zgbrenner writes the deployment manual for Gary

A one-person guide to standing up this fork without leaking your secrets in the process.

infrastructuresecurity

zgbrenner spent this round on documentation rather than features: a plain-English guide to getting Gary live on Vercel, the hosting platform for web frontends, with Supabase handling the database and logins. The headline finding is architectural. Gary's front end and its document-processing back end are separate, and the back end does heavy, long-running work that Vercel isn't built for - so the recommendation is to host the front end on Vercel and keep the back end on a conventional host like Railway, Render, or Fly.io.

The guide is blunt about one thing that matters for legal work: API keys and other secrets must live on the back end and never be exposed in browser-visible settings. A small code tweak also turns a cryptic startup failure into a message that names the exact missing setting. zgbrenner flags that a public deployment shouldn't hold real client data until login restrictions are added.

So what Worth a look for any small firm or solo builder weighing whether to self-host a legal-AI tool without a DevOps team behind them.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

1 commit from zgbrenner/gary, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date

0b6ee888 docs: add Vercel deployment path and clarify Supabase env errors Claude 2026-05-19 ↗ GitHub

SHA	Subject	Author	Date
`0b6ee888`	docs: add Vercel deployment path and clarify Supabase env errors	Claude	2026-05-19	↗ GitHub
commit body Prepare Gary for a simple one-person Vercel deployment. Documentation and a clearer missing-env error - no product features, no Clerk, no database migration, no Cloudflare changes. - Add docs/VERCEL_DEPLOYMENT.md: plain-English guide covering what Vercel hosts (the Next.js frontend only), what Supabase handles, why the Express backend stays separate (needs LibreOffice and a long-running server), required public vs private environment variables, GitHub import steps, project settings (Root Directory = frontend, default build/output), preview deployments, custom domains, troubleshooting, and a "Future Clerk login" note. - Add frontend/.env.vercel.example: public NEXT_PUBLIC_* values separated from server-side secrets, with explicit warnings never to put provider / Supabase service-role / database / JWT / Clerk secrets in NEXT_PUBLIC_* variables. Includes a clearly-labeled future-only Clerk section. - supabase.ts and auth.ts: replace the cryptic "supabaseUrl is required" failure with a clear message naming the missing variable (NEXT_PUBLIC_SUPABASE_URL / NEXT_PUBLIC_SUPABASE_ANON_KEY) and where to set it. Also accept the standard NEXT_PUBLIC_SUPABASE_ANON_KEY name while still falling back to the legacy NEXT_PUBLIC_SUPABASE_PUBLISHABLE_DEFAULT_KEY, so existing deployments keep working. Runtime safety is unchanged - missing config still throws. - README: add a brief "Deploying Gary on Vercel" section and link the new guide; docs index links it too. - .gitignore: allow .env.vercel.example to be committed.

commit body

Prepare Gary for a simple one-person Vercel deployment. Documentation
and a clearer missing-env error - no product features, no Clerk, no
database migration, no Cloudflare changes.

- Add docs/VERCEL_DEPLOYMENT.md: plain-English guide covering what
  Vercel hosts (the Next.js frontend only), what Supabase handles,
  why the Express backend stays separate (needs LibreOffice and a
  long-running server), required public vs private environment
  variables, GitHub import steps, project settings (Root Directory =
  frontend, default build/output), preview deployments, custom
  domains, troubleshooting, and a "Future Clerk login" note.
- Add frontend/.env.vercel.example: public NEXT_PUBLIC_* values
  separated from server-side secrets, with explicit warnings never to
  put provider / Supabase service-role / database / JWT / Clerk
  secrets in NEXT_PUBLIC_* variables. Includes a clearly-labeled
  future-only Clerk section.
- supabase.ts and auth.ts: replace the cryptic "supabaseUrl is
  required" failure with a clear message naming the missing variable
  (NEXT_PUBLIC_SUPABASE_URL / NEXT_PUBLIC_SUPABASE_ANON_KEY) and
  where to set it. Also accept the standard
  NEXT_PUBLIC_SUPABASE_ANON_KEY name while still falling back to the
  legacy NEXT_PUBLIC_SUPABASE_PUBLISHABLE_DEFAULT_KEY, so existing
  deployments keep working. Runtime safety is unchanged - missing
  config still throws.
- README: add a brief "Deploying Gary on Vercel" section and link the
  new guide; docs index links it too.
- .gitignore: allow .env.vercel.example to be committed.

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-570.md from inside the repo you want the changes in.

⬇ Download capture-thread-570.md