Operation IntelWeave — Converged Intelligence Operating System

The Command Centre for
Every Investigation

IntelWeave CIOS fuses Signal Intelligence, Graph Brain, Visual AI, Solvability Scoring, and Smart City Command into one hardened operational platform — purpose-built for law enforcement, organised crime units, and national security agencies across the Indo-Pacific.

Access Platform →Explore All 7 Modules

100

Solvability Parameters

Intelligence Modules

CDR Detection Passes

32+

Analytical Tools

170K+

Nodes Processed

INTERPOL

Research-Backed

◆ Live Status

Signal Intelligence · Online

Graph Engine · Online

Visual AI · Online

Desktop Agent · Standby

Smart City Feed · Live

AI Copilot · Online

Intelligence Modules

Seven Pillars of Operational Intelligence

Every module is purpose-built for field realities — from CDR acquisition through court-ready prosecution. All seven operate on a unified graph data fabric with shared RBAC, telemetry, and audit log.

📡

MOD-01

Signal Intelligence

Full-spectrum CDR analysis engine running 9 sequential detection passes on every subscriber. Fuses pre-crime surge, post-crime silence, coordinated burst, burner phone profile, IMEI swap history, SIM rotation, co-location, ring membership, and temporal anomaly into a single 0–100 composite risk score.

Handles 2.7M+ call records. Tower dump ingestion. IST timezone-aware crime windows. Exports court-ready suspect profiles.

CDR AnalysisTower DumpBurner DetectionIMEI HistoryCo-Location9 Detection PassesComposite Score

🧠

MOD-02

Graph Brain

Network analysis engine built on FRAUDAR (KDD 2016), Louvain community detection, and PageRank mastermind scoring. Detects hub-spoke criminal rings even when suspects rotate SIMs. Bridge nodes connecting rings receive automatic +20 risk point escalation. Barnes-Hut physics rendering handles 170,000+ node graphs.

Inngest background jobs handle PageRank on massive graphs. Community detection runs in chunked steps. Ring registry with confidence scoring.

FRAUDARLouvainPageRankRing DetectionBridge NodesCommunity Detection170K+ Nodes

👁

MOD-03

Visual Intelligence

YOLO-powered object detection on live and recorded footage with configurable confidence thresholds. ANPR license plate recognition with instant hotlist matching. Face recognition against enrolled gallery with confidence scoring and evidence chain creation. Desktop agent enables fully offline scanning with on-device ONNX inference — raw video never uploaded.

Supports RTMPS, SRT, WebRTC live streams. MP4, MKV, AVI, MOV, TS for desktop scans. SHA-256 chain of custody on every file.

ANPRFace RecognitionYOLO DetectionEvidence ChainDesktop AgentLive StreamsONNX Offline

📋

MOD-04

Case Management

End-to-end case lifecycle from intake to prosecution. Evidence tagging with provenance tracking, witness management with protected-status handling, CDR session linking, court case numbers, forensic status tracking, and solvability delta monitoring. Multi-tenant RBAC ensures zero data bleed across organisations.

6-level role hierarchy: super_admin → org_owner → org_admin → analyst → operator → viewer. Per-workspace data scoping with orgId isolation.

Case LifecycleEvidenceProsecutionMulti-TenantWitness ProtectionForensicsCourt Numbers

🎯

MOD-05

Solvability Engine

100-parameter scoring system derived from INTERPOL INSIGHT framework, FBI clearance rate longitudinal studies, and UK Home Office forensic research (2013). Generates pre-investigation score at intake and post-analysis score after CDR + graph processing. Delta measurement reveals investigation progress toward prosecution threshold.

9 parameter categories: Physical Evidence, Digital & Telecom, Network Analysis, Witness, Case Characteristics, Investigative Progress, Time-Critical, Legal, and Resources.

100 ParametersPre/Post Score9 CategoriesINTERPOLFBI ResearchUK Home OfficeDelta Tracking

🔮

MOD-06

Predictive Intelligence

Crime hotspot prediction using historical CDR density combined with CCTV event frequency across time buckets. Counter-terrorism risk profiling with cross-jurisdiction correlation. Smart City command dashboard with geofenced alert zones, real-time heatmaps, and emergency response routing optimisation. Gang activity pattern recognition using community detection outputs.

Hotspot prediction horizon: 24h and 7-day windows. Geofence triggers push alerts to assigned response teams. City-block granularity.

