Altien tears out the database's built-in safety net

Altien moved this fork off a hosted database platform and onto its own Postgres, and in doing so handed every access decision to the application layer.

securityinfrastructure

Maintained by Allen Morgan · verified on MikeWatch

The original Mike leaned on Supabase - a hosted database service that enforces who-can-see-what right inside the database itself, plus automatic account setup when someone signs up. Altien stripped all of that out. User identity now comes from Microsoft Entra, the corporate login system many firms already run, and the rebuilt schema also adds the plumbing for multiple client organisations and per-provider AI keys.

The trade-off is stated plainly in Altien's own notes: with the database's row-level guard rails gone, nothing stops one tenant's data leaking into another's at the database level. The only thing standing in the way is the backend's own permission checks. That's a deliberate, defensible choice for a corporate-identity setup - but it concentrates all the trust in one place.

So what If you're evaluating this fork for a multi-client legal deployment, the security review now lives entirely in the application code, not the database - read Altien's migration notes before you trust it.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

1 commit from Altien/mikeOssAzure, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
b9f5f60a feat(db): node-pg-migrate runner and provider-neutral migrations Allen Morgan 2026-05-08 ↗ GitHub
commit body
Replaces the upstream Supabase one-shot schema (RLS policies, auth.users
FK, handle_new_user trigger) with six sequential node-pg-migrate
migrations that run against any Postgres 16+ server:

  0000_initial            - full upstream schema, supabase deps removed
  0001_tenant_policy      - tenants + tenant_group_policies tables for
                            Entra-mode tenant lifecycle
  0002_user_profile_email - email column on user_profiles
  0003_user_profile_provider_keys - OpenAI/AOAI per-user key columns
  0004_user_profile_fast_model    - fast_model column
  0005_postgres_roles     - recreates the PostgREST role topology
                            (web_anon / authenticated / service_role)
                            for deployments where Supabase's bootstrap
                            doesn't run

scripts/runMigrations.ts is the runner used by Container App Jobs (and
locally via npm run migrate:dev). It picks DATABASE_URL when
AUTH_PROVIDER!=entra, or mints a Postgres-flexserver Managed Identity
token when entra mode is active. After migration completes it issues
NOTIFY pgrst, 'reload schema' so PostgREST picks up the new shape
without a restart.

Adds node-pg-migrate, pg, and @types/pg.

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-193.md from inside the repo you want the changes in.

⬇ Download capture-thread-193.md