MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · counselos/mike-inhouse · this thread

counselos slams the door on the default download secret

The fork refuses to boot unless an operator sets a real signing key for download links.

securityinfrastructure

Mike issues signed URLs so users can download files - invoices, evidence bundles, exports - without exposing the underlying storage. Those URLs are only as trustworthy as the secret used to sign them. The upstream code shipped with a fallback: if no signing secret was configured, it quietly used a placeholder value that anyone could read in the public source code. Operators who forgot to set the variable were signing download links with a guessable key and would never know.

counselos removes the fallback entirely. The server now refuses to start unless a proper signing secret (at least 32 characters) is set, and prints a one-line instruction for generating one. Existing deployments will need to set the variable before upgrading, which is exactly the friction the change is meant to create.

So what Anyone running a Mike-based product in front of real clients should be checking whether their download links are signed with a real secret or a placeholder - counselos is treating that as a blocking question.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

1 commit from counselos/mike-inhouse, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
98d20f52 fix: require DOWNLOAD_SIGNING_SECRET at startup (no fallback) counselos 2026-05-04 ↗ GitHub

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-73.md from inside the repo you want the changes in.

⬇ Download capture-thread-73.md