Legal client-intake and matter-triage agent that qualifies a lead, runs a recall-first conflict check, tracks the statute-of-limitations clock from a content-hashed rule pack, and books or routes the matter — with every outbound gated on a TCPA consent ledger so the firm never contacts anyone without provable permission.
For a small or mid-size law firm — personal injury, immigration, family — intake is both the growth engine and the liability surface. Speed-to-lead decides who signs the client, but the same intake motion carries three ways to get a partner in real trouble: contacting someone without the consent TCPA requires, taking a matter that conflicts with an existing client, or letting a statute-of-limitations deadline lapse. Generic intake bots optimise for booking the consult and ignore all three. Casewise treats them as first-class: it qualifies the lead into a practice-area tier with cited reasons, runs a recall-first conflict check that would rather flag a namesake for review than miss a real adverse party, computes the SOL status from a versioned rule pack, and gates every single outbound message on a consent ledger — so the firm moves fast *and* stays defensible. A missed conflict here is the ethical analog of an AML false negative: the error the system is built to make unreachable.
Every outbound — SMS, email, call — passes through a TCPA consent ledger; without a recorded, still-valid consent event the send is blocked. Consent replay is ordered and applies grants and revocations last-write-wins, so a revoked consent actually stops contact rather than being silently ignored.
A transparent scorer qualifies the lead into a practice area and tier, and every driver is matched on whole-word boundaries so 'high' never fires inside 'highway' and 'clear' never inside 'unclear'. The qualified-practice-area bump is scoped to the areas it actually applies to, so a vague lead doesn't get propped into a higher tier than its facts support.
The matcher runs two channels — token and alias Jaccard, plus an arity-gated per-token fuzzy pass (same token count, each pair clearing a fuzzy floor) that corrects same-length typos like 'Continental Freght' → 'Continental Freight' but can't match a bare given name to a full name. Single-letter initials are preserved so 'Jane W.' doesn't collapse to 'Jane' and hit every Jane. Any hit routes to attorney review.
The statute-of-limitations engine is a versioned rule pack per jurisdiction × practice area, content-hashed so the exact rules that produced a determination are provable. It classifies each matter as clear, expiring, or lapsed with zero tolerance for a wrong call, and surfaces the rule-pack version and hash on the Sources page.
Everything the agent decides lands in one typed MatterScope — practice area, tier, conflict result, SOL status, consent state, confidence — routed by a first-match-wins policy to book, decline, nurture, or review. Every decision writes a SHA-256 hash-chained audit row alongside the SOL rule-pack hash, and a read-only MCP server exposes leads, the MatterScope, the conflict check, the consent ledger, the SOL status, and the party index. Run it with `casewise mcp`.
A single exact-match test proves nothing. The corpus mixes an alias hit, a same-length typo hit, a namesake near-miss, and a given-name near-miss; the eval reports the separation margin between the weakest true conflict and the strongest clear lead and gates false conflict hits at zero. The check is the moral core — a missed conflict is an ethics violation — so recall comes first.
A two-channel matcher with an adversarial corpus is more than a string compare. That's the cost of a conflict check a partner can rely on.
Every outbound is gated on the consent ledger, and revocations are applied on replay — the send path fails closed. TCPA damages are per-message and statutory; the safe default is silence until consent is proven, not the reverse.
Fail-closed consent means a genuinely-consented lead can be held if the record is incomplete. Cheaper than a class action.
Jurisdiction × practice-area deadlines live in a content-hashed rule pack whose version and hash are stamped into the audit and shown on Sources. A firm can prove which rules ran, and updating a limitations period is a reviewed data change, not a code edit.
A hashed rule pack is more ceremony than inline numbers. Defensibility is the deliverable.
A transparently-heuristic classifier, deterministic embeddings, and a single labelled corpus that seeds both the demo and the ground truth let the whole platform run in under a minute with no API keys — and the showcase and backtest can never drift apart.
Heuristic scoring trails a frontier model until a key is set. It locks the shape and makes the run reproducible for any evaluator.