counselos/mike-inhouse

Mike extended for EU/UK in-house counsel, with hardened production defaults for privileged document handling

Five topics. Two are security-focused changes applicable to any fork: mandatory `DOWNLOAD_SIGNING_SECRET` at startup (no fallback, server exits on missing/short value) and content-bearing log suppression via `MIKE_DEBUG_STREAMS`. Two are EU in-house domain additions: five new built-in workflows and three EU tabular column presets. The fifth is a README repositioning that documents all of the above.

View on GitHub →

counselos/mike-inhouse extends willchen96/mike with five built-in workflows aimed at EU/UK in-house legal teams - NDA playbook review (RED/AMBER/GREEN), GDPR Article 28 DPA review, EU AI Act vendor addendum review, MSA/order-form red-flag memo, and vendor intake triage - alongside Mike's original three finance workflows. Three production defaults are changed: document text and LLM stream content is gated behind MIKE_DEBUG_STREAMS=1 so nothing content-bearing lands in container logs or backups by default; download URL signing requires a deployment-specific DOWNLOAD_SIGNING_SECRET (minimum 32 characters) with no fallback; and the server refuses to start without it. Three EU tabular-review column presets round out the data-extraction side: sub-processors (bulleted list with name/service/country), transfer mechanism (closed enum), and AI Act role allocation.

The security changes are the most portable part of this fork. The LLM log gating and the startup check are narrow, clean changes that apply to any Mike derivative handling privileged documents.

What's in it

Direction

contract-reviewcompliancebranding

Activity

Themed changes and pull requests touching this fork, newest first. Themed changes that haven't been turned into a public post yet still appear — they're real work even without a published writeup.

Threads of work (detailed view)

9 threads have been distilled into posts.

Five EU/UK in-house workflows added alongside Mike's original three finance workflows

counselos adds five built-in workflows targeting EU/UK in-house counsel - NDA playbook review, GDPR Article 28 DPA review, EU AI Act vendor addendum review, MSA/order-form red-flag memo, and vendor intake triage - and after an initial "replace" commit, reverses course and restores the three upstream finance workflows as well. The result is eight total built-ins.

DOWNLOAD_SIGNING_SECRET made mandatory at startup - silent fallback removed

counselos removes the `"dev-secret"` fallback from `downloadTokens.ts` and adds a boot-time check that prints a helpful error and exits if `DOWNLOAD_SIGNING_SECRET` is missing or shorter than 32 characters. Any deployment without the variable set won't start.

Content-bearing LLM and document logs gated behind MIKE_DEBUG_STREAMS flag

counselos wraps every log site in the document pipeline and LLM stream handlers that emits filenames, storage paths, or document text behind a `MIKE_DEBUG_STREAMS=1` env flag, off by default. Three files, around 50 net lines. With the flag off, none of that content reaches container logs, backups, or your SIEM.