Hotspot PredictionSmart CityGeofencingRisk ProfilingHeatmapsEmergency RoutingGang Patterns

⚡

MOD-07

Fusion Intelligence

Cross-domain search unifying CDR records, ANPR plate hits, face matches, financial transaction records, and case management data in a single natural-language query. AI Copilot powered by multi-model engine (Groq → Gemini → Anthropic fallback chain) for investigation assistance. War Room enables real-time multi-analyst collaboration with NATS event streaming.

Live streaming via NATS to remote command centres. AI Copilot: natural language to graph query in <2s. War Room: real-time analyst collaboration.

Fusion SearchAI CopilotWar RoomCross-DomainNATS StreamingLive CollaborationMulti-Model AI

Investigation Pipeline

From Intake to Prosecution in One Platform

IntelWeave CIOS guides every investigation through a structured pipeline — automatic solvability scoring at each stage ensures resources go where they matter.

📥1

Case Intake

Create case · assign investigators · link incident report · set crime window

📡2

CDR Import

Upload tower dump · 9-pass detection runs · burner + ring flags generated

🎯3

Solvability Score

100-parameter pre-analysis score · resource allocation recommendation

🧠4

Graph Analysis

FRAUDAR ring detection · PageRank mastermind · Louvain communities

👁5

Visual Correlation

ANPR plate match · face recognition · co-location with CDR towers

⚡6

Fusion Search

Cross-domain query · AI Copilot briefing · multi-analyst War Room

📋7

Court Package

SHA-256 evidence chain · PDF report · solvability delta · audit log export

Signal Intelligence — Deep Dive

9 Detection Passes. One Composite Score.

Every imported CDR dataset runs through nine sequential detection algorithms in parallel. Results are fused into a single 0–100 composite risk score per subscriber, updated on every re-analysis.

📈

Pre-Crime Surge

Computes a 7-day rolling call-rate baseline per subscriber. Crime-window rate vs baseline ratio >2× triggers a flag. Weights: frequency, contact diversity, tower spread. Feeds ring detection as a co-occurrence signal.

🔇

Post-Crime Silence

Monitors call-rate collapse in the 48h following a crime window. Silence <20% of baseline is scored as a phone disposal or deliberate evasion signal. Cross-referenced with IMEI change events.

💥

Coordinated Burst

Detects ≥3 subscriber numbers spiking simultaneously within 30-minute buckets. The synchronisation coefficient (overlap / union of spike windows) is added to each subscriber's composite score as an operational co-ordination signal.

📱

Burner Phone Detection

Composite burner score: short active lifespan (<21 days) + ≥1 IMEI swap + ≥2 SIM rotations + single-purpose call graph (one dominant contact cluster). Each sub-score contributes to the overall risk profile.

🌙

Night-Ops OPSEC

>85% of calls between 22:00–05:00 local time. Weighted more heavily when combined with post-crime silence and burner score. IST timezone-aware for Indian workspaces. Configurable per workspace key.

📍

Co-Location Analysis

Detects physical co-presence of two or more subscribers at the same tower within any configurable 30-minute window. Outputs a co-location matrix with strength score. Used to establish meeting patterns and planning events.

🔁

SIM Rotation & Cloning

Multiple SIMs active on the same IMEI, or the same MSISDN appearing on multiple IMEIs, triggers fraud flag. Full IMEI history table maintained per workspace. Detects cloning even across CDR import batches.

🕸

Ring Membership

FRAUDAR suspicion score: edge density per √nodes. Camouflage-resistant — rotating SIMs cannot dilute ring density below threshold. Each subscriber's ring membership contributes a weighted component to composite score.

📉

Temporal Anomaly

Statistical deviation from a subscriber's own 90-day historical call pattern using a z-score over rolling 7-day windows. Flags behavioural shifts independent of peer comparison — catches lone actors who don't fit group patterns.

CDR Risk Dashboard — +2348071234567● LIVE

Composite Risk Score

87/ 100

▲ High Risk · 4 flags active · Recommend immediate action

Pre-Crime Surge3.4×

Post-Crime SilenceActive

Night-Ops OPSEC91%

Ring MembershipRing A

Burner Score62/100

Co-Location Hits7 sessions

+2348071234567 → +2341230987654 · 47 callsHigh Risk

Tower: LAGOS-NW-04 · 2024-11-12 · Co-locatedCo-Located

IMEI changed 3× in 14 days · SIM RotatedBurner

Graph Brain — Criminal Network Analysis

See the Network Behind the Calls

FRAUDAR-based suspicion scoring detects criminal rings even when suspects rotate SIMs and numbers. Barnes-Hut physics rendering handles 170,000+ node graphs at interactive frame rates.

