# Usage: curl -sSL https://seed.show/legal.due.diligence | bash -s <install-path>
# <install-path> is the directory where the file should land.

set -euo pipefail
[ -z "${1:-}" ] && {
  echo "install requires a path: curl -sSL https://seed.show/legal.due.diligence | bash -s <install-path>" >&2
  exit 1
}
TARGET="$1"
mkdir -p "$TARGET"
DEST="$TARGET/seed-fold.cWSbab.folded.md"

cat > "$DEST" <<'PORTDOWN_4C33CBA1'
<!--
This is a `.folded.md` archive — a directory packed into one markdown
file. The markers below are load-bearing; don't edit them directly.

To unpack (requires bash — if you have no shell, tell the user):
  1. curl -sSLf https://fold.dom.vin/skill | bash -s <INSTALL_DIR>
  2. <INSTALL_DIR>/fold/scripts/unfold <this-file>
     (or: unfold <this-file>  if fold/scripts is on your PATH)
-->

---
fold: true
marker: bd3a60
at: 2026-05-07T16:16:15Z
root: seed-pack.fBOAPK
---

<!--fold:bd3a60@file path="README.md" mode="644"-->
# legal.due.diligence

Due diligence context for agents. What DD is actually trying to accomplish, the staged risk elimination mental model, where agents break down, and what AI is changing.

## The mental model: staged risk elimination

DD is not document collection. It is a staged process of eliminating specific failure modes before the buyer is contractually committed.

Each workstream answers a distinct question about a distinct failure mode:

| Workstream | Failure mode | Core question |
|---|---|---|
| Legal / corporate | The buyer inherits a liability it didn't price | Does the seller own what it says it owns, and are there hidden obligations triggered by the transaction? |
| Financial | The EBITDA baseline is wrong | What is the true recurring earnings power, net of adjustments? |
| IP | Chain of title is broken | Does the company actually hold title to the IP the valuation assumes it owns? |
| Employment / HR | Key talent is at risk or misclassified | Who are the humans the business depends on, and what is the actual cost structure and liability for them? |
| Customer / commercial | Revenue is less durable than represented | Is the revenue real, and what happens to it post-closing? |

The deliverables are three things, not one: (1) a risk memo to the buyer's investment committee, organized by severity, (2) disclosure schedules — the seller's contractual qualification of its representations, and (3) an issue list that feeds directly into the definitive agreement negotiation (price chips, rep carve-outs, additional indemnities, escrow structure).

## Buy-side vs. sell-side posture

**Buy-side** (typical): The buyer's team reviews the data room. Objective: find issues before signing that kill the deal, reduce the price, or get addressed through reps, warranties, and indemnification in the definitive agreement.

**Sell-side preparation** (increasingly common in auctions and PE exits): The seller runs a vendor due diligence (VDD) process before going to market — prepares a VDD report, organizes the data room, and identifies issues proactively. Sell-side prep reduces process risk, limits NDA exposure from multiple buyer teams, and creates a more competitive auction.

**The structural asymmetry:** The seller has been inside the business for years; the buyer has 30–60 days. The buyer will miss things. The question is whether the missed things are material, and whether the reps and indemnification structure provides adequate contractual recourse post-closing.

## The five diligence workstreams

**1. Legal / corporate**
Corporate formation and governance (certificate of incorporation, bylaws, cap table, board consents, stockholder agreements); material contracts (customer agreements, vendor agreements, leases, loan documents — focus on change of control provisions that require consent or trigger termination); litigation and regulatory (pending and threatened claims, regulatory investigations, consent orders); compliance (anti-bribery, export controls, data privacy); and the representations and warranties insurance (RWI) underwriting process, which now runs parallel to buyer DD in most PE deals.

**2. Financial**
Historical financial statements (audited if available), quality of earnings (QofE) analysis — the most important financial deliverable, identifies revenue and cost adjustments that produce a "true" EBITDA baseline for valuation; working capital analysis (the output feeds the working capital target in the purchase price adjustment mechanism); debt and contingent liabilities (understand what is on the balance sheet and what is off it — deferred revenue, unfunded pension obligations, earn-out liabilities, seller transaction costs); and tax exposure (open tax years, transfer pricing, state nexus, R&D credit validity).

