fix: remove middleware.ts conflicting with proxy.ts (Next.js 16)

[TerrifiedBug]

Summary

• PR fix: bypass auth middleware for REST API v1 and agent endpoints #48 reintroduced src/middleware.ts alongside the existing src/proxy.ts, causing the Docker build to fail: "Both middleware file and proxy file are detected"
• Delete src/middleware.ts — Next.js 16 replaced it with proxy.ts
• Add api/v1 exclusion to proxy.ts matcher (was previously only in middleware.ts)

Test plan

• CI Docker build passes
• REST API v1 endpoints remain accessible without auth redirect
• SCIM and agent config endpoints remain accessible

[greptile-apps]

Greptile Summary

This PR resolves a Docker build failure introduced in PR #48 by removing src/middleware.ts, which conflicted with the already-present src/proxy.ts under Next.js 16's "both middleware file and proxy file" restriction. The single functional change is adding api/v1 to the negative-lookahead exclusion list in proxy.ts's matcher, restoring the parity that existed in the deleted middleware.ts so that REST API v1 endpoints remain accessible without an auth redirect.

• src/middleware.ts deleted — eliminates the dual-file conflict that caused the Docker build to fail
• src/proxy.ts matcher updated — api/v1 added alongside api/auth, api/agent, and other exclusions, ensuring REST v1 endpoints are not gated by the NextAuth proxy

Confidence Score: 5/5

• This PR is safe to merge — it removes a conflicting file and adds a single missing path exclusion to restore prior behaviour.
• The change is minimal and surgical: one file deletion and one regex addition. The deleted middleware.ts and updated proxy.ts matcher together restore the exact exclusion set that was previously split across both files. No auth logic is modified, no new paths are exposed beyond what middleware.ts already excluded, and no other code is touched.
• No files require special attention.

Important Files Changed

Filename	Overview
src/middleware.ts	File deleted — the old Next.js middleware file that conflicted with proxy.ts in Next.js 16. Its api/v1 exclusion has been ported to proxy.ts.
src/proxy.ts	Added api/v1 to the negative-lookahead matcher, restoring parity with the deleted middleware.ts so REST API v1 endpoints remain unauthenticated.

Sequence Diagram

sequenceDiagram
    participant Client
    participant ProxyTS as proxy.ts
    participant App

    Note over ProxyTS: Exclusions: api/auth, api/v1,<br/>api/agent, _next/*, login, setup

    Client->>ProxyTS: GET /api/v1/... (REST endpoint)
    ProxyTS-->>App: Bypasses auth check

    Client->>ProxyTS: GET /api/agent/... (Agent endpoint)
    ProxyTS-->>App: Bypasses auth check

    Client->>ProxyTS: GET /dashboard (authenticated user)
    ProxyTS->>ProxyTS: Validate session via NextAuth
    ProxyTS-->>App: Session valid, allow through

    Client->>ProxyTS: GET /dashboard (unauthenticated)
    ProxyTS->>ProxyTS: Validate session via NextAuth
    ProxyTS-->>Client: Redirect to /login

Loading

_{Last reviewed commit: b3558dc}