MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · easterbrooka/mike · this thread

easterbrooka pulls in a safer way to kick Mike's tyres

A cherry-picked upstream change makes local testing of Mike less likely to leak real client data or production keys.

securityinfrastructure

easterbrooka grabbed a vetted change from another fork and merged it within minutes. The headline addition is a short guide for anyone running Mike on their own machine: use throwaway database projects, set hard spending caps on AI model keys, test with fake documents rather than real matters, and check what you're about to commit before you commit it.

The quieter but sharper move is a single deletion from a sample configuration file. A particular database key - one that bypasses normal access controls and is meant to stay on the server - was being suggested as something you'd plug into the browser-facing side. Listing it there was effectively teaching contributors to wire up an unsafe setup. Treating that example file as a security artifact rather than a convenience is the point.

So what Worth a glance for anyone whose team is piloting Mike-style legal AI: the riskiest part of self-hosting is often the local dev posture, not the production deployment.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?