How I Built
DueDrill
in Six Weeks
A Portfolio Executive's walkthrough of building an AI-native M&A diligence platform that scores deals across 16 categories and 214 fields. The full stack, the exact prompts, the code and the lessons.
Yuri Kruman
JD Cardozo · 3x CHRO · Ex-PE deal team · Jun 2026
diligence fields scored
deal categories
/month entry vs $1K+ incumbents
zero to live billing
The 30-Second Version
DueDrill is an AI-native diligence platform for solo investors and small funds. Paste a company name, the system researches it across 16 categories and 214 fields, scores each dimension with a weighted rubric, and outputs an IC-ready memo with PDF and shareable link. $49/mo for solo investors versus $12K-$70K for PitchBook.
The Problem
Solo investors and small funds priced out of PitchBook, AlphaSense and outside analysts ($80K-$120K) by 20-100x.
The Stack
Next.js 15 (App Router) + Vercel + Supabase + Stripe + Resend + Upstash Redis + multi-LLM AI layer.
What It Doesn't Need
No data team. No analyst pool. No proprietary corpus. No fine-tuning.
Build Time
Six weeks from blank repo to live Stripe billing across 4 plans.
If you are a solo GP, family-office principal, search-fund operator or angel who has ever stared at a PitchBook quote and asked "is the data really worth $50K to me," this build log is for you. The point is not that you should clone DueDrill. The point is that the rubric is the product. The model is plumbing.
Why a Solo Investor Diligence Tool, and Why Now
I had been advising two PE-adjacent friends. One ran a $35M lower-middle-market search vehicle. The other was a one-person family office writing $250K-$2M angel checks. Both were sourcing 30-60 opportunities a quarter. Both were spending the same kind of money on tooling and both were unhappy:
$12-70K
PitchBook annual seat, depending on package
$10-20K
AlphaSense per seat, per year
$80-120K
Outsourced analyst pulling one diligence pack
$588
Crunchbase Pro — cheap, but a CRM, not diligence
The pattern was identical at both shops. They were paying enterprise prices for tools designed for enterprise teams, then doing the actual diligence work in Google Docs and Notion. The expensive tools were search engines. The actual analysis was still senior-judgment plus elbow grease.
I had three observations that nobody at PitchBook would say out loud:
- 1 The "data" inside PitchBook is mostly public: SEC filings, press releases, LinkedIn, company sites. Their moat is aggregation and UI, not exclusivity.
- 2 The judgment layer is what a deal actually needs: a rubric that scores team, market, traction, unit economics, competitive position, regulatory risk and exit paths against a consistent bar.
- 3 Frontier models do that judgment layer right now, today. What is missing is not capability. What is missing is a product that turns that capability into a workflow a deal team can actually use.
So I scoped a six-week build. Not a weekend prototype: a real billable product. By week six it had to be authenticated, paywalled, generating IC-ready PDFs and accepting live Stripe payments. No mid-stage debate about whether to "explore the market." If the build hit the timeline, ship it and find out from real users.
The rubric is the product. The model is plumbing.
PitchBook's moat is the database. DueDrill's moat is the 16-category, 214-field, weighted-aggregation rubric — built from how I actually read a deal. Any frontier model can fill the fields. The thing that took years of pattern recognition was deciding which fields, which weights and which red flags actually move IC votes.
The Stack (and Why Each Piece)
Click each layer for the reasoning. If you're non-technical, the "why" matters more than the "what."
Framework
Next.js 15 (App Router)
Server components, file-based routing, native middleware, edge-friendly. The App Router is the right substrate for a product that mixes authenticated dashboard, marketing landing, server-only API routes and PDF generation. Skip Pages Router on a new build — you'll be migrating it within a year.
Hosting
Vercel
Built by the Next.js team. CI, preview deploys, edge middleware, cron, env-var management and analytics in one place. For a solo builder, the integrated experience is worth more than the price delta against Render or Railway. Hobby tier gets you 2 daily crons — budget accordingly.
