ecarjat's big merge slips in two bank contracts

A consolidation commit folding upstream changes into the KairosVista fork carries some attachments nobody intended to ship.

securitycompliance

Otherwise this is the moment ecarjat's fork catches up with upstream Mike - pulling in dependency updates, a README rewrite, and tighter download security, while keeping the fork's own Google login, local development environment, and folder-grouped document reviews. Conflict resolution favoured the fork's more flexible storage configuration over upstream's hardcoded version.

But two PDFs with what appears to be a bank client's name landed in the repo too, alongside a leftover database query file. They look like sample contracts and developer scratch that escaped a local working folder. Real or fake, a public source-code repository isn't where client-looking documents belong.

So what For anyone running a legal product, a small reminder of how easily document artifacts can wander out of a developer's machine and into a public repo.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

1 commit from ecarjat/mike, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date

63b978a5 Merge oauth-profile-security-cleanup and upstream/main into main Emmanuel Carjat 2026-05-12 ↗ GitHub

SHA	Subject	Author	Date
`63b978a5`	Merge oauth-profile-security-cleanup and upstream/main into main	Emmanuel Carjat	2026-05-12	↗ GitHub
commit body - Merge KairosVista branch (OAuth, Docker stack, folder-grouped tabular reviews, per-user page limit, PDF vision for scanned documents) - Merge upstream commits: Next/Cloudflare dep updates, README improvements, JSONB shared_with filter fix, path-style S3 hardening, HMAC secret fail-fast, comment cleanup in access.ts and tabular.ts - Keep env-configurable R2_FORCE_PATH_STYLE (overrides upstream hardcode) - Keep Docker + local Supabase section alongside upstream README rewrite Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

commit body

- Merge KairosVista branch (OAuth, Docker stack, folder-grouped tabular
  reviews, per-user page limit, PDF vision for scanned documents)
- Merge upstream commits: Next/Cloudflare dep updates, README improvements,
  JSONB shared_with filter fix, path-style S3 hardening, HMAC secret
  fail-fast, comment cleanup in access.ts and tabular.ts
- Keep env-configurable R2_FORCE_PATH_STYLE (overrides upstream hardcode)
- Keep Docker + local Supabase section alongside upstream README rewrite

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-399.md from inside the repo you want the changes in.

⬇ Download capture-thread-399.md