**3. IP**
Chain of title — does the company actually own what it says it owns? (Contractor and employee IP assignment agreements are often missing or improperly executed.) Patent ownership and prosecution history; trademark registrations and conflicts; software license compliance (inbound licenses the company relies on, outbound licenses it grants); open-source exposure (GPL, LGPL, AGPL copyleft licenses in commercial products create disclosure and licensing obligations that can be material); domain names and social handles.

**4. Employment / HR**
Key employee identification and retention risk; offer letters and employment agreements (scope of noncompete and non-solicitation); equity grants (option plan compliance, acceleration provisions triggered by the transaction — double-trigger vs. single-trigger); benefits and ERISA compliance; worker classification (contractor vs. employee misclassification is a persistent liability in tech companies); immigration status of key employees.

**5. Customer / commercial**
Customer concentration (top-customer revenue share, contract terms, and what happens if they leave); contract terms (termination for convenience, change of control consent, most-favored-nation pricing, auto-renewal mechanics); pipeline quality (is the pipeline supported by documented conversations or is it a sales estimate?); churn history. In SaaS: net revenue retention is more predictive of underlying health than gross revenue.

## What agents get wrong

**Treating DD as box-checking.** The deliverable is not "we received these documents." It is: "here are the three risks that could affect this deal and here is how each one maps to the purchase agreement." A complete data room with no analysis is worse than a sparse data room with a tight risk memo — it creates an illusion of thoroughness without the substance.

**Missing defined terms in contracts.** "Material adverse change," "ordinary course of business," "knowledge of the company," "permitted liens" — these are load-bearing terms in every material contract. The defined term governs; the plain-language meaning does not. An agent that summarizes a contract without reading the definitions section is summarizing something different from what the contract says. Always read the definitions. Always map the defined term back to the operative clause.

**Ignoring the representations in the purchase agreement.** DD exists to verify what the seller will represent. If an agent reviews the data room without reading the draft representations, it does not know what it is confirming. The two documents must be read together: every rep the seller makes should map to a diligence request; every diligence finding should map to a rep that either covers it or does not.

**Conflating disclosure schedules with exceptions.** Disclosure schedules are not the seller's opportunity to carve out all its problems. They are the mechanism for making qualified representations accurate. Undisclosed issues are still rep breaches. Agents sometimes treat a dense disclosure schedule as evidence of seller thoroughness rather than reading each schedule entry against the rep it qualifies.

**Underweighting post-closing mechanics.** Working capital adjustment, earnout provisions, and indemnification escrow structure are where value is won and lost after signing. Indemnification baskets (deductible and cap), survival periods, and the definition of "losses" are not boilerplate — they determine what the buyer can recover for.

**Scope creep masquerading as thoroughness.** Requesting every document in a category when only two are load-bearing wastes process time and signals to the seller's counsel that the buyer does not know what it is looking for. DD discipline means knowing which three items in each workstream actually matter for this deal's specific risk hypotheses.

## What AI is changing

**Contract analysis at scale.** AI can now read an entire data room and flag change-of-control provisions, non-standard indemnification terms, and missing counterparty signatures across hundreds of contracts in the time it previously took a junior associate to review twenty. Tools like Luminance, Kira, and Ironclad AI have moved from novelty to standard practice in large-deal DD.

**Data room organization and gap detection.** AI can map the buyer's diligence request list against documents actually produced and surface gaps — requests with no responsive document — more reliably than a manual tracker. This is where AI is most useful in early-stage DD: knowing what is missing.

**Anomaly detection in financials.** Pattern matching in financial data — revenue recognition inconsistencies across periods, unusual related-party transaction timing, deferred revenue movements that do not match contract terms — is now within reach of AI assistants with access to structured financial data.

**Risk scoring across workstreams.** Some platforms now produce a consolidated risk register across all five workstreams, with AI-assigned severity scores, allowing the IC memo to be drafted from a structured summary rather than from scratch.

