counselos slams the door on guessable download links

A fork tuned for in-house legal teams now refuses to start unless someone has set a real signing secret.

securityinfrastructure

Mike hands out download links for documents, and those links are cryptographically signed so they can't be forged or tampered with. The catch: the original code would quietly fall back to a default, guessable key if nobody configured a real one - meaning a rushed deployment could be signing every document link with a secret that's effectively public.

counselos closed that gap. The server now checks for a proper signing secret at startup and simply won't boot without one, printing the exact command to generate a good one. The same update also documents a debug switch that writes file names and snippets of document text to disk, so operators know to leave it off in production. It's a deliberate breaking change: existing instances that never set the secret will need to before they can upgrade.

So what Anyone running Mike on real client documents should care - this turns a silent misconfiguration into a loud, fail-fast guardrail.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

1 commit from counselos/mike-inhouse, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
98d20f52 fix: require DOWNLOAD_SIGNING_SECRET at startup (no fallback) counselos 2026-05-04 ↗ GitHub

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-73.md from inside the repo you want the changes in.

⬇ Download capture-thread-73.md