Graph Brain — Ring Registry · Workspace W-04● ACTIVE

Ring A — Masterminds12N·67ERisk 94

Ring B — Distribution8N·31ERisk 78

Ring C — Financial Layering6N·18ERisk 71

Ring D — Logistics Support4N·9ERisk 52

◈ Bridge Nodes Escalated

• +23480712 · connects Ring A ↔ Ring B · +20 risk pts → 94

• +23481234 · connects Ring B ↔ Ring C · +20 risk pts → 78

PageRank

0.847 — Mastermind

Community

Louvain: C-04

FRAUDAR

Suspicion: 0.91

Bridge Type

Hub → Spoke

🔬

FRAUDAR Algorithm (KDD 2016)

Research-based suspicion scoring: edge density per √nodes. This formula is camouflage-resistant — even when a suspect ring adds decoy members or rotates SIMs, the density score remains above detection threshold. Fully explainable to courts.

🏘

Louvain Community Detection

Automatically partitions nodes into communities based on call density. Each community receives a composite risk tier inherited from its highest-risk members. New community members auto-inherit risk context without manual re-analysis.

👑

PageRank Mastermind Index

Identifies orchestrators who command the network without making direct calls. Measures authority via inbound edge weight. Bridge nodes connecting two rings receive +20 risk point bonus — the single strongest mastermind signal in the system.

⚡

Inngest Background Processing

PageRank and community detection run as chunked Inngest background functions. Each step survives Vercel's 5-minute serverless timeout. 170K+ node graphs complete without interruption. Results available within minutes.

🎨

Barnes-Hut Visualisation

Force-directed rendering with Barnes-Hut O(n log n) approximation. Handles massive criminal networks smoothly at interactive frame rates. Nodes colour-coded by community, sized by PageRank. Real-time filter by ring, risk tier, or date range.

🔗

Temporal Graph Analysis

Timeline playback of network formation. Watch how a criminal ring assembled over weeks, identify the earliest nodes (founders vs recruits), and detect dormant subgraphs reactivating before a planned operation.

100-Parameter Solvability Engine

Know If a Case Is Winnable — At Intake

The only platform with a research-backed, parameter-by-parameter solvability score. Generates at intake, updates post-analysis, and tracks delta as investigation progresses toward prosecution threshold.

78/100

◆ MODERATE — Prosecution Viable

↑ +31 pts gained since intake

High

80–100

Moderate

60–79

Developing

40–59

Low

20–39

Critical

0–19

Physical Evidence

15 params · 14% weight

Fingerprints, DNA, trace materials, CCTV frames, weapon ballistics, toolmarks, biological samples

Digital & Telecom

15 params · 16% weight

CDR records, tower dumps, IMEI history, IP logs, device forensics, social media, encrypted app artefacts

Network Analysis

10 params · 11% weight

Ring membership, bridge-node role, community risk tier, PageRank score, contact network depth

Witness & Testimony

10 params · 12% weight

Eyewitness reliability score, corroboration count, protected witness status, recantation risk flag

Case Characteristics

10 params · 8% weight

Crime type classification, jurisdiction, modus operandi fingerprint, repeat offender flags, victim count

Investigative Progress

15 params · 18% weight

Arrest status, search warrants executed, forensic lab submissions, prosecution readiness, inter-agency referrals

Time-Critical Factors

10 params · 9% weight

Days since offence, evidence perishability index, suspect flight risk, statute of limitations proximity

Legal & Prosecution

8 params · 7% weight

Court case number, legal aid status, prior convictions, charge readiness, co-accused disposition

Resources & Support

7 params · 4% weight

Investigator capacity, forensic lab availability, inter-agency cooperation, specialist resource access

Smart City Command Centre

The City Is Your Sensor Grid

IntelWeave transforms urban infrastructure data into a real-time operational intelligence picture. CCTV, ANPR gantries, CDR towers, and incident reports fuse into a single city command dashboard.

🗺

Crime Hotspot Heatmap

Historical CDR event density combined with CCTV alert frequency generates a probabilistic crime hotspot layer updated every hour. City-block granularity. 24h and 7-day prediction windows configurable per jurisdiction.

