Due Diligence Agents

Find what gets buried in the data room. Open-source integrated M&A due diligence — 9 specialist domains across every contract, cross-referenced with exact citations.

https://github.com/user-attachments/assets/44322675-2f3e-4401-9e6b-e248c68c08f6

See a sample report — interactive HTML output from a synthetic 4-subject deal, no install required.

Finds what gets buried across hundreds of contracts — cross-references it across 9 specialist domains (Legal, Finance, Commercial, ProductTech, Cybersecurity, HR, Tax, Regulatory, ESG) — and traces every finding to an exact page, section, and quote. Use the structured output alongside your advisors to build IC memos, advisor reports, negotiation checklists, or integration plans.

This tool does not replace professional advisors. Legal, financial, and regulatory conclusions should always be made by qualified professionals. This tool helps your team and advisors work faster.

Why This Exists

I built this to solve my own problem. As a corp dev lead, I'd spend weeks assembling the cross-domain picture from siloed advisor reports — legal, financial, and commercial teams all flagging the same subject independently, with nobody connecting the dots. A termination clause in one contract and a revenue concentration risk in the same subject would be flagged in separate workstreams, if at all.

The numbers tell the story:

• 31% of M&A failures trace back to due diligence shortcomings — Acquisition Stars, citing HBR, McKinsey, and KPMG research
• DD timelines keep compressing — what used to be a six-week process becomes three weeks, with no reduction in scope — Spellbook
• Corp dev teams screen 200-1,000+ companies/year but close only 1-10 — a 1-3% conversion rate, with DD costs sunk on every deal that doesn't close — CorpDev.AI
• AI contract analysis reaches 95% accuracy with clause-aware prompting (up from 74% baseline) — Addleshaw Goddard RAG Report, 510 contracts tested
• 86% of M&A organizations have integrated GenAI into deal workflows — Deloitte 2025 M&A Trends

This tool runs all nine workstreams in parallel across every document, cross-references findings automatically, and produces structured analysis your team can search, filter, and drill into — the kind of cross-domain picture that used to take weeks to assemble manually.

Who uses this: Corp dev teams screening targets, PE firms running portfolio DD, legal teams doing contract review, advisors accelerating workstreams. Anyone who needs to search hundreds of contracts and connect findings across domains.

What You Can Do

Full Pipeline — Integrated Due Diligence

dd-agents run deal-config.json

Analyzes every document through 9 domain lenses, cross-references findings, and validates quality through 5 blocking gates. Produces:

• Interactive HTML report — cross-domain findings, risk heatmaps, severity filtering, drill-down to exact clauses
• 14-sheet Excel report — structured findings, cross-references, audit trail for downstream modeling
• Per-subject JSON findings — every finding with severity, citations, cross-references, and governance graph edges

Quick Scan — Red Flag Triage in Minutes

dd-agents run deal-config.json --quick-scan --model-profile economy

GREEN / YELLOW / RED signal across 8 deal-killer categories. Get a first read before committing to full analysis.

Contract Search — Targeted Questions, No Full Pipeline

dd-agents search prompts.json --data-room ./data_room

Ask specific questions across every contract and get an Excel report with answers, citations, and verification scores. The prompts file is plain JSON any legal professional can write:

{
  "name": "Change of Control Analysis",
  "columns": [
    {
      "name": "Consent Required",
      "prompt": "Does this agreement require consent upon a change of control? Answer YES, NO, or NOT_ADDRESSED."
    }
  ]
}

See examples/search/ for ready-to-use templates.

Post-Run Tools

dd-agents chat --report _dd/forensic-dd/runs/latest         # Interactive multi-turn chat with memory
dd-agents query --report _dd/forensic-dd/runs/latest        # Ask questions about findings
dd-agents assess ./data_room                                # Check data room quality
dd-agents portfolio add "Deal A" --data-room ./data_room_a  # Track multiple deals
dd-agents portfolio compare                                 # Compare risk across deals
dd-agents export-pdf report.html                            # Export to PDF
dd-agents log --data-room ./data_room                       # Browse the deal knowledge timeline
dd-agents lineage --data-room ./data_room                   # Trace finding evolution across runs
dd-agents health --data-room ./data_room                    # Check knowledge base integrity
dd-agents annotate --data-room ./data_room "Confirmed with counsel"  # Add analyst notes

Quick Start

Prerequisites: Python 3.12+ and an Anthropic API key.

# 1. Install
pip install dd-agents[pdf]

# 2. Set your API key
export ANTHROPIC_API_KEY="sk-ant-..."

# 3. Generate a deal config (AI scans the data room and infers entity aliases, focus areas)
dd-agents auto-config "Buyer Corp" "Target Inc" --data-room ./data_room

# 4. Run the analysis
dd-agents run deal-config.json

git clone https://github.com/zoharbabin/due-diligence-agents.git
cd due-diligence-agents
pip install -e ".[dev,pdf]"

Open _dd/forensic-dd/runs/latest/report/dd_report.html in your browser.

