MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · fayerman-source/mike · this thread

fayerman-source hardens Mike's first-run path for lawyers kicking the tires

A docs-and-config nudge that assumes evaluators will point Mike at sensitive material from day one.

securityinfrastructure

The change adds a dedicated safe-evaluation guide and wires it into the README setup flow, so it lands on the path a new self-hoster actually walks. The advice is pragmatic: spin up throwaway infrastructure, feed it synthetic documents rather than real client files, cap any AI provider spend, and keep privileged keys on the server rather than in the browser.

Alongside the guide, fayerman-source pulled a high-trust Supabase key (Supabase is the hosted database Mike uses) out of the frontend's example environment file. That key bypasses the per-user access rules and was never meant to sit in a browser bundle - leaving it in the example invited a hurried evaluator to copy it into exactly the wrong place. Nothing executable changed; the posture of the onboarding did.

So what Worth a look for any legal-ops lead or GC who'll be the one actually clicking through a self-hosted trial - the default path now assumes you might point it at something you shouldn't.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?