MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · Dshamir/AI-Legal · this thread

Dshamir quietly bolsters the plumbing - and lets stored keys rotate without downtime

Three small backend additions, but the one that matters lets the team swap the encryption protecting users' stored API keys without ever taking the service offline.

securityinfrastructure

Dshamir's fork adds a trio of behind-the-scenes building blocks. Two are about speed: a caching layer (built on Redis, an in-memory data store that keeps frequently used results close at hand) and standard controls that tell browsers and proxies how long they can safely reuse a response. Useful, but invisible to most users.

The third is the one worth noting. The fork can now rotate the secret key that encrypts users' stored credentials - re-encrypting everything under a fresh key while the service keeps running. It does this by trying each configured key in turn, so old and new can coexist during the changeover. For anyone storing sensitive third-party credentials inside a legal-AI tool, the ability to retire a compromised or aging key without an outage is the difference between a routine security hygiene step and a painful migration.

So what If you're evaluating where a legal-AI fork stores your credentials, key rotation without downtime is a sign someone's thinking about real-world security operations, not just shipping features.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

3 commits from Dshamir/AI-Legal, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
6363aee8 [P6] feat: add Redis client with cache-aside helpers Dshamir 2026-05-23 ↗ GitHub 
Install ioredis and create redis.ts with lazy-connect client,
cacheGet/cacheSet/cacheDelete helpers for cache-aside pattern.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
af5de5bb [P6] feat: add HTTP cache header middleware Dshamir 2026-05-23 ↗ GitHub 
setCacheHeaders(maxAge) and noCache middleware for controlling
Cache-Control headers on API responses.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
acdfec42 [P6] feat: add encryption key rotation support Dshamir 2026-05-23 ↗ GitHub
commit body 
Add keyRotation.ts with multi-key tryDecrypt that attempts all
configured secrets (USER_API_KEYS_ENCRYPTION_SECRET, _V2).
Update userApiKeys.ts to delegate encryption/decryption to the
rotation module for seamless key migration.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-522.md from inside the repo you want the changes in.

⬇ Download capture-thread-522.md