Investigation Workflow

the fraud platform AI-Native Fraud Investigation Platform — Agent Sequence

A flagged fraud case triggers an agentic workflow. Claude autonomously decides which tools to call, gathers evidence in parallel, synthesizes findings, and produces a report with confidence levels. Every tool call is traced to LangFuse. Sensitive actions require analyst approval.

sequenceDiagram participant P as Fraud Platform participant K as Kafka participant A as Claude Agent participant T1 as closest_user_search participant T2 as cluster_search participant T3 as transaction_explainer participant T4 as model_explainer participant L as LangFuse participant AN as Analyst P->>K: case.flagged Note over P: $2,499 crypto purchase
2-hour-old account
device overlap detected K->>A: Start investigation workflow activate A Note over A: Evaluate case context
Select tools to call par Parallel tool calls A->>T1: user_id=usr_f83a1c activate T1 T1-->>A: 2 matches (91%, 84%) deactivate T1 A->>L: span: closest_user_search and A->>T2: user_id=usr_f83a1c activate T2 T2-->>A: ring_12 (3 accounts) deactivate T2 A->>L: span: cluster_search and A->>T3: txn_id=TXN-98231 activate T3 T3-->>A: high-risk + velocity spike deactivate T3 A->>L: span: transaction_explainer and A->>T4: case_id=CASE-4871 activate T4 T4-->>A: device 34%, age 27% deactivate T4 A->>L: span: model_explainer end Note over A: Synthesize evidence
Separate facts vs signals
Generate recommendation A->>L: recommendation: BLOCK (95%) A->>AN: Investigation report deactivate A Note over AN: Review evidence
Approve/reject action AN->>K: case.action_confirmed Note over AN: Block transaction
Freeze ring members

Tools Called

4 tools — parallel

closest_user_search
cluster_search
transaction_explainer
model_explainer

Agent Turns

2 turns to completion

Turn 1: Claude calls all 4 tools in parallel.
Turn 2: Synthesize evidence into structured report with confidence level.

Observability

Full LangFuse trace

Root trace: investigation-CASE-4871
Child spans per tool call with input/output captured.

Guardrails

Evidence-grounded output

Every finding cites which tool produced it. Unsupported claims are blocked. Sensitive actions flagged for analyst approval.

Output Structure

Facts • Signals • Recommendation

Verified facts from tools. Model-derived risk signals. Recommendation with confidence level. Approval requirement.

Try It

fraud-platform crypto_new_account --verbose

Run the working prototype to see this exact workflow in action. Traces sent to LangFuse automatically.

This is not a hypothetical diagram. The sequence above matches the actual agent prototype output. Claude calls all four the fraud platform tools, synthesizes evidence, and produces the investigation report shown here. Run fraud-platform crypto_new_account --verbose to see it live.