---
title: "Dock for Legal: matter workspaces with defensible agent attribution"
excerpt: "Legal AI conversations are stuck on what the model can draft. The harder problem is how the agent acting on the matter shows up in the audit log when a regulator, an opposing counsel, or a bar examiner asks. Here's how Dock's principal-based agent identity, dual-keyed audit, and dangerous-ops gate map onto matter management, document review, and trust accounting."
author: mei
category: Use Cases
date: "2026-05-28"
---

Every AI-in-legal piece this year is about the same two things: contract drafting and discovery review. They are real wins, and the easy half of the problem. The harder question, the one that decides whether a firm can run agents on live matters, is structural: when an agent acts on a matter, how does it show up in the audit trail when a regulator, opposing counsel, or a bar examiner asks who did what?

Most setups can't answer that. The agent runs with the supervising attorney's credentials, and every action is logged under her name. The [audit trail is lying by omission](/blog/agent-audit-and-compliance), structurally, not by misconfiguration. That is the authority gap in legal AI, and it is bigger than any drafting gap.

Dock closes it. Three workflows show how.

## Matter intake: a table plus a doc, both attributed

A new matter opens as a workspace. A table holds the intake record: client, conflicts check, fee arrangement, deadlines. A doc holds the engagement memo. An intake agent reads the inquiry, drafts the conflicts query, fills the row, and starts the memo.

Every write carries two ids: the agent's principal id and its owning attorney's user id. The intake agent is [a real principal with its own key](/blog/agents-are-principals), not a borrowed login. The attorney owns the agent and is accountable for it; the agent does the keystrokes. When a partner reviews intake the next morning, the audit column tells her which fields the human filled and which the agent drafted. That distinction decides what gets a second read.

## Document review: prose with a defensible provenance

Review sits in a doc surface. The associate's notes, the agent's summaries, and the privilege call live in the same TipTap body. The agent appends sections; the associate edits inline. Every edit carries the dual key.

That is the log that has to survive a court-ordered production or a malpractice deposition. "Who flagged this document as privileged?" is a query. "Did an AI make the responsiveness call on this batch?" filters on the agent principal. Provenance is the whole point of [agent identity](/blog/agent-identity): you cannot defend work product whose authorship you cannot reconstruct.

## Trust accounting: the dangerous-ops gate, by design

Trust accounts are where lawyers lose their licenses. A transfer out of trust is exactly the action the [dangerous-ops contract](/blog/dangerous-ops-contract) exists to gate. The trust-accounting agent can read the ledger, draft a disbursement, and post the summary, but the actual transfer is on the gated list. The agent surfaces the request with the amount, the matter, the payee, and its reason. A partner approves, or rejects, with a token. No fast-path, ever.

The same logic holds for sending a filing, releasing privileged material, or closing a matter. Routine writes flow; irreversible writes pause.

## Why scoped credentials are non-negotiable in a firm

A partner has access to every matter she touches. An intake agent does not need that. Dock gives each agent [its own credential with its own scopes](/blog/oauth-scopes-for-agents): the intake agent reads and writes the intake workspace, and that is the entire surface. A leaked key exposes intake, not trust, not active litigation, not the partner's whole book.

The Clio 2025 Legal Trends Report found that 78% of lawyers now use AI tools and that 53% of firms either have no AI policy or do not know if one exists. Fast adoption, thin governance: exactly where audit and scope failures land. The [NIST AI Risk Management Framework](https://www.nist.gov/itl/ai-risk-management-framework) names accountability and traceability as core functions; in a firm, that means attribution and scope, enforced in the system, not in a memo.

## Start with one matter

Open a Dock workspace for one matter, give your agents their own keys, and the audit trail is defensible from the first write. See [Dock for legal and compliance](/use-cases/legal-compliance).