Labsco
zoharbabin logo

dd-agents

β˜… 54

from zoharbabin

M&A due diligence with 14 MCP tools for interactive chat β€” citation verification, cross-contract search, entity resolution, and sandboxed Excel/Word document generation across 9 specialist agent domains.

πŸ”₯πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedFreeAdvanced setup
<p align="center"> <img src="docs/marketing/assets/logo.svg" alt="Due Diligence Agents logo" width="120" height="120"> </p> <p align="center"> <h1 align="center">Due Diligence Agents</h1> <p align="center"> Legal flags a risk. Finance flags another. <strong>We connect and cite.</strong> Open-source forensic M&A due diligence β€” 13 AI agents read your entire data room across 9 domains, cross-reference findings no single reviewer connects, and trace every one to an exact page and quote. </p> <p align="center"> <a href="https://pypi.org/project/dd-agents/"><img src="https://img.shields.io/pypi/v/dd-agents.svg" alt="PyPI version"></a> <a href="https://pypi.org/project/dd-agents/"><img src="https://img.shields.io/pypi/dm/dd-agents.svg" alt="PyPI downloads"></a> <a href="https://github.com/zoharbabin/due-diligence-agents/actions"><img src="https://github.com/zoharbabin/due-diligence-agents/actions/workflows/ci.yml/badge.svg" alt="CI"></a> <a href="https://www.python.org/downloads/"><img src="https://img.shields.io/badge/python-3.12+-blue.svg" alt="Python 3.12+"></a> <a href="LICENSE"><img src="https://img.shields.io/badge/license-Apache%202.0-green.svg" alt="License"></a> <a href="https://github.com/zoharbabin/due-diligence-agents/actions"><img src="https://img.shields.io/badge/tests-passing-brightgreen.svg" alt="Tests"></a> <img src="https://img.shields.io/badge/mypy-strict-blue.svg" alt="mypy strict"> <a href="https://hub.docker.com/r/zoharbabin/due-diligence-agents"><img src="https://img.shields.io/docker/pulls/zoharbabin/due-diligence-agents.svg" alt="Docker pulls"></a> <a href="https://github.com/codespaces/new?hide_repo_select=true&repo=zoharbabin/due-diligence-agents"><img src="https://img.shields.io/badge/open_in-Codespaces-blue?logo=github" alt="Open in Codespaces"></a> <a href="https://github.com/zoharbabin/due-diligence-agents/stargazers"><img src="https://img.shields.io/github/stars/zoharbabin/due-diligence-agents?style=social" alt="GitHub Stars"></a> </p> <p align="center"> Built by <a href="https://zoharbabin.com">Zohar Babin</a> </p> </p>

See a sample report β€” interactive HTML output from a synthetic deal, no install required.

πŸ“‘ Walkthrough deck

<p align="center"> <a href="https://zoharbabin.com/due-diligence-agents/marketing/presentation.html"> <img src="docs/marketing/assets/presentation-cover.png" alt="Due Diligence Agents β€” interactive walkthrough presentation (23 slides)" width="720"> </a> </p> <p align="center"> <a href="https://zoharbabin.com/due-diligence-agents/marketing/presentation.html"><strong>β–Ά Open the interactive walkthrough β†’</strong></a> Β· 23 slides Β· architecture, cross-domain synthesis, trust layer, and ROI Β· use <kbd>←</kbd>/<kbd>β†’</kbd> to navigate, <kbd>N</kbd> for speaker notes </p>
<details> <summary><strong>CLI Interface Walkthrough Recording</strong></summary>

https://github.com/user-attachments/assets/03ae7e38-8280-488c-898a-61c1a361bb7d

</details>

Finds what gets buried across hundreds of contracts β€” cross-references it across 9 specialist domains (Legal, Finance, Commercial, ProductTech, Cybersecurity, HR, Tax, Regulatory, ESG) β€” and traces every finding to an exact page, section, and quote. Use the structured output alongside your advisors to build IC memos, advisor reports, negotiation checklists, or integration plans.

This tool does not replace professional advisors. Legal, financial, and regulatory conclusions should always be made by qualified professionals. This tool helps your team and advisors work faster.

Why This Exists

I built this to solve my own problem. As a corp dev lead, I'd spend weeks assembling the cross-domain picture from siloed advisor reports β€” legal, financial, and commercial teams all flagging the same subject independently, with nobody connecting the dots. A termination clause in one contract and a revenue concentration risk in the same subject would be flagged in separate workstreams, if at all.