**What stays human:** Risk judgment. Whether a contractual gap is a deal-killer or a rep issue is a judgment call that requires understanding the deal thesis, the buyer's risk appetite, and the seller's negotiating position. AI can surface the gap; it cannot evaluate it. Deal thesis and negotiation strategy — what to push hard on and what to trade — remain human decisions. Verification calls with customers, management interviews, and reference checks are irreplaceable for surfacing soft risk (the things that are true but not in any document). And the synthesis that goes into an IC memo — "here is the risk, here is why it matters to this deal, here is how we address it" — requires judgment that no AI currently delivers reliably.
<!--fold:bd3a60@file path="checklist.md" mode="644"-->
# checklist

Due diligence workstreams as a decision framework. The load-bearing items in each workstream most likely to surface material issues, organized by deal stage.

The goal at each stage is not completion but prioritization: which open items, if confirmed negative, would kill the deal, reduce the price, or require a rep carve-out or additional indemnity?

---

## Deal stages

**LOI executed → exclusivity begins**
The work at this stage is framing, not reviewing. Build the diligence request list, organize the data room request, and identify the three to five deal-specific risk hypotheses to test. Every deal has a short list of known-unknowns — the things that could kill it — and DD should be structured to answer those first, not last.

**Exclusivity period (typically 30–60 days)**
The main DD window. All five workstreams run in parallel. Deliverables: (1) an open issues list organized by severity (deal-killer / price chip / rep-warranty issue / disclosure schedule item), (2) a working capital analysis that feeds the closing mechanism, and (3) draft disclosure schedule positions.

**Signing → closing**
Confirmatory only. The definitive agreement is signed; the buyer is contractually committed subject to closing conditions. Diligence at this stage focuses on bring-down: has anything changed? Are the reps still true? Have any new material issues emerged? The MAC definition determines whether any new issue rises to the level of a termination right.

---

## Workstream 1: Legal / corporate

**Load-bearing items**

- **Cap table and fully-diluted ownership**: Is the fully-diluted cap table clean? Outstanding options, warrants, convertible notes, SAFEs — are they all reflected? Undisclosed dilution affects price. Verify against the stock ledger and every option plan grant; reconcile to the capitalization representation in the draft SPA.
- **Change of control provisions in material contracts**: Review the top 10 revenue contracts and all debt instruments for change-of-control consent requirements or automatic termination triggers. A material customer or lender that can walk at closing is a deal risk, not a rep issue — consent must be obtained before signing, not after.
- **Change of control provisions in vendor contracts**: A sole-source supplier that can terminate on acquisition is a supply-chain risk post-closing. Often missed because review focuses on customer contracts.
- **Litigation and regulatory exposure**: Pending or threatened litigation, regulatory investigations, consent orders, or agency correspondence. Correspondence that is not yet formal litigation is material — a letter from a state AG or a regulatory subpoena is a risk even if no case is filed.
- **Data room completeness against reps**: Map every representation in the draft SPA to the diligence request that confirms it. If a rep is not backed by a document, either the document must be produced or the rep must be qualified.
- **RWI underwriting exclusions**: In deals with representations and warranties insurance, the insurer's exclusion schedule is often a faster path to the real risk list than the buyer's own DD. Exclusions reflect what the underwriter found concerning enough to decline to cover.

