Sovereign AIP · On-prem · Open-weight Llama

The investigation engine that reasons over your world, not text about it.

Praheri is a sovereign financial-crime platform built on a typed ontology — a living digital twin of accounts, transactions, claims and companies. A local Llama traverses it to expose fraud rings, drafts the regulatory report, and proposes governed actions a human approves — every step audited, nothing leaving the building.

Launch the console → What is the ontology?

The console runs on-prem — by design, it never leaves your machine. Run it locally →

Zero external egress 6 sectors · 1 engine Copilot, not autopilot
6Ontologies
18Object types
18Link types
0Lines of engine code per vertical
The problem

An Indian bank cannot legally send this data to a frontier API.

RBI data-localization makes the cloud copilot a non-starter — and a black-box API can't be audited, fine-tuned, or trusted with a freeze decision. Praheri is the alternative: the entire intelligence layer runs on-prem on open-weight Llama, over a typed model of the institution's own world, with a human in the loop on every consequential action.

The foundation — the Ontology

Not a database. A digital twin of the organization.

Borrowing Palantir's framing: the ontology is a semantic layer — the nouns and how they relate — and a kinetic layer — how decisions are written back as governed actions. Your data stops being rows in a table and becomes a live, connected map of reality that both analysts and AI can reason over.

Semantic ·
Objects

Typed objects with properties

Every real-world entity becomes a typed object — an Account, a Transaction, a Claim, a Company — carrying its own properties. An object type is the table; an object is the row.

typeidproperties{}
Semantic ·
Links

Typed links between objects

Relationships are first-class and typed — sent →, serviced_by →, owns →. The links are the structure, so tracing a ring six hops out is a native graph traversal, not a recursive SQL nightmare.

linked_ids[]directedtraversable
Kinetic ·
Actions

Governed actions write decisions back

The model never mutates data directly. It proposes an action — freeze an account, file an STR, escalate a KYC review — which routes to a human approver and, on approval, is applied and audited. This is the closed loop: read the world → decide → act → the record updates.

proposehuman approvesaudit log
The differentiator — OAG

RAG retrieves text about your world. OAG retrieves the world itself.

Ontology-Augmented Generation feeds the model structured, typed, linked objects — not prose that mentions them. So the model reasons over ground-truth structure, and every claim it makes cites a real object ID. The fraud ring isn't described; it's traversed.

RAG · text retrieval

The model reads paragraphs and guesses

Ten fuzzy case notes are retrieved as prose. The model re-parses English to infer who connects to whom — and may invent a link that was never written, or miss one that was.

"Account 4471 received several transfers in March; the holder shares an address with a customer flagged last year…" → can't say it's 5 accounts / 12 txns → links are inferred, unverifiable
OAG · ontology retrieval

The model traverses real structure

The same ring is retrieved as typed objects with their actual links. The model follows the edges, sees the cycle, and names every node by ID. The structure is the evidence.

{ type:"Account", id:"ACC-4471", properties:{ risk: 0.91 }, linked_ids:["TXN-99","TXN-102"] } → 5 Account · 12 Transaction links → near-circular flow, cited by ID
Why Praheri

Sovereign by architecture. Governed by design.

01

Sovereign & open-weight

The whole stack runs on-prem on open-weight Llama. Compliance by construction, not by promise.

  • Your data never leaves the building
  • RBI localization is the architecture, not a setting
  • No per-token tax, no vendor lock-in
  • Auditable, fine-tunable weights
02

Copilot, not autopilot

The model proposes; a human approves; everything is audited. No mutation without a governed action.

  • High-stakes actions need a human signature
  • Freezes & filings route to an approval queue
  • Append-only audit: actor, time, model
  • Defensible in front of a regulator
03

One engine, six sectors

Swap the ontology cartridge and a new sector lights up — zero engine code changed.

  • The investigation loop is universal
  • Only the nouns change per vertical
  • Six verticals, one codebase
  • Build once, monetize six times
Triage Traverse Detect Decide Govern Audit

This pipeline is unchanged across all verticals.

The cartridges — six sectors

Same engine. Different ontology. Expand each to see what it does.

Each sector is a configuration — a set of typed objects, the signals to detect, and the governed actions a human approves. The engine underneath never changes.

