Overview#
An analyst reviewing a complex blockchain investigation wants to ask a natural language question: "Which wallets in this case are linked to known mixing services?" Rather than constructing a manual query or navigating multiple modules, she types the question into the chatbot. The system detects the blockchain context, routes the query to the blockchain analytics domain, and returns a structured answer with the relevant wallet identifiers. The entire interaction takes 15 seconds.
The Chatbot domain makes that kind of fluid, context-aware interrogation of platform data possible through conversational AI interfaces.
Key Features#
- Context-aware query routing with automatic domain and intent detection.
- Four AI model tiers (SIMPLE, STANDARD, COMPLEX, PREMIUM) with configurable temperature and token limits.
- Persistent session management with context scoping (investigation, alert, entity, analysis).
- Real-time async response streaming for token-by-token delivery.
- Threaded conversations with parent-child message relationships.
- Routing confidence scoring with fallback to general AI.
- Organisation-level isolation with user ownership validation.
- Soft delete support for sessions and messages.
Use Cases#
Investigation analysts use investigation-scoped AI conversations to query case data and generate insights, asking follow-up questions within a single session that retains the full context of previous exchanges.
Blockchain analysts submit complex chain analysis queries routed to specialised analytics domains, receiving answers that draw on blockchain-specific knowledge rather than generic AI responses.
Platform users rely on the general-purpose AI assistant for platform navigation and data exploration, asking questions about workflows and receiving contextual guidance without leaving their current view.
Threat analysts use alert-scoped conversations for contextual threat analysis during triage, exploring alert context through natural dialogue rather than navigating multiple separate data screens.
Integration#
Integrates with LLM services for AI responses, middleware domains (alert, investigation, blockchain, entity, OSINT) for query routing, and graph database for session relationship tracking.
Open Standards#
- GraphQL (June 2018 Specification): All chatbot session and message operations are exposed as typed GraphQL queries and mutations, using the Strawberry library to enforce the specification's type system, permission model, and introspection contracts.
- JSON (RFC 8259): All API request and response payloads, session metadata, routing parameters, and streaming event data are serialised as JSON; JSONB fields in PostgreSQL store structured metadata in the same format.
- Server-Sent Events / EventSource (W3C, WHATWG Living Standard): Real-time token-by-token streaming of AI responses is delivered over HTTP using the
text/event-streamcontent type, allowing clients to receive incremental chunks without a full WebSocket connection. - JWT Bearer Token (RFC 7519 / RFC 6750): Every REST and GraphQL endpoint requires authentication via a JSON Web Token carried in the
Authorization: Bearerheader or an HTTP-only cookie; the token payload supplies user identity, organisation scope, and RBAC roles. - UUID (RFC 4122): Session, message, context-link, user, and organisation identities are all represented as version-4 UUIDs, ensuring globally unique, collision-resistant identifiers across distributed persistence layers.
- ISO 8601 / RFC 3339: All timestamps (created_at, updated_at, last_activity_at, completed_at, deleted_at) are stored and exchanged in UTC-anchored ISO 8601 datetime format, as enforced by Python's datetime with timezone UTC.
- Markdown (CommonMark): Chatbot responses support a
markdowncontent type, enabling formatted output (headings, code blocks, lists) to be rendered in client interfaces that follow the CommonMark specification.
Last Reviewed: 2026-02-05 Last Updated: 2026-04-14