An enterprise walkthrough·For every stakeholder

Turn a 47-page sales deck into a defensible risk verdict — in the time it takes to read the cover page.

This is how an AI-powered deal assessment platform ingests a sales artifact, reads every slide, applies your risk policy, and produces dashboard intelligence every stakeholder can trust — with evidence, not opinions. We walk through a real deck: the ACME — SNCF Voyageurs BAFO V2 review.

Sign up with your own tenantDemo tenant is pre-populated with 3 scored deals, 13 risks, and open HITL tasks.
For the Business

Start with the story

The problem, the promise, and a reviewer's Tuesday morning with the platform.

Read in 4 minutes →
For the Engineers

Skip to the architecture

The stack, the data model, the extraction pipeline, and the API surface.

Deep-dive section →
6min
Upload to scored dashboard
100%
Cited to source page & slide
19
Risks surfaced from the SNCF deck
3
Auto-escalated for GRB decision
PDF
ACME_SNCF_CdS_Voyageurs_BRM_Deck_V1.5.pdf
47 slidesBAFO submissionTCV 381 M€8-year horizonFR / MA / ES delivery
Ingesting
Business
01 — The Problem

Deal risk review is slow, inconsistent, and impossible to audit.

Every major deal now goes through a Bid Risk Management (BRM) review — and the larger the deal, the longer the deck. What reviewers do with those decks today is broadly the same across the industry, and it's broken in broadly the same ways.

4–6hrs

Per reviewer, per deck

A BRM analyst reads the deck once, builds a side-spreadsheet of risks, chases the bid team for missing numbers, then drafts a memo. Bigger decks — 50+ slides with financial annexes — routinely take a full day before a verdict lands.

Typical enterprise BRM workflow
20+

Round-trips with the bid team

Reviewers don't catch every risk on the first read. Penalty caps, cash exposure peaks, sub-contractor capacity, data-residency exposure — each lives on a different slide, in a different format, and triggers a separate clarification email.

Across legal, commercial, delivery domains
0

Citations in the final memo

The GO/NO-GO recommendation reaches the committee as prose. When Legal or Treasury later asks “where did the 4.8 M€ cash exposure figure come from?”, the answer is “I'll find it” — and finding it means re-opening the 47-page deck.

At the point of escalation
By the time we finish one review, the bid team has already submitted the next iteration. We're assessing risk on a document that doesn't exist anymore.
— Head of BRM, global IT services firm
Business
02 — What the Platform Does

Four steps. Every one of them traceable.

At a high level, the platform does what a team of analysts would do if they could read every page simultaneously, apply the same rubric every time, and never lose track of which slide a finding came from.

01

Receive

A reviewer — or the bid team directly — uploads the BRM deck. The file is logged, versioned, and validated. Nothing is lost if the document changes between V1 and BAFO.

Seconds
02

Read

The platform reads every slide, table, and chart. Scanned pages are OCR'd; layouts are preserved so a finding on slide 34 knows it came from slide 34 — and from the risk table, not the footer.

~60 seconds
03

Interpret

Twelve specialist extractors — delivery, legal, financial, cyber, compliance — each pull the risks they understand. Your risk office's policy then scores, flags, and escalates according to rules you control.

~3 minutes
04

Deliver

A live dashboard with a risk score, categorized cards, and one-click traceability to the exact sentence on the exact slide. Legal and Treasury see the same view — no emailed memos.

Instant
Business
03 — A Tuesday Morning

One reviewer. One deck. One hour to decision.

Here is what the SNCF review actually looks like, timestamp by timestamp, for a BRM analyst using the platform for the first time this quarter.

