Claude Sleuth: A 56-Task Investigation Workflow for Claude AI

What Claude Sleuth Does

Claude Sleuth is a 6-phase, 56-task workflow designed for Claude AI that structures complex investigations. The workflow consists of: Operational Direction, Intelligence Collection, Collation & Entity Resolution, Chronological & Relational Processing, Hypothesis & Reasoning, and concludes with a Final Report. It provides templates for every step and reference files for each task, which are output by task_runner.py upon completion of each gate. The system works across all Claude platforms including mobile, not just CLI.

Core Architecture

The system maintains persistent investigation state across sessions via Cloudflare D1, storing entities, relationships, timelines, evidence, grades, and the Investigation Notebook. It includes 16-section Cognitive Surrogate Profiling from documentary evidence, advancing the profile whenever subject information is synthesized, plus a 12-technique reasoning framework with a diagnose function for impasses, competing framing, or stuck points.

Analytical Frameworks

• Admiralty 6x6: Grades source reliability (A–F) and credibility (1–6) independently before any claim enters the record
• ACH: Derives conclusions via the Inconsistency Principle — surviving hypotheses have the least evidence against them
• ICD 203: Maps every probabilistic statement to a 7-tier scale, prohibiting vague qualifiers

Output Conventions

• Timestamps: ISO 8601, normalized to UTC
• Entity records: POLE schema with mandatory source, date_observed, analyst_id, and confidence fields
• Network edges: source_node, target_node, relationship_type, evidence_ref; edges are directed (source → target)
• Evidence custody: SHA-256 hash, capture timestamp, analyst ID, storage location
• Probability language: ICD 203 7-tier scale

Script Reference

• task_runner.py: Drives the 56-task pipeline (next, done, status, jump, peek, notebook, reset)
• template_builder.py: Assembles Markdown working documents from templates/ by phase, step, or task ID
• source_grader.py: Admiralty 6x6 source reliability and credibility grading with action recommendations
• entity_resolver.py: Fellegi-Sunter probabilistic record linkage; deterministic matching on unique identifiers
• corporate_intel.py: Aggregates company data from UK Companies House, SEC EDGAR, GLEIF LEI, and ICIJ Offshore Leaks
• domain_intel.py: Domain reconnaissance via DNS, RDAP, crt.sh, Shodan InternetDB — zero authentication required
• username_enum.py: Async username enumeration across social platforms using Maigret, Sherlock, or WhatsMyName
• sanctions_screen.py: Fuzzy name matching against OFAC SDN, UK HMT, and other public sanctions lists
• evidence_preservation.py: Forensic web capture: screenshots, HTML, WARC, Wayback submission, SHA-256 chain of custody
• content_archiver.py: Async media download and cataloguing via yt-dlp, gallery-dl, and Playwright with manifest generation
• chronological_matrix.py: UTC-normalised timeline construction; gap detection, source conflict flagging, CSV export
• network_graph.py: Directed POLE relationship graph; in/out-degree, PageRank, community detection, HTML/GEXF export
• geolocation.py: EXIF GPS extraction, solar position/shadow analysis, historical weather correlation, reverse geocoding
• financial_analysis.py: SEC EDGAR financial anomaly detection: Benford's Law, YoY variance, Altman Z-Score
• report_generator.py: ICD 203-compliant briefings and findings memos via Jinja2 templates; optional WeasyPrint PDF export

Who It's For

This workflow is designed for developers and analysts using Claude AI for structured investigations, intelligence gathering, or complex research projects requiring standardized methodologies and persistent state management.