Security & trust

Enterprise-grade controls for firm-scoped data

Tenant isolation, role-based access, audit logging, rate limiting, and AI output validators — documented for security reviews.

What we protect

Client matter data

Documents, boardroom threads, war-room packets, matter record entries.

Contract records

Counterparties, obligations, clause library, audit catalog.

Credentials

bcrypt passwords, hashed refresh tokens, firm API keys.

Tenant isolation

Every sensitive route scopes by firm_id. Matters use getMatterAccess. Document paths use allowlisted roots.

  • IDOR hardening tests in CI
  • No commingling of firm data
  • Production errors omit stack traces
  • CSP violation reporting endpoint
Helmet + CSP JWT + refresh rotation Rate limits on auth/analyze

Pre-production checklist

  • REGISTRATION_DISABLED=true unless open signup is intentional
  • Strong JWT_SECRET (≥32 chars)
  • ALLOWED_ORIGINS set to production host(s)
  • npm run deploy:check and npm test green
  • npm run deploy:verify after deploy

AI security

Validators enforce strict enums and quote checks. Bounded agents cap steps and require confirm-before-write on obligations.

Provider responses are normalized before clients see them — raw model dumps never leak past the API boundary.

Report suspected vulnerabilities through your established support channel — not public issue trackers.

Request security pack