Altien teaches the database client to speak three dialects

One client, three deployment modes - so the same fork can run on hosted Supabase, a self-hosted database, or an enterprise network with Microsoft Entra ID.

infrastructureintegration

Altien's fork now picks a connection style at startup depending on where it's deployed. Hosted Supabase still works out of the box. A self-hosted mode lets the app talk directly to PostgREST - a thin web API that sits in front of a Postgres database - without a reverse proxy in the middle. And an Entra mode (Microsoft's enterprise identity service, the successor to Azure AD) strips out the usual API keys entirely, because in that setup the database is locked behind the corporate network and isn't expecting them.

Two smaller fixes ride along. Chat windows no longer break when the AI fails to invent a title - the app just uses the opening of the user's message instead. And in production, the app now refuses to start without a signing secret for download links, closing a quiet configuration footgun.

So what Matters most to legal-ops and IT leads evaluating whether a Mike fork can actually live inside their existing Microsoft stack rather than a SaaS tenant.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

1 commit from Altien/mikeOssAzure, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date

5d6f529c feat(supabase): provider-aware PostgREST client + chat title fallback Allen Morgan 2026-05-08 ↗ GitHub

SHA	Subject	Author	Date
`5d6f529c`	feat(supabase): provider-aware PostgREST client + chat title fallback	Allen Morgan	2026-05-08	↗ GitHub
commit body * lib/supabase.ts now picks one of three transports based on AUTH_PROVIDER: supabase - default supabase-js, hits hosted Supabase /rest/v1 local - supabase-js with a fetch wrapper that strips the /rest/v1 prefix so SUPABASE_URL can point at PostgREST directly (no Caddy required for the local docker stack) entra - same prefix-strip plus Authorization/apikey header removal, since the deployed PostgREST runs without jwt-secret and refuses requests carrying Authorization. Trust comes from network isolation: only the Container Apps internal ingress can reach PostgREST. The "supabase" function name is now historical - for everything but the supabase branch this is a generic PostgREST client. * routes/chat.ts: title generation is cosmetic, so an LLM failure (no provider configured, AOAI deployment unreachable, etc.) now falls back to the first ~60 chars of the user message instead of failing the entire request. Errors still log with context. * lib/downloadTokens.ts: hard-fail on missing DOWNLOAD_SIGNING_SECRET in production mode. Same dev-mode fallback as before.

commit body

  * lib/supabase.ts now picks one of three transports based on
    AUTH_PROVIDER:

      supabase  - default supabase-js, hits hosted Supabase /rest/v1
      local     - supabase-js with a fetch wrapper that strips the
                  /rest/v1 prefix so SUPABASE_URL can point at PostgREST
                  directly (no Caddy required for the local docker stack)
      entra     - same prefix-strip plus Authorization/apikey header
                  removal, since the deployed PostgREST runs without
                  jwt-secret and refuses requests carrying Authorization.
                  Trust comes from network isolation: only the
                  Container Apps internal ingress can reach PostgREST.

    The "supabase" function name is now historical - for everything but
    the supabase branch this is a generic PostgREST client.

  * routes/chat.ts: title generation is cosmetic, so an LLM failure (no
    provider configured, AOAI deployment unreachable, etc.) now falls
    back to the first ~60 chars of the user message instead of failing
    the entire request.  Errors still log with context.

  * lib/downloadTokens.ts: hard-fail on missing DOWNLOAD_SIGNING_SECRET
    in production mode.  Same dev-mode fallback as before.

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-197.md from inside the repo you want the changes in.

⬇ Download capture-thread-197.md