The operating system for sovereign blockchain intelligence.
Bridge anonymous on-chain activity to verified institutional identity - with audit-grade forensics built for national regulators and sovereign financial rails.
Authorized operators only · MFA enforced on privileged roles
HERO STAGE // SECURE
Entity graph
CHAINS
Live ingestion via sovereign adapters
SCORING
1–0
Recursive taint exposure with explainable decay
AUDIT
sha256:e4b7…2f91
Every investigative action recorded to ledger
Deployed for sovereign oversight · Policy-gated national connectors · Zero synthetic executive data in live mode
THE INTELLIGENCE GAP
Blockchains are transparent. Attribution is not.
Digital asset flows cross borders in seconds. Investigators inherit fragmented address lists, unverified labels, and point-in-time chain state - while adversaries exploit chain-hopping, mixer proximity, and entity fragmentation to obscure intent.
National regulators and financial intelligence units require more than transaction hashes. They require entity resolution, governed OSINT enrichment, temporal reconstruction, and evidence that survives supervisory review and court scrutiny. WI3 closes that gap with an attribution-first investigative operating environment - engineered for sovereign deployment, not multi-tenant SaaS extraction.
THE PLATFORM
See. Prove. Act.
A single sovereign environment that connects national oversight, forensic investigation, and regulated intervention - without losing audit context between modules.
CAPABILITY MATRIX
Four engines. One sovereign graph.
WI3 synthesizes ledger clustering, OSINT attribution, dynamic risk scoring, and investigative workbench capabilities into a unified attribution-first architecture - API-first for ecosystem integration, operator-grade for human forensics.
GRAPH SENSE–CLASS HEURISTICS
cluster(addr[]) → entity_id
Entity resolution at scale
Continuously ingests Bitcoin and EVM telemetry through decoupled chain adapters - Blockstream, Etherscan V2, optional archival RPC - parsing thousands of addresses into singular entity profiles via multi-input spend heuristics. Neo4j stores relationship topology for pathfinding; DuckDB sidecar powers transactional OLAP.
- + Entity graph with SENT and PART_OF clustering
- + Change-address labeling (confidence-scored, non-deterministic)
- + Bridge transfer registry with governed ingest
GOVERNED ENRICHMENT
transform(seed) → review → tag
Real-world labels on cryptographic nodes
Transform catalog and async jobs enrich entities from forums, registries, and sanctioned lists. Findings enter a review queue before promotion to version-controlled TagPacks with hashed provenance URLs. Identity links connect opaque email, phone, and handle references to wallet clusters - no raw PII in browser logs.
- + Intelligence Hub with Overview, OSINT, Review, Directories, Governance tabs
- + TagPack provenance and analyst approve/reject workflow
- + Identity-first trail API for multi-wallet merge
CRYSTAL-CLASS SCORING
R = min(100, Σ(Eᵢ × Wᵢ) × γ^hᵢ)
Explainable taint from source to sink
Recursive exposure scoring weights fund origins by category - sanctioned, mixer, darknet, exchange - with hop decay across the entity graph. Behavioral flags surface peeling chains, structuring patterns, and high-frequency anomalies with deterministic evidence and legal disclaimers.
- + 1–100 taint scores with exposure breakdown
- + RegTech AlertProfile auto-evaluation on investigate
- + Partner risk hook for Birrezy and Akafay-class integrations
MALTEGO-CLASS FORENSICS
pathfind(seed, anchor) → route[]
Human analysts at the center of the graph
High-contrast node-link canvas with topology minimap, layout presets, temporal replay, and right-rail intelligence - entity risk banner, recent flows, ISP correlation when ingested, Fayda eligibility when policy-enabled. Right-click context menu surfaces audited freeze, flag, and case-attach mutations.
- + Pathfinding toward anchor_crosschain and sanction sinks
- + Evidence bundle ZIP with X-WI3-Bundle-Aggregate-SHA256
- + War Room collaborative sessions with durable event sequencing
SOVEREIGN ARCHITECTURE
Built for jurisdiction. Engineered for audit.
WI3 deploys on open-source infrastructure you control - PostgreSQL, Neo4j, FastAPI, Next.js - with decoupled chain adapters and policy gates for national connectors.
PostgreSQL
RELATIONAL STORE // ACID COMPLIANT
Neo4j
GRAPH COMPUTE // TRAVERSAL ENGINE
DuckDB
OLAP SIDECAR // TX AGGREGATION
FastAPI
ASYNC I/O // HIGH-THROUGHPUT
Next.js
OPERATOR UI // BFF AUTH
Chain Adapters
BLOCKSTREAM // ETHERSCAN V2
Cytoscape.js
FORENSIC CANVAS // LINK ANALYSIS
Audit Ledger
IMMUTABLE // SHA-256 CHAIN
Policy Gates
FAYDA // OSINT // CORRELATION
Attribution-first
Graph and metadata flows reinforce entity linkage. Orphan addresses are investigative seeds, not operational actors, when cluster bindings exist.
Decoupled chain data
All blockchain reads route through adapter modules. Swap HTTP public APIs for full-node RPC without touching route handlers or investigative UX.
Audit-by-default
Every graph expansion, OSINT promotion, case seal, and intervention trigger writes an AuditLog row - actor, action, target identifiers.
