fayerman-source stops projects from reaching into each other's files

A quiet backend fix makes sure one project can never touch another project's folders or documents.

securitymulti-tenant

In a legal document workspace, each project is supposed to be a sealed room: its folders and files belong to it and nothing else. fayerman-source found that a handful of behind-the-scenes operations were trusting folder identifiers without first checking they actually belonged to the project asking for them. That gap could let one project's actions reach across into another's material.

This change adds an ownership check before each risky operation runs. Moving a folder, filing a document into a folder, and deleting a folder are now all confirmed as belonging to the current project first, and clean-up when something is deleted stays confined to that project rather than sweeping across everything. The fix is deliberately narrow and defensive, aimed squarely at keeping projects isolated from one another.

So what Anyone weighing this fork for client work should care: cross-project leakage is exactly the kind of isolation failure a legal team cannot afford.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

1 commit from fayerman-source/mike, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
7062a300 fix project folder boundary checks Eli Fayerman 2026-05-04 ↗ GitHub

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-718.md from inside the repo you want the changes in.

⬇ Download capture-thread-718.md