amal66 makes Mike check what files actually are, not what they claim to be

Uploaded documents now get vetted by their real content, so a renamed or mislabelled file can't sneak past as something it isn't.

securityintake

Most systems trust a file's name and extension to decide what it is. amal66 stops doing that. Mike now inspects the actual content of every uploaded document and rejects anything whose true type doesn't match a supported format - a small but real tightening of the line between the outside world and your matter files.

It's a self-contained change that lands cleanly on any deployment accepting client uploads. The one thing to confirm before importing it: that the list of accepted file types covers the formats your users actually send, so legitimate PDFs, Word docs and the like don't get turned away at the door.

So what Worth a look for anyone running Mike where clients or staff upload documents, and for security-minded teams who care about what gets in.

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

1 commit from amal66/mike, oldest first. Source extracted verbatim from the harvested git log.

SHA	Subject	Author	Date
`b358c585`	fix(chapter-25): validate uploads by file signature	Amal	2026-05-24	↗ GitHub
commit body Chapter: 25 - Upload trust boundary. Plain-English map: Check uploaded files by their magic bytes, not only by their filename or extension. Why it matters: A file can be renamed to look harmless. The backend should inspect the actual file signature before accepting it as a supported document type. Principle: Trust content, not labels. Precedent borrowed: Upstream PR #78 and standard upload-validation practice. Upstream base: willchen96/mike@d39f580. Original local commit: c6dd2ec.

SHA

Subject

Author

Date

b358c585

fix(chapter-25): validate uploads by file signature

Amal

2026-05-24

↗ GitHub

commit body

Chapter: 25 - Upload trust boundary.

Plain-English map:
Check uploaded files by their magic bytes, not only by their filename or
extension.

Why it matters:
A file can be renamed to look harmless. The backend should inspect the actual
file signature before accepting it as a supported document type.

Principle:
Trust content, not labels.

Precedent borrowed:
Upstream PR #78 and standard upload-validation practice.

Upstream base: willchen96/mike@d39f580.
Original local commit: c6dd2ec.

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-592.md from inside the repo you want the changes in.