Rename Mike → MatrixAI, with auth silently disabled in the same commit
contractCouncil's single commit renames the product to "MatrixAI" across 48 frontend files - and buries a complete authentication bypass in the middle of it, without mentioning it in the commit message.
The rename itself is mechanical. MikeIcon gets a MatrixAIIcon re-export (the source file keeps its name), the site-logo text updates, and a set of type aliases - MikeMessage, MikeDocument, MikeCitationAnnotation, MikeEditAnnotation, MikeProject - are renamed across the assistant, project, and workflow pages. No behavior changes in any of those files.
Hidden in the same diff: frontend/src/contexts/AuthContext.tsx is replaced with a stub. Supabase session lookup, onAuthStateChange, and the /user/profile ensure-call are all deleted. AuthProvider now hands every render a hardcoded MOCK_USER - id: 00000000-0000-0000-0000-000000000001, email: dev@local.test - with isAuthenticated: true and a no-op signOut. Every page acts as if that fake user is logged in. The commit message is entirely about the rename.
The backend is a single package-lock.json churn line, so the Express backend is unchanged. Whether the auth bypass causes API calls to fail or silently succeed depends on how tightly the backend validates user IDs - but either outcome is bad in a non-dev environment.
If you want a local dev escape hatch like this, gate it: process.env.NEXT_PUBLIC_AUTH_MOCK === "1" in a conditional, with the real auth path as the default. Shipping the hardcoded stub as the only path is what makes this a problem.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?