📡

Tower Density Overlay

CDR tower call volume rendered as a live heatmap over the city map. Unusual density spikes trigger alerts — useful for detecting flash mob assembly, coordinated movement, or event-driven threat escalation.

🚘

ANPR Gantry Integration

License plate reads from ANPR gantries stream into the fusion layer. Hotlisted vehicles trigger instant push alerts to response teams. Full movement history reconstructed from sequential gantry hits.

🏛

Electoral & Public Safety

Polling station monitoring with incident geo-tagging. Real-time heatmaps for event crowd density. Fraud alert integration for coordinated interference patterns. Multi-agency dispatch routing.

🚨

Geofenced Alert Zones

Draw custom alert zones on the city map. Any ANPR hit, CDR spike, or CCTV detection within the zone triggers a push notification with evidence context. Time-bounded zones for planned operations.

🔮

Emergency Response Routing

When a hotspot is activated, the system calculates optimal response routes avoiding known congestion. Assigns closest available units based on live CDR tower proximity signals from officer devices.

City Intelligence Feed · Metro DistrictLIVE

Zone Threat Index — Real Time

Central District

78%

North Quarter

52%

East Industrial

41%

Port Authority

35%

South Residential

18%

West Commerce

22%

ANPR Alert · Plate MH-04-AB-1234 · HotlistedAlert

CDR Spike · Tower NW-04 · +340% volumeWatch

3 response units dispatched · ETA 4 minEn Route

24h Prediction · Central District

Based on CDR density (92nd percentile) + 3 CCTV alerts + historical crime pattern match — High probability incident 23:00–02:00

Desktop Agent — Field Operations

Scan Offline. Upload Only What Matters.

The IntelWeave Desktop Agent runs natively on Windows and macOS using Tauri 2.0 (Rust). ONNX inference runs on-device. Raw video never uploads. Only detection metadata — bounding boxes, labels, timestamps, confidence — is transmitted.

💾

Offline-First Architecture

Full detection pipeline runs locally on any Windows or macOS laptop. No internet connection required for scanning. SQLite queue persists all detections and file manifests across network outages.

🔒

Detections-Only Mode (Default)

Raw video files NEVER leave the device. Only detection metadata is transmitted: bounding boxes, class labels, confidence scores, timestamps, and file SHA-256. Bandwidth per detection: ~1 KB.

👁

ONNX On-Device Inference

YOLO models execute via ONNX Runtime with optional GPU acceleration. Supports face detection, license plate reading, object classification, and motion detection — all running CPU/GPU locally.

📁

Recursive Folder Watcher

Powered by the Rust notify crate. Monitors folders recursively. New video files are detected instantly and added to the SQLite processing queue. Supports MP4, MKV, AVI, MOV, TS formats.

🔗

SHA-256 Chain of Custody

Every scanned file receives a SHA-256 hash computed as a streaming 1MiB-chunked read — handles multi-GB files without memory pressure. Hash stored in evidence chain for court-admissibility.

🔄

Automatic Sync & Heartbeat

30-second heartbeat to the platform API. File manifest and detection results upload when connectivity is restored. Sync queue survives agent restarts. Per-agent revocable tokens stored as SHA-256 hashes.

Operating Modes

🔒

Detections Only (Default)

ONNX inference runs locally. Only detection metadata synced to platform. Raw video stays on device permanently. Bandwidth: ~1 KB per detection. Best for bandwidth-constrained field operations.

⏳

Deferred Upload

Raw clips flagged for review upload during configured off-peak windows. Full cloud analysis after upload. Bandwidth: controlled upload windows 02:00–06:00 by default. Best for high-value evidence.

✈

Air-Gapped

Zero network connection. All detections stored in encrypted SQLite. Results export to AES-256 encrypted USB drive for manual transfer to a connected IntelWeave instance. Best for classified facilities.

◆ Tech Stack

Tauri 2.0 (Rust)ONNX Runtimenotify (folder watch)rusqlite (SQLite)SHA-256 streamingreqwest (rustls-tls)React 18 UIAES-256 export

Visual Intelligence — Semantic Video Search

Find Any Moment in Any Footage

SentrySearch transforms passive CCTV archives into a queryable intelligence asset. Describe what you're looking for in plain language — or drop a reference image — and the engine scans thousands of indexed clips using Gemini Embedding 2 semantic vectors, on-device ONNX scene detection, and pgvector ANN search to surface every matching moment across your entire camera grid. Air-gapped operations are fully supported via local Qwen3-VL inference with no cloud dependency.

