fix(web): add robots/sitemap metadata and bypass middleware

[manNomi]

배경 / 원인

• Search Console에서 robots.txt에 의해 차단됨 경고가 발생
• 점검 시점 기준, production(www.solid-connection.com)에서 아래가 404 응답이었음
  • /robots.txt
  • /sitemap.xml
• 또한 middleware matcher가 해당 경로를 명시적으로 제외하지 않아, 향후 인증/리다이렉트 로직 영향 가능성이 있었음

변경 사항

• apps/web/src/app/robots.ts 추가
  • 환경별 crawler 정책 명시
  • production: Allow: / + Sitemap 노출
  • stage/preview/local: Disallow: /
• apps/web/src/app/sitemap.ts 추가
  • production URL 목록 제공
  • stage/local은 빈 sitemap 반환
• apps/web/src/middleware.ts
  • matcher 예외에 robots.txt, sitemap.xml 추가

기대 효과

• robots/sitemap 엔드포인트가 명시적으로 제공되어 크롤러 동작이 예측 가능해짐
• middleware/auth 로직과 크롤러 메타 파일 경로 분리
• GSC 경고 재검증(Validate Fix) 가능한 상태로 정리

검증

• pnpm --filter web exec tsc -p tsconfig.json --noEmit
• pre-push CI parity hook 통과
  • lint
  • typecheck
  • next build

배포 후 확인 포인트

• https://www.solid-connection.com/robots.txt -> 200 + Allow: /
• https://www.solid-connection.com/sitemap.xml -> 200
• Search Console에서 Validate Fix 실행

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
solid-connection-web	Ready	Preview, Comment	Apr 30, 2026 9:28am

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
solid-connect-web-admin	Skipped		Apr 30, 2026 9:28am

[coderabbitai]

Warning

Rate limit exceeded

@manNomi has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 34 minutes and 56 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 558c7ee3-6f41-43cb-bcac-742f1d2ea170

📥 Commits

Reviewing files that changed from the base of the PR and between 936cd22 and b835988.

📒 Files selected for processing (3)

• apps/web/src/app/robots.ts
• apps/web/src/app/sitemap.ts
• apps/web/src/middleware.ts

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/auth-refresh-edge-cases

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 34 minutes and 56 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[manNomi]

본문에 배경/원인, 환경별 robots/sitemap 정책, 배포 후 확인 포인트까지 추가했습니다.\n\n배포 완료되면 아래 2개 endpoint 상태만 확인 부탁드립니다.\n- https://www.solid-connection.com/robots.txt\n- https://www.solid-connection.com/sitemap.xml

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 90efd042ce

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Remove auth-gated URLs from sitemap entries

The sitemap now includes /mentor, but this route is still listed in loginNeedPages in middleware.ts and redirects unauthenticated requests to /login. Search crawlers will therefore hit a redirect (or login wall) for a URL advertised as indexable, which can produce sitemap/indexing errors and weakens crawl quality. Only publicly accessible canonical URLs should be emitted here.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b8359888b3

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Escape literal dots in matcher exclusions

The new matcher exclusions robots.txt and sitemap.xml are interpreted as regex fragments, so . matches any character and the pattern is prefix-based; this now skips middleware for paths like /sitemap.xml.php or /robotsXtxt, not just the two metadata files. In those cases, isProbePath and auth redirect checks are bypassed entirely, which regresses the probe-blocking behavior this middleware currently enforces. Please make these exclusions exact/literal (e.g., escaped dots and bounded matching) so only /robots.txt and /sitemap.xml are exempted.

Useful? React with 👍 / 👎.