> Authentication Default Change</a>
-        <a href="/guides/authentication-guide.html" class="nav-item active" data-tooltip="🚨 This authentication method has been REMOVED in version 2.0.0 due to serious security flaws."><i class="fas fa-file-alt"></i> Authentication Guide</a>
-        <a href="/guides/cache-control-anti-pattern.html" class="nav-item" data-tooltip="Cache Control Anti-Pattern: Why Aggressive Cache-Busting is Bad for Documentation Sites."><i class="fas fa-file-alt"></i> Cache Control Anti Pattern</a>
+        <a href="/guides/authentication-guide.html" class="nav-item active" data-tooltip="@knowcode/doc-builder supports enterprise-grade authentication through Supabase - a secure, scalable authentication platform."><i class="fas fa-file-alt"></i> Authentication Guide</a>
         <a href="/guides/claude-workflow-guide.html" class="nav-item" data-tooltip="This guide demonstrates an efficient workflow for using Claude Code with a refined CLAUDE.md file to create high-quality documentation and deploy it..."><i class="fas fa-file-alt"></i> Claude Workflow Guide</a>
         <a href="/guides/documentation-standards.html" class="nav-item" data-tooltip="This document defines the documentation standards and conventions for the @knowcode/doc-builder project."><i class="fas fa-file-alt"></i> Documentation Standards</a>
-        <a href="/guides/next-steps-walkthrough.html" class="nav-item" data-tooltip="Now that we&#039;ve implemented Supabase authentication, let&#039;s walk through testing the implementation and preparing for deployment."><i class="fas fa-file-alt"></i> Next Steps Walkthrough</a>
         <a href="/guides/phosphor-icons-guide.html" class="nav-item" data-tooltip="@knowcode/doc-builder automatically converts Unicode emojis in your markdown files to beautiful Phosphor icons in the generated HTML."><i class="fas fa-file-alt"></i> Phosphor Icons Guide</a>
+        <a href="/guides/private-directory-authentication.html" class="nav-item" data-tooltip="The @knowcode/doc-builder provides flexible authentication options to protect your documentation."><i class="fas fa-file-alt"></i> Private Directory Authentication</a>
         <a href="/guides/public-site-deployment.html" class="nav-item" data-tooltip="The @knowcode/doc-builder now supports deploying public documentation sites without authentication."><i class="fas fa-file-alt"></i> Public Site Deployment</a>
         <a href="/guides/search-engine-verification-guide.html" class="nav-item" data-tooltip="Search engine verification provides access to powerful webmaster tools:."><i class="fas fa-file-alt"></i> Search Engine Verification Guide</a>
         <a href="/guides/seo-guide.html" class="nav-item" data-tooltip="@knowcode/doc-builder includes comprehensive SEO (Search Engine Optimization) features to help your documentation rank better in search results and..."><i class="fas fa-file-alt"></i> Seo Guide</a>
         <a href="/guides/seo-optimization-guide.html" class="nav-item" data-tooltip="@knowcode/doc-builder includes comprehensive SEO (Search Engine Optimization) features that automatically optimize your documentation for search..."><i class="fas fa-file-alt"></i> Seo Optimization Guide</a>
-        <a href="/guides/supabase-auth-implementation-plan.html" class="nav-item" data-tooltip="Supabase Auth Implementation Plan for @knowcode/doc-builder."><i class="fas fa-file-alt"></i> Supabase Auth Implementation Plan</a>
-        <a href="/guides/supabase-auth-integration-plan.html" class="nav-item" data-tooltip="Supabase Authentication Integration Plan for @knowcode/doc-builder."><i class="fas fa-file-alt"></i> Supabase Auth Integration Plan</a>
