mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-05-18 04:41:56 +00:00
5f91b1a48b
* feat(skills): add osint-investigation optional skill (closes #355) Phase-1 public-records OSINT investigation framework adapted from ShinMegamiBoson/OpenPlanter (MIT). Lives in optional-skills/research/. Six data-source wiki entries (FEC, SEC EDGAR, USAspending, Senate LD, OFAC SDN, ICIJ Offshore Leaks), each following the 9-section template: summary, access, schema, coverage, cross-reference keys, data quality, acquisition, legal, references. Six stdlib-only acquisition scripts that emit normalized CSV, plus three analysis scripts: - entity_resolution.py — three-tier match (exact / fuzzy / token overlap) with explicit confidence per row - timing_analysis.py — permutation test for donation/contract timing correlation, joins through cross-links - build_findings.py — assembles structured findings.json with evidence chains pointing back to source rows Validation: full pipeline runs end-to-end on synthetic fixtures. Entity resolution found 24 cross-matches with 0 false positives on a 5-row / 4-row test set. Timing analysis on 5 donations clustered near 3 awards returned p=0.000, effect size 2.41 SD. Findings JSON correctly tags HIGH-severity timing pattern. All 9 scripts pass --help and py_compile. Docs site page auto-generated by website/scripts/generate-skill-docs.py; sidebar + catalog entries updated by the same generator. * fix(osint-investigation): live API fixes from end-to-end sweep Live-tested the skill on a real public-citizen query and found three bugs the synthetic E2E missed. All three are now fixed and re-verified. 1. FEC fetch hung on contributor name searches. The combination of two_year_transaction_period + sort=date + contributor_name puts the OpenFEC query plan on a slow path that the upstream gateway times out (25s+). Switched to min_date/max_date with no explicit sort. Renamed --candidate to --contributor (the original name was misleading: FEC searches by donor, not by candidate; --candidate is kept as a deprecated alias). Added --state filter for narrowing. 2. ICIJ Offshore Leaks reconcile endpoint returns 404. ICIJ removed the Open Refine reconciliation API. Rewrote fetch_icij_offshore.py to download the official bulk CSV ZIP (~70 MB, public, no auth) and search it locally. Cached under $HERMES_OSINT_CACHE/icij/ (default ~/.cache/hermes-osint/icij/) for 30 days, --force-refresh to refetch. Verified live: 'PUTIN' query returns 5 Panama Papers officer matches in 0.5s after first download. 3. SEC EDGAR silently returned 0 when the company-name resolver matched an individual Form 3/4/5 filer (insider trading disclosures). Now surfaces 'Resolved company X → CIK Y (Z)' on stderr, prints a filing-type histogram when the type filter wipes results, and explicitly warns when the matched CIK appears to be an individual filer rather than a corporate registrant. Bonus: _http.py was retrying 429 responses with exponential backoff plus honoring (often-missing) Retry-After headers, which compounded into multi-second hangs per page when the upstream key was over quota. Changed to fail-fast on 429 with a clear, actionable error showing the upstream's quota message. Verified: 0.3s fast-fail vs the previous 60s hang on DEMO_KEY rate-limit exhaustion. Updated SKILL.md, fec.md, and icij-offshore.md to match the new CLI flags and ICIJ bulk-cache flow. Regenerated the docusaurus page via website/scripts/generate-skill-docs.py. Live sweep results across all 6 sources for 'Dillon Rolnick, New York': - OFAC SDN: 0 matches ✓ (correctly not sanctioned) - USAspending: 0 matches ✓ (correctly not a federal contractor) - Senate LDA: 0 matches ✓ (correctly not a lobbying client) - SEC EDGAR: warns it resolved to 'Rolnick Michael' (CIK 0001845264) who is an individual Form 3 filer, not a corporate registrant - ICIJ: 0 matches ✓ (correctly not in any offshore leak) - FEC: rate-limited (DEMO_KEY); fails fast with clear quota message * feat(osint-investigation): expand to 12 sources covering identity, property, courts, archives, news Phase-2 expansion per Teknium feedback that the original 6-source skill (federal financial/regulatory only) wasn't a complete OSINT toolkit. Adds 6 more sources covering the major omissions a real investigation would reach for first. New sources (6 fetch scripts + 6 wiki entries): 1. NYC ACRIS — Real property records (deeds, mortgages, liens) via the city's Socrata API. Search by party name or property address. Joins Parties to Master to populate doc_type, dates, borough, and amount. Coverage: 5 NYC boroughs, ~70M party records, 1966-present. 