Case.dev public release: Vault, Matters, Skills, Demo Mode, Vercel deployment

kveton merged the closing batch of the Case.dev public release branch into `mikeoss-casedotdev`, bundling Matter and Vault integration polish, demo metering, Vercel deployment entrypoints, and a security hardening pass. This is the point where the fork shifts from internal work-in-progress to a deployable public artifact.

infrastructurebranding

The two large commits (+9804 and +7335 lines) replace the upstream Supabase auth and Cloudflare R2 dependencies with Case.dev Vault as the canonical document store, Better Auth with encrypted per-user keys, and a postgresCompat.ts shim for raw SQL queries. Demo Mode lands in the same wave: MIKE_DEMO_MODE, MIKE_DEMO_CASE_API_KEY, and about a dozen MIKE_DEMO_* cost-tuning vars wire up a shared-key hosted demo with per-user lifetime budgets tracked in demo_user_usage and demo_usage_events.

Vercel integration goes in alongside the product work: backend/api/index.ts exposes the Express app as a Vercel serverless function, and vercel.json files land for both frontend and backend. The developer helper at scripts/mike-dev.sh handles start, stop, restart, status, and logs locally, writing PID and log files under .mike-dev/.

The security hardening commit (e2ee94d) is the most self-contained piece. It adds express-rate-limit on /api/auth, introduces assertDownloadSigningSecret() that throws at boot if the signing secret is a placeholder, drops the claude_api_key and gemini_api_key plaintext columns from user_profiles (migration 008), and removes the "dev-secret" fallback in download token signing. Before merging, kveton ran a secret scan over tracked and staged content, found no live keys present, and noted that previously pasted keys should still be rotated.

Validation: backend build, frontend tsc --noEmit, frontend build, git diff --check for whitespace.

So what This is the fork's architectural baseline. The Vault and Better Auth integration is the core change; everything else on the fork builds on it. The Vercel deployment plumbing and demo metering are opinionated choices specific to CaseMark's hosting setup. The security commit's pieces - token expiry, rate limiting, migration `008` dropping plaintext keys - are the most portable if you're looking for individual things to lift.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

4 commits from CaseMark/mikeoss-casedotdev, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
2e6b6604 Prepare Case.dev public fork kveton 2026-05-02 ↗ GitHub
1c8769ce Complete Case.dev integration polish kveton 2026-05-04 ↗ GitHub
b81944c4 Trigger Vercel review checks kveton 2026-05-04 ↗ GitHub
e2ee94d0 Harden public release security kveton 2026-05-04 ↗ GitHub

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-289.md from inside the repo you want the changes in.

⬇ Download capture-thread-289.md