Big consolidation merge: KairosVista feature branch and upstream/main land together
Commit `63b978a` merges ecarjat's KairosVista feature branch and `upstream/main` in one shot. It's not a unit of change to import directly, but it's the right place to look if you want to understand how this fork diverged from upstream and how ecarjat resolved conflicts.
The KairosVista side brings Google-OAuth-only auth, a Docker dev stack, folder-grouped tabular reviews, per-user page limits, and native PDF vision. From upstream the merge pulls in Next.js and @opennextjs/cloudflare dep updates, a major README rewrite, an HMAC DOWNLOAD_SIGNING_SECRET fail-fast check in downloadTokens.ts, the official upstream fix for the JSONB shared_with filter, and path-style S3 hardening in access.ts and tabular.ts.
Two conflict-resolution choices stand out. The merge keeps the fork's env-configurable R2_FORCE_PATH_STYLE flag instead of upstream's hardcoded version - a more flexible call. It also keeps the Docker and local Supabase README section alongside upstream's structural rewrite, resulting in a net +105/-0 on README.md.
Two things in this commit you should not follow. First, two binary PDFs are added: BPGO-NovaBank Contrat initial...pdf (5.6 MB) and BPGO-Avt NovaBank-Maintenance.pdf (730 KB). These look like sample client documents that have no place in a source repo. Second, a 204-line supabase/snippets/Untitled query 932.sql shows up - an exported SQL editor scratch file. Neither should come along if you're cherry-picking from this fork.
The frontend/bun.lock shrinks by roughly 1,700 lines in the same commit, which suggests a lockfile regeneration or a dependency cleanup that's hard to audit without expanding the file.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?