OpenPlanter — Investigation Methodology Skill

Epistemic framework for cross-dataset investigation, entity resolution, and evidence-backed analysis. Extracted from the OpenPlanter recursive investigation agent and enriched with professional OSINT tradecraft (Admiralty System, ACH, FollowTheMoney schema, intelligence cycle methodology).

Claude Code already has the tools. This skill provides the methodology.

When to Use

• Cross-referencing heterogeneous datasets (corporate registries, campaign finance, lobbying, property records, contracts)
• Entity resolution across datasets with inconsistent naming
• Building evidence chains with provenance and confidence tiers
• Structured OSINT investigations requiring epistemic discipline
• Any analysis where claims need to trace to cited source records

Quick Start

# 1. Initialize workspace
python3 ~/.claude/skills/openplanter/scripts/init_workspace.py /path/to/investigation

# 2. Drop datasets into datasets/
cp campaign_finance.csv lobbying.json corporate_registry.csv /path/to/investigation/datasets/

# 3. Write an investigation plan
# → plans/plan.md (see references/output-templates.md for plan template)

# 4. Resolve entities across datasets
python3 ~/.claude/skills/openplanter/scripts/entity_resolver.py /path/to/investigation

# 5. Cross-reference linked entities
python3 ~/.claude/skills/openplanter/scripts/cross_reference.py /path/to/investigation

# 6. Validate evidence chains
python3 ~/.claude/skills/openplanter/scripts/evidence_chain.py /path/to/investigation

# 7. Score confidence
python3 ~/.claude/skills/openplanter/scripts/confidence_scorer.py /path/to/investigation

Investigation Methodology

Epistemic Discipline

Assume nothing about the environment until confirmed firsthand. These principles prevent the most common investigation failures:

1. Ground truth comes from files, not memory. Read actual data before modifying it, and read actual error messages before diagnosing. Model memory of data structure is unreliable—reading the file takes seconds, recovering from a wrong assumption takes minutes.
2. Empty output is ambiguous. If a command returns empty, cross-check with ls -la and wc -c before concluding a file is actually empty, because output capture mechanisms can silently lose data.
3. Success does not mean correctness. A command that "succeeds" may have done nothing. Check actual outcomes, not just exit codes. After downloading, verify with ls and wc -c. After extraction, verify expected files exist.
4. Verify round-trip correctness. After any data transformation (parsing, linking, aggregation), check the result from the consumer's perspective—load the output, spot-check records, verify row counts. Transformations that silently drop records are the most common source of wrong conclusions.
5. Three failures = wrong approach. If a command fails 3 times, change strategy entirely. Repeating an identical command expecting different results wastes context window.
6. Produce artifacts early. Write a working first draft of findings as soon as the requirements are clear, then iterate. An imperfect deliverable beats a perfect analysis with no output. If 3+ steps have passed without writing any output, stop and write—even if incomplete.

For the full epistemic framework (including data ingestion rules and hard rules from OpenPlanter's prompts.py), see references/investigation-methodology.md.

Entity Resolution Protocol

Pipeline: Normalize → Block → Compare → Score → Cluster → Review

Adapted from OpenPlanter's prompts.py, enriched with Middesk, OpenSanctions, and ICIJ patterns.

1. Normalize — Apply canonical key transformation: Unicode NFKD + diacritic stripping, case folding, legal suffix canonicalization (LLC/Inc/Corp/Ltd → canonical forms), punctuation removal, ampersand normalization (& → and). See references/entity-resolution-patterns.md for complete normalization tables and suffix maps.

2. Block — Reduce O(N^2) comparisons using blocking keys: first 3 characters of normalized name + state/jurisdiction, phonetic key (Soundex/Double Metaphone), token overlap via inverted index.

3. Compare — Pairwise similarity with cascading checks: real_quick_ratio() → quick_ratio() → ratio(). Use autojunk=False for entity names because strings under 200 characters produce false negatives with junk heuristics. Include token set comparison for word-order variants ("Apple Inc" vs "Inc Apple").

4. Score — Multi-signal weighted model:

   • Hard signals: TIN/EIN exact match (1.0), identical phone E.164 (0.8), identical email (0.8)
   • Soft signals: name similarity (0.5), address fuzzy (0.2), state match (0.1)
   • Hard disqualifiers: TIN mismatch when both present (-0.5), country mismatch (-0.5)

5. Cluster — Group via transitive closure using Union-Find. Gate closure so all pairwise scores exceed threshold—this prevents chain errors where A≈B and B≈C but A≉C. Exclude registered agent addresses from triggering transitive closure alone, because thousands of entities share the same registered agent.

