Knogin
[Developers]

Investigative Partner Domain

An analyst is searching for persons connected to a known subject but is not finding useful results with the exact name and known aliases. The Investigative Partner domain rewrites the query: it expands synonyms, broadens

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainsai

Overview#

An analyst is searching for persons connected to a known subject but is not finding useful results with the exact name and known aliases. The Investigative Partner domain rewrites the query: it expands synonyms, broadens search terms, and generates a graph traversal query that searches by relationship patterns rather than just identifiers. The rewritten query surfaces three additional persons that exact-match searches had missed. The same domain later synthesises those three partial profiles into a consolidated identity with predicted locations and risk indicators, and checks the hypothesis linking them to the subject against AI-generated counter-evidence.

Where the Investigative Partner (Advanced Analytics) domain provides structured methodologies, this domain provides the underlying AI query and analysis capabilities that power those methodologies and support general investigative workflows.

Key Features#

  • Query rewriting with synonym expansion, term broadening, and graph query generation for broader, more effective search
  • Hypothesis analysis with counter-evidence identification and confirmation bias detection
  • Confidence scoring and severity assessment for hypothesis challenges
  • Identity synthesis merging multiple entities with predicted locations and risk indicators
  • Path analysis between entities with multiple algorithm options and temporal analysis
  • Hypothesis validation workflow with status tracking
  • Investigation and case linking for all operations
  • Computation time and cache hit tracking for performance monitoring

Use Cases#

  • Rewriting investigative queries to expand coverage and surface entities that exact-match searches miss
  • Challenging investigation hypotheses with AI-generated counter-evidence and confirmation bias flags to avoid premature closure
  • Synthesising identity profiles from multiple entity sources with risk assessment to build a consolidated subject picture
  • Finding and analysing paths between entities with configurable algorithms and search depth for link analysis

Industry Context#

Criminal intelligence analysts use query rewriting to overcome the inconsistent identifier quality typical of multi-source law enforcement databases. Financial crime investigators run hypothesis analysis before committing to a suspect designation, ensuring alternative explanations have been examined. Counter-terrorism teams synthesise partial identity records across classified and open-source datasets to build complete subject profiles. Defence intelligence analysts use path analysis with configurable depth to map degrees of separation between known and unknown network participants.

Integration#

The Investigative Partner domain integrates with Investigation for case context, Graph for traversal queries, and Entity Resolution for identity matching. All query rewrites, synthesis outputs, and hypothesis records are stored in PostgreSQL with organisation-scoped access control.

Open Standards#

  • GraphQL (June 2018 specification): the entire API surface is defined as a typed GraphQL schema, exposing queries and mutations for query rewriting, hypothesis analysis, identity synthesis, and path analysis; all operations support schema introspection.
  • openCypher (property graph query language): the AI query-rewriting engine generates Cypher queries targeting a property graph schema with named node labels (Person, Organisation, Transaction, etc.) and typed relationship edges, interoperating with Neo4j-compatible stores.
  • ISO/IEC 9075 SQL (recursive common table expressions): link-analysis path traversal, BFS shortest-path, all-shortest-paths, and Dijkstra weighted-path algorithms, is implemented as recursive CTEs over a PostgreSQL relational graph store, following the ISO SQL:1999 recursive query standard.
  • RFC 7519 JSON Web Token (JWT): every GraphQL query and mutation is protected by JWT Bearer authentication via the platform's IsAuthenticated permission class, with tokens signed and validated according to RFC 7519.
  • RFC 4122 UUID: all primary identifiers for queries, hypotheses, identity profiles, path analyses, entities, and user references are version-4 UUIDs, ensuring globally unique, collision-resistant keys across multi-tenant partitions.
  • ISO 8601 datetime: all temporal fields, created_at, updated_at, executed_at, validated_at, and time-window filters for path traversal, use ISO 8601 UTC timestamps, enabling interoperability with external investigation management systems.
  • JSON (RFC 8259): evidence payloads, graph node properties, synthesis attributes, and hypothesis context are stored and exchanged as JSON/JSONB, with structured evidence objects following the RFC 8259 data interchange format.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.