vadi25/patronus: RLS hardening, OpenAI provider, and a full rebrand in one foundational commit
The fork's first and only commit (+11,440/-8,169, 127 files) bundles four distinct strands: a `mike` → `patronus` rebrand, an OpenAI LLM provider, hardened Supabase RLS policies covering 14 tables, and a `SKIP_AUTH_IN_DEV` bypass. Most of the line count is name churn; the genuinely new code is the RLS migrations and the OpenAI provider.
Rebrand. Package names, type names (MikeDocument → PatronusDocument), API client file, icon component, drag-drop MIME types, default R2 bucket name. Pure identity churn with no logic changes. Nothing here is worth importing unless you're also renaming.
OpenAI provider. New backend/src/lib/llm/openai.ts (171 lines) sits alongside the existing Claude and Gemini providers. The implementation uses the OpenAI SDK's Responses API with a reasoningEffort parameter ("none" | "low" | "medium" | "high" | "xhigh") threaded through StreamChatParams. Schema changes add openai_api_key to user_profiles and extend the UserApiKeys/UserProfileContext types. Default models flip from Gemini to gpt-5.5 (main) and gpt-5.4-mini (tabular, title). The provider scaffolding itself - Responses API plus reasoning-effort plumbing - is worth adapting. The model IDs (gpt-5.5, gpt-5.4, gpt-5.4-mini) should be verified before use; they look speculative as of the commit date.
RLS hardening. The most defensible piece to pull. Two Supabase CLI migrations address gaps in upstream's schema: a bootstrap migration mirroring the one-shot schema, then a hardening migration that wraps auth.uid() calls in (select auth.uid()) for plan stability, adds missing WITH CHECK clauses on insert/update policies, and revokes execute on public.handle_new_user() from anon, authenticated. Upstream enables RLS only on user_profiles; this fork enables it across 14 tables including projects, documents, document_versions, document_edits, chats, chat_messages, tabular_reviews, tabular_cells, and the workflow and sharing tables.
Dev auth bypass. SKIP_AUTH_IN_DEV=true injects a fake user in the auth middleware when NODE_ENV !== "production". Convenient but the "accidentally on in prod" exposure is real. If you adopt it, add a startup log that shouts when the bypass is active.
The commit also ships CLAUDE.md, a sub-agent definition, a slash command, and a full docs/ tree organized per feature. All of that is project-specific scaffolding for vadi25's own workflow.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?