fayerman-source ↗ analysis ↗ GitHub fayerman-source/mike
A security-minded fork of Mike hardening it for lawyers who want to try AI against real, sensitive matters.
This is Mike with the safety rails tightened. Everything @fayerman-source has shipped so far points one direction: making the tool something a law firm could point at confidential work without quietly leaking it. That means closing off a path where privileged AI exchanges were being written to disk and kept, and making sure one project's folders and documents can't be reached from another.
The audience is explicit. @fayerman-source added a first-run guide for evaluators - lawyers and firms self-hosting Mike to test it against sensitive workflows - and put it right on the setup path a newcomer actually follows. The guidance leans cautious: disposable infrastructure, synthetic documents, spend-capped keys, and keeping service-role secrets out of the frontend.
There's no rebrand or new product surface here. It's the same Mike, quietly made safer to trust. If you're evaluating whether it's fit for real client data, this fork is worth a click through to GitHub.
What's in it
- No more privileged AI logs on disk Mike had been saving every AI exchange to a plaintext file on the server, indefinitely. @fayerman-source stopped that, so privileged material stops accumulating where it shouldn't.
- Project boundaries that actually hold Folder and document actions no longer trust IDs handed over by the browser - they confirm the item belongs to the project you're actually in, so one matter can't reach into another.
- A safe-evaluation guide for legal teams A dedicated onboarding guide for firms testing Mike against sensitive workflows, pushing disposable infrastructure, synthetic documents, and spend-capped keys before you trust it with anything real.
- Secrets kept off the frontend Service-role credentials were pulled out of the frontend setup example, closing an easy way for a self-hoster to leak the keys to their own data store.
Direction
securitymulti-tenantcompliance
Activity
fayerman-source ↗ analysis ↗ GitHub fayerman-source ↗ analysis ↗ GitHub fayerman-source ↗ analysis ↗ GitHub Threads of work (detailed view)
fayerman-source makes Mike safe to kick the tires on
A first-run guide for lawyers evaluating Mike, plus a quiet security fix that closes a credential footgun in the setup.
fayerman-source moves to stop the logs from spilling privileged material
A backend fix that keeps client prompts and document context out of an unguarded plaintext file on disk.
fayerman-source stops Mike from quietly writing privileged material to disk
Every AI exchange was being saved to a plaintext file on the server, forever. Now it isn't.
Raw Claude stream logging gated behind DEBUG_LLM_STREAM flag
fayerman-source proposed removing the unconditional write of `claude-raw-stream.log` and replacing it with a debug flag. The concern was concrete: raw stream events carry user prompts and document context, and writing every event to an unbounded plaintext file is unnecessary data retention in a legal workflow context.
fayerman-source stops projects from reaching into each other's files
A quiet backend fix makes sure one project can never touch another project's folders or documents.
fayerman-source walls off one project's folders from another
A handful of folder and document actions trusted IDs from the browser without checking they belonged to the project you were actually in - and now they don't.
fayerman-source adds project boundary checks on folder and document mutations
fayerman-source found three places in the folder/document mutation APIs where a client-supplied folder ID was trusted without verifying it belonged to the calling project. In a multi-tenant legal document tool that's an IDOR-shaped gap.
Safe local testing guide added to onboarding path
fayerman-source added a dedicated guide for evaluating Mike with sensitive legal workflows, linked from the setup README so it sits on the path a first-time self-hoster actually follows. The guide pushes toward disposable infrastructure, synthetic documents, spend-capped API keys, and keeping service-role secrets off the frontend.
Pull requests (detailed view)
✅ Merged (4)
fayerman-source · opened 3mo ago · merged 2mo ago fayerman-source · opened 3mo ago · merged 2mo ago by willchen96 fayerman-source · opened 3mo ago · merged 2mo ago fayerman-source · opened 3mo ago · merged 2mo ago by willchen96 ⛔ Closed without merge (2)
fayerman-source · opened 3mo ago · closed 2mo ago fayerman-source · opened 3mo ago · closed 2mo ago