BOTWAVE — Business Arm

One person. Two months.
Three production systems.

No VC. No team. No cloud spend beyond the machine. One local GPU and a methodology that requires every tool to prove it works before the next one gets built. The evidence is verifiable — the GitHub, the systemd units, the substrate receipt count.

4 bots live in production Source on GitHub — @Zombie760 →

── The Methodology

TELOS + PAI

Every tool in this stack was built under the same four-question discipline. Answer all four or the tool doesn't ship. Stress-tested on real production problems.

Question 01

How does this write to substrate?

Every run appends an immutable JSONL receipt. No silent exits. Success and failure both get logged. The substrate is the moat — code is replaceable.

Question 02

How does this learn from success and failure?

Patterns that work get promoted to registries. Patterns that fail get written to failure stores. The system gets sharper with every run, not just every deploy.

Question 03

How does this extend via registry, not hard-code?

New capability = config edit. New trade = drop a config.json in a directory. New proxy use case = add a zone to registry.json. Nothing is wired into the code.

Question 04

How does this feed the other arms?

The proxy pool that validates bounty targets is the same pool that routes journalism research. The stealth browser that evades WAFs also protects OSINT passes. Nothing is isolated.

substrate_writer.py — the pattern every tool inherits Python
# Every PAI Pack ends here — success or failure, both get a receipt
def write_claim(arm: str, tool: str, payload: dict) -> None:
    receipt = {
        "id":        str(uuid.uuid4()),
        "ts":        datetime.utcnow().isoformat() + "Z",
        "arm":       arm,
        "tool":      tool,
        "verdict":   payload.get("verdict", "pass"),
        "payload":   payload,
    }
    with open(CLAIMS_PATH, "a") as fh:
        fh.write(json.dumps(receipt) + "\n")   # append-only, never delete
health_score.py — registry-driven, zero hardcoded weights Python
# Weights live in config/registry.json — change behavior without touching code
def compute_health(customer: Customer, registry: dict) -> HealthScore:
    weights = registry["health_score"]["weights"]
    thresholds = registry["health_score"]["thresholds"]

    usage_score      = score_usage(customer, thresholds)      # 40%
    financial_score  = score_financial(customer, thresholds)   # 20%
    engagement_score = score_engagement(customer, thresholds)  # 20%
    outcomes_score   = score_outcomes(customer, thresholds)    # 20%

    composite = (
        usage_score      * weights["usage"]      +
        financial_score  * weights["financial"]  +
        engagement_score * weights["engagement"] +
        outcomes_score   * weights["outcomes"]
    )
    segment = "green" if composite >= 70 else "yellow" if composite >= 40 else "red"
    return HealthScore(composite=composite, segment=segment, detail={...})

── Product One

BOTWAVE TRADES

Your customers live in Telegram, not dashboards. One codebase, one env var — set it to plumbing and it's a plumbing bot. Electrical, HVAC, GC — same binary, different config. Quotes, invoices, "who owes me," "how much this month" — answered by text. No app to install. No login to forget. No training required.

User: who still owes me money

TRADES: Three open invoices.

  Garcia Plumbing Supply    $2,400   NET-30 expires May 12
  M. Torres                 $285     dispatched Apr 28, no reply
  Riverside Apartments LLC  $950     partial — $500 received

Total outstanding: $3,635

Run "/remind Torres" to queue a follow-up message.

User: what did I make in April

TRADES: April revenue — $8,240 collected across 6 jobs.
Three invoices still pending from that month ($1,235 total).
Net April: $7,005 after materials ($1,205 logged).
🔧
Plumbing
live · systemd
Electrical
live · systemd
❄️
HVAC
live · systemd
🏗️
General Contractor
live · systemd

What it handles

  • Quote requests — inbound text → structured quote in under 60 seconds
  • "Who owes me" — unpaid invoice summary on demand
  • "How much this month" — revenue query, no dashboard needed
  • Job scheduling, customer records, payment logging
  • Daily audit to JSONL substrate — every transaction immutable