2. OpenCorporates — Global corporate registry covering 130+ jurisdictions (~200M companies). Free API token at https://opencorporates.com/api_accounts/new raises the rate limit; HTML fallback works without one (limited fields). 3. CourtListener (Free Law Project) — federal + state court opinions (~10M back to colonial era) + PACER dockets via RECAP. Anonymous v4 search works; COURTLISTENER_TOKEN raises rate limits. 4. Wayback Machine CDX — historical web captures (~900B+). Used both for surveillance-of-record (when did this site change?) and as a content-recovery layer when other sources point to dead URLs. 5. Wikipedia + Wikidata — narrative bio + structured facts. Wikipedia OpenSearch for article matching, REST summary for extracts, Wikidata Action API (wbgetentities) for claims. Avoids the SPARQL Query Service which is aggressively rate-limited. 6. GDELT 2.0 DOC API — global news monitoring in 100+ languages, ~2015-present. Auto-retries with 6s backoff on the standard 1-req-per-5-sec throttle. Other changes in this commit: - SEC EDGAR no longer raises SystemExit when the company-name resolver finds no CIK; writes an empty CSV with header so the rest of a pipeline can keep moving and the warning is just on stderr. - _http.py User-Agent updated per Wikimedia policy: includes app name, version, and a 'set HERMES_OSINT_UA to identify yourself' instruction. - SKILL.md workflow now groups sources into two clusters (federal financial vs identity/property/courts/archives/news) with bash examples for each. 'When to use this skill' lists the broader set of investigation patterns the expanded sources unlock. Live sweep results on 'Dillon Rolnick, New York' across all 12 sources: ofac ✓ 0 (correctly clean) icij ✓ 0 (correctly not in any leak) usaspending ✓ 0 (correctly not a federal contractor) senate_lda ✓ 0 (correctly not a lobbying client) sec_edgar ✓ 0, warns: resolved to 'Rolnick Michael' (CIK 0001845264), individual Form 3 filer, NOT a corporate registrant fec — rate-limited (DEMO_KEY exhausted), fails fast with clear quota message nyc_acris ✓ 200 records named Rolnick across NYC; 48 records at 571 Hudson (the property the web identifies as his) opencorporates ✓ 0 (no API token configured; HTML fallback) courtlistener ✓ 0 for 'Dillon Rolnick'; 20 for 'Rolnick' generally; 5 for 'Microsoft' sanity check wayback ✓ 30 captures of nousresearch.com from 2011-present wikipedia ✓ 0 (correctly not notable enough); Bill Gates sanity returns full structured facts (occupation, employer, DOB, place of birth, country) gdelt ✓ 0 for 'Dillon Rolnick'; 5 for 'Nous Research' All 17 scripts compile clean and pass --help. Synthetic analysis pipeline regression still passes (entity_resolution 30 matches, timing p=0.000, findings 2). * feat(osint-investigation): remove FEC; DEMO_KEY rate-limits make it unreliable The FEC fetcher consistently failed the live sweep because the OpenFEC DEMO_KEY tier (40 calls/hour) exhausts on a single investigation, and the upstream returns slow-path query plans for unindexed contributor-name searches that the gateway times out. Without a real API key it's not usable; with one the user has to sign up at api.data.gov first. That's too much setup friction for a skill that should work out of the box. Removed: - scripts/fetch_fec.py - references/sources/fec.md Updated: - SKILL.md frontmatter description + tags - 'When NOT to use' now points users at https://www.fec.gov/data/ for federal donations - entity_resolution example switched from donor↔contractor to lobbying-client↔contractor (Senate LDA + USAspending pair) - timing_analysis example switched to lobbying-filings vs awards - 8 wiki entries had their 'FEC ↔ ...' cross-reference bullets removed 11 sources remain (5 federal financial + 6 identity/property/courts/ archives/news). All scripts compile, pass --help, and the synthetic analysis pipeline still passes on the new lobbying-shaped regression fixture (30 matches, p=0.000 on tight clustering, 2 findings).