---

## Workstream 2: Financial

**Load-bearing items**

- **Quality of earnings (QofE) adjustments**: The QofE report is the most important financial diligence deliverable. The key adjustments: revenue recognition timing (is revenue recognized in the right period?), non-recurring items (one-time costs or revenues that inflate EBITDA), related-party transactions (owner compensation and management fees that will not recur post-sale), and capitalization vs. expensing decisions. The QofE output sets the EBITDA baseline the valuation multiple is applied to — a 0.5x adjustment on a 10x deal is material.
- **Working capital target**: The working capital adjustment is a formula, not a fixed number. Establish what is in and out of the working capital definition (cash, debt, and transaction expenses are typically excluded) and verify the historical working capital levels that anchor the target negotiation. Buyers typically argue for a higher target (more working capital left in the business at closing); sellers argue for a lower one.
- **Off-balance sheet liabilities**: Unfunded pension obligations, deferred revenue liabilities, earn-out obligations from prior acquisitions, operating lease commitments, and contingent liabilities from indemnification obligations in prior transactions. Deferred revenue is a liability — the company has been paid but has not yet performed, and the buyer inherits the performance obligation.
- **Tax exposure**: Open tax years (typically three years for federal, but up to six for substantial understatement), transfer pricing positions, state nexus exposure (particularly for SaaS companies with economic nexus obligations after South Dakota v. Wayfair), R&D tax credit validity, and any tax-sharing agreements if the target is a subsidiary being carved out.
- **Customer concentration and revenue quality**: Any single customer representing more than 20% of revenue elevates that customer's contract terms and renewal history to financial diligence priority — not just commercial diligence.

---

## Workstream 3: IP

**Load-bearing items**

- **Chain of title — employee and contractor IP assignments**: Does the company have signed IP assignment agreements from every engineer, designer, or contractor who contributed to the core product? Contractors paid without a signed assignment may retain ownership of what they built. This is the most common IP title defect in early-stage tech companies and the hardest to cure post-closing because you need the original assignor to cooperate.
- **Pre-incorporation IP assignments**: Agreements signed before the company was incorporated — with a founder personally, rather than with the entity — do not assign IP to the entity. Check that every assignment runs to the corporate entity, not to a founder.
- **Open-source license compliance**: Identify GPL, LGPL, and AGPL-licensed components in the product. Copyleft licenses require that derivative works be released under the same license. If the product ships with undisclosed copyleft code, the buyer is inheriting an obligation to open-source proprietary code. FOSSA or Black Duck scans are standard; verify one has been run and reviewed.
- **Patent ownership and prosecution history**: Are patents assigned to the company (not to founders personally)? Review prosecution history for inter partes review filings, office actions, or claim amendments that narrowed scope. A narrowed claim may not cover what the product actually does.
- **Inbound license compliance**: Are all software licenses for tools, platforms, and APIs (a) properly licensed for production use, (b) transferable on change of control, and (c) consistent with actual use? Development-only licenses used in production and API terms of service that prohibit competitive use are both exposure.
- **Domain names and social handles**: Verify the company owns the primary domain and major TLDs. Confirm social handles are in the company's name, not a founder's personal account. Easy to miss; occasionally contentious at closing.

---

## Workstream 4: Employment / HR

**Load-bearing items**

- **Key employee identification and retention**: Who are the three to five people without whom the business is materially less valuable? Do they have employment agreements? Are there acceleration provisions triggered by the transaction? Identify the retention risk before signing — retention packages negotiated at closing are more expensive and less effective than ones negotiated before.
- **Acceleration provisions — single vs. double trigger**: Options that accelerate on a single trigger (change of control alone) vest immediately at closing, increasing cost to the buyer. Double-trigger acceleration (change of control plus termination within a window) is buyer-favorable. Know the breakdown across the option plan before modeling fully-diluted price.
- **Worker classification**: Identify any workers classified as independent contractors who perform ongoing, integrated services. Misclassification creates exposure for unpaid payroll taxes, benefits, and state-specific contractor protections. The exposure accrues pre-closing and survives to the buyer in a stock deal. California, Massachusetts, and New York have the most aggressive classification standards.
- **Non-compete and non-solicitation enforceability**: Non-competes are enforceable in most states but void in California, North Dakota, and Minnesota; enforcement has been further constrained by FTC rulemaking that remains in active litigation as of 2025. Map where key employees are located against enforceability before assuming non-competes provide real post-closing protection.
- **Equity plan compliance**: Has the option plan been adopted by proper board and stockholder vote? Are all grants reflected in a board consent? Are exercise prices at or above FMV at the time of grant (Section 409A compliance)? 409A violations create personal tax liability for option holders — they become a disclosure obligation and a source of deal friction.
- **Immigration status of key employees**: An H-1B employee who is a critical engineer cannot simply transfer to the buyer's payroll without a new petition. If the acquisition changes the employer EIN or restructures the job, the petition process must begin before closing, not after.