How it's built

  • python-telegram-bot + SQLite + JSONL substrate
  • Local Ollama brain — gemma4-wave on RTX 5060, no cloud required
  • Trade config loaded from directory — new trade = new config.json, no code change
  • Systemd template unit — one service file runs all four trades
  • Cloud fallback when local inference is saturated
sc_master.py — trade-agnostic core (env var sets the trade) Python
# BOTWAVE_TRADE=electrical runs the electrical bot.
# BOTWAVE_TRADE=hvac runs the HVAC bot. Same binary.
TRADE_KEY  = os.environ["BOTWAVE_TRADE"].strip().lower()
_TRADE_DIR = (_TRADES / TRADE_KEY).resolve()   # trades/electrical/, trades/hvac/, etc.
_TRADE_CFG = json.loads((_TRADE_DIR / "config.json").read_text())

# Config drives labor rates, knowledge base, token, company name.
# Zero hardcoded trade logic in sc_master.py itself.
LABOR_RATE = float(os.environ.get("BOTWAVE_LABOR_RATE",
                   _TRADE_CFG.get("default_labor_rate", 125)))

# Systemd template — one unit file, four instances:
# botwave-sc@plumbing.service   botwave-sc@electrical.service
# botwave-sc@hvac.service       botwave-sc@gc.service

── Product Two

BOTWAVE CSM

Customer success automation for small construction SaaS — the segment where one churn means a 5% revenue drop and one expansion means a 10% lift. Automates 70–80% of CSM workload. The rest stays human because it has to.

<24h
closed-won → first onboarding email
<5m
QBR deck from raw usage data
30d
no-touch alert — before the customer ghosts

health_score.py

Daily Health Scoring

Four-factor composite. Usage adoption (40%), financial health (20%), engagement (20%), outcomes (20%). Green / Yellow / Red segmentation. Alerts surface before a human would notice.

  • Registry-driven weights — change scoring without touching code
  • Red alert triggers to Slack / Telegram before 30-day no-touch
  • Every score written to substrate with full audit trail

qbr_generator.py

QBR on Demand

Quarterly Business Review deck generated in under five minutes from usage signals. No manual data pulling. No spreadsheet gymnastics. The CSM walks into the call with numbers, not impressions.

  • Pulls from substrate — retention, NRR, adoption, time-saved
  • Output: structured markdown → PDF via pandoc
  • Per-customer, timestamped, stored in substrate for trend tracking

expansion_scanner.py

Expansion Signal Detection

Detects upsell opportunities from usage signals, not gut feel. NPS above 8 combined with high-adoption rate = expansion candidate. No human review needed for the flag.

  • Reads substrate daily — no API polling in the main loop
  • Expansion candidates written to a separate claims partition
  • Human handles the conversation; the machine finds the moment

churn_playbook.py

Churn Prevention Playbook

When health score drops to Red, the playbook fires: escalation email, executive sponsor alert, recovery task assigned to a human. The machine doesn't try to save the account — it gets the right human in front of it fast.

  • Trigger: health composite below threshold from registry
  • Escalation path configurable per customer segment
  • Every intervention logged — measure what works, cut what doesn't
TELOS for CSM — the goals that justify every script Markdown
## GOALS (from csm_telos.md)

| ID  | Goal                                      | Target            |
| G1  | Daily health score for every customer     | 100% coverage     |
| G2  | Onboarding automation from closed-won     | <24h to first     |
| G3  | QBR deck auto-generated                   | <5 min to produce |
| G4  | Churn alert to human before 30-day touch  | Before it's late  |
| G5  | Monthly value touch per customer          | 100% hit rate     |
| G6  | Expansion signal detected                 | NPS>8 + usage     |
| G7  | NRR >100% annually                        | Expansion > churn |

# Every script maps to one or more Gn. Nothing ships without a goal.

── Infrastructure

WAVESOX

Validated SOCKS5 proxy infrastructure built for bug bounty reconnaissance. Every proxy earns its place with an immutable test receipt — latency, external IP, anonymity classification — before entering rotation. The same pool that powers BOTWAVE hunts. Receipt-first means no surprises mid-engagement.

$ curl -s http://localhost:8081/health | jq .

{
  "service":     "wavesox",
  "endpoint":    "FastAPI on :8081",
  "validators":  "connectivity + anonymity + use_case",
  "export":      "json / csv / pac / code-snippet",
  "receipts":    "immutable JSONL per proxy",
  "note":        "Receipt-first — every proxy earns its place."
}
3
validators per proxy — connectivity, anonymity, use-case
5
use-case tiers — from scraping to bounty_hunt
:8081
FastAPI — health-checked, WebSocket logs

Receipt-First Testing

No Proxy Ships Untested

Every proxy runs connectivity + anonymity + use-case scoring before it enters the export pool. Receipts are immutable JSONL — timestamped, versioned, auditable.