267 lines
9.2 KiB
Python
267 lines
9.2 KiB
Python
#!/usr/bin/env python3
|
|
"""Search Wikipedia + Wikidata for an entity (person, company, place, concept).
|
|
|
|
Two free APIs:
|
|
- Wikipedia OpenSearch + REST summary endpoint for narrative bio
|
|
- Wikidata SPARQL endpoint for structured facts (birth, employer, awards, etc.)
|
|
|
|
Both are anonymous-access. Useful for resolving who-is-this-entity questions
|
|
and surfacing cross-references that other sources can join against.
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
import argparse
|
|
import csv
|
|
import json
|
|
import re
|
|
import sys
|
|
import urllib.parse
|
|
from pathlib import Path
|
|
|
|
sys.path.insert(0, str(Path(__file__).parent))
|
|
from _http import get_json # noqa: E402
|
|
|
|
WP_OPENSEARCH = "https://en.wikipedia.org/w/api.php"
|
|
WP_SUMMARY = "https://en.wikipedia.org/api/rest_v1/page/summary/"
|
|
WD_ACTION = "https://www.wikidata.org/w/api.php"
|
|
|
|
COLUMNS = [
|
|
"source",
|
|
"label",
|
|
"description",
|
|
"qid",
|
|
"wikipedia_title",
|
|
"wikipedia_url",
|
|
"wikidata_url",
|
|
"instance_of",
|
|
"country",
|
|
"occupation",
|
|
"employer",
|
|
"date_of_birth",
|
|
"place_of_birth",
|
|
"summary",
|
|
]
|
|
|
|
|
|
def _wp_search(query: str, limit: int) -> list[dict]:
|
|
params = {
|
|
"action": "opensearch",
|
|
"search": query,
|
|
"limit": str(min(limit, 20)),
|
|
"format": "json",
|
|
}
|
|
url = f"{WP_OPENSEARCH}?{urllib.parse.urlencode(params)}"
|
|
data = get_json(url)
|
|
if not isinstance(data, list) or len(data) < 4:
|
|
return []
|
|
titles, descs, urls = data[1], data[2], data[3]
|
|
out = []
|
|
for i, title in enumerate(titles):
|
|
out.append(
|
|
{
|
|
"title": title,
|
|
"description": descs[i] if i < len(descs) else "",
|
|
"url": urls[i] if i < len(urls) else "",
|
|
}
|
|
)
|
|
return out
|
|
|
|
|
|
def _wp_summary(title: str) -> dict:
|
|
"""Pull the REST summary for a title — short bio, image, type."""
|
|
url = f"{WP_SUMMARY}{urllib.parse.quote(title.replace(' ', '_'))}"
|
|
try:
|
|
return get_json(url) # type: ignore[return-value]
|
|
except Exception as e: # noqa: BLE001
|
|
print(f"Wikipedia summary lookup for {title!r} failed: {e}", file=sys.stderr)
|
|
return {}
|
|
|
|
|
|
def _wd_lookup_by_qid(qid: str) -> dict:
|
|
"""Pull common facts for a QID via Wikidata's Action API (no SPARQL).
|
|
|
|
The Action API is far more lenient on rate-limits than the SPARQL Query
|
|
Service. We get claims as QIDs and then resolve labels in one batch call.