---

## Workstream 5: Customer / commercial

**Load-bearing items**

- **Customer concentration**: Top 10 customers by revenue, their contract terms, and renewal dates. Any customer representing more than 10% of revenue with a termination-for-convenience right or a contract coming up for renewal within 12 months post-closing is a risk that needs to be disclosed and addressed in the rep structure.
- **Change-of-control provisions in customer contracts**: Contracts that require change-of-control consent but where consent is not obtained before closing leave the buyer holding an unassigned contract — technically a default. Map every material customer contract against its assignment clause.
- **Auto-renewal mechanics**: A customer with a right to terminate on 30 days' notice before renewal, where the renewal is 45 days away, will often terminate if the change of control prompts reassessment. This is a specific timing risk that closing schedules can force.
- **Net revenue retention (for SaaS)**: NRR above 110% means the company grows revenue from existing customers without adding new ones. NRR below 90% means the existing base is shrinking — new customer acquisition is masking churn. NRR is more predictive of underlying health than gross revenue growth.
- **Contractual price protections**: Most-favored-nation (MFN) pricing clauses that could constrain post-closing pricing power. Price caps negotiated below market that auto-renew. These are valuation constraints the buyer is inheriting.
- **Pipeline quality**: Is the pipeline supported by documented customer conversations, trials, or LOIs, or is it a sales team estimate? In recurring-revenue businesses, the next 12 months of ARR is a core component of value; pipeline that does not convert destroys that value.

---

## Issue severity triage

Organize open items into four buckets before presenting to the investment committee:

| Severity | Definition | Action |
|---|---|---|
| Deal-killer | Issue that, if confirmed, either violates a closing condition or fundamentally changes the value proposition | Resolve before LOI expiration or terminate |
| Price chip | Quantifiable liability or risk that is real but can be reflected in a price reduction or escrow holdback | Negotiate into the definitive agreement |
| Rep / warranty issue | Something the seller should represent, or that needs to be qualified in the disclosure schedules | Address in the definitive agreement negotiations |
| Monitor | Real issue not material enough to affect price or reps, but that the buyer should track post-closing | Include in the diligence report; flag for post-closing integration |

The goal of the diligence report is to move every open item into one of these four buckets, with a clear statement of: (a) what was found, (b) which bucket it belongs in, and (c) the specific mechanism — price, rep, escrow, or disclosure schedule entry — for addressing it.
<!--fold:bd3a60@file path="sources.md" mode="644"-->
# sources

Fetch these at task time. Ordered by importance — the first three are the structural framework; the rest are specific-topic authority.

1. **NVCA: Model Legal Documents** — the National Venture Capital Association's model merger agreement, stock purchase agreement, and due diligence checklist, widely used as the baseline for venture-backed M&A:
   https://nvca.org/model-legal-documents/

2. **ABA: Model Stock Purchase Agreement with Commentary** — the American Bar Association's annotated model SPA, which is the authoritative reference for rep/warranty structure, indemnification mechanics, and disclosure schedule architecture:
   https://www.americanbar.org/groups/business_law/committees/ma/

3. **ABA: Model Asset Purchase Agreement** — companion to the SPA; governs the structure of most middle-market asset deals; annotated rep/warranty language and indemnification provisions:
   https://www.americanbar.org/groups/business_law/publications/books/model_asset_purchase_agreement/

4. **Delaware Court of Chancery: Akorn v. Fresenius Kabi (2018)** — the controlling precedent for MAC clause invocation. Every DD team working on deals with MAC definitions should understand the specific threshold the court applied (general vs. target-specific deterioration, disproportionate effect standard):
   https://courts.delaware.gov/Opinions/Download.aspx?id=275730

5. **FTC: HSR Premerger Notification Rules** — current filing thresholds (updated annually each February), the 2024 revised form requirements (substantially expanded), and exemption guidance. Relevant when either party exceeds the size-of-transaction threshold:
   https://www.ftc.gov/legal-library/browse/rules/premerger-notification-rules