A

Aude — BRM Reviewer, Southern & Central Europe SBU

Responsible for GRB escalation recommendation on SNCF Voyageurs V2
Deal: SNCF CdS V2
Deadline: Friday 17:00
TCV: 381 M€
Monday — 17:42
The bid team submits the BAFO V2 deck.
Aude's inbox receives the 47-page deck from the bid team lead. She has a Friday deadline to prepare the GRB recommendation — four days, including two other deals and a Thursday that's already blocked.
Tuesday — 09:02
Aude uploads the deck.
She drags the PDF onto the platform's deal page for SNCF Voyageurs. The platform detects this is the V2 of an existing deal; it automatically compares sections against V1 so she'll see what changed, not just what's there.
Tuesday — 09:04
The pipeline progress indicator walks through the stages.
Aude watches as each stage lights up: parsing, reading, routing, extracting, scoring. She steps away for a coffee. By the time she's back at her desk, the dashboard has painted in.
Tuesday — 09:08
The dashboard opens with a Risk Index of 68 — amber.
Six rules fired, three of them escalations. The platform surfaces nineteen risks across delivery, commercial, legal, financial, and compliance categories. Three are flagged critical with no contingency budgeted. Aude knows where to spend her hour.
Tuesday — 09:15
She clicks into the top-flagged risk: GenAI tooling not ready in 2026.
The platform opens a side panel showing slide 34, row 5 with the exact sentence highlighted. The bid team committed a 7–25% productivity gain from GenAI starting 2026, but the deck notes no commitment from SNCF to be on track, and no contingency is budgeted if the tooling slips. R−DEL−011 fired
Tuesday — 09:28
She cross-checks the cash exposure: 4.85 M€ max.
Another card links her directly to slide 24, where the cumulative cash-flow chart shows a dip in month 10. The platform has already correlated this with the “transition for free” concession on slide 21 — which would push max exposure to 8.2 M€. Treasury needs to see this; the card's “Share” button sends them the same URL she's looking at.
Tuesday — 09:41
Legal opens the same dashboard. They see the no-penalty-cap flag.
Without Aude forwarding anything, the firm's legal CCM lead has seen the two legal-red items: no penalty cap in the SNCF Framework Agreement (slide 35 + slide 42) and uncapped liability for confidentiality breach (slide 43). The platform routed them there automatically based on category rules.
Tuesday — 10:05
Aude submits her GRB recommendation.
The memo writes itself from the dashboard state: top risks, rule fires, escalations, owner assignments, citations. Every line traces back to a slide number. When the GRB committee meets Thursday, they won't ask “where's this from?” — they'll see it.
Wednesday — 11:30
The bid team submits a V2.1 with revised GenAI commitments.
Aude uploads the new deck. The platform re-scores in six minutes and shows a diff view — which risks have been mitigated, which persist, which are new. Her Thursday briefing is a three-minute walkthrough of what changed.
Business
04 — The Dashboard

The SNCF deck, now queryable intelligence.

This is what opens on Aude's screen at 09:08. Every card is backed by a cited finding; every figure links to the exact location in the source deck. Hover, click, share.

Deals  /  SNCF Voyageurs — CdS BAFO V2
TCV381 M€
GOP11.8%
Cash exp.4.85 M€
Horizon5+1+1+1
68
Risk Index

Elevated — 6 rules fired, 3 High-impact risks uncontingent

Delivery and Commercial are the primary drivers. Penalty-cap absence plus GenAI dependency on client readiness contribute 40% of the total index. Morocco scenario adds geographic risk, offset by mitigating GOP expansion.

Delivery
78
Commercial
71
Legal
64
Financial
52
Compliance
38
R−DEL−11
DELIVERY
GenAI tooling not ready in 2026 — productivity commitments at risk
ImpactH
ProbabilityM
ContingencyNone
OwnerEM / DE / CCM
“Productivity gain on dev/Unit Tests modelized from 2026: 7% → 25%. No commitment from SNCF to be on track. GOP impact if delayed.”
slide 34 · slide 17 · slide 18
R−LEG−01
LEGAL
No penalty cap in SNCF framework agreement — uncapped exposure
ImpactH
ProbabilityM
Contingency1% revenue provision
OwnerTaous (CCM)
“Multiple cumulative penalties, no penalty cap, penalties not dischargeable from damages linked to the liability clause.”
slide 35 · slide 42
R−DEL−01
DELIVERY
6-month transition ramp-up — staffing risk in France
ImpactH
ProbabilityM
ContingencyDedicated partner
OwnerTransition Manager
“5 waves, KPIs & milestones, reverse documentation tools, pre-sales anticipation of key people.”
slide 3 · slide 33
R−CASH−02
FINANCIAL
Max cash exposure 4.85 M€ at month 10 — payback at month 25
ImpactH
ProbabilityH
ContingencyNone
OwnerAude (Financial Modeler)
“Transition-for-free concession worsens cash: 4.8 M€ → 8.2 M€ exposure in both Morocco and France models.”
slide 24 · slide 32 · slide 21
R−GEO−07
COMPLIANCE
53% delivery from Morocco by Year 4 — data sovereignty review
ImpactH
ProbabilityM
ContingencyDRPA 5-Jan
OwnerDPO Office
“Year 3: 24% Morocco → Year 4: 53% Morocco. Personal data processing purpose not defined at this stage.”
slide 21 · slide 37 · slide 44
R−3PP−01
COMMERCIAL
ARCESI co-contractor capacity — RSE target dependency
ImpactH
ProbabilityH
ContingencyMixed teams
OwnerTransition Mgr
“Arcesi services not at expected target level. ACME support + training during first 2 years, mixed teams before 100% Arcesi.”
slide 8 · slide 34 · slide 38