|
|
"""
|
|
# Properties of interest. The Action API returns claims as QIDs or
|
|
# typed literals, so the slot mapping is local-only.
|
|
interesting = {
|
|
"P31": "instance_of",
|
|
"P17": "country", # for orgs / places
|
|
"P27": "country", # for individuals (country of citizenship)
|
|
"P106": "occupation",
|
|
"P108": "employer",
|
|
"P569": "date_of_birth",
|
|
"P19": "place_of_birth",
|
|
}
|
|
params = {
|
|
"action": "wbgetentities",
|
|
"ids": qid,
|
|
"props": "claims",
|
|
"format": "json",
|
|
}
|
|
url = f"{WD_ACTION}?{urllib.parse.urlencode(params)}"
|
|
try:
|
|
data = get_json(url)
|
|
except Exception as e: # noqa: BLE001
|
|
print(f"Wikidata wbgetentities for {qid} failed: {e}", file=sys.stderr)
|
|
return {}
|
|
if not isinstance(data, dict):
|
|
return {}
|
|
claims = (data.get("entities", {}).get(qid, {}) or {}).get("claims", {}) or {}
|
|
|
|
# Collect raw values (QIDs or literals) and remember which slot each
|
|
# came from. Date literals come back as ISO strings; QIDs need a label
|
|
# resolution pass.
|
|
qid_to_slots: dict[str, list[str]] = {}
|
|
facts: dict[str, list[str]] = {}
|
|
for prop_id, slot in interesting.items():
|
|
for claim in claims.get(prop_id, []) or []:
|
|
v = (claim.get("mainsnak", {}) or {}).get("datavalue", {}) or {}
|
|
vtype = v.get("type")
|
|
value = v.get("value")
|
|
if vtype == "wikibase-entityid" and isinstance(value, dict):
|
|
vqid = value.get("id", "")
|
|
if vqid:
|
|
qid_to_slots.setdefault(vqid, [])
|
|
if slot not in qid_to_slots[vqid]:
|
|
qid_to_slots[vqid].append(slot)
|
|
elif vtype == "time" and isinstance(value, dict):
|
|
raw = value.get("time", "") or ""
|
|
# +1955-10-28T00:00:00Z → 1955-10-28
|
|
m = re.search(r"[+-]?(\d{4})-(\d{2})-(\d{2})", raw)
|
|
if m:
|
|
facts.setdefault(slot, []).append(
|
|
f"{m.group(1)}-{m.group(2)}-{m.group(3)}"
|
|
)
|
|
elif vtype == "string":
|
|
facts.setdefault(slot, []).append(str(value))
|
|
|
|
# Resolve labels for all referenced QIDs in one batch (up to 50 at a time).
|
|
qids = list(qid_to_slots)
|
|
for i in range(0, len(qids), 50):
|
|
batch = qids[i : i + 50]
|
|
params = {
|
|
"action": "wbgetentities",
|
|
"ids": "|".join(batch),
|
|
"props": "labels",
|
|
"languages": "en",
|
|
"format": "json",
|
|
}
|
|
url = f"{WD_ACTION}?{urllib.parse.urlencode(params)}"
|
|
try:
|
|
data = get_json(url)
|
|
except Exception as e: # noqa: BLE001
|
|
print(f"Wikidata label batch failed: {e}", file=sys.stderr)
|
|
continue
|
|
if not isinstance(data, dict):
|
|
continue
|
|
ents = data.get("entities", {}) or {}
|
|
for vqid, ent in ents.items():
|
|
label = (ent.get("labels", {}).get("en", {}) or {}).get("value", "") or vqid
|
|
for slot in qid_to_slots.get(vqid, []):
|
|
facts.setdefault(slot, []).append(label)
|
|
|
|
# Deduplicate per slot, preserving order.
|
|
deduped: dict[str, list[str]] = {}
|
|
for slot, vals in facts.items():
|
|
seen = set()
|
|
out = []
|
|
for v in vals:
|
|
if v in seen:
|
|
continue
|
|
seen.add(v)
|
|
out.append(v)
|
|
deduped[slot] = out
|
|
return deduped
|
|
|
|
|
|
def _wd_qid_for_title(title: str) -> str:
|
|
"""Get the Wikidata QID associated with a Wikipedia article title."""
