MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · zgbrenner/gary · this thread

zgbrenner cuts the gary stack from three outside vendors to two

An auth swap and a storage merge leave this fork leaning on two hosted services instead of three.

infrastructuresecurity

zgbrenner reworked two unglamorous but load-bearing pieces of plumbing in this fork: who users are, and where their files live.

Logins now run through Clerk, a hosted identity and sign-in service, replacing the login tooling that came bundled with Supabase, the project's database provider. At the same time, file storage moved off Cloudflare R2 - a separate cloud storage service - and onto Supabase's own storage, so the database vendor now holds the documents too. The net effect: a basic deployment needs accounts with two outside services instead of three. zgbrenner's setup notes flag the usual gotchas, but frames the change as a clean pattern worth copying.

So what Anyone weighing the operational cost of standing up a legal-AI tool should note the trade: one fewer vendor to contract, manage, and trust, against slightly less flexibility over how storage is configured.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

6 commits from zgbrenner/gary, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
5c75082a Merge pull request #6 from foolish-bandit/claude/setup-vercel-supabase-CTH7D Zack Brenner 2026-05-19 ↗ GitHub 
Replace Supabase auth with Clerk
dd47abae Merge pull request #7 from foolish-bandit/claude/backend-clerk-supabase Zack Brenner 2026-05-19 ↗ GitHub 
Backend Clerk verification + Supabase data layer
7e0e3c56 Merge pull request #8 from foolish-bandit/claude/setup-progress-notes Zack Brenner 2026-05-19 ↗ GitHub
aa9602ce feat: replace Supabase auth with Clerk Claude 2026-05-20 ↗ GitHub
commit body 
Swap Gary's built-in Supabase login/signup flow for Clerk so the app can
run as a protected one-person web app on Vercel.

- Add @clerk/nextjs; wrap the root layout in ClerkProvider
- Add Clerk middleware (proxy.ts) that protects every route except
  /login and /signup
- Render Clerk SignIn/SignUp at the existing /login and /signup URLs
- Back the useAuth() compatibility hook with Clerk instead of Supabase
- Replace the sidebar account dropdown with Clerk UserButton
- Send the Clerk session token on backend requests via a shared helper
- Remove the Supabase client, JWT helper, and @supabase/* frontend deps
- Document Clerk env vars and setup in the env examples and docs

The separate Express backend still verifies Supabase JWTs; swapping it to
verify Clerk tokens is a documented follow-up.

https://claude.ai/code/session_018GMAE164ehpBTxzBdsof9r
a7ea67d0 feat: verify Clerk tokens in backend, use Supabase for storage Claude 2026-05-20 ↗ GitHub
commit body 
Complete the Clerk migration on the backend side and consolidate the data
layer onto Supabase so Gary can run without Cloudflare.

- Backend auth: requireAuth verifies Clerk session JWTs via @clerk/backend
  instead of Supabase tokens; Clerk user id flows to res.locals.userId
- Resolve user emails through the Clerk API (cached); the sharing/"people"
  endpoints now look users up via Clerk, not Supabase Auth
- Schema: user_profiles and user_api_keys store the Clerk user id as text
  and no longer depend on auth.users; drop the Supabase Auth signup trigger
- Account deletion removes the Clerk user plus the profile/api-key rows
- Storage: switch the S3 client config from R2-specific env vars to generic
  S3_* vars (with a configurable region) so Supabase Storage works
- Remove the dead frontend storage helper and the unused Supabase JWT helper
- Docs: add docs/SUPABASE_SETUP.md and update env examples / deployment docs

https://claude.ai/code/session_018GMAE164ehpBTxzBdsof9r
d6f10f71 docs: add setup progress tracker Claude 2026-05-20 ↗ GitHub
commit body 
Records that Clerk auth (frontend + backend) is done and the remaining
Supabase project, storage, and backend-deploy steps are still pending, so
the setup can be resumed without re-deriving where it stands.

https://claude.ai/code/session_018GMAE164ehpBTxzBdsof9r

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-537.md from inside the repo you want the changes in.

⬇ Download capture-thread-537.md