MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · abbyshekit/mike · this thread

abbyshekit ships a three-in-one security pass on Mike's backend

A surgical security PR closes an authorization gap, stops legal documents from quietly bleeding to disk, and removes a hardcoded fallback secret - but never landed upstream.

securityinfrastructure

abbyshekit bundled three tightly scoped fixes into a single pull request on the Express backend. The first plugged an authorization hole on chat creation: the streaming chat route already verified that a caller had access to a project, but the create variant didn't, so any logged-in user could attach a chat to a project they weren't supposed to see. Credit goes to ryanmcdonough, who independently spotted the same bug in their fork.

The second fix is the one that should make legal-tech operators sit up. The Claude integration had been silently writing every model response to a log file on disk - and because this app processes user-submitted legal documents, that file was effectively a PII spill in production. It's now off by default, opt-in behind an environment flag, and locked down when enabled. The third fix removed a hardcoded development secret that, if left unconfigured, would have let anyone mint signed download URLs.

The PR was closed without merging about thirteen minutes after opening, so none of this is live upstream.

So what Anyone running a Mike fork in production - especially with real client documents flowing through it - should check whether these same three holes are open in their deployment.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?