MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · willchen96/mike · this thread

willchen96 walls the master database key off from the browser

A quiet housekeeping pass on Mike makes one rule unmissable: the powerful database credential lives on the backend, and nowhere near the front end.

securityinfrastructure

Mike runs on Supabase, the hosted database and auth service behind a lot of these projects. Supabase ships with a high-privilege "service-role" key that can bypass the usual access rules - exactly the kind of credential you never want sitting in the part of the app that runs in a user's browser. willchen96 stripped that key out of the front-end's setup, deleted a stray helper that hinted the browser tier might need it, and made the trust boundary obvious: master access is backend-only.

The same pass added a safety catch on the backend. If the database address or secret key is missing, Mike now refuses to start and says so, instead of booting fine and then failing in confusing ways on every database call later.

So what Anyone evaluating a legal-AI tool for client data should care: it's a small change, but it's the kind of credential hygiene that separates a serious project from a leaky one.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

2 commits from willchen96/mike, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
9749d601 fix: enforce SUPABASE_URL and SUPABASE_SECRET_KEY presence in server-side client; remove unused supabase-server.ts file willchen96 2026-05-16 ↗ GitHub
4ba4d53c Merge pull request #138 from willchen96/supabase-env-cleanup cosimoastrada 2026-05-16 ↗ GitHub 
fix: enforce SUPABASE_URL and SUPABASE_SECRET_KEY presence in server-side client; remove unused supabase-server.ts file

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-475.md from inside the repo you want the changes in.

⬇ Download capture-thread-475.md