✅ #17 Claude/fix msg html body and inner msg +508 -47 15d ago self by
easterbrooka ↗ analysis ↗ GitHub easterbrooka/mike
easterbrooka is reshaping Mike into a Microsoft-friendly, AWS-deployable legal AI under a new name - Michelle.
This fork, run by easterbrooka, is the most product-shaped Mike derivative MikeWatch is currently tracking. It's being quietly rebranded as Michelle, with the supporting plumbing - multi-origin CORS, Microsoft Entra single sign-on, a firm-level LLM key fallback - that suggests a real launch inside a Microsoft-shop law firm rather than a personal experiment.
The other half of the work is hardening. easterbrooka has run Mike through a phased encryption pass - tightening logging, transport and storage first, then landing envelope-encryption primitives and cutting the request path over to encrypted columns for API keys, model settings and shared workflows. A document-access hole in tabular review was closed, and the matter folder was promoted from a convention into an enforced security boundary.
Alongside that, the intake story is widening: Mike now reads plain text, raw email, Outlook .msg files and Excel, and the AI sees attachments inline rather than just the covering message. Deployment-wise, the fork has grown a second home on AWS (S3 plus an ECS Fargate path) without giving up its Cloudflare origins.
What's in it
- Rebrand to Michelle A new product name and the CORS plumbing of a fork preparing for a real launch.
- Microsoft Entra SSO Sign-in moves to Microsoft's identity stack, with the firm's own AI keys as a fallback for users who don't bring their own.
- Envelope-encrypted secrets API keys, model settings and shared-workflow records now live as encrypted blobs instead of plaintext in the database.
- Email and spreadsheet intake Mike accepts plain text, `.eml`, Outlook `.msg` and Excel - and reads the attachments stapled to emails, not just the cover note.
- Matter folder as a security boundary Project isolation is enforced rather than assumed, including a fix to a document-access hole in tabular review.
- AWS deployment path An ECS Fargate route and S3 support let the fork run on Amazon's infrastructure as well as Cloudflare's.
- Sharper everyday UX Drag-and-drop on project pages no longer kicks you out of the app, and disabled Create buttons finally explain themselves.
Direction
securitybrandinginfrastructure
Activity
✅ #16 Fix .msg body extraction + inner-msg attachment detection +159 -45 15d ago self by
easterbrooka ↗ analysis ↗ GitHub Two bugs surfaced once users uploaded real .msg files from Outlook:
✅ #15 Inline email-attachment text in read_document for .eml and .msg +588 -10 15d ago self by
easterbrooka ↗ analysis ↗ GitHub When the LLM reads a .msg or .eml, it now also gets the extracted text of each attachment (PDF, DOCX, TXT, XLSX, recursive EML/MSG up to 3 nesting levels deep) appended to the email body. Lets the LLM answer "summarise t…
✅ #13 fix(security): scope tabular-review document_ids by access (CWE-639) +97 -6 15d ago self by
easterbrooka ↗ analysis ↗ GitHub The tabular-review routes accept user-supplied document_ids in request bodies (POST /tabular-review, PATCH /:reviewId) and stale cell rows on byte-fetching paths (POST /:reviewId/regenerate-cell, POST /:reviewId/generate…
✅ #11 Accept .msg (Outlook) uploads alongside .eml +217 -10 16d ago self by
easterbrooka ↗ analysis ↗ GitHub Outlook saves emails as proprietary binary OLE compound documents (.msg), not RFC 822. Extends the .eml work to also handle .msg by adding a parser that maps @kenjiuno/msgreader output onto the same ParsedEml shape - so …
getAdminClient() was reading NEXT_PUBLIC_SUPABASE_URL - that's a Next.js frontend convention that the backend never had defined. The empty fallback made supabase-js throw "supabaseUrl is required" synchronously from insi…
✅ #9 Fix: dropping files on a project page no longer triggers Chrome's def... +95 -2 16d ago self by
easterbrooka ↗ analysis ↗ GitHub ...ault file-open
✅ #8 Accept .txt, .eml, .xlsx uploads with LLM-readable extraction + previews +2,000 -28 16d ago self by
easterbrooka ↗ analysis ↗ GitHub ## Summary
✅ #7 Encode Buffer values as \x-hex before they cross the supabase-js boun... +125 -20 16d ago self by
easterbrooka ↗ analysis ↗ GitHub ...dary
✅ #6 Phase 2 cutover: dual-read/dual-write for envelope-encrypted secrets +264 -26 16d ago self by
easterbrooka ↗ analysis ↗ GitHub Wires the Phase 2 crypto modules into the request path. After this lands and the backfill runs, every read prefers ciphertext (with plaintext fallback for un-backfilled rows) and every write seals the value under the use…
✅ #5 Add Phase 2 envelope-encryption foundations (migration + crypto modules) +1,710 -414 16d ago self by
easterbrooka ↗ analysis ↗ GitHub Pure additions; no app behaviour change. The new code isn't imported by the running backend yet - the call-site dual-read/dual-write changes ship in a follow-up so they can be reviewed in isolation.