-        <a href="/guides/supabase-auth-setup-guide.html" class="nav-item" data-tooltip="@knowcode/doc-builder now supports enterprise-grade authentication through Supabase, replacing the previous insecure basic authentication."><i class="fas fa-file-alt"></i> Supabase Auth Setup Guide</a>
         <a href="/guides/troubleshooting-guide.html" class="nav-item" data-tooltip="This guide helps you resolve common issues when using @knowcode/doc-builder."><i class="fas fa-file-alt"></i> Troubleshooting Guide</a>
-        <a href="/guides/vercel-deployment-auth-setup.html" class="nav-item" data-tooltip="Vercel Deployment Authentication Setup Guide."><i class="fas fa-file-alt"></i> Vercel Deployment Auth Setup</a>
         <a href="/guides/windows-setup-guide.html" class="nav-item" data-tooltip="This guide helps Windows users set up the complete AI-powered documentation workflow using Claude Code, @knowcode/doc-builder, and Vercel."><i class="fas fa-file-alt"></i> Windows Setup Guide</a></div></div>
-      <div class="nav-section" data-level="1">
-        <a class="nav-title collapsible" href="/launch/README.html" data-target="nav-launch-1" >
-          <i class="fas fa-chevron-right collapse-icon"></i><i class="fas fa-folder"></i> Launch
-        </a>
-        <div class="nav-content collapsed" id="nav-launch-1">
-        <a href="/launch/README.html" class="nav-item" data-tooltip="This directory contains all documentation related to the commercial launch of @knowcode/doc-builder, including go-to-market strategy, platform..."><i class="fas fa-file-alt"></i> Launch Overview</a>
-        <a href="/launch/bubble-plugin-specification.html" class="nav-item" data-tooltip="This document outlines the technical specification for creating a Bubble.io plugin that integrates @knowcode/doc-builder, enabling Bubble developers..."><i class="fas fa-file-alt"></i> Bubble Plugin Specification</a>
-        <a href="/launch/go-to-market-strategy.html" class="nav-item" data-tooltip="Go-to-Market Strategy &amp; Product Launch Plan."><i class="fas fa-file-alt"></i> Go To Market Strategy</a>
-        <a href="/launch/launch-announcements.html" class="nav-item" data-tooltip="This document contains ready-to-use announcement templates for launching @knowcode/doc-builder across various platforms and channels."><i class="fas fa-file-alt"></i> Launch Announcements</a></div></div>
             </nav>
             <div class="resize-handle"></div>
         </aside>
@@ -196,281 +219,222 @@
         <!-- Content Area -->
         <main class="content">
             <div class="content-inner">
-                <h1><i class="ph ph-warning-circle" aria-label="warning"></i> DEPRECATED: Basic Authentication Guide</h1>
-<blockquote>
-<p><strong>SECURITY WARNING</strong>: This basic authentication method has been deprecated and removed due to security vulnerabilities. </p>
-<p><strong>Use <a href="supabase-auth-setup-guide.md">Supabase Authentication</a> instead</strong> for secure, enterprise-grade authentication.</p>
-</blockquote>
-<h1>Authentication Guide for @knowcode/doc-builder (DEPRECATED)</h1>
+                <h1>Authentication Guide for @knowcode/doc-builder</h1>
 <h2>Overview</h2>
-<blockquote>
-<p><i class="ph ph-siren" aria-label="alert"></i> <strong>This authentication method has been REMOVED in version 2.0.0</strong> due to serious security flaws. Please migrate to <a href="supabase-auth-setup-guide.md">Supabase Authentication</a>.</p>
-</blockquote>
-<p>This guide explains the old, insecure authentication method that was available in @knowcode/doc-builder v1.x. It has been completely removed for security reasons.</p>
-<h2>What is Authentication?</h2>
-<p>The authentication feature in doc-builder provides a simple way to protect your documentation from unauthorized access. When enabled, users must log in with a username and password before viewing any documentation pages.</p>
