easterbrooka ↗ analysis ↗ GitHub easterbrooka/mike
A production-hardened fork deployed on AWS under a new product name, with substantive work on encryption, email parsing, auth, and security controls.
easterbrooka's fork of willchen96/mike is a working deployment - the commits reflect an operator shipping a product on AWS ECS and Amplify under the name "Michelle," not someone exploring the codebase. The substantive work falls into two clusters.
The first is an envelope-encryption programme running across multiple PRs. Phase 1 hardened logging, transport, and object storage and decoupled download-link signing from the Supabase service-role key. Phase 2 landed the cryptography primitives - AES-256-GCM envelopes, a KMS wrapper, HMAC email lookup, per-tenant DEK table - as an additive schema change. A follow-up commit then fixed the wire-format bug that would have made every encrypted write fail (raw Node Buffers need hex-literal conversion before they reach PostgREST). The dual-read/dual-write call-site cutover is in a separate PR.
The second cluster is email-document handling. easterbrooka added .msg upload support, fixed two silent parser failures affecting Outlook-exported files (blank bodies, dropped forwarded-message attachments), and extended the LLM read path to inline attachment text from within .msg and .eml files - PDFs, DOCX, XLSX, and nested messages up to three levels deep.
Other notable changes: Microsoft Entra SSO replaces email/password login, with a system-level LLM key fallback that lets users without personal API keys use models configured at the deployment level. The project folder boundary was promoted to a security control. Several smaller fixes addressed drag-and-drop uploads, disabled-button tooltips, and an IDOR in tabular review document access.
What's in it
- Rebrand to Michelle A new product name and the CORS plumbing of a fork preparing for a real launch.
- Microsoft Entra SSO Sign-in moves to Microsoft's identity stack, with the firm's own AI keys as a fallback for users who don't bring their own.
- Envelope-encrypted secrets API keys, model settings and shared-workflow records now live as encrypted blobs instead of plaintext in the database.
- Email and spreadsheet intake Mike accepts plain text, `.eml`, Outlook `.msg` and Excel - and reads the attachments stapled to emails, not just the cover note.
- Matter folder as a security boundary Project isolation is enforced rather than assumed, including a fix to a document-access hole in tabular review.
- AWS deployment path An ECS Fargate route and S3 support let the fork run on Amazon's infrastructure as well as Cloudflare's.
- Sharper everyday UX Drag-and-drop on project pages no longer kicks you out of the app, and disabled Create buttons finally explain themselves.
Direction
securitybrandinginfrastructure
Activity
easterbrooka ↗ analysis ↗ GitHub easterbrooka ↗ analysis ↗ GitHub easterbrooka ↗ analysis ↗ GitHub easterbrooka ↗ analysis ↗ GitHub easterbrooka ↗ analysis ↗ GitHub easterbrooka ↗ analysis ↗ GitHub easterbrooka ↗ analysis ↗ GitHub easterbrooka ↗ analysis ↗ GitHub easterbrooka ↗ analysis ↗ GitHub easterbrooka ↗ analysis ↗ GitHub Show 20 more
easterbrooka ↗ analysis ↗ GitHub Threads of work (detailed view)
easterbrooka cuts Mike loose from Cloudflare and onto AWS
A small, tightly-linked set of changes lets the fork run on Amazon's cloud without rewiring the backend.
easterbrooka/mike: storage layer generalized to support AWS S3, ECS-ready Dockerfile added
easterbrooka extended the backend storage client so it can talk to either Cloudflare R2 or native AWS S3 without code changes, then added a multi-stage Dockerfile aimed at ECS Fargate. Both pieces landed in PR #1.
easterbrooka makes the grayed-out buttons explain themselves
When you can't click Create, the app now tells you exactly what's missing instead of leaving you to guess.
Radix tooltip explains why the Create button is disabled
The "Review name" and "Workflow name" inputs in the creation modals are styled as large serif headings, so users miss them and assume the greyed-out Create button is broken. easterbrooka iterated through three commits to fix it, landing on a Radix tooltip as the final approach.
easterbrooka kills the crash on shared-project lists
A two-line database fix that stops the app falling over whenever someone opens their list of shared projects.
easterbrooka renames Mike to Michelle and lets one backend serve many front ends
A cosmetic rebrand rides along with a quietly useful change to how the backend decides which sites it will talk to.
Fork rebranded to "Michelle"; CORS extended for multi-origin Amplify deploys
easterbrooka renamed the product from "Mike" to "Michelle" across user-facing strings and extended the backend CORS handler to accept a comma-separated list of origins. The rebrand is fork-specific; the CORS pattern is reusable.
easterbrooka swaps passwords for Microsoft sign-in
This fork drops email-and-password login in favour of Microsoft Entra, the identity system many firms already use to control who gets into what.
Microsoft Entra SSO replaces email login; system LLM keys make models available for all users
Two changes in one commit: email/password auth is out, Microsoft Entra OAuth is in, and a new `/system/llm-providers` endpoint lets users without personal API keys use whatever models the deployment has configured at the environment level.
easterbrooka/mike: IDOR in tabular review document access closed
easterbrooka patched a CWE-639 authorization bypass in the tabular review routes, where four endpoints accepted caller-supplied document IDs without verifying the caller had read access to the underlying documents.