The numbers tell the story:

  • 31% of M&A failures trace back to due diligence shortcomings β€” Acquisition Stars, citing HBR, McKinsey, and KPMG research
  • DD timelines keep compressing β€” what used to be a six-week process becomes three weeks, with no reduction in scope β€” Spellbook
  • Corp dev teams screen 200-1,000+ companies/year but close only 1-10 β€” a 1-3% conversion rate, with DD costs sunk on every deal that doesn't close β€” CorpDev.AI
  • AI contract analysis reaches 95% accuracy with clause-aware prompting (up from 74% baseline) β€” Addleshaw Goddard RAG Report, 510 contracts tested
  • 86% of M&A organizations have integrated GenAI into deal workflows β€” Deloitte 2025 M&A Trends

This tool runs all nine workstreams in parallel across every document, cross-references findings automatically, and produces structured analysis your team can search, filter, and drill into β€” the kind of cross-domain picture that used to take weeks to assemble manually.

Who uses this: Corp dev teams screening targets, PE firms running portfolio DD, legal teams doing contract review, advisors accelerating workstreams. Anyone who needs to search hundreds of contracts and connect findings across domains.

What You Can Do

Full Pipeline β€” Integrated Due Diligence

Copy & paste β€” that's it
dd-agents run deal-config.json

Analyzes every document through 9 domain lenses, cross-references findings, and validates quality through 5 blocking gates. Produces:

  • Interactive HTML report β€” Go/No-Go verdict with executive narrative, progressive disclosure (decision β†’ actions β†’ domain details β†’ full evidence), severity filtering
  • 16-sheet Excel report β€” structured findings, cross-references, audit trail for downstream modeling
  • Per-subject JSON findings β€” every finding with severity, citations, cross-references, and governance graph edges

Quick Scan β€” Red Flag Triage in Minutes

Copy & paste β€” that's it
dd-agents run deal-config.json --quick-scan --model-profile economy

GREEN / YELLOW / RED signal across 8 deal-killer categories. Get a first read before committing to full analysis.

Contract Search β€” Targeted Questions, No Full Pipeline

Copy & paste β€” that's it
dd-agents search prompts.json --data-room ./data_room

Ask specific questions across every contract and get an Excel report with answers, citations, and verification scores. The prompts file is plain JSON any legal professional can write:

Copy & paste β€” that's it
{
  "name": "Change of Control Analysis",
  "columns": [
    {
      "name": "Consent Required",
      "prompt": "Does this agreement require consent upon a change of control? Answer YES, NO, or NOT_ADDRESSED."
    }
  ]
}

See examples/search/ for ready-to-use templates.

Post-Run Tools

Copy & paste β€” that's it
dd-agents chat --report _dd/forensic-dd/runs/latest         # Interactive multi-turn chat with memory
dd-agents query --report _dd/forensic-dd/runs/latest        # Ask questions about findings
dd-agents cost _dd/forensic-dd/runs/latest                  # Per-provider / per-model cost rollup
dd-agents assess ./data_room                                # Check data room quality
dd-agents portfolio add "Deal A" --data-room ./data_room_a  # Track multiple deals
dd-agents portfolio compare                                 # Compare risk across deals
dd-agents export-pdf report.html                            # Export to PDF
dd-agents log --data-room ./data_room                       # Browse the deal knowledge timeline
dd-agents lineage --data-room ./data_room                   # Trace finding evolution across runs
dd-agents health --data-room ./data_room                    # Check knowledge base integrity
dd-agents annotate --data-room ./data_room "Confirmed with counsel"  # Add analyst notes

Serve a finished report over the network. examples/agno-bindu/ exposes a completed report as a conversational Bindu A2A agent β€” ask it for P0 counts, domain risks, or the exact cited clause. Community-contributed example; not affiliated with or endorsed by the maintainers.

Customize the Agents (no code required)

Inspect, audit, and tailor each specialist's persona, focus areas, and severity calibration β€” by editing markdown, not Python. Safety rules can never be removed.

Copy & paste β€” that's it
dd-agents agents list                          # See every specialist and its status
dd-agents agents describe --agent legal        # Read an agent's persona + safety floor
dd-agents agents validate ./my-project         # Lint your dd-config/ customizations
dd-agents agents preview --agent legal --project-dir ./my-project  # Exact assembled prompt

Drop a dd-config/agents/legal.md next to your deal config to override personas, add focus areas, or adjust severity β€” optionally inheriting a bundled deal-type profile (saas, regulated-fintech, …). See Agent Customization.

