Electron desktop port of Mike: Supabase and S3 stripped, SQLite and local filesystem in
rafal-fryc has taken the upstream cloud SaaS stack and rebuilt it as a single-user Windows desktop app, replacing every cloud dependency with local equivalents. The interesting part is how little the route layer had to change.
The main commit (e2a80b08) is a +19,351/-15,651 line swap. Supabase Postgres becomes SQLite via better-sqlite3. Rather than rewriting the 14-file Express route layer, rafal-fryc built a Postgrest-shaped compatibility shim at backend/src/db/supabaseShim.ts (808 lines) so existing handlers compile and run unchanged. S3/R2 becomes a filesystem tree under <workspace>/files with a path-traversal guard. Supabase Auth becomes approximately 50 lines of Node crypto doing HS256 JWT - no jsonwebtoken dependency. The password is scrypt-hashed and stored in <workspace>/.mike/auth.json. An Electron shell handles workspace selection and the lock screen; NSIS packages the result.
A pre-ship code review (committed as CODE-REVIEW-0.2.0.md) caught five Critical issues before tagging. The most significant: DOWNLOAD_SIGNING_SECRET was falling back to the literal string "dev-secret" in every packaged build, because the env injection block that populates the backend child process never set it. Anyone who read the source could forge /download/:token URLs for any stored file. The second commit (79acd8a6) closes all five Critical findings: per-launch DOWNLOAD_SIGNING_SECRET minted in electron/main.ts, alg/typ header validation in verifyLocalJwt, sandbox:true on the renderer, a missing chat_messages.workflow column that was silently dropping every user message, and a raw Claude stream logger writing unbounded user data to disk.
The project carries DECISIONS.md logging trade-offs (Electron over Tauri, SQLite over PGlite, scrypt over bcrypt, no bundled LibreOffice in v0.1), a TODO.md of deferred work, and per-phase notes under .claude/phases/. Two of three pre-ship reviewers returned "do not ship as-is"; the second commit fixed everything blocking. That process discipline is visible in the output.
Known constraints: the 808-line compat shim is bespoke maintenance debt that will drift as upstream evolves Supabase queries. Cloudflare/OpenNext is fully removed - re-enabling dual-target deployment means going back to upstream. The installer is unsigned (SmartScreen warning). API keys land in plaintext in SQLite, acknowledged in DECISIONS.md. Single user, single workspace by design.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?