MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · bmersereau/mike · this thread

bmersereau caps the bulk download before it bites back

A tight server-side limit on how many documents one user can zip up in a single request.

securityinfrastructure

The bulk-download endpoint on this fork now refuses any request that asks for more than a fixed number of documents in one go, returning an error instead of trying to load them all into memory at once. Before the change, an authenticated user could ask the server to bundle an arbitrary pile of large files into a single archive - a quiet but real way to exhaust resources.

The fix is deliberately small. Rather than re-engineering how archives are built or streamed, @bmersereau picks a hard ceiling and rejects anything above it. It trades some flexibility for a guarantee that's easy to audit and easy for the next reviewer to reason about. A small test suite gets wired up alongside it so the limit can't quietly disappear later.

So what Anyone running a Mike-based document workspace for clients should know how their fork behaves when one user asks for everything at once - this is the cheap version of that answer.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?