MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · Dshamir/AI-Legal · this thread

Dshamir stops treating AI-Legal's backend like a prototype

A batch of work turns the server from "trust me" into something that checks what it's handed and keeps a clean record of what it does.

securityinfrastructure

The most tangible change: uploaded files are now checked for what they actually are, not just what their name claims. Rename a spreadsheet to end in ".pdf" and the old setup might have waved it through; now the server inspects the file's real fingerprint and only lets genuine PDFs and Word documents past. Everything else gets turned away.

The rest is quieter but matters for anyone trusting this tool with confidential matters. Logs now automatically scrub out passwords, keys, and auth tokens before they're written down, so credentials don't leak into operational records. Errors get captured and tagged so a problem can be traced end to end, and the browser-facing security rules - previously switched off - are now actually enforced.

So what If you're evaluating whether a Mike fork is safe to point at real client documents, this is the kind of unglamorous hardening that separates a demo from something you'd deploy.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

6 commits from Dshamir/AI-Legal, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
d13c77a3 [P2] chore: add zod, pino, sentry, file-type dependencies Dshamir 2026-05-23 ↗ GitHub
46efac39 [P2] feat: add magic-byte MIME validation for uploads Dshamir 2026-05-23 ↗ GitHub 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
440da990 [P2] feat: add Pino structured logger with redaction and request ID middleware Dshamir 2026-05-23 ↗ GitHub 
Add structured logging via Pino with sensitive field redaction and
per-request child loggers tied to X-Request-ID headers.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
caf82b04 [P2] feat: add GlitchTip/Sentry error tracking and global error handler Dshamir 2026-05-23 ↗ GitHub
commit body 
Add error tracking initialization with GlitchTip/Sentry and a global
Express error handler producing RFC 7807 problem detail responses with
Zod validation error formatting.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
25e099b1 [P2] feat: add Zod validation framework and common schemas Dshamir 2026-05-23 ↗ GitHub 
Add Express middleware for Zod schema validation and reusable common
schemas for UUIDs, pagination, and route params.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
7f2aa547 [P2] feat: wire validation, logging, error handling, CSP into Express Dshamir 2026-05-23 ↗ GitHub
commit body 
- Add requestId, globalErrorHandler middleware to Express pipeline
- Initialize error tracking (GlitchTip/Sentry) before app setup
- Enable CSP via Helmet with strict directives
- Replace all console.log/error/warn with Pino structured logger
- Fix file-type ESM module resolution with @ts-ignore

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-520.md from inside the repo you want the changes in.

⬇ Download capture-thread-520.md