Flag Flow

FlagFlow uses cascading AI agents to automate crypto AML investigations. The Research Agent analyzes on-chain data and counterparties with sanctions checks on publicly available data on the web.

Comment

TRM Labs: real-time crypto risk insights and case workflows.

  • Pain point: AML teams lack an “agentic” way to turn vague leads into structured, multi-step investigations that blend OSINT, geo risk, and transaction patterns.
  • Goal: Kick off a multi‑agent crypto AML investigation from a single prompt, then grow evidence and context live.

What It Does

  • Starts with a short input + dynamic follow‑ups (Cluade) to collect context (wallets, tx purpose, jurisdictions).
  • Launches an agent cascade (OSINT → Geo → Pattern → Chain) streamed via SSE; UI shows a live, readable trace.
  • Produces an “OSINT Report” node with actionable summary; one‑click actions spawn Geo/Pattern analyses.
  • Expands the canvas with mock geo nodes (A → B → C) and pattern findings.
  • Downloads a compliance report (markdown) and persists memory signals to Redis.

How We Built It

  • Frontend: Next.js + ReactFlow + Tailwind
    • Streaming toast parses Claude tool events (Task/WebSearch/TodoWrite/results).
    • Report node (markdown‑like rendering), Location nodes, demo mode (?demo=true).
  • Backend: FastAPI (Python)
    • Unified /investigate SSE endpoint (accepts prompt or context).
    • Claude orchestrator (Task subagents), Redis memory store, per‑request JSONL logs in ml/logs.

Challenges We Ran Into

  • SSE JSON: serializing SDK objects (TextBlock) without breaking the stream.
  • Dev reload loops: file logging inside watched dirs causing failures; moved/controlled logs.
  • Event parsing UX: mapping Claude tool messages into concise, useful UI updates.

Accomplishments That We’re Proud Of

  • End‑to‑end “prompt → follow‑ups → cascade → report → next‑actions” loop.
  • Live, readable stream trace with smart tool parsing.
  • Neat Report node with one‑click Geo/Pattern follow‑ups and geo expansion.
  • Simple, robust memory hooks (learning_update + Redis) and per‑request logs for audits.

What We Learned

  • Good prompts radically improve agent handoffs (OSINT → Geo/Pattern) and reduce noise.

What’s Next for Flag Flow

  • blockchain analytics: live cluster lookups, on‑chain risk scoring, sanctions/watchlist APIs.
  • Entity resolution: link wallet clusters to exchanges/beneficiaries; enrich OSINT with adverse media.
  • Case management: SAR export templates, investigator notes, role-based access, audit trails.
  • Rich report rendering: full Markdown/PDF export, edge labels, map overlays.
  • Policy engine + confidence tuning: feedback loops to improve pattern confidence and reduce false positives.

Built With

Share this project:

Updates