-<h3>Features</h3>
-<ul>
-<li><i class="ph ph-check-circle" aria-label="checked"></i> <strong>Client-side authentication</strong> - Works with static site hosting</li>
-<li><i class="ph ph-check-circle" aria-label="checked"></i> <strong>Cookie-based sessions</strong> - Users stay logged in across pages</li>
-<li><i class="ph ph-check-circle" aria-label="checked"></i> <strong>Redirect handling</strong> - Returns users to requested page after login</li>
-<li><i class="ph ph-check-circle" aria-label="checked"></i> <strong>Logout functionality</strong> - Clear session and return to login</li>
-<li><i class="ph ph-check-circle" aria-label="checked"></i> <strong>Customizable credentials</strong> - Set your own username/password</li>
-</ul>
-<h3>Limitations</h3>
+<p>@knowcode/doc-builder supports enterprise-grade authentication through <strong>Supabase</strong> - a secure, scalable authentication platform. This guide explains how to protect your documentation with proper user authentication and access control.</p>
+<h2>Why Supabase?</h2>
 <ul>
-<li><i class="ph ph-warning-circle" aria-label="warning"></i> <strong>Basic security</strong> - Suitable for casual protection only</li>
-<li><i class="ph ph-warning-circle" aria-label="warning"></i> <strong>Client-side validation</strong> - Not suitable for highly sensitive data</li>
-<li><i class="ph ph-warning-circle" aria-label="warning"></i> <strong>Single user</strong> - No multi-user or role-based access</li>
-<li><i class="ph ph-warning-circle" aria-label="warning"></i> <strong>Credentials in JavaScript</strong> - Visible in browser developer tools</li>
+<li><i class="ph ph-lock-key" aria-label="secure"></i> <strong>Enterprise Security</strong>: JWT tokens, bcrypt password hashing, Row Level Security</li>
+<li><i class="ph ph-users" aria-label="team"></i> <strong>Multi-User Support</strong>: Unlimited users with fine-grained access control</li>
+<li>🌍 <strong>Scalable</strong>: Built on PostgreSQL, handles millions of users</li>
+<li><i class="ph ph-arrows-clockwise" aria-label="refresh"></i> <strong>Real-time</strong>: Live updates when permissions change</li>
+<li><i class="ph ph-money" aria-label="money"></i> <strong>Generous Free Tier</strong>: 50,000 monthly active users free</li>
 </ul>
-<h2>How Authentication Works</h2>
+<h2>How It Works</h2>
 <div class="mermaid-wrapper">
       <div class="mermaid">graph TD
-    A[User visits page] --> B{Authenticated?}
+    A[User visits page] --> B{Has JWT Token?}
     B -->|No| C[Redirect to login]
-    B -->|Yes| D[Show content]
+    B -->|Yes| D[Verify with Supabase]
     C --> E[Enter credentials]
-    E --> F{Valid?}
-    F -->|No| G[Show error]
-    F -->|Yes| H[Set cookie]
-    H --> I[Redirect to original page]
-    G --> E
+    E --> F[Authenticate with Supabase]
+    F --> G{Valid?}
+    G -->|No| H[Show error]
+    G -->|Yes| I[Receive JWT token]
+    I --> J[Check site access]
+    J --> K{Has access?}
+    K -->|Yes| L[Show content]
+    K -->|No| M[Access denied]
+    D --> J
     
     style A fill:#e1f5fe
-    style D fill:#c8e6c9
-    style G fill:#ffcdd2</div>
+    style L fill:#c8e6c9
+    style M fill:#ffcdd2</div>
     </div>
-<h3>Technical Flow</h3>
+<h2>Setting Up Authentication</h2>
+<h3>Step 1: Create Supabase Project</h3>
 <ol>
-<li><strong>Page Load</strong>: Every page includes <code>auth.js</code> which checks for authentication</li>
-<li><strong>Cookie Check</strong>: Looks for <code>doc-auth</code> cookie with valid token</li>
-<li><strong>Redirect</strong>: Unauthenticated users sent to <code>/login.html</code></li>
-<li><strong>Login</strong>: Credentials validated client-side against config values</li>
