Knogin
[Developers]

Graph Collaboration and Sharing

A joint financial intelligence task force is working across three agencies in two countries. One analyst in London is adding transaction nodes. Another in Frankfurt is annotating entity relationships. A third in Washingt

Back to All Modules
Category: InvestigationLast Updated: Feb 5, 2026
investigationreal-timecomplianceblockchain

Overview#

A joint financial intelligence task force is working across three agencies in two countries. One analyst in London is adding transaction nodes. Another in Frankfurt is annotating entity relationships. A third in Washington is reviewing the combined findings for a court filing, due in four hours. All three are working on the same investigation graph, simultaneously, in real time, with every change instantly visible to the others and a complete audit trail recording who did what and when.

That kind of coordinated investigation is what the Graph Collaboration and Sharing module enables. It transforms investigation analysis from isolated work into coordinated team operations through real-time collaborative editing supporting multiple concurrent users with near-instant synchronisation. The system delivers shared workspaces, granular access control, threaded commenting, and formal review workflows that accelerate investigation cycles while maintaining audit compliance and data security.

Key Features#

  • Real-time collaborative editing supporting 10+ simultaneous editors with conflict-free resolution
  • Five permission levels (Owner, Admin, Editor, Commenter, Viewer) with 23 granular permissions
  • Enterprise reliability with automatic failover and session recovery
  • CRDT-based synchronisation guaranteeing eventual consistency with zero data conflicts
  • Shared investigation workspaces for coordinated network analysis
  • Threaded commenting and annotation on graph elements for team communication
  • Formal review workflows with approval chains for investigation findings
  • Real-time presence indicators showing who is viewing or editing each graph area
  • Version control with branching and merging for parallel investigation hypotheses
  • Activity feeds tracking all modifications and contributions to shared graphs

Use Cases#

  • Multi-Analyst Investigations: Teams of investigators collaborate in real time on complex network analysis, with each analyst contributing findings while maintaining a consistent shared view
  • Cross-Agency Evidence Sharing: Law enforcement agencies share investigation graphs across organisational boundaries with controlled permissions and complete audit trails
  • Collaborative Threat Hunting: Cybersecurity teams coordinate threat analysis across distributed locations with real-time graph updates and threaded discussion
  • Legal Case Building: Legal teams build coordinated case evidence through shared graph workspaces with formal review and approval workflows

Integration#

  • Connects with graph analysis engines through typed APIs with real-time synchronisation
  • Compatible with case management systems for investigation context sharing
  • Supports WebSocket-based real-time updates for low-latency collaboration
  • Role-based access controls with fine-grained permission management
  • Complete audit logging of all collaborative actions and access events
  • Multi-tenant isolation ensuring organisational data separation

Open Standards#

  • WebSocket (RFC 6455): Real-time collaborative editing and presence synchronisation use persistent WebSocket connections, providing the low-latency, bidirectional transport over which all graph state updates and cursor positions are streamed.
  • Yjs CRDT Protocol: Conflict-free Replicated Data Type operations are exchanged via the Y.js binary protocol over the WebSocket endpoint, guaranteeing eventual consistency and zero data conflicts when multiple analysts edit the same investigation graph simultaneously.
  • GraphQL (June 2018 specification): All collaboration queries and mutations, war room notes, tasks, entity locks, activity feeds, and sharing policies, are exposed through a typed GraphQL schema, enabling clients to fetch precisely the fields they require.
  • JSON Web Token (RFC 7519) with RS256 (RFC 7518): Sharing portal tokens and WebSocket-scoped session tokens are RS256-signed JWTs carrying audience and issuer claims, ensuring cross-purpose token reuse is cryptographically impossible.
  • SAML 2.0 / OpenID Connect (OIDC): External sharing workflows support federated single sign-on via both SAML 2.0 and OIDC identity providers, allowing investigators from partner agencies to authenticate with their own organisational credentials.
  • GEXF 1.3 (Graph Exchange XML Format): Investigation graphs can be exported in the open GEXF 1.3 format, enabling interoperability with external graph analysis tools such as Gephi without proprietary conversion.
  • ISO 8601: All audit log entries, activity feed timestamps, sharing token validity windows, and version-control records use ISO 8601 date-time strings, ensuring unambiguous temporal ordering across time zones.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.