What Aude does next: opens any card, reads the source slide, forwards to the relevant owner with one click. What she doesn't do: build a spreadsheet, chase the bid team, re-read the deck cover-to-cover.

Business
05 — Can You Trust It?

The platform's job is not to replace your judgment. It's to defend it.

Every figure, flag, and excerpt on the dashboard is evidence — captured with the precision of a footnote and the speed of a search engine. Three principles enforce this, and they're structural, not aspirational.

1.

Every insight has a citation — no exceptions.

A risk cannot appear on the dashboard without a record pointing to the exact slide and bounding box it came from. This is enforced at the database level, not by convention. If the platform can't cite it, the platform doesn't show it.

2.

The reasoning is replayable.

Each risk carries a full chain: which AI model read it, which prompt version, which rules fired, which version of your policy applied. Six months from now, when Legal asks how you reached a 2026 decision, the platform will recreate the exact view the reviewer saw.

3.

The reviewer is always in the loop.

Scores are recommendations, not verdicts. A reviewer can accept, modify, or reject any flag, and their override is captured with a reason code — feeding back into policy refinement. The platform learns from the humans it serves.

What you see on the dashboard
A red flag on the card “GenAI tooling not ready in 2026.”
risk.id = e8a4…
score = 18.0
rag = red
impact = High
The evidence that produced it
A citation row tying the flag to a specific passage.
citation.id = 3f1c…
extracted_by = claude–sonnet
confidence = 0.94
rules_fired = R−DEL−011
The original source
Slide 34, row 5 of the BRM deck — highlighted in the viewer.
page = 34
section = risk.delivery
bbox = [141,302,1782,346]
text = “GenAI tolling not ready…”

What happens when the platform is wrong?

Large-language-model outputs are probabilistic, and the platform treats them that way. Every extraction is stored with a confidence score; anything below threshold is routed to human review rather than auto-scored. Reviewer overrides are captured and fed back into model evaluation — disagreements between human and model are a signal, not a problem.

When the rule set or the extractor logic changes, historical deals are not silently re-scored. Each projection is versioned; the dashboard always shows “scored on policy v3.7, extractor v12” and offers a “preview under new policy” toggle. You keep the audit record of what was decided, when, and under what rubric.

Business
06 — Policy & Control

Your risk office owns the rules. Not your engineering team.

The AI extracts. The policy decides. That separation is deliberate — because what counts as “high risk” is a business judgment that should be made by the people accountable for it, and changed whenever appetite changes, without waiting for a software release.

Rules are data, not code.

Every rule is a plain-language statement with a predicate (what to look for), an action (what to do), and a delta (how much it moves the score). The risk office authors, reviews, and deploys rules through an admin interface — no engineering ticket required.

When the Head of BRM decides that public-sector deals over 300 M€ require treasury sign-off regardless of cash profile, the rule goes live for the next deal the next morning — and every historical deal can be re-scored against the new rule in under a second to see what would have changed.

The policy is versioned and auditable.

Rule changes are tracked the way source code is tracked: who changed what, when, and why. The dashboard shows which policy version produced a given score, so you can defend decisions against the rubric that actually applied at the time — not the rubric in force today.

This is what makes the platform usable across regulated clients. The rulebook is the product; the AI is the reader.

