X-ARC
Deployment

A multi-tenant legal AI platform for a UK law firm.

Problem

A UK law firm with hundreds of active cases and thousands of documents. The CRM stored everything and surfaced nothing. Solicitors spent hours searching case files for facts they knew were there, buried in PDFs and scattered across correspondence. Every case carried statutory compliance timelines that had to be tracked. Partners and funders needed portfolio-level visibility across the entire caseload.

Off-the-shelf tools gave them pieces. None of them solved the whole platform. The brief was a custom application (architecture, data model, agents, UI, CRM integration, security) delivered to production. The constraint was time. Two weeks.

First principles

Legal data is high-trust. Multi-tenant isolation cannot be bolted on later. Data access patterns cannot be inferred from prompts. The security model has to be enforced at the database layer, before the application code has a chance to be wrong.

The security layer stays with a human. The application layer is the work. Splitting the build along that line is the thing that makes a two-week window credible.

Two non-negotiables came out of that split. Row Level Security on every table in the database. Pre-validated queries, not direct text-to-SQL, for any agent reading data. Within those, the application surface was unconstrained.

What we shipped

CaseGuard. A multi-tenant SaaS application. 69 commits, zero to production. Two grounded agents and a complete platform around them.

The Case Agent. A solicitor opens a case and has a grounded conversation with the full file: documents, timeline events, correspondence, compliance milestones. Every claim cites its source. No hallucination, grounded in the firm's own data.

The Portfolio Agent. A partner or funder analyses trends across the entire caseload in a single question (stalled cases, risk assessment, settlement probability, handler workload). All from pre-validated queries; no direct text-to-SQL.

The platform around them: multi-tenant architecture with strict data isolation, invite-only authentication with role-based access, Proclaim CRM integration with encrypted credential storage, document processing and vectorisation, dashboard KPIs, and a super-admin panel for onboarding new firms.

Numbers

69 Commits to production
2 wks Build window
17 Agent tools shipped
8+ Multi-tenant tables
10+ Pages and views
7 Rounds of UI polish

Observation

Two patterns surfaced.

The security layer stays with a human. RLS policies, encryption key management, multi-tenant isolation design, credential handling. Owned by a human throughout. The build window was credible because the split was explicit at brief time, not after.

The codebase has a future maintainer that knows every line. CVE-2025-55182 was patched within days of disclosure on the codebase the build process wrote. Context compounds. The cost of onboarding a new developer to a system they did not author is what is no longer in the maintenance budget.

Contact

If something on this page is relevant to work you are running, write to us. The form is on the landing page. We come back within two working days.

Book a discovery call