MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · Dshamir/AI-Legal · this thread

Dshamir makes Mike quicker on its feet and safer with its keys

Three commits add caching for speed and a way to swap the master encryption secret without breaking anything already locked up.

securityinfrastructure

Dshamir wired in Redis, an in-memory store that parks frequently-needed data so the app doesn't recompute or re-fetch it every time, plus standard browser caching instructions to cut repeat work. The payoff is a snappier system under load, though the routes that benefit still have to opt in.

The more interesting change is around stored secrets. Mike encrypts each user's saved API keys, and until now the secret that locked them could not be changed without orphaning every existing record. Dshamir's approach lets the team introduce a new secret while old data keeps decrypting under the old one, then quietly migrates as records are rewritten. The commentary flags that the key derivation here is a first pass, with a stronger method landing in later work.

So what Anyone running a Mike fork in production should care: this is the difference between rotating a compromised secret in an afternoon and being stuck with it forever.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

3 commits from Dshamir/AI-Legal, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
6363aee8 [P6] feat: add Redis client with cache-aside helpers Dshamir 2026-05-23 ↗ GitHub 
Install ioredis and create redis.ts with lazy-connect client,
cacheGet/cacheSet/cacheDelete helpers for cache-aside pattern.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
af5de5bb [P6] feat: add HTTP cache header middleware Dshamir 2026-05-23 ↗ GitHub 
setCacheHeaders(maxAge) and noCache middleware for controlling
Cache-Control headers on API responses.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
acdfec42 [P6] feat: add encryption key rotation support Dshamir 2026-05-23 ↗ GitHub
commit body 
Add keyRotation.ts with multi-key tryDecrypt that attempts all
configured secrets (USER_API_KEYS_ENCRYPTION_SECRET, _V2).
Update userApiKeys.ts to delegate encryption/decryption to the
rotation module for seamless key migration.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-522.md from inside the repo you want the changes in.

⬇ Download capture-thread-522.md