Fix HTML body and inner-message rendering in the chat surface
easterbrooka patched the message rendering path to fix how assistant turns compose HTML bodies and how nested sub-messages get displayed. No diff was captured, but the branch name points at both problems sharing a common root.
Two silent failures in Outlook .msg parsing: empty body and dropped embedded messages
Real Outlook-exported `.msg` files exposed two bugs in easterbrooka's extractor: the message body came back empty, and emails forwarded as attachments were silently dropped. Both are fixed here.
Inline attachment text into the LLM payload when reading .msg or .eml
easterbrooka extended the email-reading path so the model sees attachment content alongside the message body - no manual detach-and-reupload needed. Pure read-side enrichment; the UI and storage layer are unchanged.
Project folder boundary promoted to enforced security control
easterbrooka is treating the project folder as an enforced isolation boundary. For a legal-AI tool where each matter holds privileged documents, a UI grouping alone is not enough.
easterbrooka/mike: Outlook .msg uploads added alongside .eml
easterbrooka extended the existing .eml ingestion path to cover Outlook's binary .msg format, mapping both onto a shared parsed-email shape so the viewer, the read_document tool, and the structure-tree extraction see no difference.
Drag-and-drop file upload now works across the entire project page
Before this fix, dragging a file onto the project page in Chrome would navigate away or trigger a browser download. easterbrooka patched the drop handling so files land in the right folder regardless of where on the page they're dropped.
easterbrooka/mike: txt, eml, and xlsx uploads added with server-side parsing and inline viewers
easterbrooka extended the document intake beyond pdf/docx to cover plain text, raw email, and spreadsheets - wiring each new type through the server-side parser, the LLM read path, and a new inline viewer component.
Buffer-to-hex conversion fixes bytea writes through PostgREST
When easterbrooka's envelope encryption started writing ciphertext columns, the first production insert would have 500'd. `JSON.stringify` serialises a Node Buffer as `{"type":"Buffer","data":[...]}`, which PostgREST cannot coerce to bytea. This commit fixes that before any data hits the wire.
easterbrooka/mike: Phase 2 crypto wired into live request path with dual-write rollout
easterbrooka flipped user API keys, model settings, and workflow-share records onto envelope-encrypted columns across every read and write path, with a dual-write strategy so rolling back to a previous image doesn't lose data during the soak.
Envelope encryption primitives land; nothing uses them yet
easterbrooka added the full cryptography layer for envelope-encrypted API keys and workflow shares - KMS wrapper, AES-256-GCM envelope, HMAC email lookup - without wiring any of it into the running backend. The split is deliberate: call-site changes come in a follow-up PR.
Phase 1 encryption hardening: logging, transport, secrets, and object storage
easterbrooka ran an encryption review and landed the changes that didn't require a key-management redesign first. The pass covers PII scrubbing from logs, transport hardening, download-link signing decoupled from the Supabase secret key, and server-side encryption on S3 puts.
easterbrooka/mike: upstream safe-testing guide cherry-picked, service-role key removed from frontend env example
easterbrooka pulled upstream commit adc2cf2 from willchen96/mike to add a local testing guide and, more materially, remove the Supabase service-role key from the frontend environment example file.
easterbrooka/mike: AWS S3 support and ECS-ready Dockerfile for the backend
easterbrooka reworked the storage layer so the backend can deploy against AWS S3 via an ECS task role, without touching R2 compatibility, then added a production-oriented Dockerfile for Fargate.
Pull requests (detailed view)
✅ Merged (17)
easterbrooka · opened 2mo ago · merged 2mo ago by easterbrooka easterbrooka · opened 2mo ago · merged 2mo ago by easterbrooka easterbrooka · opened 2mo ago · merged 2mo ago by easterbrooka easterbrooka · opened 2mo ago · merged 2mo ago by easterbrooka easterbrooka · opened 2mo ago · merged 2mo ago by easterbrooka easterbrooka · opened 2mo ago · merged 2mo ago by easterbrooka easterbrooka · opened 2mo ago · merged 2mo ago by easterbrooka easterbrooka · opened 2mo ago · merged 2mo ago by easterbrooka easterbrooka · opened 2mo ago · merged 2mo ago by easterbrooka easterbrooka · opened 2mo ago · merged 2mo ago by easterbrooka Show 7 more merged
easterbrooka · opened 2mo ago · merged 2mo ago by easterbrooka easterbrooka · opened 2mo ago · merged 2mo ago by easterbrooka easterbrooka · opened 2mo ago · merged 2mo ago by easterbrooka easterbrooka · opened 2mo ago · merged 2mo ago by easterbrooka easterbrooka · opened 2mo ago · merged 2mo ago by easterbrooka easterbrooka · opened 2mo ago · merged 2mo ago by easterbrooka easterbrooka · opened 3mo ago · merged 3mo ago by easterbrooka