zgbrenner cuts Gary loose from Cloudflare

The backend now runs entirely on Clerk and Supabase, so Gary can stand up end to end without any Cloudflare dependency.

infrastructureintegration

zgbrenner just finished moving Gary off its old plumbing. An earlier round switched the front end to Clerk, a hosted service that handles sign-in and user identity; this round brings the backend into line so both halves agree on who a user is, and consolidates the whole data layer onto Supabase, an all-in-one database and file-storage platform. Because Supabase's storage speaks the same language as Amazon's, the existing file-handling code carried over without a rewrite.

zgbrenner is candid about the limits: there's no automated backend test suite, a full end-to-end run still needs a live Supabase project, and Gary remains effectively single-user - no separate-tenant isolation was added. The payoff is a cleaner, more portable stack with one identity system and one data home, plus a fresh setup guide for anyone standing it up themselves.

So what Worth a look for anyone evaluating Gary as a self-hostable base, or weighing how much vendor lock-in a legal-AI tool carries.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

1 commit from zgbrenner/gary, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date

a7ea67d0 feat: verify Clerk tokens in backend, use Supabase for storage Claude 2026-05-20 ↗ GitHub

SHA	Subject	Author	Date
`a7ea67d0`	feat: verify Clerk tokens in backend, use Supabase for storage	Claude	2026-05-20	↗ GitHub
commit body Complete the Clerk migration on the backend side and consolidate the data layer onto Supabase so Gary can run without Cloudflare. - Backend auth: requireAuth verifies Clerk session JWTs via @clerk/backend instead of Supabase tokens; Clerk user id flows to res.locals.userId - Resolve user emails through the Clerk API (cached); the sharing/"people" endpoints now look users up via Clerk, not Supabase Auth - Schema: user_profiles and user_api_keys store the Clerk user id as text and no longer depend on auth.users; drop the Supabase Auth signup trigger - Account deletion removes the Clerk user plus the profile/api-key rows - Storage: switch the S3 client config from R2-specific env vars to generic S3_* vars (with a configurable region) so Supabase Storage works - Remove the dead frontend storage helper and the unused Supabase JWT helper - Docs: add docs/SUPABASE_SETUP.md and update env examples / deployment docs https://claude.ai/code/session_018GMAE164ehpBTxzBdsof9r

commit body

Complete the Clerk migration on the backend side and consolidate the data
layer onto Supabase so Gary can run without Cloudflare.

- Backend auth: requireAuth verifies Clerk session JWTs via @clerk/backend
  instead of Supabase tokens; Clerk user id flows to res.locals.userId
- Resolve user emails through the Clerk API (cached); the sharing/"people"
  endpoints now look users up via Clerk, not Supabase Auth
- Schema: user_profiles and user_api_keys store the Clerk user id as text
  and no longer depend on auth.users; drop the Supabase Auth signup trigger
- Account deletion removes the Clerk user plus the profile/api-key rows
- Storage: switch the S3 client config from R2-specific env vars to generic
  S3_* vars (with a configurable region) so Supabase Storage works
- Remove the dead frontend storage helper and the unused Supabase JWT helper
- Docs: add docs/SUPABASE_SETUP.md and update env examples / deployment docs

https://claude.ai/code/session_018GMAE164ehpBTxzBdsof9r

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-567.md from inside the repo you want the changes in.

⬇ Download capture-thread-567.md