6. Review — Flag by confidence band:

   • Score >= 0.85: auto-match (confirmed)
   • Score 0.70-0.84: queue for review (probable)
   • Score 0.55-0.69: include in wide net (possible)
   • Score < 0.55: discard

Evidence Chain Construction

Every claim traces to a specific record in a specific dataset. This is what separates investigation from speculation.

Claim
  └── Evidence Item
        ├── type: document | record | image | testimony
        ├── source_ref → Source
        │     ├── url / file path
        │     ├── collection_timestamp
        │     ├── source_type: primary | secondary | tertiary | official | unofficial
        │     └── reliability_grade: A–F (Admiralty)
        ├── credibility_grade: 1–6 (Admiralty)
        ├── corroboration_status: single | corroborated | contradicted | unresolvable
        └── match_details (if cross-reference)
              ├── fields_matched: [name, address, ein]
              ├── match_type: exact | fuzzy | address-based
              └── link_strength: weakest criterion in the chain

Key principles:

• Distinguish direct evidence (A appears in record X), circumstantial evidence (A's address matches B's address), and absence of evidence (no disclosure found)
• Document every hop in a multi-step chain with source record, linking field, and match quality
• Link strength = weakest criterion in the chain (a chain is only as strong as its weakest link)
• Track source lineage to detect circular reporting—Source B citing Source A is not independent corroboration

Confidence Tiers

Based on the Admiralty System (NATO AJP-2.1), adapted for dataset investigation:

Sherman Kent probability mapping:

• Confirmed ≈ "almost certain" (93-99%)
• Probable ≈ "likely" (75-85%)
• Possible ≈ "chances about even" (45-55%)
• Unresolved ≈ insufficient basis for estimate

Verification Principle

Implementation and verification must be uncorrelated. An agent that performs an analysis introduces systematic bias when self-verifying—it "knows" what the answer should be and unconsciously confirms it. Use the implement-then-verify pattern:

Step 1: Perform entity resolution and cross-referencing (analysis agent)
Step 2: Read the result files
Step 3: Independent verification (separate agent or separate pass with no shared context from step 1):
        - Load output files fresh
        - Spot-check N random records against raw source data
        - Verify row counts match expectations
        - Run validation script
        - Report raw output only

The verification executor has no context from the analysis executor. It runs commands and reports output, making its evidence independent.

Anti-bias checks:

• Confirmation bias: Score hypotheses by inconsistency count (ACH), not confirmation count, because disconfirming evidence is more diagnostic
• Anchoring: Do not rank hypotheses until evidence collection is complete
• Circular reporting: Track source lineage; verify independence of collection paths before counting corroborations
• Satisficing: Require minimum 3 competing hypotheses before scoring—this prevents premature commitment to the first plausible explanation

Analysis Output Standards

Include in all investigation deliverables:

1. Methodology section: Sources used, entity resolution approach, linking logic, known limitations
2. Confidence breakdown: Count of findings per tier (confirmed/probable/possible/unresolved)
3. Evidence appendix: Every hop, every source record cited, every match score
4. Structured output: JSON for machine-readable (findings/), Markdown for human-readable (findings/)
5. Provenance: For each dataset—source URL/path, access timestamp, transformations applied

See references/output-templates.md for ready-to-use templates (investigation plans, summaries, evidence chains).

Integration Modes

The skill operates in three modes based on investigation complexity:

One-command pipeline for any mode: investigate.py /path/to/workspace --phases all

RLM Delegation — Provider-Agnostic

The RLM agent auto-detects the LLM provider from the model name. Works with any provider the agent supports:

# Anthropic (default)
python3 scripts/delegate_to_rlm.py --objective "..." --workspace DIR --model claude-sonnet-4-5-20250929

# OpenAI
python3 scripts/delegate_to_rlm.py --objective "..." --workspace DIR --model gpt-4o

# OpenRouter (any model via slash routing)
python3 scripts/delegate_to_rlm.py --objective "..." --workspace DIR --model anthropic/claude-sonnet-4-5

# Ollama (local inference, air-gapped)
python3 scripts/delegate_to_rlm.py --objective "..." --workspace DIR --provider ollama --model llama3