Offline Pipelines — Zero Cloud Dependency

💻

ONNX On-Device

YOLO scene-detection and feature extraction run via ONNX Runtime on CPU or GPU — no API calls required. Processes multi-hour recordings without egress.

🤖

Local Qwen3-VL

Vision-language model running fully on-device via DashScope-compatible local endpoint. Generates rich scene captions for semantic search without any cloud dependency.

🎬

FFmpeg Scene Detection

Boundary detection via scene-change histogram analysis. Segments continuous recordings into semantically coherent chunks before indexing.

🔁

Perceptual Hash Dedup

pHash comparison eliminates duplicate frames and near-identical clips before embedding, reducing index size by up to 60% on surveillance-style footage.

✈

Air-Gapped Export

Encrypted SQLite chunk store with AES-256 export for transfer to classified environments. Compatible with Desktop Agent chain-of-custody requirements.

Online Pipelines — Cloud-Accelerated

🌐

Gemini Embedding 2

Google's text-embedding-004 and multimodal embedding models generate 768-dim vectors stored in pgvector. ANN queries return sub-100ms similarity results across 100K+ chunks.

☁

Qwen Cloud (DashScope)

Alibaba Cloud DashScope API provides Qwen-VL-Max for high-accuracy scene captioning on uploads that exceed local GPU capacity. Automatic fallback to local inference.

📡

Live RTSP Ingestion

Real-time RTSP stream processor segments live camera feeds into rolling 30-second chunks, embeds them as they arrive, and makes them searchable within seconds of capture.

⚡

RunPod Serverless GPU

Burst GPU capacity via RunPod for batch re-indexing of large archives. Cost-efficient serverless model: 0 idle cost, spins up only when queued jobs exceed local capacity.

🔄

Inngest Batch Processing

Background indexing jobs managed via Inngest step functions. Chunked into survivable units that resume from last checkpoint after Vercel serverless timeouts.

Powered byGemini Embedding 2Qwen3-VLONNX RuntimeChromaDB-compatiblepgvectorInngest

SentrySearch — Live Demo

Video Search · Case #IW-2025-8841 · Entrance CamsINDEXED

🔍red truck at entrance 23:00Search

threshold: 0.78mode: textscope: cam-entrance-01, cam-entrance-02

✓ 3 results · scanned 1,247 chunks · 84ms

▶

23:02:14 – 23:02:44

cam-entrance-01 · Scene: vehicle approach

HIGH 0.94

▶

22:58:07 – 22:58:37

cam-entrance-02 · Scene: parking lot entry

MED 0.82

▶

23:11:55 – 23:12:25

cam-entrance-01 · Scene: vehicle departure

LOW 0.79

Pipeline:gemini-embed·1,247 chunks indexed·$0.42 total·pgvector ANN·HNSW index

Anomaly Highlights · Top 2

0.91
23:04:01 – 23:04:31

0.73
22:51:18 – 22:51:48

◆ Image Search Mode

Drop a reference image — a suspect photo, a vehicle crop — and SentrySearch finds all clips containing visually similar content via multimodal embedding comparison.

Security & Compliance

Government-Grade Security at Every Layer

Row Level Security on 194 database tables. JWT-backed sessions with step-up re-confirmation. SHA-256 agent tokens. Rate-limited AI endpoints. Full immutable audit trail. Built for the most sensitive investigations.

🔐

Row Level Security

RLS enabled on all 194 Postgres tables. Application connects via BYPASSRLS postgres user — security enforces on all direct and PostgREST access. Anonymous role fully locked down. No table is accessible without valid session context.

194 TablesRLS EnabledAnon RevokedPostgREST Locked

🛡

JWT Session Auth

Custom iw_session JWT cookie with DB-backed session validation. No NextAuth session storage — full custom control. Credentials-only login for admin access. Step-up re-confirmation required for destructive admin actions per session.

iw_session JWTDB ValidationStep-Up GateCredentials-Only

👥

6-Level RBAC

super_admin → org_owner → org_admin → analyst → operator → viewer → guest. Role-level numeric comparison via ROLE_LEVELS map. Every route gated via requireRole(). Org-level data isolation via orgId scoping on every DB query.

