kveton/mike

kveton's fork centers on one thing: pulling sensitive trust decisions out of the browser and behind the backend.

Early and quiet: a single hardening proposal that was closed without merging, with no activity since - a considered idea more than an active build.

View on GitHub →

This is a fork of Mike from @kveton whose visible work is a single, deliberate security hardening effort. The idea is to stop trusting the browser with things it shouldn't hold: sensitive application data, stored LLM credentials, and the integrity of uploaded files. Instead, those decisions move behind backend services that mediate access, encrypt keys at rest, and check what's actually being uploaded before it lands in storage.

The same pass tightens who can reach what - document access, project scoping, and shared-edit permissions all get firmer boundaries. It's a security posture change more than a feature push, and it touches the whole stack rather than any one corner of the app.

Worth knowing before you click through: the hardening was proposed as a pull request and then closed without merging. So this reads less as a shipped direction and more as a considered proposal about where Mike's trust boundaries should sit. If backend-mediated auth and encrypted secrets are your interest, @kveton's work is the conversation to read.

What's in it

Direction

securityinfrastructure

Activity

Themed changes and pull requests touching this fork, newest first. Themed changes that haven't been turned into a public post yet still appear — they're real work even without a published writeup.

Threads of work (detailed view)

2 threads have been distilled into posts.

kveton proposes backend-mediated auth and LLM key encryption across the full stack

kveton/mike describes a security hardening PR that moves sensitive Supabase table access behind backend service-role APIs, encrypts LLM API keys at rest, validates uploaded file bytes before storage, and tightens authorization across document access, project scoping, and direct-share edits. The PR was closed without merging on 2026-05-10.

Pull requests (detailed view)

2 PRs touch this fork — inbound (filed against it) or outbound (filed from it). State icons match the editorial dashboard.

⛔ Closed without merge (2)