How It Works

Copy & paste β€” that's it
  Data Room (PDFs, Word, Excel, Images)
       β”‚
       β–Ό
  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
  β”‚        Python Orchestrator          β”‚
  β”‚         38-step pipeline            β”‚
  β”‚       5 blocking quality gates      β”‚
  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                 β”‚
    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
    β”‚            β”‚            β”‚
    β–Ό            β–Ό            β–Ό
 β”Œβ”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
 β”‚Legal β”‚  β”‚Finance β”‚  β”‚Commercialβ”‚  β”‚ProductTechβ”‚ β”‚Cybersecurityβ”‚
 β”‚Agent β”‚  β”‚ Agent  β”‚  β”‚  Agent   β”‚  β”‚  Agent   β”‚  β”‚   Agent     β”‚
 β””β”€β”€β”¬β”€β”€β”€β”˜  β””β”€β”€β”€β”¬β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”˜
    β”‚          β”‚            β”‚             β”‚               β”‚
 β”Œβ”€β”€β”΄β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”΄β”€β”€β”    β”Œβ”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”
 β”‚ HR  β”‚  β”‚  Tax   β”‚  β”‚ Regulatory β”‚  β”‚ ESG  β”‚    β”‚  + External β”‚
 β”‚Agentβ”‚  β”‚ Agent  β”‚  β”‚   Agent    β”‚  β”‚Agent β”‚    β”‚   Agents    β”‚
 β””β”€β”€β”¬β”€β”€β”˜  β””β”€β”€β”€β”¬β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”¬β”€β”€β”˜    β””β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”˜
    β”‚         β”‚              β”‚            β”‚               β”‚
    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                      β”‚
              β”Œβ”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”
              β”‚  Cross-Domain  β”‚  ← Symbolic trigger rules detect
              β”‚   Analysis     β”‚    inter-domain dependencies
              β””β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                      β”‚
              β”Œβ”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”
              β”‚  Judge Agent   β”‚  ← Validates findings
              β”‚  (optional)    β”‚
              β””β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                      β”‚
              β”Œβ”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”
              β”‚  Merge & Audit β”‚  ← Dedup, numerical checks,
              β”‚  31 QA checks  β”‚    citation verification
              β””β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                      β”‚
              β”Œβ”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”
              β”‚   Executive    β”‚  ← Severity calibration,
              β”‚   Synthesis    β”‚    Go/No-Go signal
              β””β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                      β”‚
                      β–Ό
            HTML + Excel + JSON

The 13 agents

9 domain specialists analyze every document in parallel β€” each owns a domain and traces findings to exact citations (see What Gets Analyzed for per-domain focus areas):

#SpecialistOwns
1LegalChange of control, anti-assignment, termination, IP ownership, indemnification, liability caps
2FinanceRevenue cross-referencing, unit economics (CAC/LTV/NRR), cost structure, projections
3CommercialRenewal mechanics, customer concentration, SLAs, pricing models, MFN clauses
4ProductTechDPAs, security certifications, technical SLAs, integration & migration complexity
5CybersecuritySecurity governance, incident history, vulnerability management, disaster recovery
6HRCompensation, key-talent retention, labor compliance, workforce classification
7TaxTransfer pricing, NOL/tax attributes, deal structure, income-tax compliance
8RegulatoryLicense transferability, antitrust, data-privacy regulation, AML/sanctions
9ESGEnvironmental contamination, climate/carbon risk, supply-chain sustainability

4 orchestration & synthesis agents turn raw findings into a decision:

#AgentRole
10JudgeAdversarially spot-checks specialist findings for quality and consistency
11Executive SynthesisCalibrates severity across domains and produces the Go/No-Go signal
12Red Flag ScannerFast GREEN/YELLOW/RED triage pass (run --quick-scan)
13Acquirer IntelligenceMaps findings to the buyer's investment thesis (when configured)

That's 13 AI agents in total. Specialists are config-driven β€” enable/disable per deal via deal-config.json β€” and external specialists can be added via pip entry-points without modifying core code.