No API key yet? Generate a config without any API calls: dd-agents init --data-room ./data_room

See the Getting Started guide for a complete walkthrough with the included sample data room.

export ANTHROPIC_API_KEY="sk-ant-..."

cp .env.example .env
# Edit .env and add your key

export AWS_PROFILE=default
export AWS_REGION=us-east-1

data_room/
  SubjectGroup_A/
    Acme_Corp/
      master_agreement.pdf
      amendment_2024.pdf
    Beta_Inc/
      license_agreement.pdf
  SubjectGroup_B/
    Gamma_LLC/
      services_contract.docx
  _reference/                    # Optional: buyer overview, customer database, etc.
    buyer_overview.pdf

How It Works

  Data Room (PDFs, Word, Excel, Images)
       │
       ▼
  ┌─────────────────────────────────────┐
  │        Python Orchestrator          │
  │         38-step pipeline            │
  │       5 blocking quality gates      │
  └──────────────┬──────────────────────┘
                 │
    ┌────────────┼────────────┐
    │            │            │
    ▼            ▼            ▼
 ┌──────┐  ┌────────┐  ┌──────────┐  ┌──────────┐  ┌─────────────┐
 │Legal │  │Finance │  │Commercial│  │ProductTech│  │Cybersecurity│
 │Agent │  │ Agent  │  │  Agent   │  │  Agent   │  │   Agent     │
 └──┬───┘  └───┬────┘  └────┬─────┘  └────┬─────┘  └──────┬──────┘
    │          │             │             │               │
 ┌──┴──┐  ┌───┴────┐  ┌─────┴──────┐  ┌──┴──┐    ┌───────┴─────┐
 │ HR  │  │  Tax   │  │ Regulatory │  │ ESG │    │  + External │
 │Agent│  │ Agent  │  │   Agent    │  │Agent│    │   Agents    │
 └──┬──┘  └───┬────┘  └─────┬──────┘  └──┬──┘    └───────┬─────┘
    │         │              │            │               │
    └─────────┴──────┬───────┴────────────┴───────────────┘
                      │
              ┌───────▼────────┐
              │  Judge Agent   │  ← Validates findings
              │  (optional)    │
              └───────┬────────┘
                      │
              ┌───────▼────────┐
              │  Merge & Audit │  ← Dedup, numerical checks,
              │  31 QA checks  │    citation verification
              └───────┬────────┘
                      │
              ┌───────▼────────┐
              │   Executive    │  ← Severity calibration,
              │   Synthesis    │    Go/No-Go signal
              └───────┬────────┘
                      │
                      ▼
            HTML + Excel + JSON

9 domain specialists (Legal, Finance, Commercial, ProductTech, Cybersecurity, HR, Tax, Regulatory, ESG) analyze every document in parallel. Agents are config-driven — enable/disable per deal via deal-config.json. A Judge spot-checks findings. Executive Synthesis calibrates severity and the Go/No-Go signal. Red Flag Scanner provides quick triage. Acquirer Intelligence maps findings to the buyer's thesis (when configured). External agents can be added via pip entry-points without modifying core code.

The pipeline halts on quality failures rather than producing unreliable output. Runs can be resumed from any step.

What Gets Analyzed

Pipeline Output

_dd/forensic-dd/
  index/text/                     # Extracted document text (cached across runs)
  inventory/                      # File discovery and company registry
  runs/
    latest/                       # Always points to the most recent run
      findings/
        legal/                    # Per-subject findings from each agent
        finance/
        commercial/
        product_tech/
        merged/                   # Deduplicated cross-domain findings
      report/
        dd_report.html            # Interactive HTML report
        dd_report.xlsx            # 14-sheet Excel report
      audit.json                  # 31 quality validation checks
      numerical_manifest.json     # Every financial figure traced to source
      metadata.json               # Run metadata and API costs
  knowledge/                      # Deal Knowledge Base (compounds across runs)
    articles/                     # Structured knowledge articles
    chronicle.jsonl               # Append-only timeline of all events
    graph.json                    # Cross-reference knowledge graph
  entity_resolution_cache.json    # Company name matching (reused across runs)

Installation

pip install dd-agents[pdf]      # Recommended (includes PDF extraction via pymupdf)

# macOS (Homebrew)
brew install zoharbabin/due-diligence-agents/dd-agents

# Docker
docker pull ghcr.io/zoharbabin/due-diligence-agents:latest

# Extras
pip install dd-agents           # Core only (no PDF extraction)
pip install dd-agents[vector]   # + semantic search via ChromaDB
pip install dd-agents[ocr]      # + OCR for scanned documents (English)
pip install dd-agents[glm-ocr]  # + multilingual OCR (100+ languages, Apple Silicon)

# Pre-built image (recommended)
docker pull ghcr.io/zoharbabin/due-diligence-agents:latest
docker run -e ANTHROPIC_API_KEY="sk-ant-..." \
  -v ./data_room:/workspace/data_room \
  -v ./deal-config.json:/workspace/deal-config.json \
  ghcr.io/zoharbabin/due-diligence-agents run deal-config.json

# Or build from source
docker build -t dd-agents .
docker run -e ANTHROPIC_API_KEY="sk-ant-..." \
  -v ./data_room:/workspace/data_room \
  -v ./deal-config.json:/workspace/deal-config.json \
  dd-agents run deal-config.json

Licensing

All core dependencies use permissive open-source licenses (Apache 2.0, MIT, BSD). The optional [pdf] extra installs pymupdf, which is AGPL-3.0 licensed — if you redistribute software that bundles pymupdf, AGPL copyleft terms apply to your distribution. Using it internally or as a tool does not trigger copyleft.

Documentation

Contributing

See CONTRIBUTING.md for development setup, code style, and PR process.

Star History

If this project is useful to you, consider giving it a star — it helps others discover it.

License

Apache 2.0. See LICENSE.