Skip to main content
rogueai
Home / Portfolio / Legal DocAI
DocumentAI

Legal DocAI

Law firm document automation

Built by Rogue AI · Document AI for law firms · Self-hosted · Local lab

Built as a self-hosted lab project over a focused build sprint, refined in iterations.

Legal DocAI — Law firm document automation

The problem

Law firms handle documents that cannot be uploaded to a third-party cloud — contracts, corporate filings, title deeds, compliance paperwork — yet the work of reading them for key clauses and risks is slow and manual. Most AI document tools solve the reading problem by sending the text to a hosted API, which is exactly the thing a firm holding privileged material cannot do. The problem was to get useful clause extraction and risk flagging without any privileged content ever leaving the machine it was processed on.

What I built

A Next.js application where a user uploads contracts, corporate filings, title deeds, or compliance documents and gets back extracted key clauses, flagged risks, and structured data they can export. Every inference call goes to a local Ollama model on the same host — no external API, no document content sent off the machine. The app keeps work in memory with a short session TTL rather than persisting it to a database, so there is no long-lived store of privileged material. It runs as a hardened Docker container that can also route to a local CLI bridge instead of Ollama, but the default stays fully local.

Architecture

Local-only inference via Ollama
All model calls go to an Ollama instance reachable on the shared lab network, never to a hosted API. Privileged document text is sent to a process on the same host and nowhere else — the design constraint that justified the whole self-hosted approach.
No database, in-memory sessions
There is no persistent store. Uploaded documents and extracted results live in memory under a short session TTL and are gone after it expires, which removes data-at-rest and retention concerns at the cost of any persistence.
Vision-capable extraction for image-heavy pages
Scanned filings and stamped deeds are not clean text. A vision-capable local model lets the pipeline work on image-heavy pages rather than failing on anything that is not already machine-readable, though layout still bounds how reliable the extraction is.
Hardened, isolated Docker container
The app runs read-only with all Linux capabilities dropped, no-new-privileges set, tmpfs for scratch space, and tight memory and process limits, on its own isolated bridge network bound only to localhost. The container has minimal surface even before considering the model.
Pluggable LLM provider
The provider is a switch: the default routes to local Ollama, with an optional path to a local CLI bridge. The default never reaches outside the host, so the local-only guarantee holds without special configuration.

Tech stack

Next.jsOllamallavaDocker

What broke first

  • Privileged documents set the constraint before any modelling decision. Once the rule is 'nothing leaves the host', a hosted API is off the table and the whole pipeline has to run against a local model — that single choice shapes everything downstream, from model size to latency expectations.

  • Clause extraction is only as good as the text you feed it. Clean, well-laid-out PDFs read cleanly; scanned filings, stamped title deeds, and dense multi-column contracts degrade extraction quality. A vision-capable model helps with image-heavy pages, but layout still decides the ceiling.

  • Holding documents in memory with a short session TTL instead of a database removed a whole class of data-retention questions. There is no store to leak, back up wrongly, or forget to purge — but it also means nothing persists, so the app is a working tool for a session, not a record system.

Outcome

A working self-hosted document-AI tool that demonstrates clause extraction and risk flagging on law-firm documents while keeping every byte of privileged content on the host. As a portfolio demo it proves the architecture — local inference, no persistent store, a hardened container — rather than serving live client matters. The honest takeaway is that the privacy model is solid and the engineering is sound, but extraction quality is governed by document layout, and the output is a triage aid a lawyer still has to check.

Honest limits

Self-hosted and built solo as a portfolio demo running in a local lab — the old VPS that once hosted it has been retired. Accuracy on privileged documents varies with layout: clean digital PDFs extract well, while scans and heavily formatted filings are weaker. It runs against a local model, so output is non-deterministic and should be reviewed. It is an extraction and triage aid, not a substitute for a lawyer, and nothing it produces is legal advice.

Related reading

← Back to portfolio