6 Role LevelsOrg IsolationRoute GatesorgId Scoping

📋

Immutable Audit Trail

Every admin action, investigation query, and AI Copilot request is logged with userId, timestamp, IP, action type, and resource ID. SIEM export ready. Tamper-evident via append-only design. Court-admissible under evidence disclosure requirements.

Immutable LogSIEM ExportIP CaptureCourt-Ready

🔑

Agent Token Security

Desktop agent registration tokens stored as SHA-256 hashes — never plaintext in the database. Token value shown only once at registration (one-time reveal). Constant-time hash comparison prevents timing attacks. Per-agent revocation with full audit entry.

SHA-256 HashOne-Time ShowTiming-Safe CmpPer-Agent Revoke

⚡

AI Rate Limiting

All AI endpoints — chat, case brief, next-step suggestion — rate-limited to 60 requests per 5-minute sliding window per organisation. In-memory sliding window counter with Retry-After headers. Prevents cost abuse without service disruption.

60 req/5minPer-Org LimitSliding WindowRetry-After

🔍

Zero Error Leakage

All internal DB errors, stack traces, and SQL messages logged server-side only. Clients receive only generic error messages. Admin route responses sanitised. No raw Postgres error codes exposed to non-admin users.

Server-Only LogsGeneric ResponsesNo Stack TracesSanitised Output

🌐

Search Path Hardening

All Postgres functions have a fixed search_path = public. Prevents schema injection and privilege escalation via search_path manipulation. Applied to 194+ application functions. Extension-owned functions documented as accepted residuals.

Fixed search_pathInjection Resistant194+ FunctionsDocumented Residuals

Platform Capabilities

Every Tool. One Platform.

32+ integrated analytical tools — not bolted together, but sharing the same graph, the same case data, and the same security model.

📡

Burner Phone Detection

Short lifespan + IMEI swap + SIM rotation + single-purpose call graph. Multi-factor composite score.

📍

Co-Location Analysis

Detect co-presence at same tower within any 30-minute window. Outputs co-location strength matrix.

⏱

Pre-Crime Surge Detection

Rolling 7-day baseline vs crime-window rate. Ratio >2× = coordinated planning signal. Auto-weighted.

🔇

Post-Crime Silence

48h call-rate collapse vs baseline. <20% = disposal/evasion. Cross-referenced with IMEI events.

💥

Coordinated Burst

≥3 numbers spiking simultaneously in 30-min buckets = operational synchronisation score.

🕸

Criminal Ring Detection

FRAUDAR suspicion scoring: edge density per √nodes. Camouflage-resistant. Court-explainable.

🔱

Bridge Node Identification

Nodes connecting two or more rings get +20 risk pts. Highest-value mastermind signal.

🌙

Night-Ops OPSEC Detection

>85% calls 22:00–05:00. Auto-flagged. IST timezone-aware for Indian workspaces.

🗺

Geo-Temporal Movement Mapping

CDR + tower + timestamp → full movement timeline. Visualise suspect location history over any date range.

🏛

Court-Ready Evidence Package

Full chain of custody, immutable audit log, SHA-256 hash, PDF export. INTERPOL evidence standards.

🤖

AI Copilot

"Who called Tower NW-04 during the robbery window?" — natural language to graph query in <2s.

🔐

Multi-Tenant RBAC

Org-level data isolation. 6-level role hierarchy. Per-workspace data scoping with orgId enforcement.

⚡

Live Video Streaming

RTMPS, SRT, WebRTC input. Monitor rules for automated detection-to-alert pipelines.

📊

Telemetry Dashboard

Live stream of every API call, scan event, detection, and agent heartbeat. P50/P95 latency tracking.

🌍

Cross-Border Intelligence

INTERPOL notice sharing, shared watchlists, cross-jurisdiction CDR correlation with encrypted tenant sharing.

⚖

AI Bias Audit Engine

Fairness review, model drift detection, explainability reports for oversight bodies and court submission.

🛡

Witness Protection Module

Protected subject tracking, threat levels, relocation management, secure access tiers.

🗳

Electoral Security Module

Polling station monitoring, incident tracking, fraud alert integration, real-time crowd heatmaps.

🏥

Corrections Intelligence

Inmate tracking, gang affiliation intel, risk level assessment, movement correlation with external events.

