MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · easterbrooka/mike · this thread

easterbrooka wires Mike into Microsoft's front door

Single sign-on through Microsoft Entra replaces email/password, and the firm's own AI keys become a safety net for users who don't have their own.

securityintegration

easterbrooka has rebuilt how people get into this fork of Mike. Out goes the old email-and-password screen - and the self-serve signup page along with it. In comes Microsoft Entra, the identity service most large organisations already use to control who can open what. The assumption is clear: users arrive pre-approved by IT, not by signing themselves up.

Alongside the login change, the team added a quieter but arguably more useful tweak. If a user hasn't supplied their own API key for an AI model, the system now falls back to keys the firm itself has configured on the server. That means a lawyer can sit down, sign in with their work account, and start using Claude or Gemini without ever pasting in a credential - the firm carries the bill and the access.

So what Relevant to any legal team weighing how to roll an AI tool out to staff without asking each person to manage their own model subscriptions.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

2 commits from easterbrooka/mike, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
97c30c22 Add Microsoft SSO + system-level LLM key fallback andrew 2026-05-05 ↗ GitHub
commit body 
- Replace email/password login with Microsoft Entra OAuth (single-tenant).
  Adds /auth/callback page for the OAuth code exchange. Removes /signup
  since users are now provisioned via Entra.
- Add /system/llm-providers backend endpoint (auth-required) that reports
  whether ANTHROPIC_API_KEY / GEMINI_API_KEY are set in the env. Frontend
  reads it once on auth and threads through isModelAvailable() so users
  without personal keys can use any model the system has configured.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
37d9bbda Use PKCE flow for Supabase OAuth andrew 2026-05-05 ↗ GitHub
commit body 
Default supabase-js v2 browser flow is implicit (token in URL fragment),
which doesn't match the /auth/callback handler that exchanges a query-string
code. Switching to PKCE makes the flow explicit and more secure.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-60.md from inside the repo you want the changes in.

⬇ Download capture-thread-60.md