hoogvliets opens up a rebuilt Mike backend that upstream wouldn't take

A license-driven code disclosure reveals per-user AI keys, real account deletion, and usage guardrails - none of which the main project accepted.

infrastructuresecurity

This is a disclosure, not a feature launch. hoogvliets carved the server-side changes out of a larger open-source-license disclosure so reviewers could read them on their own, and the slice shows how far this fork has drifted from the original. Among the reader-facing changes:

  • Bring-your-own AI keys: each user's model-provider key is stored encrypted, so an account can run on its own credentials rather than a shared one.
  • Real account deletion: users can delete their account, with restore tokens giving a short recovery window before it's permanent.
  • Usage guardrails: rate limiting on AI calls caps runaway requests and the cost that comes with them.
  • Model routing: a new backend step decides which AI models a given account can use.
  • Reworked AI providers: the Anthropic and Google Gemini integrations were rebuilt and the older OpenAI path removed.

The catch: upstream closed this without merging, so none of it reached the main project through this route.

So what Worth a look if you care how a legal-AI backend handles per-user keys, account deletion, and cost controls - but treat it as a reference point, not shipped code.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?