Case.dev public release: Vault, Matters, Skills, Demo Mode, Vercel deployment
kveton merged the closing batch of the Case.dev public release branch into `mikeoss-casedotdev`, bundling Matter and Vault integration polish, demo metering, Vercel deployment entrypoints, and a security hardening pass. This is the point where the fork shifts from internal work-in-progress to a deployable public artifact.
The two large commits (+9804 and +7335 lines) replace the upstream Supabase auth and Cloudflare R2 dependencies with Case.dev Vault as the canonical document store, Better Auth with encrypted per-user keys, and a postgresCompat.ts shim for raw SQL queries. Demo Mode lands in the same wave: MIKE_DEMO_MODE, MIKE_DEMO_CASE_API_KEY, and about a dozen MIKE_DEMO_* cost-tuning vars wire up a shared-key hosted demo with per-user lifetime budgets tracked in demo_user_usage and demo_usage_events.
Vercel integration goes in alongside the product work: backend/api/index.ts exposes the Express app as a Vercel serverless function, and vercel.json files land for both frontend and backend. The developer helper at scripts/mike-dev.sh handles start, stop, restart, status, and logs locally, writing PID and log files under .mike-dev/.
The security hardening commit (e2ee94d) is the most self-contained piece. It adds express-rate-limit on /api/auth, introduces assertDownloadSigningSecret() that throws at boot if the signing secret is a placeholder, drops the claude_api_key and gemini_api_key plaintext columns from user_profiles (migration 008), and removes the "dev-secret" fallback in download token signing. Before merging, kveton ran a secret scan over tracked and staged content, found no live keys present, and noted that previously pasted keys should still be rotated.
Validation: backend build, frontend tsc --noEmit, frontend build, git diff --check for whitespace.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?