AI OSINT Security Hub

Demo-ready platform for defensive OSINT collection, correlation, analysis and visualization with enterprise-oriented workflows for:

• security analysts
• SOC analysts
• threat intel teams
• digital investigators
• cyber consultants
• executive and compliance stakeholders

Intended use: only for legitimate, authorized and defensive activities. No offensive features, no intrusion, no aggressive unauthorized scanning.

⚠️ WARNING — demo build with default credentials. This build ships with seeded users and well-known passwords (see Demo credentials). Never expose this instance on a public network without first changing every password, rotating secrets and configuring DATABASE_URL on production-grade PostgreSQL.

---

Table of contents

• What this build includes
• Tech stack
• End-to-end quickstart
• Demo credentials
• Main demo routes
• Recommended runtime for a full demo
• Realistic demo seed
• Recommended demo flow for a customer presentation
• Optional PostgreSQL
• Docker
• Practical project structure
• Project status and next steps
• Troubleshooting
• Security and legal
• Supplementary documentation
• License

---

What this build includes

This codebase has been iterated to a near demo-final level, with a modern UX and multiple persistent layers already operational.

Main features already in place

• demo authentication with roles: admin, analyst, viewer
• final executive dashboard
• operational dashboards and case overview
• universal search with saved searches
• case management with notes, owner, priority, status and activity timeline
• persistent alert triage
• OSINT event timeline linked to cases
• persistent analyst review queue
• persistent report templates
• case-linked report export presets
• document archive for generated reports
• multi-step report approval workflow
• reviewer comments
• published report status
• report revisions
• diff between revisions
• full approval audit trail
• persistent in-app notifications with unread badge
• initial i18n/locale support: it, en, es, fr, de

Persistence already covered

• users
• user settings
• cases
• case notes
• application audit log
• dashboard filters
• saved searches
• alert state / triage
• OSINT events
• report templates
• case report presets
• generated report documents
• approval workflow
• reviewer comments
• revisions + approval audit
• notifications

The backend uses SQLAlchemy and supports:

• PostgreSQL as the recommended option
• SQLite fallback for quick local development when DATABASE_URL is not set

---

Tech stack

Frontend

• Next.js
• React
• Tailwind CSS

Backend

• FastAPI
• SQLAlchemy
• ReportLab for demo PDFs

Data / persistence

• PostgreSQL or SQLite fallback

---

End-to-end quickstart

This is the simplest way to try the full demo locally.

1) Backend

cd backend
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements-persistence.txt
uvicorn app.persistent_runtime_executive_v10:app --reload

2) Frontend

cd frontend
cp .env.local.example .env.local
npm install
npm run dev

3) Open the app

Login:

http://localhost:3000/it/login

Final executive dashboard:

http://localhost:3000/it/dashboard-v10

API docs:

http://localhost:8000/docs

---

Demo credentials

⚠️ Well-known, publicly documented credentials. Use them only locally. Before any network exposure (even LAN / corporate VPN) change every password, disable unused users and set production-grade secrets via environment variables.

• admin@aiosint.local / ChangeMe123!
• analyst@aiosint.local / ChangeMe123!
• viewer@aiosint.local / ChangeMe123!

---

Main demo routes

Executive / overview

• /it/dashboard-v10

Search

• /it/search

Cases workspace

• /it/cases
• /it/cases/CASE-2026-043

Reports archive / approval / revisions

• /it/reports

Notifications

• /it/notifications

API docs

• http://localhost:8000/docs

Note: the "canonical" routes (/it/search, /it/reports, /it/notifications, /it/cases) are handled by the Next.js middleware (frontend/src/middleware.ts) which redirects to the latest versioned routes (search-v4, reports-v9, notifications-v7, cases-v5, dashboard-v10). If the redirect misbehaves, use the versioned route directly.

---

Recommended runtime for a full demo

For the final demo, the recommended backend runtime is:

uvicorn app.persistent_runtime_executive_v10:app --reload

Because:

• it runs the extended scenario seed
• it enables the executive overview
• it remains compatible with the modules already introduced for reports, notifications, approvals, archive and cases

---

Realistic demo seed

This build includes seeded scenarios designed to make customer-facing demos more credible.

Available scenarios

• executive mailbox exposure escalation
• vendor portal impersonation watch
• public cloud naming exposure review
• closed takedown evidence archive

Demo objects generated

• realistic cases with priority and owner
• alert state linked to cases
• OSINT events
• review queue
• report templates
• case-level report presets
• generated report documents
• pre-populated approval workflows
• seeded revisions
• reviewer comments
• operational notifications

---

Recommended demo flow for a customer presentation

1. Login

Sign in as admin or analyst.

