ryanmcdonough wants the database itself to decide who sees what

A proposed hardening pass to lock down every record, not just user profiles, so one client's material can never surface in another's account.

securitymulti-tenant

Most legal-AI apps decide who can see which records in the application code - every screen, every query, has to remember to filter correctly. ryanmcdonough's proposal pushes that decision down a level, into the database itself, so the rules travel with the data instead of relying on the app to get it right on every path.

The fork already guarded user-profile records this way. This change would have extended the same per-record access rules to all stored content, aiming to make cross-account access structurally impossible rather than merely discouraged. It's the kind of plumbing that never shows up in the interface but decides whether a multi-tenant system is actually safe to put real client matters into. Worth noting: the change was filed against the main project and closed a week later without being merged, so as proposed it never landed upstream.

So what Anyone evaluating a multi-tenant legal tool should care where isolation is enforced - in the database or just in the code - because that gap is exactly how one firm's confidential material leaks into another's.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?