# Cerebras (model name doesn't contain "cerebras", so specify --provider)
python3 scripts/delegate_to_rlm.py --objective "..." --workspace DIR --model qwen-3-235b-a22b-instruct-2507 --provider cerebras

# Resume a previous investigation session
python3 scripts/delegate_to_rlm.py --resume abc123 --workspace DIR

# List saved sessions
python3 scripts/delegate_to_rlm.py --list-sessions --workspace DIR

# Control reasoning depth
python3 scripts/delegate_to_rlm.py --objective "..." --workspace DIR --reasoning-effort high

# List available models for a provider
python3 scripts/delegate_to_rlm.py --list-models --provider ollama

Provider auto-detection: claude-* → anthropic, gpt-*/o1-*/o3-* → openai, org/model → openrouter, *cerebras* → cerebras, llama*/qwen*/mistral*/gemma* → ollama. For models without a recognizable prefix, pass --provider explicitly.

API keys pass through environment variables: ANTHROPIC_API_KEY, OPENAI_API_KEY, OPENROUTER_API_KEY, CEREBRAS_API_KEY (or OPENPLANTER_-prefixed variants). Ollama requires no API key. Set OPENPLANTER_REPO to override local clone discovery.

Scripts Reference

All scripts use Python stdlib only. Zero external dependencies. External tools (Exa, Firecrawl, OpenPlanter agent) are invoked as subprocesses.

Core Analysis

Data Collection & Enrichment

Specialized Data Fetchers

Individual scripts for targeted government and public data sources. All use Python stdlib only, produce JSON + provenance sidecar, and support --dry-run and --list.

Usage pattern (all fetchers follow the same interface):

python3 scripts/fetch_sam.py /tmp/investigation --query "Raytheon" --state CT
python3 scripts/fetch_epa.py /tmp/investigation --state TX --query "Refinery"
python3 scripts/fetch_icij.py /tmp/investigation --entity "Mossack" --type intermediary
python3 scripts/fetch_propublica990.py /tmp/investigation --ein 237327340
python3 scripts/fetch_census.py /tmp/investigation --state 36 --county "*"
python3 scripts/fetch_osha.py /tmp/investigation --sic 2911 --state TX

Orchestration & Delegation

Knowledge Graph

Supports entity lookup, neighbor traversal, BFS path finding, full-text search, and graph statistics. Reads NetworkX node-link JSON graphs produced by OpenPlanter's wiki_graph.py during delegated investigations.

Skill Integration

OpenPlanter methodology composes with existing Claude Code skills:

US Public Records Datasets

Key datasets and their linking keys for cross-reference investigations:

Cross-dataset linking challenge: No universal corporate ID exists in US public records. The standard approach: normalize names, fuzzy match, filter by jurisdiction/address, then anchor on known IDs (CIK, committee_id, EIN, UEI, CAGE, FRS ID) when available.

Multi-Agent Investigation

For complex investigations requiring parallel workstreams, use minoan-swarm. Separate the verifier agent from analysis agents to maintain uncorrelated verification—the verifier receives only output files and verification criteria, with no shared context from the analysis phase.

See references/investigation-methodology.md for the full swarm role template (keret, kothar, resheph, anat, shapash).

Structured Analytical Techniques

For complex scenarios with multiple possible explanations, apply Analysis of Competing Hypotheses (ACH) and Key Assumptions Check. These techniques are detailed in references/investigation-methodology.md.

ACH summary: Build a matrix of hypotheses vs. evidence. Score by inconsistency count (fewest I markers wins), not confirmation count. This counteracts confirmation bias because disconfirming evidence is more diagnostic than supporting evidence. Identify linchpin evidence whose reclassification would change the conclusion.

Deep References

• references/investigation-methodology.md — Full epistemic framework, ACH procedure, Key Assumptions Check, multi-agent swarm template
• references/entity-resolution-patterns.md — Complete normalization tables, suffix maps, address canonicalization
• references/output-templates.md — JSON/Markdown templates for investigation plans, summaries, and evidence chains
• references/public-records-apis.md — API endpoints, auth, rate limits, linking keys for SEC, FEC, LDA, OFAC, USAspending, Census, EPA, ICIJ, OSHA, ProPublica 990, SAM.gov

OpenPlanter Tool to Claude Code Mapping

No capability gap. The methodology is what matters, not the tooling.