  • Connectivity: latency, external IP, TLS fingerprint
  • Anonymity: elite / anonymous / transparent classification
  • Use-case score per tier: scraping, streaming, tunneling, bounty_hunt

IAM-Style Zones

Per-Client Access Control

Each zone gets an API key and a filtered proxy set. A client hunting bug bounties gets a different pool than a client doing e-commerce research. Zones are created via POST — no code change required.

  • Zone config: protocol, min health score, geo filter, use-case
  • Export formats: JSON / CSV / plain text / PAC file
  • Code snippet generation: Python, NodeJS, Go, curl, PHP
WAVESOX API — curl examples that actually work Shell
# Pool health — what's live right now
curl http://localhost:8081/stats | jq

# Get proxies filtered by use case and minimum health score
curl "http://localhost:8081/proxies?protocol=socks5&use_case=bounty_hunt&min_health_score=0.85"

# Export production-ready pool for a specific use case
curl "http://localhost:8081/export?format=json&use_case=bounty_hunt" > proxies.json

# Create a client zone with API key + filtered pool
curl -X POST http://localhost:8081/zones \
  -H "Content-Type: application/json" \
  -d '{"name":"client_a","use_case":"scraping","min_health_score":0.7}'

# WebSocket stream — real-time test logs as proxies are validated
wscat -c ws://localhost:8081/ws/logs

── What's Running Right Now

The Stack

No cloud spend beyond the base machine. Local GPU handles inference. Everything below is running as a systemd user service on a single box with an RTX 5060.

Service What it does Port / Unit Status
NISA Voice layer — en-GB TTS, PAI-compatible, Stop hook wired into every terminal session :8888 live
BOTWAVE TRADES 4× Telegram bots (plumbing / electrical / HVAC / GC) via systemd template unit botwave-sc@*.service live
CSM Provisioner Agent command server — routes provisioning requests to the CSM engine botwave-provisioner live
WAVESOX API FastAPI proxy pool server — health, stats, export, WebSocket stream :8081 live
Botwave Postgres Primary database — bounty findings, substrate claims, CSM records botwave-postgres live
Local LLM Stack (Heretic) Local LLM inference — gemma4-wave / qwen3.5-9b-heretic on RTX 5060 8GB VRAM :11434 live
BOTWAVEBOMBA Pipeline News ingestor → bias scorer → feed generator → GitHub Pages push cron · 6h live
Verify the stack — paste this in any terminal Shell
# All BOTWAVE services — one command
systemctl --user list-units 'botwave-*' --all --no-legend --no-pager

# Trades specifically
systemctl --user status 'botwave-sc@*'

# WAVESOX health check
curl -s http://localhost:8081/health | jq .

# Substrate receipt count — proof the system is writing
wc -l Telos/substrate/*/claims.jsonl Telos/audit/*.jsonl
Zombie760/botwave-bounty Bug bounty arm — Quarterback state machine, 4-gate validator, Razor report drafter
Zombie760/unwarranted-influence Book manuscript — 441 source citations across 11 chapters, RECORD pipeline audit trail
Zombie760/captain-and-champ Did Not Step Forward — Muhammad Ali and Kareem Abdul-Jabbar, 1960–2016

"The moat is the substrate. Code is replaceable. Every run writes a receipt. Every receipt is a data point. After three months of runs, you own something no one can replicate by reading a README."

— BOTWAVE TELOS, Business Arm

── Three ways in

Bug bounty hunters

WAVESOX proxy access

Validated SOCKS5 proxy infrastructure, receipt-first tested, IAM zones. If you're running recon and burning your residential IP, this solves it. Design-partner pricing — first deployment free in exchange for a case study.

Request access →

Sub-contractors

BOTWAVE TRADES

Plumbing, electrical, HVAC, or GC. Free for 30 days. If your guys text you questions all day, this answers them automatically.

Start free trial →

Small SaaS founders

CSM buildout

Under 100 customers and no CSM process? Daily health scores, QBR decks, churn alerts — built on BOTWAVE tooling, configured for your stack.

Get in touch →
GitHub ↗