-<li><strong>Session</strong>: Base64-encoded token stored in cookie</li>
-<li><strong>Access</strong>: Authenticated users can view all pages</li>
+<li>Go to <a href="https://supabase.com">Supabase</a></li>
+<li>Create a new project</li>
+<li>Note your project URL and anon key</li>
 </ol>
-<h2>Configuration</h2>
-<h3>Enable Authentication</h3>
-<p>Authentication can be enabled in three ways:</p>
-<h4>1. Configuration File</h4>
-<p>Create <code>doc-builder.config.js</code> in your project root:</p>
+<h3>Step 2: Configure doc-builder</h3>
+<p>Create or update <code>doc-builder.config.js</code>:</p>
 <pre><code class="language-javascript">module.exports = {
-  siteName: &#39;@knowcode/doc-builder&#39;,
-  siteDescription: &#39;Internal documentation portal&#39;,
+  siteName: &#39;My Documentation&#39;,
   
   features: {
-    authentication: true
+    authentication: &#39;supabase&#39;  // Enable Supabase auth
   },
   
   auth: {
-    username: &#39;myusername&#39;,
-    password: &#39;mysecurepassword&#39;
+    supabaseUrl: &#39;https://your-project.supabase.co&#39;,
+    supabaseAnonKey: &#39;your-anon-key&#39;,
+    siteId: &#39;your-site-id&#39;  // From database after setup
   }
 };
 </code></pre>
-<h4>2. Using Presets</h4>
-<p>Use the notion-inspired preset which has authentication enabled by default:</p>
-<pre><code class="language-bash">npx @knowcode/doc-builder@latest build --preset notion-inspired
+<h3>Step 3: Set Up Database</h3>
+<p>Run these SQL commands in your Supabase SQL editor:</p>
+<pre><code class="language-sql">-- Create sites table
+CREATE TABLE docbuilder_sites (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    domain TEXT UNIQUE NOT NULL,
+    name TEXT NOT NULL,
+    created_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- Create access table
+CREATE TABLE docbuilder_access (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    user_id UUID NOT NULL REFERENCES auth.users(id),
+    site_id UUID NOT NULL REFERENCES docbuilder_sites(id),
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    UNIQUE(user_id, site_id)
+);
+
+-- Enable Row Level Security
+ALTER TABLE docbuilder_sites ENABLE ROW LEVEL SECURITY;
+ALTER TABLE docbuilder_access ENABLE ROW LEVEL SECURITY;
+
+-- Create policies
+CREATE POLICY &quot;Sites visible to users with access&quot; ON docbuilder_sites
+    FOR SELECT USING (
+        id IN (
+            SELECT site_id FROM docbuilder_access 
+            WHERE user_id = auth.uid()
+        )
+    );
+
+CREATE POLICY &quot;Access visible to own user&quot; ON docbuilder_access
+    FOR SELECT USING (user_id = auth.uid());
 </code></pre>
-<p>Default credentials for preset:</p>
-<ul>
-<li>Username: <code>admin</code></li>
-<li>Password: <code>docs2025</code></li>
-</ul>
-<h4>3. Command Line</h4>
-<p>Disable authentication for a specific build:</p>
-<pre><code class="language-bash">npx @knowcode/doc-builder@latest build --no-auth
+<h3>Step 4: Add Your Site</h3>
+<pre><code class="language-sql">INSERT INTO docbuilder_sites (domain, name)
+VALUES (&#39;your-domain.com&#39;, &#39;Your Documentation Name&#39;);
 </code></pre>
-<h3>Configuration Options</h3>
-<table>
-<thead>
-<tr>
-<th>Option</th>
-<th>Type</th>
-<th>Default</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr>
-<td><code>features.authentication</code></td>
-<td>boolean</td>
-<td><code>false</code></td>
-<td>Enable/disable authentication</td>
-</tr>
-<tr>
-<td><code>auth.username</code></td>
-<td>string</td>
-<td><code>&#39;admin&#39;</code></td>
-<td>Login username</td>
-</tr>
-<tr>
-<td><code>auth.password</code></td>
-<td>string</td>
-<td><code>&#39;password&#39;</code></td>
-<td>Login password</td>
-</tr>
-</tbody></table>
-<h2>Usage</h2>