2. Executive dashboard

Open /it/dashboard-v10 to showcase:

• synthetic KPIs
• scenario cards
• board notes
• top cases
• program highlights

3. Cases

Open /it/cases and then a realistic case, e.g.:

• CASE-2026-043
• CASE-2026-044

Walk through:

• notes
• activity timeline
• owner assignment
• close / reopen
• linked review queue
• OSINT timeline

4. Search

Open /it/search and demonstrate:

• unified search
• persistent saved searches

5. Reports

Open /it/reports to showcase:

• unified document archive
• persistent report generation
• presets and templates
• multi-step approval
• reviewer comments
• publish
• revisions
• diff
• audit trail

6. Notifications

Open /it/notifications to showcase:

• persistent notifications
• unread badge
• read / unread state

---

Optional PostgreSQL

If you want to use PostgreSQL instead of the SQLite fallback:

export DATABASE_URL=postgresql+psycopg://aiosint:aiosint@localhost:5432/aiosint_security_hub
uvicorn app.persistent_runtime_executive_v10:app --reload

If DATABASE_URL is not set, the backend uses local SQLite to ease development.

---

Docker

The repository also contains historical compose files and scripts for specific runtimes. However, for the most complete and up-to-date demo, the recommended path remains:

• backend with app.persistent_runtime_executive_v10:app
• frontend Next.js in dev mode

This avoids ambiguity among intermediate versioned runtimes created during the project evolution.

---

Practical project structure

backend/
  app/
    persistence_*.py
    persistent_runtime_*.py
  requirements.txt
  requirements-persistence.txt
  start_*.sh

frontend/
  src/
    app/[locale]/...
    components/
    lib/

docs/
  *.md

Most important backend files

• backend/app/persistent_runtime_executive_v10.py
• backend/app/persistent_runtime_report_versions_v9.py
• backend/app/persistent_runtime_multistep_reports_v8.py
• backend/app/persistent_runtime_approval_notifications_v7.py
• backend/app/persistence_seed_v2.py

Most important frontend files

• frontend/src/app/[locale]/dashboard-v10/page.tsx
• frontend/src/app/[locale]/reports-v9/page.tsx
• frontend/src/app/[locale]/notifications-v7/page.tsx
• frontend/src/app/[locale]/cases-v5/[id]/page.tsx
• frontend/src/components/AppShell.tsx

---

Project status and next steps

This build is suitable for:

• customer demos
• internal stakeholder demos
• advanced MVP blueprint
• baseline for further hardening

It is not a production-ready build. Known gaps and recommended order for the path beyond the demo phase:

1. Routing cleanup — consolidate versioned routes (*-v2/*-v3/...) into a single canonical set.
2. Structured migration framework (Alembic or equivalent) instead of create_all.
3. Auth / RBAC hardening — production session store, password rotation, policy, optional MFA.
4. Production-grade secret management (vault / secret manager, no defaults in the repo).
5. Full test automation for frontend/backend + CI/CD.
6. Real OSINT connectors governed via config/env.
7. Enterprise observability (structured logs, metrics, tracing).
8. Demo/enterprise packaging and final license definition.

---

Troubleshooting

The frontend starts but some routes don't look "final"

Use the latest versioned routes directly:

• /it/dashboard-v10
• /it/reports-v9
• /it/notifications-v7
• /it/cases-v5

I only see /docs on the backend

That's expected: the FastAPI backend exposes APIs and Swagger docs on :8000, while the Next.js UI lives on :3000.

Python module / dependency error

Make sure you activated the virtualenv and installed:

pip install -r requirements-persistence.txt

Frontend environment error

Check that you copied:

cp .env.local.example .env.local

---

Security and legal

This project is designed for:

• passive collection
• defensive investigation support
• OSINT correlation
• reporting and decision support

It intentionally does not include:

• exploits
• intrusions
• bypass techniques
• offensive tooling
• unauthorized aggressive scanning

---

Supplementary documentation

Besides this README, the repo contains progress notes and specific guides under docs/, including:

• EXECUTIVE_V10_FLOW.md
• REPORT_VERSIONING_V9_FLOW.md
• MULTISTEP_REPORTS_V8_FLOW.md
• APPROVAL_NOTIFICATIONS_V7_FLOW.md
• GENERATED_REPORTS_V6_FLOW.md
• REPORTS_V5_QUEUE_FLOW.md
• INTEL_V4_FLOW.md
• OPS_V3_FLOW.md
• DELIVERY_MAP.md
• LEGACY_RUNTIME_STATUS.md
• POSTGRES_PERSISTENCE.md

This README is the recommended entry point for an end-to-end run.

---

License

Released under the Apache License 2.0.

Copyright © 2026 Giuseppe84-code.

Every contribution to the project is, unless otherwise stated in writing, subject to the same license terms (clause 5 of the Apache-2.0 text). Attribution notice and disclaimer are in the NOTICE file.

---

Minimum demo path

Quick recap for a customer demo:

1. start the executive_v10 backend
2. start the frontend
3. sign in as admin
4. open the executive dashboard
5. walk through cases → reports → notifications

Good demo.