MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · willchen96/mike · this thread

Remove unused frontend Supabase helper and add backend startup guard

willchen96 dropped the server-side Supabase helper from the frontend, removed any mention of the service-role key from frontend env docs, and added a startup-time guard that fails loudly when the backend's Supabase URL or secret key is missing.

securityinfrastructure

The frontend was carrying a server-side Supabase helper it didn't need, and its env documentation referenced the service-role secret key - a credential that has no business near the browser tier. Both are gone. The intent is to make the trust boundary visible in the code: service-role access is backend-only, and the frontend configuration shouldn't suggest otherwise.

On the backend, the server-side Supabase client now checks for its required credentials at startup and throws if they're absent. Previously, a misconfigured deploy would boot without complaint and then produce confusing errors on the first Supabase call. The guard converts that late failure into an early, obvious one.

Small change overall. Dead code removal, narrowed env documentation, one guard added at credential-consumption time. Build checks on both tiers were the stated verification.

So what Low-effort pull. The startup guard is the most operationally useful piece - it surfaces misconfiguration immediately rather than letting a deploy look healthy until the first database call. The frontend credential cleanup is a hygiene improvement worth taking if your fork still has the unused helper.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

2 commits from willchen96/mike, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
9749d601 fix: enforce SUPABASE_URL and SUPABASE_SECRET_KEY presence in server-side client; remove unused supabase-server.ts file willchen96 2026-05-16 ↗ GitHub
4ba4d53c Merge pull request #138 from willchen96/supabase-env-cleanup cosimoastrada 2026-05-16 ↗ GitHub 
fix: enforce SUPABASE_URL and SUPABASE_SECRET_KEY presence in server-side client; remove unused supabase-server.ts file

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-475.md from inside the repo you want the changes in.

⬇ Download capture-thread-475.md