-
Notifications
You must be signed in to change notification settings - Fork 4
Overview
Claude Sleuth is a professional-grade investigative intelligence toolkit designed for journalists, OSINT (Open Source Intelligence) analysts, and investigators. It transforms raw data into evidence-grade analytical products by enforcing a rigorous, 56-task pipeline based on the formal Intelligence Cycle.
The system operates as a "Detective Inspector" partner, providing a structured environment where every claim is graded, every investigative vector is legally justified, and every conclusion is reached through cognitive de-biasing frameworks.
Traditional OSINT research often suffers from "fragmented inquiry"—tools are used in isolation, evidence is not hashed or preserved, and cognitive biases (like confirmation bias) lead to flawed conclusions. Claude Sleuth solves this by:
-
Enforcing a Hard Gate: The
task_runner.pyprevents moving to a new phase until all current requirements are met. - Standardizing Tradecraft: It bakes in military and intelligence standards like Admiralty 6x6 (Source Grading), ACH (Analysis of Competing Hypotheses), and ICD 203 (Probabilistic Language).
- Ensuring Persistence: Through the CSDb (Claude Sleuth Database), investigation state, entity registers, and notebooks survive across different AI chat sessions.
The following diagram illustrates how high-level investigative concepts are mapped to specific code entities within the repository.
Diagram: Intelligence Framework to Code Entity Mapping
graph TD
subgraph "Natural Language Space (Investigative Concepts)"
A["Intelligence Cycle"]
B["Source Reliability"]
C["Entity Resolution"]
D["Hypothesis Testing"]
E["Persistent Memory"]
end
subgraph "Code Entity Space (Implementation)"
A1["scripts/task_runner.py"]
B1["scripts/source_grader.py"]
C1["scripts/entity_resolver.py"]
D1["templates/analysis/ach.md"]
E1["server/ (CSDb MCP)"]
end
A -- "Enforces 56-task sequence" --> A1
B -- "Implements Admiralty 6x6" --> B1
C -- "Fellegi-Sunter Probabilistic Linkage" --> C1
D -- "Inconsistency Principle Framework" --> D1
E -- "Cloudflare D1 Persistence" --> E1
The toolkit organizes work into six distinct phases. Each phase requires specific scripts to be run and templates to be populated before the task_runner.py allows a transition to the next stage.
| Phase | Title | Key Code Entities |
|---|---|---|
| 1 | Operational Direction |
case-decision-log.md, investigation-strategy.md
|
| 2 | Intelligence Collection |
source_grader.py, evidence_preservation.py
|
| 3 | Collation & Entity Resolution |
entity_resolver.py, pole.md, entity-register.md
|
| 4 | Chronological & Relational |
network_graph.py, chronological_matrix.py
|
| 5 | Hypothesis Reasoning |
ach.md, thinking-toolkit-mcp
|
| 6 | Final Reporting |
report_generator.py, briefing.md, nim.md
|
The environment is managed by three primary CLI tools that bridge the gap between the investigator's intent and the underlying data structures.
Diagram: CLI Orchestration Flow
flowchart TD
User(["Investigator/Analyst"])
subgraph "Orchestration Layer"
T_RUN["scripts/task_runner.py"]
T_BUILD["scripts/template_builder.py"]
SETUP["scripts/setup.py"]
end
subgraph "Data & State"
PROG[".sleuth-progress.json"]
TEMPS["skills/claude-sleuth/templates/"]
MODS["Python Modules (pip groups)"]
end
User -- "next / done" --> T_RUN
T_RUN -- "Updates State" --> PROG
User -- "--phase / --task" --> T_BUILD
T_BUILD -- "Assembles" --> TEMPS
T_RUN -- "Auto-installs deps" --> SETUP
SETUP -- "Manages" --> MODS
To explore specific components of the Claude Sleuth toolkit, navigate to the following child pages:
-
Getting Started: Installation & Environment Setup: How to install core and optional dependency groups (e.g.,
corporate,geo,sanctions) and initialize your first case. - Architecture Overview: The 6-Phase Intelligence Cycle: A deep dive into the 56-task pipeline and the logic that governs phase transitions.
-
The Task Runner & CLI Tools: Detailed documentation for
task_runner.py,template_builder.py, andsetup.py. - Investigation Phases: Reference Documentation: Specific guidance for each of the six phases, from Operational Direction to Final Reporting.
- Investigation Scripts: Technical references for the 15+ Python scripts used for data collection and analysis.
- Templates: Catalog of the Markdown templates used for registers, logs, and analytical matrices.
- CSDb: Persistent Investigation Database: Documentation for the Cloudflare D1-backed MCP server.
- Infrastructure & Governance: CI/CD workflows and project contribution guidelines.
- Glossary: Definitions of intelligence tradecraft and codebase-specific terminology.