Lef-F cherry-picks eight upstream PRs, then adds a 13-commit security and quality pass
Lef-F pulled eight willchen96/mike PRs into the fork - six fixes plus OpenRouter and MCP Connectors - then ran a systematic code review of the merged tree that turned up four tier-one security gaps and eight more bugs.
The upstream cherry-picks cover a range: six security and correctness fixes, OpenRouter as a third LLM provider, and user-configurable MCP Connectors with OAuth 2.1. Each commit preserves original authorship and records PR provenance in the commit body. A few self-host chore commits land alongside to wire new env vars into the docker stack and resolve migration filename collisions.
The code review layer is the denser part. Four commits address what Lef-F categorizes as tier-one security issues. A dev-secret fallback in the MCP OAuth flow had re-opened a request forgery hole that an upstream commit had just closed for download tokens. A row-level security migration missed the table holding Bearer tokens and OAuth credentials. The MCP URL allowlist permitted SSRF to container-internal and private-network hosts. And MCP tool output had no size cap, leaving the LLM context window and token cost exposed.
Eight more commits fix real bugs: a jsonb sharing form bug that silently broke direct-share for standalone tabular reviews, case-insensitive email mismatches on shared resources, three OpenRouter integration bugs (log flood, tool-call id backfill, wrong model slugs), a PDF magic-byte offset check that rejected valid files, a DOCX zip-bomb guard that read a private JSZip API and missed store-only entries, and three frontend regressions including an unawaited profile fetch.
The remaining commits consolidate duplicated code: an upload handler copied across two routers, a provider-key sentinel mapping repeated four times, three separate base64url implementations collapsed to Node's native encoding. At-rest AES-256-GCM encryption for MCP headers, OAuth tokens, and code verifiers was added using the same key envelope already applied to LLM keys, with lazy upgrade-on-read. Lef-F reports the merged stack smoke-tested end-to-end with type-checks and 17 tests passing.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?