Deal Room

Secure Investment Banking Document Sharing Platform

Deal Room is a secure, invite-only document sharing platform designed for Investment Banking deal teams. Built with Go, it provides role-based access control, encrypted file storage, AI-powered document analysis, and comprehensive audit trails for sensitive financial transactions.

Features

• 🔐 Security First: End-to-end encryption, RBAC, audit logging
• 📊 AI-Enhanced: Document analysis and semantic search via K2.5
• 🚀 Production Ready: Single binary deployment, zero dependencies
• 📱 Modern UI: HTMX + Tailwind CSS for responsive interface
• 👥 Collaboration: Threaded discussions, activity feeds, @mentions
• 📈 Deal Tracking: Pipeline management and stage tracking

Tech Stack

• Backend: Go 1.22+ with SQLite (encrypted)
• Frontend: HTMX + Tailwind CSS (zero build process)
• Templates: templ (type-safe Go HTML templates)
• Storage: AES-256-GCM encrypted files with zstd compression
• AI: K2.5 integration for document analysis and embeddings

Quick Start

Prerequisites

• Go 1.22 or later
• Make (optional, but recommended)

Development Setup

1. Clone and setup:

   git clone <repository-url>
   cd dealroom
   make setup
   

2. Install dependencies:

   make install
   

3. Run in development mode:

   make dev
   

4. Access the application:

   • Open http://localhost:8080
   • Default admin user will be created on first run

Production Deployment

1. Build the binary:

   make build
   

2. Configure environment variables:

   export DB_KEY="your-32-byte-encryption-key"
   export SESSION_SECRET="your-session-secret"
   export BASE_URL="https://dealroom.yourcompany.com"
   # See Configuration section for all variables
   

3. Run the application:

   ./bin/dealroom
   

Docker Deployment

1. Build and run with Docker:

   make docker-run
   

2. Or use Docker Compose (see docker-compose.yml):

   docker-compose up -d
   

Configuration

Configure the application using environment variables:

Required Settings

DB_KEY=your-32-byte-encryption-key        # Database encryption key
SESSION_SECRET=your-session-secret         # Session cookie encryption
BASE_URL=https://dealroom.company.com      # Public URL for magic links

Database & Storage

DB_PATH=/data/db/dealroom.db              # SQLite database path
FILES_PATH=/data/files                    # Encrypted file storage
BACKUP_PATH=/data/backups                 # Backup directory

AI Integration

K25_API_URL=http://k2.5:8080             # K2.5 API endpoint
K25_API_KEY=your-k2.5-api-key            # K2.5 API key

Email (Magic Links)

SMTP_HOST=smtp.company.com                # SMTP server
SMTP_USER=dealroom@company.com            # SMTP username
SMTP_PASS=your-smtp-password              # SMTP password

Server

PORT=8080                                 # HTTP port (default: 8080)

Architecture

Deal Room follows the inou pattern for data-centric design:

• Unified Data Model: All content types (deal rooms, documents, notes) stored as typed JSON in the entries table
• RBAC Engine: Bitmask permissions (read=1, write=2, delete=4, manage=8) with inheritance
• Encrypted Storage: Files encrypted with AES-256-GCM and compressed with zstd
• AI Pipeline: Document analysis and embeddings for semantic search

Database Schema

-- Users and authentication
users (id, email, name, role, created_at, ...)

-- Unified content storage  
entries (id, deal_room_id, entry_type, title, content, file_path, ...)

-- Role-based access control
access (id, entry_id, user_id, permissions, granted_by, ...)

-- Session management
sessions (token, user_id, expires_at, ...)

-- Audit trail
audit_log (id, user_id, entry_id, action, details, ...)