🔮

Predictive Crime Hotspots

CDR density + CCTV event frequency → crime probability heatmap. 24h and 7-day prediction windows.

💳

Usage & Billing Metering

Per-API-call billing, vendor cost metering, credit wallet management, usage analytics dashboard.

🔌

Adapter Registry

Plug in external geo, AI, video, storage, and graph providers without modifying core platform logic.

📂

Case Import & Migration

Bulk case import from legacy spreadsheets, CRUD history migration, workspace key assignment.

🔭

Temporal Anomaly Detection

90-day historical z-score per subscriber. Catches lone actors outside group patterns.

👤

Subscriber Risk Profiling

Composite profile: CDR risk + graph tier + IMEI history + temporal anomaly + ring membership.

📧

Alert & Notification Engine

Push alerts for hotspot triggers, ANPR hits, CDR spikes, geofence breaches. Configurable routing.

🗂

Forensic Status Tracking

Lab submission status, expected turnaround, result integration, solvability impact calculation.

⚔

War Room Collaboration

Real-time multi-analyst session. Shared canvas, annotated graph, case notes, NATS event streaming.

🔢

IMEI & MSISDN History

Full IMEI swap timeline, MSISDN-to-IMEI mapping, cloning detection, device fingerprinting.

📈

Investigation Progress Tracker

Solvability delta per case, parameter-level gaps, recommended next investigative actions.

🌐

Multi-Language CDR Ingestion

Handles CDR formats from 12+ telecom carriers. Column mapping wizard. Schema validation at ingest.

🔄

Inngest Background Engine

PageRank, community detection, large CDR batch processing — all in chunked background jobs.

Operational Use Cases

Built for the Hardest Investigations

IntelWeave CIOS is deployed for complex, multi-agency investigations where evidence is scattered across disconnected data silos and time is critical.

CASE-01

Organised Crime Networks

Investigators upload CDR exports from multiple suspect phones. IntelWeave runs all 9 detection passes simultaneously, detects ring structure via FRAUDAR, identifies the mastermind node via PageRank, and generates a bridge-node report showing which suspects connect multiple sub-rings.

◆ Outcome: Ring A (12 members) + Bridge nodes identified within 45 minutes of CDR upload. Court-ready PDF generated with full evidence chain.

CDR AnalysisRing DetectionPageRankCourt ReportBridge Nodes

CASE-02

Counter-Terrorism Operations

Tower dump from a 5km radius of an incident site ingested. Co-location analysis identifies which MSISDN pairs were physically together during the planning window. Temporal anomaly detection flags behavioural shifts 72h before the event. AI Copilot generates a natural-language suspect brief.

◆ Outcome: 14 co-located pairs flagged in planning window. 3 MSISDN numbers cross-matched to known watchlist entries. Multi-agency brief generated.

Tower DumpCo-LocationTemporal AnomalyAI CopilotWatchlist Match

CASE-03

Missing Persons Investigation

Last known tower location establishes a search origin. CDR movement timeline reconstructs the subject's route hour by hour. Contact network mapping identifies who last called them and from which tower. SIM swap detection flags if the phone was handed to another person.

◆ Outcome: Movement timeline reconstructed over 72h. Final tower location identified. Handoff event detected via IMEI change 18h before disappearance.

Movement TimelineContact NetworkSIM SwapTower LocationSolvability

CASE-04

Financial Crime & Fraud

CDR records cross-referenced with financial transaction timestamps. Money mule networks identified by call pattern clustering around transaction events. Fusion search correlates ANPR plate reads (cash pickup locations) with phone CDR at the same time and place.

◆ Outcome: Mule network of 9 accounts identified via CDR + ANPR fusion. Fusion search query returned correlated result in <3 seconds.

Fusion SearchANPR CorrelationMule NetworksFinancial RecordsCDR Timing

CASE-05

Election Security Operations

CCTV feeds from polling stations monitored via YOLO detection. Crowd density alerts trigger when thresholds exceeded. CDR communication patterns among known interference actors analysed during polling hours. Geo-tagged incident reports stream into Smart City dashboard for command visibility.

◆ Outcome: 2 geofence breach alerts during peak voting hours. CDR burst from 6 numbers near Station 4 correlated with ballot irregularity report.

Polling StationsGeofence AlertsCDR BurstIncident ReportingSmart City

CASE-06

Border & Immigration Intelligence

INTERPOL red notice cross-referencing on all ingested MSISDN numbers. Shared watchlist matching across participating agency tenants. Cross-border CDR correlation tracks suspect movement across jurisdictions using tower boundary data. Encrypted tenant data sharing under bilateral agreement.