✅ #4 Phase 1: encryption hardening (logging, transport, secrets, storage) +2,796 -201 16d ago self by
easterbrooka ↗ analysis ↗ GitHub ## Summary
Cherry-picks upstream `adc2cf2` from `willchen96/mike` (PR #31, "docs: add safe local testing guide").
Adds the CLAUDE.md guide from forrestchang/andrej-karpathy-skills,
The fork can now be deployed on Amazon's cloud, not just Cloudflare's.
A small UX fix with an outsized payoff: users now know why they can't click Create.
📝 Operational handoff doc removed from repo (no public page) 1 commit 22d ago not yet rewritten
📝 JSONB shared_with email lookup 500 fix (no public page) 1 commit 22d ago not yet rewritten
Show 20 more
A fork operator is rebranding the open-source legal-AI codebase under a new product name and quietly wiring up the plumbing for a real launch.
Single sign-on through Microsoft Entra replaces email/password, and the firm's own AI keys become a safety net for users who don't have their own.
✅ #1 Add AWS S3 support and backend Docker image for ECS deployment +246 -20 22d ago self by
easterbrooka ↗ analysis ↗ GitHub ## Summary
📝 Fix projects allowlist drift (no public page) 0 commits — not yet rewritten
The fork now runs cleanly on Amazon's infrastructure without giving up its original Cloudflare home.
📝 Import Karpathy-style coding discipline guide (no public page) 0 commits — not yet rewritten
A cherry-picked upstream change makes local testing of Mike less likely to leak real client data or production keys.
📝 easterbrooka tightens the screws before the big encryption rewrite 0 commits — securityinfrastructure draft
Phase one of a security review: ship the hardening that doesn't need a key-management redesign, so the bigger change has a cleaner baseline.
📝 easterbrooka lays the plumbing for envelope encryption on Mike's backend 0 commits — securityinfrastructure draft
API keys and share recipients are about to stop sitting in the database as plaintext - but nothing is wired up yet, and that's the point.
📝 easterbrooka switches Mike's secrets to envelope encryption 0 commits — securityinfrastructure draft
API keys, model settings and shared-workflow records now live as encrypted blobs, with the plaintext kept on standby during cutover.
📝 easterbrooka catches the encryption rollout before it ships broken 0 commits — securityinfrastructure draft
A fix to the encrypted-storage plumbing that would have crashed the first sealed write in production.
The intake door opens to plain text, raw email, and Excel - and the AI actually knows what to do with them.
Dropping a file anywhere on a project page now uploads it - instead of yanking you out of the app.
📝 Fix admin Supabase client env var crashing /workflows (no public page) 0 commits — not yet rewritten
After adding plain email ingestion last round, the fork now swallows the proprietary Outlook format too - without bolting on a second viewer.
📝 easterbrooka treats the project folder as a security boundary 0 commits — securitymulti-tenant draft
A quiet self-merge promotes matter isolation from convention to enforced control.
📝 easterbrooka teaches Mike to read the attachments, not just the email 0 commits — chat-uiworkflow draft
Now when the AI opens a .msg or .eml, it sees what's stapled to it too.
Two silent bugs were swallowing the body and dropped-in attachments of real .msg files exported from Outlook.
A self-merged fix to how the chat builds its message HTML, including nested replies and sub-turns.