6. **SEC: Regulation M-A** — governs disclosure obligations in business combination transactions involving public companies (Schedule TO, Schedule 14D-9, proxy statements). Relevant when either party is public:
   https://www.sec.gov/divisions/corpfin/mergers.shtml

7. **Practical Law (Thomson Reuters): Due Diligence Checklists** — the most comprehensive practitioner-maintained DD checklists, organized by workstream (legal, financial, IP, employment). Requires subscription; widely cited in practice as the reference standard:
   https://uk.practicallaw.thomsonreuters.com/Browse/Home/Practice/CorporateMA

8. **ACC: In-House Counsel M&A Resources** — the Association of Corporate Counsel's guides for corporate legal teams managing buy-side and sell-side diligence. Useful for understanding the corporate buyer's DD discipline vs. the financial buyer's:
   https://www.acc.com/resource-library/mergers-acquisitions

9. **IRS: Section 409A Regulations** — the authoritative source for option pricing and deferred compensation compliance. Relevant to any DD that involves employee equity (which is every tech company deal):
   https://www.irs.gov/irb/2007-19_IRB#TD-9321

10. **DOL: Worker Classification Guidance** — the Department of Labor's current guidance on independent contractor vs. employee classification under the FLSA. Counterpart to state-level tests (AB5 in California, the ABC test in Massachusetts):
    https://www.dol.gov/agencies/whd/flsa/misclassification
<!--fold:bd3a60@end-->
PORTDOWN_4C33CBA1

# ── post ──
MARKER=$(awk '/^---$/ { f++; if (f==2) exit; next } f==1 && /^marker:[[:space:]]/ { sub(/^marker:[[:space:]]+/, ""); print; exit }' "$DEST")
[ -z "$MARKER" ] && { echo "seed: archive has no marker — corrupt" >&2; exit 1; }
awk -v m="$MARKER" -v outdir="$TARGET" '
  BEGIN {
    # Match <!--fold:<m>@file path="X"--> with an optional mode attr after
    # the path (fold emits  mode="644"  on executables).
    file_re = "^<!--fold:" m "@file path=\"([^\"]+)\"( mode=\"[0-9]+\")?-->$"
    end_re  = "^<!--fold:" m "@end-->$"
  }
  $0 ~ end_re { if (current) close(current); exit }
  $0 ~ file_re {
    if (current) close(current)
    line = $0
    sub(/^<!--fold:[^@]+@file path="/, "", line); sub(/".*$/, "", line)
    current = outdir "/" line
    dir = current; sub(/\/[^\/]*$/, "", dir)
    if (dir != current) system("mkdir -p \"" dir "\"")
    printf "" > current
    next
  }
  current { print >> current }
' "$DEST"
SEED_EXTRACTED=$(find "$TARGET" -type f -not -path "$DEST" 2>/dev/null | wc -l)
if [ "$SEED_EXTRACTED" = "0" ]; then
  echo "seed: archive contained no files — refusing to delete the source" >&2
  echo "  archive preserved at: $DEST" >&2
  exit 1
fi
rm -f "$DEST"

echo "" >&2
echo "✓ seed unpacked → $TARGET ($SEED_EXTRACTED files)" >&2
find "$TARGET" -type f | sort | while IFS= read -r _sf; do
  echo "  ${_sf#${TARGET}/}" >&2
done
echo "" >&2
if [ -f "$TARGET/SKILL.md" ]; then
  echo "This seed contains a skill (SKILL.md). Install it in your agent's skills directory." >&2
  echo "" >&2
fi
echo "Install the seed skill if not already installed:" >&2
echo "  https://seed.show/skill" >&2
echo "" >&2
echo "Publisher prompt:" >&2
sed 's/^/  /' >&2 <<'__SEED_PROMPT_END_AC1F2B__'
You have legal due diligence context for M&A transactions. Read README.md for the DD mental model and workstream framework, including what AI is changing. Read checklist.md for load-bearing items by workstream and the issue severity triage. Fetch sources.md for authoritative DD frameworks (NVCA, ABA, Delaware precedent). To share your own context bundles: curl seed.show/skill | bash
__SEED_PROMPT_END_AC1F2B__
exit 0