johan
/
dealroom
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
dealroom/README.md

327 lines
8.7 KiB
Markdown
Raw Blame History

# Deal Room
**Secure Investment Banking Document Sharing Platform**
Deal Room is a secure, invite-only document sharing platform designed for Investment Banking deal teams. Built with Go, it provides role-based access control, encrypted file storage, AI-powered document analysis, and comprehensive audit trails for sensitive financial transactions.
## Features
- 🔐 **Security First**: End-to-end encryption, RBAC, audit logging
- 📊 **AI-Enhanced**: Document analysis and semantic search via K2.5
- 🚀 **Production Ready**: Single binary deployment, zero dependencies
- 📱 **Modern UI**: HTMX + Tailwind CSS for responsive interface
- 👥 **Collaboration**: Threaded discussions, activity feeds, @mentions
- 📈 **Deal Tracking**: Pipeline management and stage tracking
## Tech Stack
- **Backend**: Go 1.22+ with SQLite (encrypted)
- **Frontend**: HTMX + Tailwind CSS (zero build process)
- **Templates**: templ (type-safe Go HTML templates)
- **Storage**: AES-256-GCM encrypted files with zstd compression
- **AI**: K2.5 integration for document analysis and embeddings
## Quick Start
### Prerequisites
- Go 1.22 or later
- Make (optional, but recommended)
### Development Setup
1. **Clone and setup**:
```bash
git clone <repository-url>
cd dealroom
make setup
```
2. **Install dependencies**:
```bash
make install
```
3. **Run in development mode**:
```bash
make dev
```
4. **Access the application**:
- Open http://localhost:8080
- Default admin user will be created on first run
### Production Deployment
1. **Build the binary**:
```bash
make build
```
2. **Configure environment variables**:
```bash
export DB_KEY="your-32-byte-encryption-key"
export SESSION_SECRET="your-session-secret"
export BASE_URL="https://dealroom.yourcompany.com"
# See Configuration section for all variables
```
3. **Run the application**:
```bash
./bin/dealroom
```
### Docker Deployment
1. **Build and run with Docker**:
```bash
make docker-run
```
2. **Or use Docker Compose** (see `docker-compose.yml`):
```bash
docker-compose up -d
```
## Configuration
Configure the application using environment variables:
### Required Settings
```bash
DB_KEY=your-32-byte-encryption-key # Database encryption key
SESSION_SECRET=your-session-secret # Session cookie encryption
BASE_URL=https://dealroom.company.com # Public URL for magic links
```
### Database & Storage
```bash
DB_PATH=/data/db/dealroom.db # SQLite database path
FILES_PATH=/data/files # Encrypted file storage
BACKUP_PATH=/data/backups # Backup directory
```
### AI Integration
```bash
K25_API_URL=http://k2.5:8080 # K2.5 API endpoint
K25_API_KEY=your-k2.5-api-key # K2.5 API key
```
### Email (Magic Links)
```bash
SMTP_HOST=smtp.company.com # SMTP server
SMTP_USER=dealroom@company.com # SMTP username
SMTP_PASS=your-smtp-password # SMTP password
```
### Server
```bash
PORT=8080 # HTTP port (default: 8080)
```
## Architecture
Deal Room follows the **inou pattern** for data-centric design:
- **Unified Data Model**: All content types (deal rooms, documents, notes) stored as typed JSON in the `entries` table
- **RBAC Engine**: Bitmask permissions (read=1, write=2, delete=4, manage=8) with inheritance
- **Encrypted Storage**: Files encrypted with AES-256-GCM and compressed with zstd
- **AI Pipeline**: Document analysis and embeddings for semantic search
### Database Schema
```sql
-- Users and authentication
users (id, email, name, role, created_at, ...)
-- Unified content storage
entries (id, deal_room_id, entry_type, title, content, file_path, ...)
-- Role-based access control
access (id, entry_id, user_id, permissions, granted_by, ...)
-- Session management
sessions (token, user_id, expires_at, ...)
-- Audit trail
audit_log (id, user_id, entry_id, action, details, ...)
