Backend hardening slice: multi-provider LLM routing, account lifecycle, typed env
@hoogvliets carved the backend out of a larger AGPL disclosure into its own PR - server-side hardening, account lifecycle, and LLM routing as a reviewable unit. Useful if you want to understand what a production-hardened Mike backend looks like without wading through schema and frontend noise.
App bootstrapping is separated from server startup, and environment handling is typed. Auth middleware and the Supabase access layer are tightened. The user lifecycle work is the most operationally significant piece: encrypted per-user model keys, account deletion with restore tokens, a deletion worker, and validation helpers on route inputs.
The chat and LLM layer is the largest restructuring. The previously monolithic chat-tools module is split into submodules covering tool schemas, the tool runner, document context loading, citation handling, workflow store helpers, and streaming. Anthropic and Gemini integration is updated, the older OpenAI-specific path is removed, and model availability is routed through a dedicated backend endpoint. Storage, uploads, download tokens, and document routes are reworked alongside, with PDF queue and structure-tree helpers feeding the upload and tabular flows.
Operational additions include Pino request logging, LLM request rate limiting, and the crypto helpers supporting restore-token and validation work.
As with the umbrella PR, this isn't positioned as independently landable - it depends on the schema changes in #130 and the frontend changes in #128.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?