-<h3>For Site Administrators</h3>
-<ol>
-<li><strong>Set Credentials</strong>: Configure username/password in <code>doc-builder.config.js</code></li>
-<li><strong>Build Site</strong>: Run <code>npx @knowcode/doc-builder@latest build</code></li>
-<li><strong>Deploy</strong>: Upload to your hosting provider</li>
-<li><strong>Share Credentials</strong>: Provide login details to authorized users</li>
-</ol>
-<h3>For End Users</h3>
-<ol>
-<li><strong>Visit Site</strong>: Navigate to any documentation page</li>
-<li><strong>Login</strong>: Enter username and password on login page</li>
-<li><strong>Browse</strong>: Access all documentation pages</li>
-<li><strong>Logout</strong>: Click logout link in header (when available)</li>
-</ol>
-<h2>Security Considerations</h2>
-<h3><i class="ph ph-warning-circle" aria-label="warning"></i> Important Warnings</h3>
-<ol>
-<li><strong>Client-Side Only</strong>: Authentication happens in the browser, making it unsuitable for truly sensitive data</li>
-<li><strong>Visible Credentials</strong>: Username/password are embedded in JavaScript and visible to anyone who views page source</li>
-<li><strong>No Server Validation</strong>: Any user who knows the credentials can access the site</li>
-<li><strong>Static Files</strong>: All documentation files are still publicly accessible if URLs are known</li>
-</ol>
-<h3>When to Use</h3>
-<p><i class="ph ph-check-circle" aria-label="checked"></i> <strong>Good for:</strong></p>
-<ul>
-<li>Internal team documentation</li>
-<li>Preview deployments</li>
-<li>Casual access control</li>
-<li>Preventing search engine indexing</li>
-<li>Client presentations</li>
-</ul>
-<p><i class="ph ph-x-circle" aria-label="error"></i> <strong>Not suitable for:</strong></p>
+<p>Note the returned ID - this is your <code>siteId</code> for the config.</p>
+<h3>Step 5: Create Users</h3>
+<p>Users can sign up through Supabase Auth, or you can create them:</p>
+<pre><code class="language-sql">-- In Supabase dashboard, go to Authentication &gt; Users
+-- Click &quot;Invite user&quot; and enter their email
+</code></pre>
+<h3>Step 6: Grant Access</h3>
+<pre><code class="language-sql">-- Grant user access to your site
+INSERT INTO docbuilder_access (user_id, site_id)
+VALUES (
+    (SELECT id FROM auth.users WHERE email = &#39;user@example.com&#39;),
+    &#39;your-site-id&#39;
+);
+</code></pre>
+<h2>Deployment</h2>
+<h3>Build with Authentication</h3>
+<pre><code class="language-bash"># Build with auth enabled (reads from config)
+npx @knowcode/doc-builder build
+
+# Build without auth (override config)
+npx @knowcode/doc-builder build --no-auth
+</code></pre>
+<h3>Deploy to Vercel</h3>
+<pre><code class="language-bash"># Deploy with auth
+npx @knowcode/doc-builder deploy
+
+# Deploy public site
+npx @knowcode/doc-builder deploy --no-auth
+</code></pre>
+<h2>User Management</h2>
+<h3>CLI Commands (Future)</h3>
+<pre><code class="language-bash"># Add user to site
+npx @knowcode/doc-builder auth:grant --email user@example.com --site-id xxx
+
+# Remove user access
+npx @knowcode/doc-builder auth:revoke --email user@example.com --site-id xxx
+
+# List users with access
+npx @knowcode/doc-builder auth:list-users --site-id xxx
+</code></pre>
+<h3>Manual Management</h3>
+<p>Use Supabase dashboard or SQL commands to manage users and access.</p>
+<h2>Security Features</h2>
+<h3>What Supabase Provides</h3>
 <ul>
-<li>Highly confidential information</li>
-<li>Personal data (GDPR/privacy)</li>
-<li>Financial or legal documents</li>
-<li>Source code or API keys</li>
-<li>Medical records</li>
+<li><i class="ph ph-check-circle" aria-label="checked"></i> <strong>JWT Authentication</strong>: Industry-standard secure tokens</li>
