Knogin
[Developers]

Investigative Partner Domain (Advanced Analytics)

A counter-terrorism analyst has built a strong case around a primary suspect. Before the investigation reaches the arrest phase, her supervisor asks a hard question: what if the primary suspect is a decoy and the real ta

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainsai

Overview#

A counter-terrorism analyst has built a strong case around a primary suspect. Before the investigation reaches the arrest phase, her supervisor asks a hard question: what if the primary suspect is a decoy and the real target is someone else in the network? The Investigative Partner domain's Devil's Advocate capability generates exactly those challenges: alternative actor hypotheses, motive discrepancies, evidence reinterpretation possibilities, and confirmation bias checks. The analyst works through each challenge systematically, either strengthening the case or identifying gaps that need more work before proceeding.

This domain packages three analytical methodologies that are difficult to apply consistently under operational pressure: structured counter-hypothesis generation, risk-aware pathfinding, and multi-source identity synthesis. Each is AI-assisted but analyst-driven, producing outputs that can be reviewed, annotated, and validated before any decision is made.

Key Features#

  • Devil's Advocate counter-hypothesis generation with seven challenge types: alternative actor, motive, method, timing discrepancy, evidence reinterpretation, confirmation bias check, and incomplete data
  • Challenge strength classification from weak through critical
  • Session management for structured Devil's Advocate review workflows
  • Risk-aware pathfinding with node and edge risk scoring across configurable factors
  • Safest path recommendation with risk breakdown and mitigation suggestions
  • Path comparison with ranking and AI-generated rationale
  • Dynamic identity synthesis merging multiple entity profiles with conflict detection
  • Five conflict resolution methods: most recent, highest confidence, most frequent, manual selection, and AI inference
  • Validation workflow for synthesised identities with review notes
  • Investigation-level statistics tracking across all three capabilities

Use Cases#

  • Running Devil's Advocate analysis before major case decisions to identify blind spots, challenge assumptions, and document that alternative hypotheses were considered
  • Finding the safest investigative path between entities considering legal, operational, and reputational risks, not just the shortest path
  • Synthesising identities from multiple partial entity profiles with automated conflict resolution to build a complete picture of a subject
  • Detecting confirmation bias in investigation hypotheses through structured AI challenges before committing to an investigative direction

Industry Context#

Intelligence agencies use structured counter-hypothesis analysis as a mandatory step before finalising assessments to satisfy analytical tradecraft standards. Serious crime units document Devil's Advocate review sessions to demonstrate to courts and oversight bodies that alternative explanations were formally considered. Counter-terrorism analysts use risk-aware pathfinding to map investigative approaches that avoid exposing sensitive sources or tipping off subjects prematurely. Financial crime investigators synthesise person identities across multiple banking system records, broker accounts, and company registrations to establish a complete financial profile.

Integration#

The Investigative Partner domain integrates with Investigation for case context, Entity for source profiles, the graph analysis engine for pathfinding traversals, AI Partner for orchestration, and Review Queue for validation workflows. All session records and synthesis outputs are stored in PostgreSQL.

Open Standards#

  • GraphQL (June 2018 specification): The entire Investigative Partner API surface, including Devil's Advocate sessions, risk-aware pathfinding, and identity synthesis, is exposed through a typed GraphQL schema with authenticated queries and mutations.
  • JSON (RFC 8259): All analytical payloads, LLM prompts and responses, path comparison results, and synthesised identity attributes are serialised as JSON; PostgreSQL JSONB columns store structured analytical outputs.
  • SHA-256 (FIPS 180-4): Every counter-hypothesis, investigation path, and synthesised identity record carries a SHA-256 provenance hash computed at creation time, providing a tamper-evident audit trail for oversight and court disclosure.
  • UUID version 4 (RFC 4122): All session, hypothesis, path, and identity synthesis records are identified by randomly generated UUID v4 values, ensuring globally unique identifiers without centralised sequencing.
  • ISO 8601: Timestamps on conflict resolution, analyst validation, and entity merge history records are stored in ISO 8601 format, ensuring unambiguous temporal ordering across time zones.
  • ISO/IEC 9075 SQL (WITH RECURSIVE): Risk-aware pathfinding traverses the entity relationship graph using ISO-standard recursive common table expressions (BFS over the graph_relationships table), replacing a prior proprietary graph database query.
  • OAuth 2.0 (RFC 6749): Every GraphQL query and mutation enforces the platform's OAuth 2.0 bearer token authentication, with all analytical outputs scoped to the authenticated organisation to enforce multi-tenant isolation.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.