|
|
params = {
|
|
"action": "query",
|
|
"format": "json",
|
|
"prop": "pageprops",
|
|
"ppprop": "wikibase_item",
|
|
"titles": title,
|
|
"redirects": 1,
|
|
}
|
|
url = f"{WP_OPENSEARCH}?{urllib.parse.urlencode(params)}"
|
|
try:
|
|
data = get_json(url)
|
|
except Exception: # noqa: BLE001
|
|
return ""
|
|
if not isinstance(data, dict):
|
|
return ""
|
|
pages = data.get("query", {}).get("pages", {}) or {}
|
|
for page in pages.values():
|
|
qid = (page.get("pageprops") or {}).get("wikibase_item", "")
|
|
if qid:
|
|
return qid
|
|
return ""
|
|
|
|
|
|
def fetch(query: str, limit: int, no_wikidata: bool, out_path: str) -> int:
|
|
hits = _wp_search(query, limit)
|
|
rows: list[dict[str, str]] = []
|
|
for hit in hits[:limit]:
|
|
title = hit.get("title", "")
|
|
if not title:
|
|
continue
|
|
summary = _wp_summary(title)
|
|
qid = _wd_qid_for_title(title) if not no_wikidata else ""
|
|
facts: dict = {}
|
|
if qid:
|
|
facts = _wd_lookup_by_qid(qid)
|
|
rows.append(
|
|
{
|
|
"source": "wikipedia+wikidata" if qid else "wikipedia",
|
|
"label": title,
|
|
"description": (summary.get("description") or hit.get("description") or "").strip(),
|
|
"qid": qid,
|
|
"wikipedia_title": title,
|
|
"wikipedia_url": hit.get("url", ""),
|
|
"wikidata_url": f"https://www.wikidata.org/wiki/{qid}" if qid else "",
|
|
"instance_of": "; ".join(facts.get("instance_of", [])),
|
|
"country": "; ".join(facts.get("country", [])),
|
|
"occupation": "; ".join(facts.get("occupation", [])),
|
|
"employer": "; ".join(facts.get("employer", [])),
|
|
"date_of_birth": "; ".join(facts.get("date_of_birth", []))[:10] if facts.get("date_of_birth") else "",
|
|
"place_of_birth": "; ".join(facts.get("place_of_birth", [])),
|
|
"summary": (summary.get("extract") or "").replace("\n", " ")[:1000],
|
|
}
|
|
)
|
|
|
|
Path(out_path).parent.mkdir(parents=True, exist_ok=True)
|
|
with open(out_path, "w", newline="", encoding="utf-8") as fh:
|
|
w = csv.DictWriter(fh, fieldnames=COLUMNS)
|
|
w.writeheader()
|
|
w.writerows(rows)
|
|
if not rows:
|
|
print(
|
|
f"Wikipedia: 0 articles for query={query!r}. "
|
|
"Private individuals not notable enough for a Wikipedia article "
|
|
"won't appear here (the bar is real).",
|
|
file=sys.stderr,
|
|
)
|
|
return len(rows)
|
|
|
|
|
|
def main() -> int:
|
|
p = argparse.ArgumentParser(description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter)
|
|
p.add_argument("--query", required=True, help="Entity name (person, company, place, concept)")
|
|
p.add_argument("--limit", type=int, default=5)
|
|
p.add_argument(
|
|
"--no-wikidata",
|
|
action="store_true",
|
|
help="Skip the Wikidata SPARQL enrichment (faster, less detail)",
|
|
)
|
|
p.add_argument("--out", required=True)
|
|
a = p.parse_args()
|
|
n = fetch(query=a.query, limit=a.limit, no_wikidata=a.no_wikidata, out_path=a.out)
|
|
print(f"Wrote {n} Wikipedia/Wikidata rows to {a.out}")
|
|
return 0
|
|
|
|
|
|
if __name__ == "__main__":
|
|
raise SystemExit(main())
|