Any High-impact delivery risk without a contingency escalates to GRB.
Fires when an extracted delivery risk has Impact=High and no contingency is budgeted in the solution. Authored by Head of BRM, 2026–Q1.
Rule: R−DEL−011Owner: BRM OfficeScore delta: +18.0Version: 3.7
Framework Agreements with no penalty cap require Legal-Red.
Fires when penalty-cap clause is absent AND client is public sector. Defaults the risk to critical regardless of probability.
Rule: R−LEG−004Owner: Group LegalScore delta: +22.5Version: 3.7
Max cash exposure above 4 M€ or payback beyond 24 months triggers treasury review.
Two-predicate rule — either condition is sufficient. Sends an automated notification to the treasury distribution list.
Rule: R−CASH−002Owner: Group TreasuryScore delta: +12.0Version: 3.7
A credible mitigation with a named owner reduces the risk score.
Rewards concrete mitigation plans (non-empty mitigations array, named responsible party). This is how the platform distinguishes “we’ll figure it out” from “the Transition Manager owns this with a dated plan.”
Rule: R−MIT−009Owner: BRM OfficeScore delta: −3.0Version: 3.7
Technical
07 — Under the Hood

For the engineers in the room.

Everything above described what the platform does. This section is for the stakeholders who need to know how — the stack, the pipeline, the data model, and the API surface. Skip this section if you're only here for the outcomes.

Deep dive

The platform is opinionated about its dependencies. Next.js 15 on Vercel for the edge and server components. Supabase as the system of record (Postgres + pgvector + Storage + Realtime + RLS). Inngest for durable orchestration. A provider-agnostic LLM router fronting Claude Sonnet 4.5, Haiku 4.5, and Voyage-3 embeddings. Observability through Langfuse. Every piece earns its place.

01Presentation

Next.js 15 App Router — RSC + Server Actions

What the reviewer touches.

React Server Components render dashboard shells on the edge. Supabase Realtime streams risk-score updates into client components as the pipeline completes. Suspense boundaries match pipeline stages, so partial results paint progressively — Aude sees delivery risks before commercial ones finish computing.

Next.js 15.x RSC
Tailwind v4
shadcn/ui
TanStack Query
Recharts
Motion
Vercel Edge
02API / BFF

Server Actions, tRPC, and Supabase RPC

How data flows to and from the UI — safely and typed end-to-end.

Type-safe server actions handle mutations. Read paths use row-level-security-scoped Supabase queries with pgbouncer pooling. Long-running reads go through tRPC subscriptions; high-fanout reads are served from Upstash Redis with a 60-second TTL. The front end never talks to Anthropic or OpenAI directly.

tRPC 11
Zod
Supabase SSR
Upstash Redis
Supabase Auth
03Orchestration

Inngest durable workflows + worker fleet

The conductor ensuring every step runs, retries cleanly, and can be replayed.

Each document triggers a multi-step Inngest function with retries, step-level idempotency, and checkpointing. Heavy extraction runs on a Fly.io worker pool; OCR and layout parsing run on dedicated containers with larger memory footprints. Failures replay from any step without reprocessing the whole document.

Inngest step functions
Fly.io worker pool
BullMQ fallback
Temporal cross-org
04Intelligence

LLM routing, structured extraction, embeddings

The platform's reading, reasoning, and memory.

Claude Sonnet 4.5 handles high-stakes risk reasoning and clause interpretation via structured outputs (JSON Schema + tool use). Haiku 4.5 runs cheap first-pass classification and routing. Mistral OCR handles scanned pages. Voyage-3 produces embeddings for semantic search and cross-document memory. All calls pass through a provider-agnostic router with fallbacks and cost telemetry.

Claude 4.5 Sonnet / Haiku
Mistral OCR
LlamaParse
Voyage-3
Langfuse
Helicone
05Storage

Supabase Postgres + pgvector + Storage + R2

The source of truth. Everything else is a cache.

Postgres holds the normalized deal model, extractions, risks, and citations. pgvector stores chunk embeddings (HNSW-indexed). Supabase Storage holds the original artifact plus rasterized page images. Cloudflare R2 mirrors the immutable archive for long-term retention. All writes flow through a typed deal_events append-only log — the dashboard is a projection of that log.

Supabase Postgres 16
pgvector + HNSW
Supabase Storage
Cloudflare R2
Postgres RLS
pg_partman

The pipeline, stage by stage.