🛡️ AML — Anti-Money-LaunderingThe hero · RBI · FIU-IND · STR filing +
Banks generate thousands of transaction-monitoring alerts a day; analysts drown in false positives while real laundering hides in the noise. Praheri traverses from the flagged account across its transaction links to counterparties, customers and shared devices to expose the surrounding network — then drafts a Suspicious Transaction Report grounded in object IDs.
Objects traversed
Account · Transaction · Device · Counterparty
Detects
Structuring / smurfing, layering, funnel accounts, circular mule flows
Governed action
request_account_freeze · file_str → MLRO approves
🚑 Insurance — Claims-Fraud SIUIRDAI · DPDP Act 2023 +
A single claim looks legitimate in isolation — organized fraud only shows up in the links between claims. Praheri traverses from a suspicious claim to its policyholder, repair garage, claimant and policy, surfacing entities that recur across supposedly unrelated claims. The signal is shared-node density: one workshop or person at the center of many "accidents."
Objects traversed
Claim · Garage · Claimant · Policy
Detects
Staged-accident rings, garage/provider collusion, identity reuse
Governed action
refer_to_siu — hold payout pending review
🏦 Lending — Early-Warning SignalsRBI EWS (>₹5 Cr) · Digital Lending 2022 +
Loans rarely go bad overnight; stress is visible months before an account is classified NPA, but the signals sit scattered across systems. Praheri traverses from a borrower to its loans, directors, related parties and repayment history to assemble a live risk picture — catching distress spreading through a shared-control network before it surfaces in the books.
Objects traversed
Borrower · Loan · Director · Inflow
Detects
EMI-bounce stress, common-director contagion, circular related-party lending
Governed action
margin_call · downgrade_rating (SMA)
📈 Wealth — Suitability & Mis-sellingSEBI IA Regs 2013 · SCORES +
Advisors face incentives to push high-commission products onto clients they don't fit, exposing the firm to SEBI action and restitution. Praheri traverses from a client to their suitability profile, sales, products and advisor, comparing what was sold against the client's documented risk appetite — and flagging advisors who breach repeatedly across a book.
Objects traversed
Client · SuitabilityProfile · Sale · Product · Adviser
Detects
Suitability breach, churning, advisor-level mis-selling clusters
Governed action
flag_misselling → compliance approves
🏢 Corporate — UBO / OwnershipRBI CDD/EDD · FATF Rec 24 +
Regulators require knowing the real human Ultimate Beneficial Owner behind a corporate customer, but ownership is deliberately obscured through layered holdings across jurisdictions. Praheri traverses the company-owns-company graph through multiple layers to compute effective control and resolve the true UBO — the signal is the shape of the ownership graph itself.
Objects traversed
Company · UBO via owns → shareholding
Detects
Circular / cross-holdings, shell layers, <25% threshold evasion
Governed action
escalate_kyc_review (Enhanced Due Diligence)
📦 Procurement — Maverick SpendInternal controls · DoA policy +
The non-financial proof of the platform thesis: enterprises lose margin and invite collusion when employees buy off-contract or split orders to dodge approval limits. Praheri traverses from a requisition to its vendor, budget and contract, checking spend against policy and the Delegation-of-Authority matrix — the exact same engine, a completely different ontology.
Objects traversed
Requisition · Vendor · Budget
Detects
Maverick spend, budget / DoA breach, invoice-splitting, vendor collusion
Governed action
approve_purchase_order — over-budget → same MLRO gate
See it run

Pick an alert. Watch the ring light up.

The live console runs the full loop: triage an alert, traverse the ontology, expose the fraud ring, draft the report, propose a freeze, approve it as the MLRO, and read the audit trail — all on-prem, with no network egress.

View source on GitHub → Run it locally →

Sovereign by design — the console can't be hosted on a public cloud without breaking the premise. It runs on your own machine, with no network egress.

Run it yourself

Five commands. Your machine. Zero egress.

The console is open source and runs entirely on-prem on open-weight Llama via Ollama. Clone it, point it at a local model, and the full investigation loop runs with no network calls.

terminal
# 1 · clone the repo
git clone https://github.com/surajsrivastava94/praheri-sovereign-aip.git
cd praheri-sovereign-aip

# 2 · python env + dependencies (Python 3.11+)
python -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt

# 3 · pull the open-weight models, then serve them locally
ollama pull llama3.1:8b
ollama pull nomic-embed-text
ollama serve

# 4 · generate the synthetic bank + planted fraud rings
python -m praheri.generate
python -m praheri.generate_verticals

# 5 · launch the console  →  http://localhost:8501
streamlit run app/streamlit_app.py
No GPU required for the 8B demo model · synthetic data only · nothing leaves your box. Need a hand? Email me →