SOVEREIGN GUARD

OPERATOR LOGIN →

The operating system for sovereign blockchain intelligence.

Bridge anonymous on-chain activity to verified institutional identity - with audit-grade forensics built for national regulators and sovereign financial rails.

Authorized operators only · MFA enforced on privileged roles

HERO STAGE // SECURE

Forensic consoleOperational
>
AUDIT :: graph_expand · actor OP-9001 · target ent_7f3a

Entity graph

HOPS 3
TAINT 73
ent_7f3a

CHAINS

BTCEVM

Live ingestion via sovereign adapters

SCORING

1–0

Recursive taint exposure with explainable decay

AUDIT

sha256:e4b7…2f91

Every investigative action recorded to ledger

Deployed for sovereign oversight · Policy-gated national connectors · Zero synthetic executive data in live mode

Blockchains are transparent. Attribution is not.

Digital asset flows cross borders in seconds. Investigators inherit fragmented address lists, unverified labels, and point-in-time chain state - while adversaries exploit chain-hopping, mixer proximity, and entity fragmentation to obscure intent.

National regulators and financial intelligence units require more than transaction hashes. They require entity resolution, governed OSINT enrichment, temporal reconstruction, and evidence that survives supervisory review and court scrutiny. WI3 closes that gap with an attribution-first investigative operating environment - engineered for sovereign deployment, not multi-tenant SaaS extraction.

Without WI3
With WI3
Orphan addresses with no entity tie
Clustered entities via multi-input heuristics and governed tag promotion
Static chain snapshots
Time-travel reconstruction pinned to block height
Passive analytics dashboards
Active intervention via Decision Pro freeze-flow to partner rails
Ad-hoc screenshots for cases
Court-ready evidence bundles with SHA-256 manifest and audit excerpt

See. Prove. Act.

A single sovereign environment that connects national oversight, forensic investigation, and regulated intervention - without losing audit context between modules.

Four engines. One sovereign graph.

WI3 synthesizes ledger clustering, OSINT attribution, dynamic risk scoring, and investigative workbench capabilities into a unified attribution-first architecture - API-first for ecosystem integration, operator-grade for human forensics.

GRAPH SENSE–CLASS HEURISTICS

cluster(addr[]) → entity_id

Entity resolution at scale

Continuously ingests Bitcoin and EVM telemetry through decoupled chain adapters - Blockstream, Etherscan V2, optional archival RPC - parsing thousands of addresses into singular entity profiles via multi-input spend heuristics. Neo4j stores relationship topology for pathfinding; DuckDB sidecar powers transactional OLAP.

  • + Entity graph with SENT and PART_OF clustering
  • + Change-address labeling (confidence-scored, non-deterministic)
  • + Bridge transfer registry with governed ingest

GOVERNED ENRICHMENT

transform(seed) → review → tag

Real-world labels on cryptographic nodes

Transform catalog and async jobs enrich entities from forums, registries, and sanctioned lists. Findings enter a review queue before promotion to version-controlled TagPacks with hashed provenance URLs. Identity links connect opaque email, phone, and handle references to wallet clusters - no raw PII in browser logs.

  • + Intelligence Hub with Overview, OSINT, Review, Directories, Governance tabs
  • + TagPack provenance and analyst approve/reject workflow
  • + Identity-first trail API for multi-wallet merge

CRYSTAL-CLASS SCORING

R = min(100, Σ(Eᵢ × Wᵢ) × γ^hᵢ)

Explainable taint from source to sink

Recursive exposure scoring weights fund origins by category - sanctioned, mixer, darknet, exchange - with hop decay across the entity graph. Behavioral flags surface peeling chains, structuring patterns, and high-frequency anomalies with deterministic evidence and legal disclaimers.

  • + 1–100 taint scores with exposure breakdown
  • + RegTech AlertProfile auto-evaluation on investigate
  • + Partner risk hook for Birrezy and Akafay-class integrations

MALTEGO-CLASS FORENSICS

pathfind(seed, anchor) → route[]

Human analysts at the center of the graph

High-contrast node-link canvas with topology minimap, layout presets, temporal replay, and right-rail intelligence - entity risk banner, recent flows, ISP correlation when ingested, Fayda eligibility when policy-enabled. Right-click context menu surfaces audited freeze, flag, and case-attach mutations.

  • + Pathfinding toward anchor_crosschain and sanction sinks
  • + Evidence bundle ZIP with X-WI3-Bundle-Aggregate-SHA256
  • + War Room collaborative sessions with durable event sequencing

Built for jurisdiction. Engineered for audit.

WI3 deploys on open-source infrastructure you control - PostgreSQL, Neo4j, FastAPI, Next.js - with decoupled chain adapters and policy gates for national connectors.

PostgreSQL

RELATIONAL STORE // ACID COMPLIANT

Neo4j

GRAPH COMPUTE // TRAVERSAL ENGINE

DuckDB

OLAP SIDECAR // TX AGGREGATION

FastAPI

ASYNC I/O // HIGH-THROUGHPUT

Next.js

OPERATOR UI // BFF AUTH

Chain Adapters

BLOCKSTREAM // ETHERSCAN V2

Cytoscape.js

FORENSIC CANVAS // LINK ANALYSIS

Audit Ledger

IMMUTABLE // SHA-256 CHAIN

Policy Gates

FAYDA // OSINT // CORRELATION

Attribution-first

Graph and metadata flows reinforce entity linkage. Orphan addresses are investigative seeds, not operational actors, when cluster bindings exist.