Policy-gated integrations
Fayda national-ID lookup, ISP correlation ingest, and OSINT promotion to production tags require explicit deployment policy and legal sign-off.
Next.js 14 · FastAPI · PostgreSQL · Neo4j · DuckDB · Cytoscape.js · JWT + RBAC + MFA
Sovereign Open-Source stack. No vendor lock-in. Data remains in your jurisdiction. Machine clients authenticate via scoped API tokens for institutional integration.
FORENSIC WORKBENCH
Forensic Workbench
Graph-first investigation that follows the money across time, chains, and identity.
Investigators seed from wallet address, transaction hash, or identity artifact - email, phone, handle - and expand into a Cytoscape-powered link graph. Neighbor expansion, automated pathfinding toward exchanges and sanctioned anchors, and temporal pinning reconstruct historical ledger state at any block height. War Rooms enable multi-agency collaboration with presence, notes, and counsel read-only snapshot links. Every graph mutation writes an immutable AuditLog row.
- ›Sovereign Search and Command Palette (⌘K) for sub-second entity preview
- ›Cross-chain bridge overlay via curated registry and BRIDGE_TRANSFER edges
- ›BTC change/recipient heuristics with confidence-scored disclaimers
- ›Investigation snapshots sealed to cases with chained ledger integrity
GRAPH TRAVERSAL - ILLUSTRATIVE
OPERATIONAL WORKFLOW
From alert to enforcement - without losing the audit trail.
01
Detect
Monitor sanctions radar, RegTech profiles, and red-flag ticker surface anomalous flows and new hits
02
Investigate
Sovereign Search seeds the Workbench; analysts expand graph, pin block height, pathfind to off-ramps
03
Attribute
Intelligence Hub enriches entities; approved OSINT tags and identity links resolve who
04
Document
Snapshot attaches to case; audit ledger chains SHA-256 rows; evidence bundle assembles for counsel
05
Intervene
Decision Pro dispatches freeze or flag to partner institution when outbound policy is configured
01 - Ingest
BTC/EVM blocks via sovereign adapters
02 - OSINT Enrich
Governed transforms + review queue
03 - Entity Resolve
Multi-input clustering → entity graph
04 - Graph Visualize
Forensic canvas + pathfinding
05 - Intervene
Decision Pro outbound trigger
Every step is actor-attributed. Every mutation is reversible in UI with audit toast confirmation. Every export carries manifest integrity.
AUTHORIZED OPERATORS
Purpose-built for national financial and security institutions.
Analysts & Investigators
National security
Cyber-terrorism OSINT, dark-web attribution, fraud pattern detection - MFA-enforced
AML/CFT Officer
Financial intelligence
AML/CFT investigation, behavioral flags, FATF-aligned reporting
Regulatory Observer
Central bank
Supervisory dashboard, capital-flow oversight, sandbox pilot monitoring
Case Owner
Enforcement
Case lifecycle, evidence sealing, court bundle export
Data Steward
Intelligence ops
TagPack curation, OSINT review queue, metadata governance
API Institutional
Partner systems
Machine-scoped read:risk_hook for pre-transaction clearance
RBAC scopes gate every module. Observer roles receive read-only graph and case access. Super-admin operations require break-glass policy alignment.
TRUST & COMPLIANCE
Forensic integrity is not a feature. It is the architecture.
Security
- +Immutable AuditLog on every investigative action
- +Chained SHA-256 case ledger (ledger_prev_sha256 / ledger_row_sha256)
- +JWT session gate with optional OIDC SSO and MFA for privileged roles
- +HMAC-authenticated Decision Pro outbound with payload_sha256 audit
- +Evidence bundle aggregate hash header for chain-of-custody
- +Break-glass super-admin with documented operator procedure
Regulatory alignment
- +AML/KYC and FATF supervisory framing
- +OFAC, UN, and national watchlist sanctions radar
- +RegTech alert profiles with simulation before go-live
- +OSINT promotion requires HTTPS source URLs and analyst review
- +Geo attribution: region aggregates only; lawful-basis copy in UI
- +Purpose limitation and DPIA placeholders for national connectors
WI3 investigative outputs are furnished for compliance and supervisory coordination - not as definitive legal adjudication or exclusive proof-of-funds. Chain state is point-in-time. Verify against primary archival sources before enforcement actions.
WHY WI3
Not another block explorer.
Attribution-first, not address-first
Entity clustering and governed OSINT resolve who - not just what address sent funds.
Sovereign deployment, not SaaS extraction
On-prem open-source stack. Your data. Your jurisdiction. Your policy gates.
Prove in court, not in screenshots
Server-rendered evidence bundles with manifest, audit excerpt, and legal templates.
Act on risk, not just report it
Decision Pro freeze-flow connects forensics to partner liquidity and banking rails.
Collaborate across agencies, not in silos
War Rooms, counsel read-links, and role-scoped RBAC for multi-stakeholder investigations.
Initialize your session.
Authorized operators and sovereign ID verification channels are available through the Secure Gateway.
WI3 · SOVEREIGN GUARD · SECURE GATEWAY
National identity verification via Fayda integration channel - opaque references only; no biometrics collected in-browser.
Gateway status: READY · Session gate: ENFORCED · Desktop operator console required