◆ Outcome: 3 INTERPOL-listed numbers identified in CDR batch. Cross-border movement reconstructed across 2 jurisdictions from tower data.

INTERPOLWatchlistsCross-BorderEncrypted SharingJurisdiction Correlation

Why IntelWeave

From Manual Silos to Converged Intelligence

Legacy investigation workflows fragment evidence across spreadsheets, siloed tools, and manual processes. IntelWeave CIOS unifies everything in one secure, audited, AI-assisted platform.

Capability	Manual / Legacy Approach	◆ IntelWeave CIOS
CDR to risk score	Hours of manual Excel pivot analysis — error-prone, unaudited	9-pass automated scoring in minutes · composite 0–100 risk score
Criminal ring detection	Analyst manually draws link charts · misses SIM-rotating members	FRAUDAR + Louvain auto-detection · rotation-resistant · court-explainable
Solvability assessment	Gut feel at intake · no data-backed resource allocation	100-parameter score at intake + post-analysis delta · INTERPOL-backed
CCTV & CDR correlation	Manual timestamp matching across two separate systems	Geo-temporal fusion in single query · co-location in 30-min windows
Court evidence package	Manually assembled · inconsistent · no chain of custody audit trail	One-click PDF with SHA-256 hashes · full immutable audit log
Multi-agency data share	Email attachments · USB transfers · no access control	Encrypted org-level tenant isolation · shared watchlists · RBAC
AI investigation assist	Not available	Natural language: "Who called Tower NW-04 at 22:00?" — <2s response
Offline field scanning	Paper notes · photos on personal device · no custody chain	Desktop agent: ONNX on-device · SHA-256 · SQLite queue · AES-256 export
Mastermind identification	Senior analyst review of hundreds of call records — days of work	PageRank mastermind index + bridge-node +20pts bonus — minutes
Predictive hotspots	Historical crime maps refreshed monthly by data analyst	Real-time CDR + CCTV density heatmap · 24h and 7-day prediction windows

Platform Architecture

Production-Grade from Day One

Two isolated Postgres connections (App DB + Graph DB), Upstash Redis caching with tag invalidation, Inngest background jobs, and a multi-model AI engine with automatic provider fallback — built for government uptime requirements.

Signal Layer

CDR ingestion → 9-pass detection → composite risk score → subscriber profiles → solvability input

Graph Layer

FRAUDAR + Louvain + PageRank → ring registry + bridge nodes + mastermind index → Inngest jobs

Visual Layer

YOLO frame events → ANPR plate reads → face match events → evidence chain → desktop agent sync

Case Layer

Case lifecycle · evidence management · solvability engine · prosecution tracker · court export

Predictive Layer

Hotspot density · geo-temporal risk scoring · Smart City ops · emergency response routing

Fusion Layer

Cross-domain search · AI Copilot (multi-model) · War Room · live streaming · NATS event bus

Platform Layer

Auth (iw_session JWT) · multi-tenant RBAC · adapter registry · billing metering · telemetry · audit log

Frontend

Next.js 15 App RouterReact 19TypeScriptOutfit + JetBrains MonotRPCReact Query

Backend

Drizzle ORM (App DB)postgres.js (Graph DB)Supabase PostgreSQLInngest JobsSSE StreamingAPI Routes

AI / ML

Multi-Model EngineClaude Sonnet (Anthropic)Groq LLaMAGemini ProYOLO via RunPodONNX On-Device

Caching

Upstash Redis30s TTL + SWRTag InvalidationIn-Process CacheData Version Tokens

Security

iw_session JWTRLS on 194 TablesRBAC 6 LevelsSHA-256 Agent TokensFixed search_pathAudit Log

Research

INTERPOL INSIGHT FrameworkFBI Clearance StudiesUK Home Office 2013KDD 2016 FRAUDARPMC Forensic 2023

Deployed Across the Indo-Pacific

Ready to Close
More Cases?

Request a demo or access the platform directly. Our team is ready to onboard your agency within 48 hours.

Access Platform →Schedule a Demo

◆Government-Grade Security◆INTERPOL Research-Backed◆Multi-Agency Ready◆Court-Ready Evidence◆Offline Field Operations

The Command Centre forEvery Investigation