Altien builds a setup wizard for Mike

A new in-app installer turns first-run configuration into something an admin can click through instead of a developer scripting from the command line.

infrastructuremulti-tenant

Altien has added a configuration UI that lives inside the app itself. Instead of hand-editing settings to stand up a deployment, an admin signs in once with a temporary bootstrap token, then through their organisation's Microsoft identity (Entra), and walks through a checklist of everything the app needs to run - secrets, integrations, redirect URLs - with readiness checks flagging what's still missing.

The design is tightly bound to Microsoft's Azure cloud and Entra identity stack, so this isn't a generic installer. It's the operator experience for a single app image that any Microsoft-shop tenant can drop in and configure for themselves. The manifest of required settings doubles as live documentation of what the app actually depends on.

So what Legal-ops leads evaluating Mike for a Microsoft-centric firm should care: this is the difference between a developer-only deploy and something IT can stand up.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

1 commit from Altien/mikeOssAzure, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date

c94bf9f1 feat(install): /install configurator + /admin/diagnostics routes Allen Morgan 2026-05-08 ↗ GitHub

SHA	Subject	Author	Date
`c94bf9f1`	feat(install): /install configurator + /admin/diagnostics routes	Allen Morgan	2026-05-08	↗ GitHub
commit body Backend half of the in-app install/configuration UI. * lib/install/manifest.ts - declarative manifest of every config item the app expects (KV secret names, env-only items, readiness checks). Functional documentation: anyone with this code can rebuild the configurator, no proprietary IP. * lib/install/installAuth.ts - bootstrap-token + Entra OIDC auth for /install. The bootstrap token burns on first successful Entra- admin sign-in. * lib/install/sessionTokens.ts - short-lived HMAC-signed cookies keyed off the bootstrap or OIDC identity. * lib/install/types.ts - manifest model types. * lib/install/checks/* - manifest readiness probes for installer access and Entra redirect-uri registration. * routes/install.ts - server-rendered HTML configurator UI. Reads/writes Key Vault via getConfig/setConfig. GET /install/ scripts/:name returns 404 when scripts/install/ is absent - that directory ships with the separate deploy package, not the application image, so the application-only deployment degrades cleanly. * routes/diagnostics.ts - /admin/diagnostics health page. Operator-grade utility that runs every manifest probe and reports status; useful in any deployment. Adds cookie-parser + @types/cookie-parser to support the configurator's short-lived session cookies. The routers themselves are not yet mounted on the Express app - that wiring lands in the bundled-frontend commit so this one stays focused on the configurator surface.

commit body

Backend half of the in-app install/configuration UI.

  * lib/install/manifest.ts        - declarative manifest of every
                                     config item the app expects (KV
                                     secret names, env-only items,
                                     readiness checks).  Functional
                                     documentation: anyone with this
                                     code can rebuild the configurator,
                                     no proprietary IP.

  * lib/install/installAuth.ts     - bootstrap-token + Entra OIDC auth
                                     for /install.  The bootstrap token
                                     burns on first successful Entra-
                                     admin sign-in.

  * lib/install/sessionTokens.ts   - short-lived HMAC-signed cookies
                                     keyed off the bootstrap or OIDC
                                     identity.

  * lib/install/types.ts           - manifest model types.

  * lib/install/checks/*           - manifest readiness probes for
                                     installer access and Entra
                                     redirect-uri registration.

  * routes/install.ts              - server-rendered HTML configurator
                                     UI.  Reads/writes Key Vault via
                                     getConfig/setConfig.  GET /install/
                                     scripts/:name returns 404 when
                                     scripts/install/ is absent - that
                                     directory ships with the separate
                                     deploy package, not the application
                                     image, so the application-only
                                     deployment degrades cleanly.

  * routes/diagnostics.ts          - /admin/diagnostics health page.
                                     Operator-grade utility that runs
                                     every manifest probe and reports
                                     status; useful in any deployment.

Adds cookie-parser + @types/cookie-parser to support the configurator's
short-lived session cookies.  The routers themselves are not yet
mounted on the Express app - that wiring lands in the bundled-frontend
commit so this one stays focused on the configurator surface.

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-195.md from inside the repo you want the changes in.

⬇ Download capture-thread-195.md