juanjo cuts Mike loose from Supabase

The fork can now run end-to-end on a developer's own machine, with no third-party accounts required to get started.

infrastructuresecurity

Mike has leaned on Supabase - a hosted service that bundles a database with user logins - for both storing data and signing people in. juanjo has pulled it out entirely. Logins now run locally, and the browser no longer juggles access tokens on every request; the user's session simply rides along in a standard cookie. Behind that, the fork swaps in a self-hosted database and a local stand-in for cloud file storage, so the whole system spins up from a single command.

The practical payoff is twofold. Anyone can clone the project and have it working in minutes without signing up for anything, which lowers the bar for trying or contributing. And moving authentication in-house means the login layer is no longer a black box owned by an outside vendor - useful if you care where your matter data and credentials actually live.

So what Worth a look for anyone weighing Mike as a self-hostable base, or who needs to keep auth and data off third-party infrastructure.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

5 commits from juanjo/mike, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
dde61d26 feat(frontend): drop Supabase auth from hooks (use cookie credentials) Juan Vidal 2026-05-08 ↗ GitHub
commit body
Replace supabase.auth.getSession()+Bearer header pattern with
credentials:"include" across useFetchSingleDoc, useFetchDocxBytes,
and useDocumentVersions. Switch absolute NEXT_PUBLIC_API_BASE_URL
URLs to relative /api/backend/* so the Next.js rewrite forwards
the Auth.js session cookie automatically.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
fca7df4c feat(frontend): drop Supabase auth from components (use cookie credentials) Juan Vidal 2026-05-08 ↗ GitHub
commit body
Replace supabase.auth.getSession()+Bearer header pattern with
credentials:"include" in DocPanel (EditResolveButtons + DownloadButton),
DocxView (tagWIdsOnRenderedDom), EditCard (handle), and AssistantMessage
(BulkEditActions + DocDownloadBlock). Switch all absolute
NEXT_PUBLIC_API_BASE_URL URLs to relative /api/backend/* paths.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
c3bdd90f feat(frontend): rewrite lib/auth.ts to use Auth.js instead of Supabase Juan Vidal 2026-05-08 ↗ GitHub
commit body
Replace the Bearer-token validation via Supabase with Auth.js's auth()
call. getUserFromRequest no longer takes a NextRequest argument since
Auth.js reads the session cookie internally.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
10d66a58 feat(backend): add PATCH /user/me for profile updates Juan Vidal 2026-05-08 ↗ GitHub
125982eb feat(frontend): migrate UserProfileContext to backend API; delete lib/supabase.ts Juan Vidal 2026-05-08 ↗ GitHub

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-184.md from inside the repo you want the changes in.

⬇ Download capture-thread-184.md