Auth + Database
Supabase (Postgres + Auth)
Real Postgres, real Row-Level Security, real auth with Google OAuth in one config. The free tier is generous enough to validate, the pro tier scales without rebuilding.
Watch out: the free tier auto-pauses after ~7 days idle. If your middleware calls supabase.auth.getUser() on every request with no timeout, that pause will 504 your entire site — including marketing pages. Bound every auth check with a 3s timeout that fails closed.
Reasoning
Multi-LLM (Claude, GPT-5, Gemini)
A thin abstraction over Anthropic, OpenAI and Google with a shared buildBody(opts) and provider-specific JSON-mode shims. The user picks the model per category; the system normalizes the call.
Hard-won lesson: resist the temptation to write the same provider config in nine places "for clarity." We did that. The nine copies drifted on maxTokens and jsonMode. Centralize early.
Billing
Stripe (4 plans, webhooks)
Solo $49/mo, Solo $468/yr, Fund $199/mo, Fund $1,908/yr. Free tier for evaluation. Webhook updates plan in Supabase on checkout.session.completed, customer.subscription.*, invoice.payment_*.
Hidden trap: Stripe organization-scoped API keys require the Stripe-Context header on every call. Wire it in your getStripe() helper or every checkout returns a confusing 400.
Transactional + Drip
Resend + Supabase scheduler
Resend for sending. A email_schedules Postgres table for the day 0/1/3/7/14 drip. A daily Vercel cron consumes the queue. One CRON_SECRET protects it. Sounds boring; it is the entire activation funnel.
Rate Limit + Resilience
Upstash Redis (with in-memory fallback)
Dual-backend pattern: use Upstash when the env vars are present, fall back to an in-memory map for local dev and emergencies. Fails open on a transient Redis error. AI routes get tighter buckets than waitlist; auth routes get the strictest.
Validation + Schema
Zod + SECTION_DEFINITIONS
Every API route validates its body with Zod via a shared validateBody() helper. The diligence rubric lives in a single SECTION_DEFINITIONS file consumed by the live report view AND the PDF generator. One source of truth, two surfaces — not two divergent copies.
The Six-Phase Build Sequence
Each phase is ~3-10 days. Sequence them in order. Phase 1 is non-negotiable as the first phase — the rubric is the product. Get it right before any code lands.
The Rubric (Pen and Paper Phase)
No code yet. I spent four days writing out the 16 categories and 214 fields by hand, in a Notion doc, weighting each one against how I actually read deals in my prior PE seat. This is the most important phase in the entire build.
The 16 categories (with weights):
"You are a PE investment-committee chair. I will paste my draft of 16 diligence categories and 214 fields. For each category: (a) name three questions I am NOT asking that I should be, (b) point out any field that's vanity rather than decision-driving, (c) propose a weight 0.0-1.0 based on how often that category actually moves IC votes. Return as a markdown table I can edit in place."
Iron rule: if you can't write the rubric, you can't build the product. The temptation is to start coding the UI because that feels like progress. Resist. The rubric is your moat. Every hour on the rubric saves a week of rewrites later.
What I'd Do Differently Today
Start on Supabase Pro from day one
The free-tier pause cost a full outage and a weekend of forensic work on middleware. $25/month would have prevented all of it. If you have any paying users, you cannot afford the pause risk.
Centralize the provider config on day one, not day forty-five
Nine copies of PROVIDER_CONFIGS drifting silently is the most expensive bug-class I shipped. Start with lib/ai/providers.js on the first commit.
Section definitions before any UI
I hardcoded field names in the PDF route for "speed." It cost me a full day rebuilding the report layer when the schema evolved. The rubric is one source of truth or you'll rewrite it forever.
Zod every API route, day one
Adding Zod validation across 8 routes in week five was a multi-day project. Adding it on each route as I wrote them would have been 5 minutes per route. Build the helper first, force every new route through it.
