MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · aaronjmars/mike · this thread

aaronjmars closes a former-insider leak in tabular review

A signed-in user who still remembered a document ID could pipe that document through their own review and read the contents straight back out.

securitydiscovery

The chat side of this fork already checked who owned a document before serving it. The tabular review side - where users build spreadsheet-style extractions across a stack of documents - did not. Anyone holding a document's ID could spin up their own review, write a column prompt asking for the verbatim text, and read the result. UUIDs aren't guessable, but they leak in practice through caches, exported chats and screenshots, so the realistic attacker is a former project collaborator who was removed from a matter but still remembers what they saw.

aaronjmars routes every document ID in the tabular flow through one ownership check before any bytes are fetched, and silently drops anything the caller shouldn't see rather than erroring out legacy reviews. Documents already extracted before the fix stay visible to whoever pulled them - flagged as a separate cleanup.

So what Anyone running a Mike fork that exposes tabular extraction should pull this in; former-insider exfiltration is exactly the threat a legal-document platform exists to prevent.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?