legalrealist stamps Mike 'hardened' - then admits nothing's actually fixed

A fork that brands itself security-hardened concedes, one commit later, that not a single fix has been applied.

security

legalrealist has relabelled its copy of Mike as a security-hardened build and published a structured audit of the shared codebase - 113 findings across nine areas. The headline risks are serious: documents from opposing counsel can be fed into the AI in a way that hijacks its instructions while it still has full access to its tools, and the core version-history feature has no safeguards against two people editing at once, which can quietly corrupt records.

The twist is in the framing. The first commit hinted the work was underway; the second walks it back to plain English - the fixes haven't been written yet, and the page will be updated as they are. So the value here isn't hardened code. It's the audit itself, which maps weaknesses in the common base that many Mike forks are built on.

So what Anyone running a Mike-based tool should read the audit - these flaws sit in the shared foundation, not just this fork.

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

2 commits from legalrealist/mike_hard, oldest first. Source extracted verbatim from the harvested git log.

SHA	Subject	Author	Date
`69367f06`	Add security-hardened fork description and audit remediation status	Hao Zhu	2026-06-01	↗ GitHub
Rewrite README to describe this as a hardened fork of MikeOSS, add the top three security issues from the adversarial review, and include the full audit report HTML. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
`e8af7b04`	Clarify that fixes have not been applied yet	Hao Zhu	2026-06-01	↗ GitHub
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

SHA

Subject

Author

Date

69367f06

Add security-hardened fork description and audit remediation status

Hao Zhu

2026-06-01

↗ GitHub

Rewrite README to describe this as a hardened fork of MikeOSS, add the
top three security issues from the adversarial review, and include the
full audit report HTML.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

e8af7b04

Clarify that fixes have not been applied yet

Hao Zhu

2026-06-01

↗ GitHub

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-624.md from inside the repo you want the changes in.