Dshamir bolts locks and alarms onto AI-Legal's front end

A round of production hardening: server-side access control, crash monitoring, and a fix that stops the app falling over before it even loads.

securityinfrastructure

Dshamir's latest pass is less about new features and more about making AI-Legal safe to actually deploy. The headline change is server-side route protection - the app now checks who you are before a page loads and sends anyone who isn't signed in back to the door, rather than trusting the browser to police access. Alongside that, Dshamir wired in error monitoring, a third-party service that quietly reports crashes and bugs from real users so the team sees problems before clients do.

There's also an accessibility tweak that lets keyboard and screen-reader users jump straight to the main content, and a build fix that stops the whole app crashing on startup when database credentials happen to be missing - the kind of papercut that blocks every test run until someone deals with it.

So what Anyone weighing AI-Legal for real use should note this is the unglamorous plumbing - auth, monitoring, reliability - that separates a demo from something you'd put in front of clients.

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

3 commits from Dshamir/AI-Legal, oldest first. Source extracted verbatim from the harvested git log.

SHA	Subject	Author	Date
`5755ec93`	[P4] feat: add auth middleware, error tracking, accessibility, bundle analyzer	Dshamir	2026-05-23	↗ GitHub
`87b7d2c2`	[P4] chore: add Sentry and bundle-analyzer dependencies	Dshamir	2026-05-23	↗ GitHub
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
`d52b4e52`	[P4] fix: use placeholder Supabase URL to prevent build-time crash	Dshamir	2026-05-23	↗ GitHub
commit body The Supabase client was created with an empty string URL when env vars were missing, causing createClient to throw during Next.js static page generation. Uses placeholder values that safely no-op at build time. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

SHA

Subject

Author

Date

5755ec93

[P4] feat: add auth middleware, error tracking, accessibility, bundle analyzer

Dshamir

2026-05-23

↗ GitHub

87b7d2c2

[P4] chore: add Sentry and bundle-analyzer dependencies

Dshamir

2026-05-23

↗ GitHub

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

d52b4e52

[P4] fix: use placeholder Supabase URL to prevent build-time crash

Dshamir

2026-05-23

↗ GitHub

commit body

The Supabase client was created with an empty string URL when env vars
were missing, causing createClient to throw during Next.js static page
generation. Uses placeholder values that safely no-op at build time.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-523.md from inside the repo you want the changes in.