Altien is making Mike enterprise-ready for the Microsoft stack

A round of plumbing turns Mike from a local prototype into something that can actually run behind Microsoft's cloud and sign-in.

infrastructuresecurity

Maintained by Allen Morgan · verified on MikeWatch

Altien's fork tackles the unglamorous work that decides whether a tool ever leaves a developer's laptop: deployment. The team rebuilt how the app talks to itself so it runs cleanly on Microsoft's Azure hosting, and fixed a subtle trap where sign-in would silently break - Microsoft rejects logins that don't come over a secure connection, and the way Azure routes traffic was hiding that the connection was, in fact, secure.

The bigger story is choice. The setup now documents three ways to handle who's allowed in, including Microsoft's own corporate sign-in (Entra), alongside its file storage and AI-provider options. Firms already living inside Microsoft's ecosystem can plug Mike in without bolting on a separate login system.

So what Anyone evaluating whether Mike can run inside a Microsoft-centric firm - rather than just on an engineer's machine - should take note.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

2 commits from Altien/mikeOssAzure, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
acbb6cc7 feat(server): runtime /config + /api prefix + bundled static frontend Allen Morgan 2026-05-08 ↗ GitHub
commit body
Wires every router added in earlier commits into the Express app and
adds the runtime-config endpoint that the browser bundle reads at
startup.

  * routes/config.ts mounted at /config - returns
    { authProvider, entra: { tenantId, clientId } } from server env.
    Unauthenticated; lets the same Docker image ship to any tenant.

  * /api prefix shift - every existing API router moves under /api/* so
    the backend can also serve a static frontend bundle from the same
    process (the SPA shell at / would otherwise collide).
    /install and /config keep their current paths because they have
    independent meaning at the root.

  * Static frontend bundle.  When PUBLIC_DIR (../public relative to
    dist/index.js) exists, the backend serves the Next.js static export
    out of the same Express process.  findShell() resolves dynamic-
    segment routes like /projects/<id> back to the right shell file
    that Next.js export emits with `_` placeholders.  RSC `.txt`
    requests for unmapped routes 404 cleanly so Next falls back to a
    hard navigation.  When PUBLIC_DIR is absent (local backend dev),
    the static handler is skipped and the frontend dev server at :3000
    talks to this backend over CORS as before.

  * trust-proxy + cookie-parser + urlencoded body parser added to
    support OAuth state cookies, the configurator's signed sessions,
    and the bootstrap-token paste form respectively.
6697186c chore(backend): env example, dockerignore, regenerate lockfile Allen Morgan 2026-05-08 ↗ GitHub
commit body
  * backend/.env.example                - full set of env vars including
                                          AUTH_PROVIDER block (local /
                                          supabase / entra), Azure
                                          storage block, OpenAI/AOAI,
                                          download-signing secret,
                                          observability connection
                                          string.  Sanitized - concrete
                                          identifiers replaced with
                                          placeholders.

  * backend/.dockerignore               - standard Node ignore set so
                                          docker build doesn't blow up
                                          the image with node_modules.

  * backend/package-lock.json           - regenerated to match the
                                          dependency set added across
                                          earlier commits (azure SDKs,
                                          pg / node-pg-migrate, openai,
                                          cookie-parser).

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-198.md from inside the repo you want the changes in.

⬇ Download capture-thread-198.md