A free-tier user could have tricked the server into reading documents they didn't own and handing back the contents.
Threads of work (detailed view)
easterbrooka opens a path to AWS
The fork can now be deployed on Amazon's cloud, not just Cloudflare's.
easterbrooka makes the Create button stop lying
A small UX fix with an outsized payoff: users now know why they can't click Create.
easterbrooka relaunches Mike as Michelle
A fork operator is rebranding the open-source legal-AI codebase under a new product name and quietly wiring up the plumbing for a real launch.
easterbrooka wires Mike into Microsoft's front door
Single sign-on through Microsoft Entra replaces email/password, and the firm's own AI keys become a safety net for users who don't have their own.
easterbrooka closes a document-leak hole in tabular review
A free-tier user could have tricked the server into reading documents they didn't own and handing back the contents.
easterbrooka patches the chat surface where assistant replies render
A self-merged fix to how the chat builds its message HTML, including nested replies and sub-turns.
easterbrooka teaches Mike to actually read Outlook email
Two silent bugs were swallowing the body and dropped-in attachments of real .msg files exported from Outlook.
easterbrooka teaches Mike to read the attachments, not just the email
Now when the AI opens a .msg or .eml, it sees what's stapled to it too.
easterbrooka treats the project folder as a security boundary
A quiet self-merge promotes matter isolation from convention to enforced control.
easterbrooka teaches Mike to read Outlook .msg files
After adding plain email ingestion last round, the fork now swallows the proprietary Outlook format too - without bolting on a second viewer.
easterbrooka fixes the drag-and-drop trap on project pages
Dropping a file anywhere on a project page now uploads it - instead of yanking you out of the app.
easterbrooka teaches Mike to read emails and spreadsheets
The intake door opens to plain text, raw email, and Excel - and the AI actually knows what to do with them.
easterbrooka catches the encryption rollout before it ships broken
A fix to the encrypted-storage plumbing that would have crashed the first sealed write in production.
easterbrooka switches Mike's secrets to envelope encryption
API keys, model settings and shared-workflow records now live as encrypted blobs, with the plaintext kept on standby during cutover.
easterbrooka lays the plumbing for envelope encryption on Mike's backend
API keys and share recipients are about to stop sitting in the database as plaintext - but nothing is wired up yet, and that's the point.
easterbrooka tightens the screws before the big encryption rewrite
Phase one of a security review: ship the hardening that doesn't need a key-management redesign, so the bigger change has a cleaner baseline.
easterbrooka pulls in a safer way to kick Mike's tyres
A cherry-picked upstream change makes local testing of Mike less likely to leak real client data or production keys.
easterbrooka teaches Mike to live on AWS
The fork now runs cleanly on Amazon's infrastructure without giving up its original Cloudflare home.
Pull requests (detailed view)
✅ Merged (17)
by
easterbrooka · opened 15d ago · merged 15d ago by easterbrooka by
easterbrooka · opened 15d ago · merged 15d ago by easterbrooka by
easterbrooka · opened 15d ago · merged 15d ago by easterbrooka by
easterbrooka · opened 15d ago · merged 15d ago by easterbrooka by
easterbrooka · opened 15d ago · merged 15d ago by easterbrooka by
easterbrooka · opened 15d ago · merged 15d ago by easterbrooka by
easterbrooka · opened 16d ago · merged 16d ago by easterbrooka by
easterbrooka · opened 16d ago · merged 16d ago by easterbrooka by
easterbrooka · opened 16d ago · merged 16d ago by easterbrooka by
easterbrooka · opened 16d ago · merged 16d ago by easterbrooka Show 7 more merged
by
easterbrooka · opened 16d ago · merged 16d ago by easterbrooka by
easterbrooka · opened 16d ago · merged 16d ago by easterbrooka by
easterbrooka · opened 16d ago · merged 16d ago by easterbrooka by
easterbrooka · opened 16d ago · merged 16d ago by easterbrooka by
easterbrooka · opened 17d ago · merged 17d ago by easterbrooka by
easterbrooka · opened 17d ago · merged 17d ago by easterbrooka by
easterbrooka · opened 22d ago · merged 22d ago by easterbrooka