Altien rips Mike off Supabase

The fork can now stand up on any modern Postgres, not just the hosted database Mike was originally wired to.

infrastructurecompliance

Mike ships expecting Supabase - a hosted Postgres-as-a-service that bundles auth, row-level security and a few platform-specific hooks. That's fine until you need to run it inside your own cloud, on a regulated tenant, or anywhere a managed third-party database is a non-starter.

Altien has broken the single, Supabase-flavoured database setup into six smaller, sequential migration files that run against a plain modern Postgres. A small runner script handles the rest, including a path for Microsoft Entra-authenticated databases on Azure. The upshot: Mike can now be deployed somewhere the buyer controls end to end, instead of inheriting whatever Supabase happens to offer.

It's the kind of change that doesn't add a feature a lawyer would notice, but it widens the set of firms and in-house teams that can realistically host this thing themselves.

So what Matters for any legal team whose security or procurement rules rule out hosted-database vendors and require Mike to live inside their own cloud.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

1 commit from Altien/mikeOssAzure, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date

b9f5f60a feat(db): node-pg-migrate runner and provider-neutral migrations Allen Morgan 2026-05-08 ↗ GitHub

SHA	Subject	Author	Date
`b9f5f60a`	feat(db): node-pg-migrate runner and provider-neutral migrations	Allen Morgan	2026-05-08	↗ GitHub
commit body Replaces the upstream Supabase one-shot schema (RLS policies, auth.users FK, handle_new_user trigger) with six sequential node-pg-migrate migrations that run against any Postgres 16+ server: 0000_initial - full upstream schema, supabase deps removed 0001_tenant_policy - tenants + tenant_group_policies tables for Entra-mode tenant lifecycle 0002_user_profile_email - email column on user_profiles 0003_user_profile_provider_keys - OpenAI/AOAI per-user key columns 0004_user_profile_fast_model - fast_model column 0005_postgres_roles - recreates the PostgREST role topology (web_anon / authenticated / service_role) for deployments where Supabase's bootstrap doesn't run scripts/runMigrations.ts is the runner used by Container App Jobs (and locally via npm run migrate:dev). It picks DATABASE_URL when AUTH_PROVIDER!=entra, or mints a Postgres-flexserver Managed Identity token when entra mode is active. After migration completes it issues NOTIFY pgrst, 'reload schema' so PostgREST picks up the new shape without a restart. Adds node-pg-migrate, pg, and @types/pg.

commit body

Replaces the upstream Supabase one-shot schema (RLS policies, auth.users
FK, handle_new_user trigger) with six sequential node-pg-migrate
migrations that run against any Postgres 16+ server:

  0000_initial            - full upstream schema, supabase deps removed
  0001_tenant_policy      - tenants + tenant_group_policies tables for
                            Entra-mode tenant lifecycle
  0002_user_profile_email - email column on user_profiles
  0003_user_profile_provider_keys - OpenAI/AOAI per-user key columns
  0004_user_profile_fast_model    - fast_model column
  0005_postgres_roles     - recreates the PostgREST role topology
                            (web_anon / authenticated / service_role)
                            for deployments where Supabase's bootstrap
                            doesn't run

scripts/runMigrations.ts is the runner used by Container App Jobs (and
locally via npm run migrate:dev). It picks DATABASE_URL when
AUTH_PROVIDER!=entra, or mints a Postgres-flexserver Managed Identity
token when entra mode is active. After migration completes it issues
NOTIFY pgrst, 'reload schema' so PostgREST picks up the new shape
without a restart.

Adds node-pg-migrate, pg, and @types/pg.

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-193.md from inside the repo you want the changes in.

⬇ Download capture-thread-193.md