chore: auto-commit uncommitted changes
This commit is contained in:
James
parent
dce2728bdb
commit
379a79bc9d
|
|
@ -0,0 +1,22 @@
|
|||
# Dealspace Claude Code Skills
|
||||
|
||||
Reusable workflows for Claude Code sessions. Invoke by name at the start of a session.
|
||||
|
||||
## Available Skills
|
||||
|
||||
*(none yet — add as patterns emerge)*
|
||||
|
||||
## How to Use
|
||||
|
||||
At the start of a Claude Code session:
|
||||
```
|
||||
Use the skill: .claude/skills/<skill-name>/SKILL.md
|
||||
```
|
||||
|
||||
## Candidates (add when ready)
|
||||
|
||||
- `add-role` — how to add a new RBAC role (rbac.go, migrations, tests)
|
||||
- `add-workstream` — how to add a workstream type
|
||||
- `deploy` — build-linux + deploy to Shannon procedure
|
||||
- `watermark` — PDF watermarking implementation context
|
||||
- `invite-flow` — invite/onboarding flow context
|
||||
|
|
@ -0,0 +1,97 @@
|
|||
# Dealspace (muskepo.com)
|
||||
|
||||
M&A deal workflow platform for investment banking data rooms. Built for Misha (Michael Muskepo / Johan's son). Primary builder: Mira (James assists).
|
||||
|
||||
## Ground Rules
|
||||
|
||||
Johan is the architect. You are the collaborator.
|
||||
|
||||
1. **Discussion first.** Default is conversation. No code until asked.
|
||||
2. **Minimal diffs.** Change only what's requested.
|
||||
3. **Less code, better architecture.** Flag opportunities to consolidate.
|
||||
4. **Ask, don't assume.** Ambiguous → ask first.
|
||||
5. **No unsolicited files.**
|
||||
6. **Mention concerns once, then execute.**
|
||||
|
||||
## Architecture
|
||||
|
||||
```
|
||||
cmd/server/ — main binary entry point (embeds website/)
|
||||
api/ — REST API handlers
|
||||
lib/ — shared: auth, crypto, db, rbac, types
|
||||
mcp/ — MCP server (planned v2.0)
|
||||
portal/ — deal room UI (Go templates)
|
||||
website/ — muskepo.com marketing site (go:embed)
|
||||
migrations/ — SQLite migrations
|
||||
docs/ — specs and design docs
|
||||
```
|
||||
|
||||
**Build:**
|
||||
```bash
|
||||
make build # local build
|
||||
make build-linux # linux/amd64 with CGO + fts5
|
||||
make deploy # build-linux + deploy to Shannon (root@82.24.174.112)
|
||||
make test # run tests (CGO + fts5)
|
||||
```
|
||||
|
||||
## Environments
|
||||
|
||||
| Environment | Host | URL |
|
||||
|-------------|------|-----|
|
||||
| Production | root@82.24.174.112 (Shannon) | dealspace.jongsma.me |
|
||||
| Local | forge (192.168.1.16) | - |
|
||||
|
||||
Deploy path on Shannon: `/opt/dealspace/`
|
||||
|
||||
## Key Design Docs
|
||||
|
||||
- `MVP.md` — v1.0 scope (what ships, what doesn't)
|
||||
- `API-SPEC.yaml` — REST API spec
|
||||
- `EMBED-SPEC.md` — embedded portal spec
|
||||
- `MCP-SPEC.md` — MCP server spec (v2.0)
|
||||
- `ONBOARDING-SPEC.md` — invite/onboarding flow
|
||||
|
||||
## RBAC Roles
|
||||
|
||||
7 roles: `ib_admin`, `ib_member`, `seller_admin`, `seller_member`, `buyer_admin`, `buyer_member`, `observer`. Workstream-scoped permissions. All enforced at DB level — not just UI.
|
||||
|
||||
## Data Model
|
||||
|
||||
`Project → Workstream → Request List → Request → Answer`
|
||||
|
||||
Key fields on requests: `assignee_id`, `return_to_id`, `origin_id` (routing chain).
|
||||
|
||||
## Security Non-Negotiables
|
||||
|
||||
- **Pre-dataroom content is DB-level invisible to buyers** — not a UI filter
|
||||
- **PDF watermarking** at serve time: `{user_name} · {org_name} · {datetime} · CONFIDENTIAL`
|
||||
- **Audit log** on every access grant, file download, status change, login — never disabled
|
||||
- **File storage:** compressed + encrypted
|
||||
- **TOTP required** for admin roles
|
||||
|
||||
## Data Access Architecture
|
||||
|
||||
Three choke points in `lib/dbcore.go` — ALL entry data goes through these:
|
||||
|
||||
- `EntryRead(db, cfg, actorID, projectID, filter)` — all reads
|
||||
- `EntryWrite(db, cfg, actorID, entries...)` — all writes
|
||||
- `EntryDelete(db, actorID, projectID, entryIDs...)` — all deletes
|
||||
|
||||
**RBAC:** Every choke point calls `CheckAccess()` before touching data. `actorID=""` = system/internal (always granted).
|
||||
|
||||
**No stubs, no wrappers for writes/deletes.** Callers use `EntryWrite`/`EntryDelete` directly. Read-path convenience helpers are acceptable — they must delegate to `EntryRead`.
|
||||
|
||||
**FORBIDDEN:**
|
||||
- `db.Exec()`, `db.Query()`, `db.QueryRow()` outside dbcore.go
|
||||
- New wrapper functions that bypass choke points
|
||||
- Any modification to `lib/dbcore.go` without Johan's explicit approval
|
||||
|
||||
**Encryption/compression:** Files stored via the designated path in dbcore.go only. Never handle file crypto inline in handlers.
|
||||
|
||||
## Current Status (Mar 2026)
|
||||
|
||||
- Mira is primary builder (Misha's AI)
|
||||
- Portal templates and layouts in progress
|
||||
- Invite flow, auto-assign UI (spec 3.b.2) pending
|
||||
- SMTP not yet configured
|
||||
- v1.0 target: 6 sprints, demoable to Misha after Sprint 2
|
||||
Loading…
Reference in New Issue