Claude Sleuth
## Claude Sleuth
6 phase, 56 task workflow for Claude, consisting of; Operational Direction, Intelligence Collection, Collation & Entity Resolution, Chronological & Relational Processing, Hypothesis & Reasoning, concluding with the Final Report. Templates for every step, reference files for each task are output by task_runner.py upon completion of the gate.
### Not just for CLI, works on all Claude platforms incl. Mobile.
https://github.com/elb-pr/claude-sleuth
- Remote MCP Persistent investigation state across sessions via Cloudflare D1. Stores entities, relationships, timelines, evidence, grades, and the Investigation Notebook.
- 16-section Cognitive Surrogate Profiling from documentary evidence. Advance the profile whenever subject information is synthesised as well as a 12-technique reasoning framework. Call diagnose at any impasse, competing framing, or stuck point
| Standard | What It Does |
|---|---|
| **Admiralty 6x6** | Grades source reliability (A–F) and credibility (1–6) independently before any claim enters the record |
| **ACH** | Derives conclusions via the Inconsistency Principle — surviving hypotheses have the least evidence against them |
| **ICD 203** | Maps every probabilistic statement to a 7-tier scale. Vague qualifiers are not permitted |
### Conventions applied to all outputs:
Timestamps - ISO 8601, normalised to UTC
Entity records - POLE schema with mandatory source, date_observed, analyst_id, and confidence fields
Network edges - source_node, target_node, relationship_type, evidence_ref; edges are directed (source -> target)
Evidence custody - SHA-256 hash, capture timestamp, analyst ID, storage location
Probability language - ICD 203 7-tier scale
### Scripts Reference
|---|---|
| `task_runner.py` | Drives the 56-task pipeline (`next`, `done`, `status`, `jump`, `peek`, `notebook`, `reset`) |
| `template_builder.py` | Assembles Markdown working documents from `templates/` by phase, step, or task ID |
| `source_grader.py` | Admiralty 6x6 source reliability and credibility grading with action recommendations |
| `entity_resolver.py` | Fellegi-Sunter probabilistic record linkage; deterministic matching on unique identifiers |
| `corporate_intel.py` | Aggregates company data from UK Companies House, SEC EDGAR, GLEIF LEI, and ICIJ Offshore Leaks |
| `domain_intel.py` | Domain reconnaissance via DNS, RDAP, crt.sh, Shodan InternetDB — zero authentication required |
| `username_enum.py` | Async username enumeration across social platforms using Maigret, Sherlock, or WhatsMyName |
| `sanctions_screen.py` | Fuzzy name matching against OFAC SDN, UK HMT, and other public sanctions lists |
| `evidence_preservation.py` | Forensic web capture: screenshots, HTML, WARC, Wayback submission, SHA-256 chain of custody |
| `content_archiver.py` | Async media download and cataloguing via yt-dlp, gallery-dl, and Playwright with manifest generation |
| `chronological_matrix.py` | UTC-normalised timeline construction; gap detection, source conflict flagging, CSV export |
| `network_graph.py` | Directed POLE relationship graph; in/out-degree, PageRank, community detection, HTML/GEXF export |
| `geolocation.py` | EXIF GPS extraction, solar position/shadow analysis, historical weather correlation, reverse geocoding |
| `financial_analysis.py` | SEC EDGAR financial anomaly detection: Benford's Law, YoY variance, Altman Z-Score |
| `report_generator.py` | ICD 203-compliant briefings and findings memos via Jinja2 templates; optional WeasyPrint PDF export |