ryanmcdonough closes a hole in who can touch your projects

An authenticated user could quietly attach chats to projects they were never allowed to see - ryanmcdonough shut that door.

securitymulti-tenant

The chat-creation endpoint trusted whatever project a request named, and wrote the new chat against it without checking whether the person actually had access to that project. So a logged-in user could point a new chat at any project they knew existed and slip past the sharing controls entirely - even projects they'd never been granted visibility into.

The fix adds the same access check the rest of the codebase already runs everywhere else; this one path had simply been missed. If you don't have access, the system now refuses, and - by deliberate convention - won't even confirm the project exists, so it gives nothing away to a prying caller. The upstream version of Mike still has the gap open.

So what Anyone running a shared Mike deployment with multiple clients or matters should care: this is exactly the kind of quiet isolation gap that turns into a confidentiality incident.

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

SHA	Subject	Author	Date
`69c283ee`	Enhance chat creation endpoint to check project access using user email	ryanmcdonough	2026-04-30	↗ GitHub

SHA

Subject

Author

Date

69c283ee

Enhance chat creation endpoint to check project access using user email

ryanmcdonough

2026-04-30

↗ GitHub

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-145.md from inside the repo you want the changes in.

ryanmcdonough closes a hole in who can touch your projects

Commits in this thread

Capture this thread into my fork