ryanmcdonough/mike

A lightly-touched fork of Mike where ryanmcdonough is tightening up authorization around chats and project access.

Very early days and low velocity - one small fix landed, one larger security idea explored and dropped, with the most recent push in early May.

View on GitHub →

This is ryanmcdonough's fork of Mike, and at this stage it's less a reimagining than a security-minded tidy-up. The visible work focuses on closing authorization gaps - making sure signed-in users can only attach chats to projects they're actually entitled to see.

There's also a hint of bigger ambitions: an attempt to push access controls down into the database itself, across all content rather than just user profiles. That thread was abandoned before it shipped, but it suggests ryanmcdonough is thinking about authorization as a structural concern, not just a per-endpoint patch.

If you're curious whether someone is hardening Mike's permission model in a serious way, this fork is worth a look. Click through to GitHub for the specifics.

What's in it

Chat-creation authorization fix Closes a gap where a signed-in user could attach chats to projects they shouldn't have access to.
Explored database-level access controls An attempt to push authorization down into the database for all content tables, not just user profiles - explored and then closed without landing.

Direction

security

Activity

Themed changes and pull requests touching this fork, newest first. Themed changes that haven't been turned into a public post yet still appear — they're real work even without a published writeup.

⛔ #13 Fix: #12 - RLS +151 18d ago by ryanmcdonough ↗ analysis ↗ GitHub

Add RLS to all content beyond user profiles

⛔ #2 Enhance chat creation endpoint to check project access using user email +8 18d ago by ryanmcdonough ↗ analysis ↗ GitHub

Fix Issue #1

📝 ryanmcdonough plugs a chat-creation authorization hole 1 commit 26d ago securitymulti-tenant draft

A small fix closes a gap that let any signed-in user attach chats to projects they shouldn't see.

📝 ryanmcdonough wanted database-level access controls on everything, not just profiles 0 commits — securitymulti-tenant draft

A proposed security tightening that would have pushed authorisation down into the database for every content table - closed before it landed.

Threads of work (detailed view)

2 threads have been distilled into posts.

ryanmcdonough plugs a chat-creation authorization hole

A small fix closes a gap that let any signed-in user attach chats to projects they shouldn't see.

securitymulti-tenant

1 commit · latest 26d ago

ryanmcdonough wanted database-level access controls on everything, not just profiles

A proposed security tightening that would have pushed authorisation down into the database for every content table - closed before it landed.

securitymulti-tenant

Pull requests (detailed view)

2 PRs touch this fork — inbound (filed against it) or outbound (filed from it). State icons match the editorial dashboard.

⛔ Closed without merge (2)

⛔ closed · #13 Fix: #12 - RLS

by ryanmcdonough · opened 25d ago · closed 18d ago

willchen96/mike ← ryanmcdonough/mike · +151 · ↗ analysis · ↗ GitHub

⛔ closed · #2 Enhance chat creation endpoint to check project access using user email

by ryanmcdonough · opened 26d ago · closed 18d ago

willchen96/mike ← ryanmcdonough/mike · +8 · ↗ analysis · ↗ GitHub