```
### File Storage
```
data/
├── db/dealroom.db # Encrypted SQLite database
├── files/ # Encrypted file storage
│ ├── 2024/01/ # Date-based partitioning
│ │ ├── entry1.enc # AES-256-GCM + zstd
│ │ └── entry2.enc
│ └── temp/ # Temporary upload staging
└── backups/ # Automated backups
```
## API Reference
### Authentication
- `POST /auth/login` - Magic link login
- `GET /auth/verify/{token}` - Verify login token
- `POST /auth/logout` - End session
### Deal Rooms
- `GET /api/deal-rooms` - List accessible deal rooms
- `POST /api/deal-rooms` - Create new deal room
- `GET /api/deal-rooms/{id}` - Get deal room details
- `PUT /api/deal-rooms/{id}` - Update deal room
### Documents & Content
- `GET /api/entries` - List entries with permissions
- `POST /api/entries` - Create entry (document/note)
- `GET /api/entries/{id}` - Get entry details
- `GET /api/entries/{id}/file` - Download file
### Access Control
- `GET /api/entries/{id}/access` - List permissions
- `POST /api/entries/{id}/access` - Grant access
- `DELETE /api/entries/{id}/access/{user}` - Revoke access
### Search & AI
- `GET /api/search?q={query}` - Semantic search
- `POST /api/analyze/{id}` - Trigger AI analysis
## Development
### Project Structure
```
dealroom/
├── cmd/dealroom/ # Application entry point
│ └── main.go
├── internal/ # Internal packages
│ ├── db/ # Database layer & migrations
│ ├── model/ # Data models
│ ├── rbac/ # Role-based access control
│ ├── store/ # Encrypted file storage
│ ├── handler/ # HTTP handlers
│ └── ai/ # K2.5 integration
├── templates/ # templ templates
│ ├── layout.templ
│ ├── dashboard.templ
│ └── ...
├── static/ # Static assets
├── migrations/ # Database migrations
├── Dockerfile
├── Makefile
└── README.md
```
### Available Commands
```bash
make build # Build the application
make dev # Run in development mode
make test # Run tests
make lint # Run linter
make docker # Build Docker image
make migrate # Run database migrations
make clean # Clean build artifacts
make setup # Setup development environment
```
### Running Tests
```bash
# Run all tests
make test
# Run with coverage
make test-coverage
# Run benchmarks
make bench
```
### Code Quality
```bash
# Format code
make fmt
# Run linter
make lint
# Security scan
make security
```
## Security
Deal Room implements defense-in-depth security:
### Data Protection
- **Encryption at Rest**: AES-256-GCM for files, encrypted SQLite
- **Encryption in Transit**: HTTPS only, HSTS headers
- **Key Management**: Configurable encryption keys
- **File Access**: No direct file serving, all through API
### Access Control
- **RBAC**: Entry-level permissions with inheritance
- **Least Privilege**: Users see only what they have access to
- **Magic Links**: Passwordless email-based authentication
- **Session Management**: Secure HTTP-only cookies
### Audit & Compliance
- **Audit Trail**: All actions logged with user attribution
- **Activity Feeds**: Real-time activity monitoring
- **Access Reviews**: Permission management interface
- **Data Retention**: Configurable retention policies
## Production Considerations
### Performance
- **Concurrent Users**: ~100-200 with SQLite
- **File Storage**: Limited by disk space
- **Database Size**: Efficient up to ~100GB
- **Response Times**: <200ms for page loads
### Scalability
For higher scale requirements:
- **Database**: Migrate to PostgreSQL
- **File Storage**: Use S3-compatible object storage
- **Search**: Dedicated vector database (Pinecone, Weaviate)
- **Caching**: Add Redis for sessions and queries
### Monitoring
- Health checks at `/health`
- Metrics endpoint at `/metrics` (when enabled)
- Structured logging with levels
- Audit trail for compliance
## Contributing
1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests for new functionality
5. Run the test suite: `make test`
6. Submit a pull request
### Code Style
- Follow standard Go formatting (`make fmt`)
- Use meaningful variable names
- Add comments for public functions
- Keep functions focused and small
## License
This project is proprietary software owned by Misha Muskepo and licensed for use by authorized parties only.
## Support
For support or questions:
- **Owner**: Misha Muskepo (michael@muskepo.com)
- **Tech Lead**: James
- **Documentation**: See `SPEC.md` for detailed architecture
---
**Deal Room** - Secure, AI-Enhanced Investment Banking Platform
Reference in New Issue View Git Blame Copy Permalink