Eleven stages. Each one shows what the platform does in plain English and — for the engineers — the actual operation. The interactive trace-player is Deliverable-5 work; this is the static contract.

Tracing risk → sncf-cds-v1.5 → slide 34 → row 5
01
The document arrives.
Intake
Signed URL · Storage
02
Validate before spending a token.
Stage + Scan
ClamAV · Checksum
03
Read every slide. Preserve the layout.
Parse + OCR
LlamaParse · Mistral OCR
04
Make it searchable — by meaning.
Chunk + Embed
Semantic splitter · Voyage-3
05
Send each chunk to the right specialist.
Route
Section classifier
06
Understand what each risk actually says.
Extract
Claude Sonnet · Tool use
07
Translate to one shared language.
Normalize
Pure TS · Zod
08
Apply the risk office's rulebook.
Evaluate rules
Policy engine · TS
09
Aggregate. Compare to prior deals.
Score + Enrich
SQL view · Memory
10
Commit the verdict. Tell the world.
Persist + Emit
Postgres · Realtime
11
Paint the dashboard. Aude sees it.
Render
Next.js RSC · Suspense

The data model.

Append-only events as the source of truth. Risks, scores, and citations are projections computed from that stream — which is why the full reasoning chain can always be replayed for any dashboard element.

dealsentity
iduuid
client_nametext
tcv_eurnumeric
duration_yearssmallint
geographic_scopejsonb
delivery_modeltext[]
contract_typetext
statusenum
documentsartifact
iduuid
deal_id→ deals
versiontext
storage_keytext
sha256bytea
page_countint
parse_statusenum
uploaded_attimestamptz
chunksunstructured
iduuid
document_id→ docs
page_numberint
bboxjsonb
texttext
text_tsvtsvector
embeddingvector(1024)
section_tagtext
extractionsstructured
iduuid
document_id→ docs
extractor_keytext
schema_versiontext
payloadjsonb
confidencenumeric
modeltext
cost_usdnumeric
risksnormalized
iduuid
deal_id→ deals
categoryenum
titletext
impactseverity
probabilityseverity
ragenum
scorenumeric
contingency_presentbool
citationstraceability
iduuid
risk_id→ risks
chunk_id→ chunks
page_numberint
bboxjsonb
verbatimtext
extracted_bytext
confidencenumeric
rulespolicy
iduuid
rule_codetext
categorytext
predicatejsonb
actionjsonb
severityenum
ownertext
versionint
scoresprojection
iduuid
deal_id→ deals
computed_attimestamptz
overallnumeric
by_categoryjsonb
top_driversjsonb
ragenum
policy_versiontext
deal_eventsappend-only
idbigserial
deal_id→ deals
event_typetext
payloadjsonb
actortext
occurred_attimestamptz
Business
08 — What Actually Changes

The platform earns its place by moving measurable numbers.

Every figure below comes from the before/after delta we've observed with pilot customers running on their own historical deal portfolios. The units are hours, euros, and consistency scores — not model benchmarks.

Before: 4–6 hrs per deck
6min
Time to first scored view
Upload to painted dashboard, 47-page deck, including OCR and all 12 extractors.
Before: 0% with page references
100%
Citation coverage
Every finding traces to a slide and bounding box. Enforced by the database, not by convention.
Before: inconsistent across reviewers
1
Rubric, applied uniformly
The same rule set runs on every deal, every time — and updates propagate in seconds.
Before: days to re-assess
<1sec
Full-portfolio re-scoring
When policy tightens, every historical deal re-scores against the new rules to preview impact.
Before: ~60% of risks flagged
92%
Risk coverage vs. manual review
Against BRM Office ground-truth on 40 historical decks, the platform surfaces 92% of material risks on first pass.
Before: no audit trail
Replay horizon
Any score from any point in the platform's history can be reproduced, with the exact model and policy version that produced it.
Before: $0 tracked per review
$0.41
Cost per deal (LLM spend)
Haiku for classification, Sonnet for reasoning-heavy extractors. Full cost telemetry per deal, per extractor.
Before: email chains
0
Memos forwarded
Legal, Treasury, and Delivery all look at the same live URL. The dashboard is the memo.