Open source · Apache 2.0 · Built for regulated industries

The agentic fraud-investigation copilot
regulated industries can actually ship.

A Claude-powered investigation agent with the auth, RBAC, and audit plumbing that banks, brokers, and fintechs require — pre-built. Drop in your data sources. Keep your security posture.

See the investigation flow → Tour the architecture
<30s
Cold-start to full stack
6
Pre-wired data domains
100%
Audited tool calls
1hr
To add your data source
Built for the people on the hook

One copilot. Four sets of stakeholders. All of them say yes.

Every regulated AI workflow stalls somewhere between the analyst's wishlist and the CISO's approval. This is what makes it through both.

🏦
For Customers

From 12 tabs to one investigation

  • Analysts assemble alert context in minutes, not hours
  • Same audit trail your regulator already accepts
  • Ship a working prototype in a sprint, not a quarter
  • No vendor lock-in — own the model, the data, the agent
⚙️
For Developers

A reference you can read in one sitting

  • MCP gateway under 500 lines of core code
  • Python everywhere — FastAPI, FastMCP, pyseto
  • 600+ test cases, deterministic eval suite
  • Plug your own MCP server in under an hour
🛡️
For Security Leaders

The plumbing your auditor will sign off on

  • PASETO v4.public — no JWT algorithm confusion
  • Two keypairs: user token ≠ service-to-service token
  • Replay protection by default, append-only audit
  • Threat model maps every trust boundary
🎯
For Fraud Leaders

The agent finally speaks investigation

  • Six personas: mule, sanctions, ATO, structuring, more
  • Verify-output flags every unsupported claim
  • Action tools gated behind human approval
  • Eval suite scores grounding and reasoning quality
The investigation, end to end

From alert to SAR draft — in one continuous, audited flow.

An analyst kicks off an investigation. The agent runs six structured subskills. Every tool call is signed, role-checked, and audited. Every claim in the final narrative is verified against logged evidence.

Analyst

"Investigate customer cust-mule-01"

One command in Claude Code. No context-switching, no copy-paste, no swivel-chair workflow.

OIDC bearer
Auth Gateway

Mints a 5-minute user PASETO

Validates the OIDC token, then signs an Ed25519 PASETO v4.public with the analyst's identity and group claims.

Orchestrator Skill

Routes to six subskills, in order

gather-profile → transactions → osint → sanctions → narrative → verify-output. Plain-text routing only — ≤100 lines.

user PASETO
MCP Gateway

Verify · replay-check · RBAC · re-sign · audit

One algorithm, one path. Rejects replays via a 10k-entry jti cache. Re-signs a 60-second service token with a separate keypair.

6 Downstream MCP Servers

customer_data · transactions · kyc · sanctions · osint · case_actions

FastMCP servers each wrapping a domain. Every call validated against the service token. case_actions additionally requires human_approval=true.

service PASETO
Your Backends

Swap in real systems in <1 hour

Mocks ship deterministic; integrators replace them with their core banking, KYC vendor, watchlist provider, case-management system.

Verify-Output Skill

Annotates every unsupported claim

Reads the audit log, checks each factual claim in the SAR narrative against the tool results that actually returned. Annotate-not-block in v1.

audit + spans
Audit Store & Grafana

Append-only. No DELETE method.

SQLite default, ClickHouse opt-in. Provisioned Grafana panels: per-user tool calls, p95 latency, denied-by-role, audit volume.

A real mule-account investigation

What the analyst sees. What the gateway records.

Six subskills run in sequence. Tap a step to see what tools fire and what the audit log captures.

STEP 01
Gather customer profile
STEP 02
Analyze transactions
STEP 03
Check OSINT signals
STEP 04
Screen sanctions
STEP 05
Draft SAR narrative
STEP 06
Verify output
SUBSKILL 1 of 6

Gather customer profile

First call out — the orchestrator always invokes this. Pulls identity, accounts, and device history through the customer_data MCP server. Every downstream subskill reads from this baseline.

customer_data.get_customer customer_data.list_accounts customer_data.get_device_history
[audit] 2026-05-26T14:02:11Z user=alice@bank role=analyst jti=01HF...8K2 trace=4c91a... → mcp.gateway POST /mcp/customer_data → tool=get_customer args={customer_id:"cust-mule-01"} → status=200 OK latency_ms=42 → re-signed service PASETO (TTL 60s, keypair=svc-ed25519-1) → audit row id=audit-7f2c... (append-only)