+<li><i class="ph ph-check-circle" aria-label="checked"></i> <strong>Password Hashing</strong>: bcrypt with salt</li>
+<li><i class="ph ph-check-circle" aria-label="checked"></i> <strong>Row Level Security</strong>: Database-level access control</li>
+<li><i class="ph ph-check-circle" aria-label="checked"></i> <strong>Session Management</strong>: Automatic token refresh</li>
+<li><i class="ph ph-check-circle" aria-label="checked"></i> <strong>Multi-Factor Auth</strong>: Optional 2FA support</li>
+<li><i class="ph ph-check-circle" aria-label="checked"></i> <strong>OAuth Providers</strong>: Google, GitHub, etc. (optional)</li>
 </ul>
 <h3>Security Best Practices</h3>
 <ol>
-<li><strong>Use HTTPS</strong>: Always deploy to HTTPS-enabled hosting</li>
-<li><strong>Strong Passwords</strong>: Use complex, unique passwords</li>
-<li><strong>Regular Updates</strong>: Change credentials periodically</li>
-<li><strong>Monitor Access</strong>: Check hosting logs for unusual activity</li>
-<li><strong>Consider Alternatives</strong>: For sensitive data, use server-side authentication</li>
-</ol>
-<h2>Implementation Details</h2>
-<h3>Generated Files</h3>
-<p>When authentication is enabled, doc-builder creates:</p>
-<ol>
-<li><strong>login.html</strong> - Login page with form</li>
-<li><strong>logout.html</strong> - Logout confirmation page  </li>
-<li><strong>auth.js</strong> - Authentication check script (included on all pages)</li>
+<li><p><strong>Use environment variables</strong> for sensitive config:</p>
+<pre><code class="language-javascript">auth: {
+  supabaseUrl: process.env.SUPABASE_URL,
+  supabaseAnonKey: process.env.SUPABASE_ANON_KEY,
+  siteId: process.env.DOC_SITE_ID
+}
+</code></pre>
+</li>
+<li><p><strong>Enable RLS policies</strong> on all tables</p>
+</li>
+<li><p><strong>Regular access audits</strong> - review who has access</p>
+</li>
+<li><p><strong>Use custom domains</strong> for professional appearance</p>
+</li>
+<li><p><strong>Monitor usage</strong> in Supabase dashboard</p>
+</li>
 </ol>
-<h3>Cookie Format</h3>
-<p>The authentication cookie:</p>
-<ul>
-<li>Name: <code>doc-auth</code></li>
-<li>Value: Base64-encoded <code>username:password</code></li>
-<li>Path: <code>/</code> (entire site)</li>
-<li>Expiry: Session (until browser closed)</li>
-</ul>
-<h3>Customization</h3>
-<p>The login/logout pages use the same CSS as your documentation, inheriting your site&#39;s theme and styling.</p>
 <h2>Troubleshooting</h2>
 <h3>Common Issues</h3>
-<p><strong>Users get logged out frequently</strong></p>
-<ul>
-<li>Session cookies expire when browser closes</li>
-<li>Consider implementing &quot;remember me&quot; functionality</li>
-</ul>
-<p><strong>Login page shows but credentials don&#39;t work</strong></p>
-<ul>
-<li>Verify credentials in config match exactly (case-sensitive)</li>
-<li>Check browser console for JavaScript errors</li>
-<li>Ensure cookies are enabled</li>
-</ul>
-<p><strong>Some pages accessible without login</strong></p>
+<p><strong>Users can&#39;t log in</strong></p>
 <ul>
-<li>Verify all HTML pages include auth.js</li>
-<li>Check for direct file access (PDFs, images)</li>
-<li>Ensure no pages exclude authentication script</li>
+<li>Verify Supabase project is active</li>
+<li>Check credentials are correct</li>
+<li>Ensure user exists in auth.users</li>
+<li>Verify site domain matches configuration</li>
 </ul>
-<p><strong>Login redirects to wrong page</strong></p>
+<p><strong>Content flashes before redirect</strong></p>
 <ul>
-<li>Check redirect parameter handling</li>
-<li>Verify relative vs absolute URLs</li>
+<li>This is fixed in latest versions</li>
+<li>Ensure you&#39;re using @knowcode/doc-builder v1.7.4+</li>
 </ul>
-<h3>Debug Mode</h3>
-<p>Check browser developer console for:</p>
