fayerman-source makes Mike safe to kick the tires on
A first-run guide for lawyers evaluating Mike, plus a quiet security fix that closes a credential footgun in the setup.
fayerman-source added a testing guide aimed squarely at firms who want to try Mike against real, sensitive matters before trusting it - and wired it into the setup flow so new self-hosters meet it during onboarding rather than hunting for it. The guide steers evaluators toward:
- Disposable infrastructure they can spin up and throw away, so a test run never touches production systems.
- Synthetic documents standing in for live client files, keeping privileged material out of the trial entirely.
- Spend-capped provider keys, so an evaluation can't quietly run up an unbounded bill.
Bundled alongside is the more consequential change: fayerman-source pulled a fully-privileged Supabase database key out of the browser-facing example config. That key bypasses access controls, and shipping it in front-end example settings invited new operators to leak a powerful secret. The guiding rule: privileged secrets belong on the server, never where client code can reach them.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?