jrklaus8 tightens who can see what - and offers an in-house AI option
Two changes in the Canada fork: every database request now runs under the individual user's permissions, and the AI engine can run entirely on a local machine.
jrklaus8 reworked the fork so that data access is scoped to each logged-in user rather than running through a single all-powerful account that could, in principle, read everyone's records. In plain terms: the system now enforces its own walls between clients on every request, closing a gap where one tenant's data could leak into another's view. That passthrough is wired through every part of the app that touches the database.
The second move adds the option to run the AI model locally instead of calling an outside service - useful for firms that don't want client material leaving their own hardware. It's a clean, self-contained add-on rather than a rip-and-replace.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?