MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · zgbrenner/gary · this thread

zgbrenner rewires Gary's login and storage to cut the Cloudflare cord

The biggest change in this fork swaps out how users sign in and where files live, so Gary can run without Cloudflare.

infrastructuresecurity

zgbrenner has pulled out the sign-in system Gary inherited from upstream and replaced it with Clerk, a managed service that handles logins, sessions, and user accounts so a team doesn't have to build that themselves. The login and signup screens, the session checks on the server, and even account deletion were all rebuilt around it.

At the same time, the fork moves file storage onto a generic, vendor-neutral setup backed by Supabase, removing the dependency on Cloudflare's hosting. A setup tracker in the fork makes clear this is a work in progress: the identity swap is done, but storage and deployment steps are still pending, so it may not yet run end to end.

So what Anyone evaluating Gary as a deployable base should care - this is a foundational change to who controls identity and where data sits, and it touches security-sensitive paths that warrant a close look before trusting it.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

6 commits from zgbrenner/gary, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
5c75082a Merge pull request #6 from foolish-bandit/claude/setup-vercel-supabase-CTH7D Zack Brenner 2026-05-19 ↗ GitHub 
Replace Supabase auth with Clerk
dd47abae Merge pull request #7 from foolish-bandit/claude/backend-clerk-supabase Zack Brenner 2026-05-19 ↗ GitHub 
Backend Clerk verification + Supabase data layer
7e0e3c56 Merge pull request #8 from foolish-bandit/claude/setup-progress-notes Zack Brenner 2026-05-19 ↗ GitHub
aa9602ce feat: replace Supabase auth with Clerk Claude 2026-05-20 ↗ GitHub
commit body 
Swap Gary's built-in Supabase login/signup flow for Clerk so the app can
run as a protected one-person web app on Vercel.

- Add @clerk/nextjs; wrap the root layout in ClerkProvider
- Add Clerk middleware (proxy.ts) that protects every route except
  /login and /signup
- Render Clerk SignIn/SignUp at the existing /login and /signup URLs
- Back the useAuth() compatibility hook with Clerk instead of Supabase
- Replace the sidebar account dropdown with Clerk UserButton
- Send the Clerk session token on backend requests via a shared helper
- Remove the Supabase client, JWT helper, and @supabase/* frontend deps
- Document Clerk env vars and setup in the env examples and docs

The separate Express backend still verifies Supabase JWTs; swapping it to
verify Clerk tokens is a documented follow-up.

https://claude.ai/code/session_018GMAE164ehpBTxzBdsof9r
a7ea67d0 feat: verify Clerk tokens in backend, use Supabase for storage Claude 2026-05-20 ↗ GitHub
commit body 
Complete the Clerk migration on the backend side and consolidate the data
layer onto Supabase so Gary can run without Cloudflare.

- Backend auth: requireAuth verifies Clerk session JWTs via @clerk/backend
  instead of Supabase tokens; Clerk user id flows to res.locals.userId
- Resolve user emails through the Clerk API (cached); the sharing/"people"
  endpoints now look users up via Clerk, not Supabase Auth
- Schema: user_profiles and user_api_keys store the Clerk user id as text
  and no longer depend on auth.users; drop the Supabase Auth signup trigger
- Account deletion removes the Clerk user plus the profile/api-key rows
- Storage: switch the S3 client config from R2-specific env vars to generic
  S3_* vars (with a configurable region) so Supabase Storage works
- Remove the dead frontend storage helper and the unused Supabase JWT helper
- Docs: add docs/SUPABASE_SETUP.md and update env examples / deployment docs

https://claude.ai/code/session_018GMAE164ehpBTxzBdsof9r
d6f10f71 docs: add setup progress tracker Claude 2026-05-20 ↗ GitHub
commit body 
Records that Clerk auth (frontend + backend) is done and the remaining
Supabase project, storage, and backend-deploy steps are still pending, so
the setup can be resumed without re-deriving where it stands.

https://claude.ai/code/session_018GMAE164ehpBTxzBdsof9r

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-537.md from inside the repo you want the changes in.

⬇ Download capture-thread-537.md