+<p><strong>Access denied after login</strong></p>
 <ul>
-<li>Cookie values</li>
-<li>Redirect URLs  </li>
-<li>JavaScript errors</li>
-<li>Network requests</li>
+<li>Check user has entry in docbuilder_access table</li>
+<li>Verify site_id matches your configuration</li>
+<li>Check RLS policies are correctly set up</li>
 </ul>
-<h2>Alternatives</h2>
-<p>For more robust authentication, consider:</p>
+<h3>Debug Checklist</h3>
 <ol>
-<li><strong>Vercel Authentication</strong> - Built-in password protection</li>
-<li><strong>Netlify Identity</strong> - User management service</li>
-<li><strong>Auth0</strong> - Full authentication platform</li>
-<li><strong>Cloudflare Access</strong> - Zero-trust security</li>
-<li><strong>Basic Auth</strong> - Server-level protection</li>
+<li>Check browser console for errors</li>
+<li>Verify JWT token in browser DevTools &gt; Application &gt; Storage</li>
+<li>Test Supabase connection separately</li>
+<li>Check network tab for API calls</li>
+<li>Verify domain in database matches deployment</li>
 </ol>
-<h2>Example Implementation</h2>
-<h3>Simple Protected Docs</h3>
-<pre><code class="language-javascript">// doc-builder.config.js
-module.exports = {
-  siteName: &#39;@knowcode/doc-builder&#39;,
-  features: {
-    authentication: true
-  },
-  auth: {
-    username: &#39;team&#39;,
-    password: &#39;handbook2025&#39;
-  }
-};
-</code></pre>
-<h3>Build and Deploy</h3>
-<pre><code class="language-bash"># Build with authentication
-npx @knowcode/doc-builder@latest build
-
-# Deploy to Vercel
-npx @knowcode/doc-builder@latest deploy
+<h2>Migration from Old Auth</h2>
+<p>If you were using the old authentication system:</p>
+<ol>
+<li><p><strong>Remove old config</strong>:</p>
+<pre><code class="language-javascript">// Remove this:
+auth: {
+  username: &#39;admin&#39;,
+  password: &#39;password&#39;
+}
 </code></pre>
-<h3>User Instructions</h3>
-<p>Email to team:</p>
-<pre><code>Our documentation is now available at:
-https://docs.example.com
-
-Login credentials:
-Username: team
-Password: handbook2025
-
-Please bookmark the site after logging in.
+</li>
+<li><p><strong>Set up Supabase</strong> following this guide</p>
+</li>
+<li><p><strong>Update config</strong> to use Supabase:</p>
+<pre><code class="language-javascript">features: {
+  authentication: &#39;supabase&#39;
+}
 </code></pre>
+</li>
+</ol>
 <h2>Conclusion</h2>
-<p>The authentication feature in @knowcode/doc-builder provides a simple way to add basic access control to your documentation. While not suitable for highly sensitive information, it&#39;s perfect for internal docs, client previews, and casual protection needs.</p>
-<p>Remember: For production use with sensitive data, always implement proper server-side authentication with your hosting provider.</p>
-<hr>
-<h2>Document History</h2>
-<table>
-<thead>
-<tr>
-<th>Date</th>
-<th>Version</th>
-<th>Author</th>
-<th>Changes</th>
-</tr>
-</thead>
-<tbody><tr>
-<td>2025-07-21</td>
-<td>1.0</td>
-<td>System</td>
-<td>Initial authentication guide</td>
-</tr>
-</tbody></table>
+<p>Supabase authentication provides enterprise-grade security for your documentation while maintaining ease of use. With proper setup, you get secure, scalable authentication that grows with your needs.</p>
+<p>For public documentation that doesn&#39;t need authentication, simply set <code>authentication: false</code> or use the <code>--no-auth</code> flag during build/deploy.</p>
 
             </div>
         </main>
@@ -487,6 +451,7 @@ Please bookmark the site after logging in.
     };
     </script>
     <script src="/js/main.js"></script>
-    
+    <script src="https://unpkg.com/@supabase/supabase-js@2"></script>
+    <script src="/js/auth.js"></script>
 </body>
 </html>