File Storage

data/
├── db/dealroom.db           # Encrypted SQLite database
├── files/                   # Encrypted file storage
│   ├── 2024/01/            # Date-based partitioning
│   │   ├── entry1.enc      # AES-256-GCM + zstd
│   │   └── entry2.enc
│   └── temp/               # Temporary upload staging
└── backups/                # Automated backups

API Reference

Authentication

• POST /auth/login - Magic link login
• GET /auth/verify/{token} - Verify login token
• POST /auth/logout - End session

Deal Rooms

• GET /api/deal-rooms - List accessible deal rooms
• POST /api/deal-rooms - Create new deal room
• GET /api/deal-rooms/{id} - Get deal room details
• PUT /api/deal-rooms/{id} - Update deal room

Documents & Content

• GET /api/entries - List entries with permissions
• POST /api/entries - Create entry (document/note)
• GET /api/entries/{id} - Get entry details
• GET /api/entries/{id}/file - Download file

Access Control

• GET /api/entries/{id}/access - List permissions
• POST /api/entries/{id}/access - Grant access
• DELETE /api/entries/{id}/access/{user} - Revoke access

Search & AI

• GET /api/search?q={query} - Semantic search
• POST /api/analyze/{id} - Trigger AI analysis

Development

Project Structure

dealroom/
├── cmd/dealroom/           # Application entry point
│   └── main.go
├── internal/               # Internal packages
│   ├── db/                # Database layer & migrations
│   ├── model/             # Data models
│   ├── rbac/              # Role-based access control
│   ├── store/             # Encrypted file storage
│   ├── handler/           # HTTP handlers
│   └── ai/                # K2.5 integration
├── templates/              # templ templates
│   ├── layout.templ
│   ├── dashboard.templ
│   └── ...
├── static/                 # Static assets
├── migrations/             # Database migrations
├── Dockerfile
├── Makefile
└── README.md

Available Commands

make build          # Build the application
make dev            # Run in development mode  
make test           # Run tests
make lint           # Run linter
make docker         # Build Docker image
make migrate        # Run database migrations
make clean          # Clean build artifacts
make setup          # Setup development environment

Running Tests

# Run all tests
make test

# Run with coverage
make test-coverage

# Run benchmarks
make bench

Code Quality

# Format code
make fmt

# Run linter
make lint

# Security scan
make security

Security

Deal Room implements defense-in-depth security:

Data Protection

• Encryption at Rest: AES-256-GCM for files, encrypted SQLite
• Encryption in Transit: HTTPS only, HSTS headers
• Key Management: Configurable encryption keys
• File Access: No direct file serving, all through API

Access Control

• RBAC: Entry-level permissions with inheritance
• Least Privilege: Users see only what they have access to
• Magic Links: Passwordless email-based authentication
• Session Management: Secure HTTP-only cookies

Audit & Compliance

• Audit Trail: All actions logged with user attribution
• Activity Feeds: Real-time activity monitoring
• Access Reviews: Permission management interface
• Data Retention: Configurable retention policies

Production Considerations

Performance

• Concurrent Users: ~100-200 with SQLite
• File Storage: Limited by disk space
• Database Size: Efficient up to ~100GB
• Response Times: <200ms for page loads

Scalability

For higher scale requirements:

• Database: Migrate to PostgreSQL
• File Storage: Use S3-compatible object storage
• Search: Dedicated vector database (Pinecone, Weaviate)
• Caching: Add Redis for sessions and queries

Monitoring

• Health checks at /health
• Metrics endpoint at /metrics (when enabled)
• Structured logging with levels
• Audit trail for compliance

Contributing

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests for new functionality
5. Run the test suite: make test
6. Submit a pull request

Code Style

• Follow standard Go formatting (make fmt)
• Use meaningful variable names
• Add comments for public functions
• Keep functions focused and small

License

This project is proprietary software owned by Misha Muskepo and licensed for use by authorized parties only.

Support

For support or questions:

• Owner: Misha Muskepo (michael@muskepo.com)
• Tech Lead: James
• Documentation: See SPEC.md for detailed architecture

---

Deal Room - Secure, AI-Enhanced Investment Banking Platform