MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · bmersereau/mike · this thread

bmersereau puts a clock on download links in willchen96's Mike

Shareable file links now expire by default, closing a long-lived exposure if the signing secret ever leaks.

securityinfrastructure

Every signed download link in this fork now carries a built-in expiry - 30 days by default. After that, the link stops working, even if someone still has the URL sitting in a chat thread or email. The window is chosen to be long enough that normal sharing keeps working, but short enough that a compromised signing key doesn't hand an attacker a permanent backdoor to every file ever shared.

The rollout is deliberately gentle. Links minted before this change keep working indefinitely, so nothing breaks the day the code ships - the new safety net only applies going forward. bmersereau also stood up a proper test harness for this corner of the backend, with coverage for tampered links, expired links, and the happy path.

So what Anyone running Mike in a setting where shared file links could end up in long-lived chat logs or forwarded emails should pay attention - this is the difference between a link that ages out and one that lives forever.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?