Decoupled chain data

All blockchain reads route through adapter modules. Swap HTTP public APIs for full-node RPC without touching route handlers or investigative UX.

Audit-by-default

Every graph expansion, OSINT promotion, case seal, and intervention trigger writes an AuditLog row - actor, action, target identifiers.

Policy-gated integrations

Fayda national-ID lookup, ISP correlation ingest, and OSINT promotion to production tags require explicit deployment policy and legal sign-off.

Next.js 14 · FastAPI · PostgreSQL · Neo4j · DuckDB · Cytoscape.js · JWT + RBAC + MFA

Sovereign Open-Source stack. No vendor lock-in. Data remains in your jurisdiction. Machine clients authenticate via scoped API tokens for institutional integration.

Forensic Workbench

Graph-first investigation that follows the money across time, chains, and identity.

Investigators seed from wallet address, transaction hash, or identity artifact - email, phone, handle - and expand into a Cytoscape-powered link graph. Neighbor expansion, automated pathfinding toward exchanges and sanctioned anchors, and temporal pinning reconstruct historical ledger state at any block height. War Rooms enable multi-agency collaboration with presence, notes, and counsel read-only snapshot links. Every graph mutation writes an immutable AuditLog row.

  • Sovereign Search and Command Palette (⌘K) for sub-second entity preview
  • Cross-chain bridge overlay via curated registry and BRIDGE_TRANSFER edges
  • BTC change/recipient heuristics with confidence-scored disclaimers
  • Investigation snapshots sealed to cases with chained ledger integrity

GRAPH TRAVERSAL - ILLUSTRATIVE

HOPS: 3
TAINT: 73
ENTITY: ent_7f3a

From alert to enforcement - without losing the audit trail.

01

Detect

Monitor sanctions radar, RegTech profiles, and red-flag ticker surface anomalous flows and new hits

02

Investigate

Sovereign Search seeds the Workbench; analysts expand graph, pin block height, pathfind to off-ramps

03

Attribute

Intelligence Hub enriches entities; approved OSINT tags and identity links resolve who

04

Document

Snapshot attaches to case; audit ledger chains SHA-256 rows; evidence bundle assembles for counsel

05

Intervene

Decision Pro dispatches freeze or flag to partner institution when outbound policy is configured

01 - Ingest

BTC/EVM blocks via sovereign adapters

02 - OSINT Enrich

Governed transforms + review queue

03 - Entity Resolve

Multi-input clustering → entity graph

04 - Graph Visualize

Forensic canvas + pathfinding

05 - Intervene

Decision Pro outbound trigger

Every step is actor-attributed. Every mutation is reversible in UI with audit toast confirmation. Every export carries manifest integrity.

Purpose-built for national financial and security institutions.

Analysts & Investigators

National security

Cyber-terrorism OSINT, dark-web attribution, fraud pattern detection - MFA-enforced

AML/CFT Officer

Financial intelligence

AML/CFT investigation, behavioral flags, FATF-aligned reporting

Regulatory Observer

Central bank

Supervisory dashboard, capital-flow oversight, sandbox pilot monitoring

Case Owner

Enforcement

Case lifecycle, evidence sealing, court bundle export

Data Steward

Intelligence ops

TagPack curation, OSINT review queue, metadata governance

API Institutional

Partner systems

Machine-scoped read:risk_hook for pre-transaction clearance

RBAC scopes gate every module. Observer roles receive read-only graph and case access. Super-admin operations require break-glass policy alignment.

Forensic integrity is not a feature. It is the architecture.

Security

  • +Immutable AuditLog on every investigative action
  • +Chained SHA-256 case ledger (ledger_prev_sha256 / ledger_row_sha256)
  • +JWT session gate with optional OIDC SSO and MFA for privileged roles
  • +HMAC-authenticated Decision Pro outbound with payload_sha256 audit
  • +Evidence bundle aggregate hash header for chain-of-custody
  • +Break-glass super-admin with documented operator procedure

Regulatory alignment

  • +AML/KYC and FATF supervisory framing
  • +OFAC, UN, and national watchlist sanctions radar
  • +RegTech alert profiles with simulation before go-live
  • +OSINT promotion requires HTTPS source URLs and analyst review
  • +Geo attribution: region aggregates only; lawful-basis copy in UI
  • +Purpose limitation and DPIA placeholders for national connectors

WI3 investigative outputs are furnished for compliance and supervisory coordination - not as definitive legal adjudication or exclusive proof-of-funds. Chain state is point-in-time. Verify against primary archival sources before enforcement actions.

Not another block explorer.

Attribution-first, not address-first

Entity clustering and governed OSINT resolve who - not just what address sent funds.

Sovereign deployment, not SaaS extraction

On-prem open-source stack. Your data. Your jurisdiction. Your policy gates.

Prove in court, not in screenshots

Server-rendered evidence bundles with manifest, audit excerpt, and legal templates.

Act on risk, not just report it

Decision Pro freeze-flow connects forensics to partner liquidity and banking rails.

Collaborate across agencies, not in silos

War Rooms, counsel read-links, and role-scoped RBAC for multi-stakeholder investigations.

Initialize your session.

Authorized operators and sovereign ID verification channels are available through the Secure Gateway.

WI3 · SOVEREIGN GUARD · SECURE GATEWAY

National identity verification via Fayda integration channel - opaque references only; no biometrics collected in-browser.

Gateway status: READY · Session gate: ENFORCED · Desktop operator console required