MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · Altien/mikeOssAzure · this thread

Altien makes the browser bundle work for any tenant

One image, three sign-in modes, no rebuilds per customer.

multi-tenantinfrastructure

Altien reworked the frontend so a single deployed app can serve customers running on different login systems - Supabase (a hosted auth and database service), Microsoft Entra (the corporate identity system formerly called Azure AD), or a local development mode. The browser fetches its configuration at startup and routes sign-in, sign-out, and token handling through whichever provider the tenant is on, instead of baking those choices into the build.

Alongside that, the model picker now offers OpenAI and Azure OpenAI choices next to Anthropic and Google, with Azure deployments pulled live from the backend. Page routes were also reshaped so the whole frontend can ship as a static bundle - useful if you want to host it behind a CDN rather than a Node server.

The shape of the work suggests Altien is preparing to sell or deploy the same product to multiple firms with different IT estates, rather than running a single hosted instance.

So what Worth a look for anyone planning to white-label Mike or deploy it inside enterprise tenants with their own identity stack.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

2 commits from Altien/mikeOssAzure, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
948ff2c4 feat(frontend): runtime ConfigContext + provider-aware AuthContext Allen Morgan 2026-05-08 ↗ GitHub
commit body 
Frontend half of the auth-boundary work.  The browser bundle is now
tenant-portable: the same image ships everywhere and reads its
deployment-mode configuration from /config at startup.

  * contexts/ConfigContext.tsx  - fetches /config on mount, exposes
                                  useConfig() and getCachedAuthProvider()
                                  so module-level helpers can answer
                                  "what mode are we in" without holding
                                  a React context.  Persists to
                                  localStorage so a hot reload doesn't
                                  blank-flash the supabase login page on
                                  an entra deployment.

  * contexts/AuthContext.tsx    - now branches on the resolved provider
                                  (supabase / local / entra) and routes
                                  sign-out through the new GET
                                  /api/auth/logout server endpoint
                                  rather than constructing the Microsoft
                                  logout URL in the browser.

  * lib/supabase.ts             - lazy getSupabaseClient() factory.
                                  Throws a clear error in non-supabase
                                  deployments rather than constructing
                                  a client against placeholder env
                                  vars.  Same treatment for
                                  supabase-server.ts and lib/auth.ts -
                                  helpers gracefully return null /
                                  skip when env vars are absent
                                  instead of asserting on placeholders.

  * lib/auth-token.ts           - central browser token retrieval that
                                  picks the right source (supabase
                                  session / local-mode hash / entra
                                  hash) based on cached provider.
                                  bounceIfUnauthorized() shared by every
                                  data-fetch hook.

  * components/providers.tsx    - wraps app shell with ConfigProvider
                                  outside AuthProvider so auth bootstrap
                                  can read from runtime config.

  * Consumers migrated off the old `supabase` named export to the
    lazy factory: contexts/UserProfileContext, app/lib/mikeApi,
    app/components/{assistant,shared}/*, app/hooks/*,
    app/login + signup pages.  All routes auth their requests through
    auth-token's getBrowserAccessToken() so provider mode is invisible
    to the call sites.
0c5fc8da feat(frontend): SSR shells, account/models, AOAI-aware components Allen Morgan 2026-05-08 ↗ GitHub
commit body 
Pages and components that interact with the new auth + LLM boundaries.

  * Page components for the dynamic-segment routes are now SSR shells
    that delegate to client components reading the URL at runtime.
    Required by Next.js `output: "export"` - server-baked params
    resolve to the placeholder "_" regardless of the URL, so the
    runtime-shape lookup has to happen client-side.  Affects:
      - assistant/chat/[id]
      - projects/[id]
      - projects/[id]/assistant/chat/[chatId]
      - projects/[id]/tabular-reviews/[reviewId]
      - tabular-reviews/[id]
      - workflows/[id]
    Each gains a sibling *Client.tsx that holds the interactive logic.

  * Account → Models page                - surfaces OpenAI + Azure
                                           OpenAI alongside Anthropic /
                                           Google.  AOAI deployment
                                           dropdown queries
                                           /api/llm/azure-openai/deployments
                                           against the user's stored
                                           AOAI endpoint.

  * Account page                         - provider-aware header (entra
                                           hides supabase-only controls).

  * Assistant chat input + model toggle  - ApiKeyAvailability now
                                           includes openaiApiKey and
                                           azureOpenai availability so
                                           the model dropdown lights up
                                           the right options.

  * Tabular review components             - same boundary updates for
                                           the tabular chat panel.

  * /diagnostics/route/[id]              - dev-only client page that
                                           introspects how the static-
                                           export shell maps to the
                                           current URL; used while
                                           debugging the SSR shell
                                           pattern.

  * app/lib/modelAvailability.ts         - adds openaiApiKey +
                                           azureOpenai branches.

  * app/page.tsx                         - provider-aware redirect
                                           between supabase and entra
                                           login flows.

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-200.md from inside the repo you want the changes in.

⬇ Download capture-thread-200.md