Wire Sentry on commit #1
For three weeks I learned about errors from users. That is a humbling and avoidable failure mode. Sentry's free tier is enough; the integration is 30 minutes.
Adapt This for YOUR Scoring Workflow
The architecture (rubric → AI layer → scoring → report → billing → harden) is the template for any decision-grade scoring product. Five adaptations off the same skeleton:
| Scoring Product | Rubric | Output | Buyer |
|---|---|---|---|
| LP fund scorer | Track record + thesis fit | Tier 1-4 + memo | Family office, fund of funds |
| Real estate diligence | Cap stack + market + asset | IRR sensitivity memo | Solo RE GPs |
| M&A target scorer | Integration fit + synergy | Go/no-go IC pack | Corp dev teams |
| Grant funder fit | Cause + program + giving history | Match score + LOI draft | Nonprofit fundraisers |
| VC deal screener | 214-field diligence | IC-ready memo | Solo GP, family office, angel |
Starter Prompts for Claude / Cursor
If you want to start your own scoring product today, these four prompts take you from zero to billable. Substitute the bracketed placeholders for your domain.
"You are a [SENIOR PRACTITIONER, e.g. PE IC chair / chief grant officer / corp dev lead]. Help me design a [N]-category, [M]-field diligence rubric for [DOMAIN]. For each category propose: (a) the three questions that actually move the decision, (b) the weight 0.0-1.0 based on how often it changes the answer, (c) the red-flag patterns that should trigger an automatic downgrade. Return as a markdown table I can paste into Notion."
"Write a Next.js 15 server module lib/ai/providers.js that supports Anthropic, OpenAI and Google with one shared buildBody(provider, opts) and extractText(provider, response). Each provider has different JSON-mode shapes (Anthropic tool_use, OpenAI response_format, Google generationConfig). Centralize PROVIDER_CONFIGS in this file; no route may import a per-provider config directly. Add a resolveProvider(category) helper that picks a model per rubric category."
"Write lib/scoring.js exporting SCORE_WEIGHTS (object keyed by category, values summing to 1.00), calculateOverallScore(company), getScoreVerdict(score) returning one of [Strong Pass | Pass | Watch | Refer | Hard Pass], getScoreClass(verdict) returning a Tailwind color class, calculateCompletionStats(company). Write 12+ Vitest tests against the actual exports. Do NOT guess the export shape; READ the file first."
"Wire Stripe checkout for 4 plans (Solo $49/mo, Solo $468/yr, Fund $199/mo, Fund $1908/yr) on a Next.js 15 App Router app using Supabase auth. Create app/api/stripe/checkout/route.js and app/api/stripe/webhook/route.js. The getStripe() helper must attach Stripe.StripeContext([STRIPE_ACCOUNT_ID]) when STRIPE_ACCOUNT_ID env var is present (org-key support). The webhook must verify stripe-signature with STRIPE_WEBHOOK_SECRET and update the Supabase user row on checkout.session.completed and the four subscription events."
What DueDrill Is Not
It is not a replacement for PitchBook or Crunchbase as a market-wide deal sourcing database. It is not a replacement for an attorney, a tax specialist, or a Big-Four QofE provider. It is not a research robot that promises “truth” about a private company — every AI-generated field is presented with citation, confidence and an edit button.
What it is: a judgment layer for a solo investor or small fund. It takes a company name and produces an IC-ready, citation-rich, weighted memo at 1/50th the price of incumbent platforms. The narrowness is the point. Tools that solve one decision for one persona ship and stick. Tools that try to be Bloomberg-for-private-markets die in demo.
The question is not
"can AI do diligence?"
The question is:
"What is the one decision in my week that, if I could score it consistently in 30 minutes, would change the deals I take?"
The rubric is the product. If you can write yours in one Notion page, you can build the equivalent of DueDrill for your decision. The next 240 hours are getting it shipped.
This walkthrough is part of the Portfolio Leverage Co. Build Bench series. For the weekly operating brief, subscribe above. For the cohort where we build these tools together, apply here.