Built-in deep-dive lenses (not separate agents): three specialists carry extra focus areas that act as deeper passes within their domain β€” Insurance (within Finance), Operations (within Commercial), and IP Deep / freedom-to-operate (within Legal). They surface as their own categories in the report but run inside the parent specialist, so they don't add to the agent count.

The pipeline halts on quality failures rather than producing unreliable output. Runs can be resumed from any step.

Security & Privacy

  • Local execution β€” all analysis runs on your machine. Documents only leave your machine as API calls to your configured LLM endpoint β€” Anthropic API, AWS Bedrock, Google Vertex AI, or an Anthropic-compatible gateway you point it at. See Model Providers.
  • No telemetry β€” the tool does not phone home, collect usage data, or send analytics anywhere.
  • Read-only β€” the tool never modifies files in your data room. Output is written to a separate _dd/ directory.
  • No persistent credentials β€” API keys are read from environment variables or .env files, never stored in output artifacts.

See SECURITY.md for the full security policy, vulnerability reporting, and data handling details.

What Gets Analyzed

DomainFocus Areas
LegalChange of control (5 subtypes), anti-assignment, termination clauses, IP ownership, IP portfolio strength, freedom to operate, data privacy, indemnification, liability caps, warranty, dispute resolution, governance graph construction
FinanceRevenue cross-referencing (flags >5% ARR mismatch), revenue decomposition, unit economics (CAC/LTV/NRR/GRR), pricing compliance, cost structure, financial projections, insurance program analysis
CommercialRenewal mechanics, churn risk, SLA commitments, volume commitments, customer segmentation (flags >30% concentration), pricing models, MFN clauses, competitive positioning, supply chain risk, operational capacity
ProductTechDPA analysis, security certifications (SOC2/ISO27001), technical SLAs, integration requirements, data portability, migration complexity, technical debt, vendor lock-in
CybersecuritySecurity governance, incident history, vulnerability management, identity & access, network infrastructure, data protection, third-party risk, disaster recovery, compliance certifications, cyber insurance
HRWorkforce composition, compensation analysis, benefits liabilities, key talent retention, organizational structure, labor compliance, union/collective bargaining, culture integration, succession planning, workforce classification
TaxIncome tax compliance, transfer pricing, NOL/tax attributes, sales & use tax, international tax, deal structure tax, tax provisions, tax controversy, employee tax, indirect tax
RegulatoryLicense transferability, antitrust/competition, data privacy regulation, financial regulation, healthcare regulation, AML/sanctions, government contracts, environmental regulation, consumer protection
ESGEnvironmental contamination, environmental permits, climate/carbon risk, hazardous materials, supply chain sustainability, ESG governance, social impact, ESG disclosure, biodiversity/land use, circular economy

Pipeline Output

Copy & paste β€” that's it
_dd/forensic-dd/
  index/text/                     # Extracted document text (cached across runs)
  inventory/                      # File discovery and company registry
  runs/
    latest/                       # Always points to the most recent run
      findings/
        legal/                    # Per-subject findings from each agent
        finance/
        commercial/
        producttech/
        merged/                   # Deduplicated cross-domain findings
      report/
        dd_report.html            # Interactive HTML report
        dd_report.xlsx            # 16-sheet Excel report
      audit.json                  # 31 quality validation checks
      numerical_manifest.json     # Every financial figure traced to source
      metadata.json               # Run metadata and API costs
  knowledge/                      # Deal Knowledge Base (compounds across runs)
    articles/                     # Structured knowledge articles
    chronicle.jsonl               # Append-only timeline of all events
    graph.json                    # Cross-reference knowledge graph
  entity_resolution_cache.json    # Company name matching (reused across runs)

Documentation

GuideDescription
Getting StartedInstallation, first run with sample data room
Deal ConfigurationConfig file structure, auto-generation
Running the PipelineExecution modes, resume, quality gates
Reading the ReportNavigating the HTML and Excel output
CLI ReferenceComplete command reference
TroubleshootingCommon errors, exit codes, recovery steps
Search GuideContract search for legal teams
Agent CustomizationTailor agent personas, focus areas, and severity (no code)
Bindu A2A agent (community example)Serve a completed report as a conversational agent over the A2A protocol

Contributing

See CONTRIBUTING.md for development setup, code style, and PR process.

Press & Coverage

Star History

If this project is useful to you, consider giving it a star β€” it helps others discover it.

Star History Chart

License

Apache 2.0. See LICENSE.