BOTWAVE — Business Arm
No VC. No team. No cloud spend beyond the machine. One local GPU and a methodology that requires every tool to prove it works before the next one gets built. The evidence is verifiable — the GitHub, the systemd units, the substrate receipt count.
4 bots live in production Source on GitHub — @Zombie760 →── The Methodology
Every tool in this stack was built under the same four-question discipline. Answer all four or the tool doesn't ship. Stress-tested on real production problems.
Question 01
How does this write to substrate?
Every run appends an immutable JSONL receipt. No silent exits. Success and failure both get logged. The substrate is the moat — code is replaceable.
Question 02
How does this learn from success and failure?
Patterns that work get promoted to registries. Patterns that fail get written to failure stores. The system gets sharper with every run, not just every deploy.
Question 03
How does this extend via registry, not hard-code?
New capability = config edit. New trade = drop a config.json in a directory. New proxy use case = add a zone to registry.json. Nothing is wired into the code.
Question 04
How does this feed the other arms?
The proxy pool that validates bounty targets is the same pool that routes journalism research. The stealth browser that evades WAFs also protects OSINT passes. Nothing is isolated.
# Every PAI Pack ends here — success or failure, both get a receipt def write_claim(arm: str, tool: str, payload: dict) -> None: receipt = { "id": str(uuid.uuid4()), "ts": datetime.utcnow().isoformat() + "Z", "arm": arm, "tool": tool, "verdict": payload.get("verdict", "pass"), "payload": payload, } with open(CLAIMS_PATH, "a") as fh: fh.write(json.dumps(receipt) + "\n") # append-only, never delete
# Weights live in config/registry.json — change behavior without touching code def compute_health(customer: Customer, registry: dict) -> HealthScore: weights = registry["health_score"]["weights"] thresholds = registry["health_score"]["thresholds"] usage_score = score_usage(customer, thresholds) # 40% financial_score = score_financial(customer, thresholds) # 20% engagement_score = score_engagement(customer, thresholds) # 20% outcomes_score = score_outcomes(customer, thresholds) # 20% composite = ( usage_score * weights["usage"] + financial_score * weights["financial"] + engagement_score * weights["engagement"] + outcomes_score * weights["outcomes"] ) segment = "green" if composite >= 70 else "yellow" if composite >= 40 else "red" return HealthScore(composite=composite, segment=segment, detail={...})
── Product One
Your customers live in Telegram, not dashboards. One codebase, one env var — set it to
plumbing and it's a plumbing bot. Electrical, HVAC, GC — same binary, different config.
Quotes, invoices, "who owes me," "how much this month" — answered by text.
No app to install. No login to forget. No training required.
User: who still owes me money TRADES: Three open invoices. Garcia Plumbing Supply $2,400 NET-30 expires May 12 M. Torres $285 dispatched Apr 28, no reply Riverside Apartments LLC $950 partial — $500 received Total outstanding: $3,635 Run "/remind Torres" to queue a follow-up message. User: what did I make in April TRADES: April revenue — $8,240 collected across 6 jobs. Three invoices still pending from that month ($1,235 total). Net April: $7,005 after materials ($1,205 logged).
What it handles
How it's built
# BOTWAVE_TRADE=electrical runs the electrical bot. # BOTWAVE_TRADE=hvac runs the HVAC bot. Same binary. TRADE_KEY = os.environ["BOTWAVE_TRADE"].strip().lower() _TRADE_DIR = (_TRADES / TRADE_KEY).resolve() # trades/electrical/, trades/hvac/, etc. _TRADE_CFG = json.loads((_TRADE_DIR / "config.json").read_text()) # Config drives labor rates, knowledge base, token, company name. # Zero hardcoded trade logic in sc_master.py itself. LABOR_RATE = float(os.environ.get("BOTWAVE_LABOR_RATE", _TRADE_CFG.get("default_labor_rate", 125))) # Systemd template — one unit file, four instances: # botwave-sc@plumbing.service botwave-sc@electrical.service # botwave-sc@hvac.service botwave-sc@gc.service
── Product Two
Customer success automation for small construction SaaS — the segment where one churn means a 5% revenue drop and one expansion means a 10% lift. Automates 70–80% of CSM workload. The rest stays human because it has to.
health_score.py
Daily Health Scoring
Four-factor composite. Usage adoption (40%), financial health (20%), engagement (20%), outcomes (20%). Green / Yellow / Red segmentation. Alerts surface before a human would notice.
qbr_generator.py
QBR on Demand
Quarterly Business Review deck generated in under five minutes from usage signals. No manual data pulling. No spreadsheet gymnastics. The CSM walks into the call with numbers, not impressions.
expansion_scanner.py
Expansion Signal Detection
Detects upsell opportunities from usage signals, not gut feel. NPS above 8 combined with high-adoption rate = expansion candidate. No human review needed for the flag.
churn_playbook.py
Churn Prevention Playbook
When health score drops to Red, the playbook fires: escalation email, executive sponsor alert, recovery task assigned to a human. The machine doesn't try to save the account — it gets the right human in front of it fast.
## GOALS (from csm_telos.md) | ID | Goal | Target | | G1 | Daily health score for every customer | 100% coverage | | G2 | Onboarding automation from closed-won | <24h to first | | G3 | QBR deck auto-generated | <5 min to produce | | G4 | Churn alert to human before 30-day touch | Before it's late | | G5 | Monthly value touch per customer | 100% hit rate | | G6 | Expansion signal detected | NPS>8 + usage | | G7 | NRR >100% annually | Expansion > churn | # Every script maps to one or more Gn. Nothing ships without a goal.
── Infrastructure
Validated SOCKS5 proxy infrastructure built for bug bounty reconnaissance. Every proxy earns its place with an immutable test receipt — latency, external IP, anonymity classification — before entering rotation. The same pool that powers BOTWAVE hunts. Receipt-first means no surprises mid-engagement.
$ curl -s http://localhost:8081/health | jq .
{
"service": "wavesox",
"endpoint": "FastAPI on :8081",
"validators": "connectivity + anonymity + use_case",
"export": "json / csv / pac / code-snippet",
"receipts": "immutable JSONL per proxy",
"note": "Receipt-first — every proxy earns its place."
}
Receipt-First Testing
No Proxy Ships Untested
Every proxy runs connectivity + anonymity + use-case scoring before it enters the export pool. Receipts are immutable JSONL — timestamped, versioned, auditable.
IAM-Style Zones
Per-Client Access Control
Each zone gets an API key and a filtered proxy set. A client hunting bug bounties gets a different pool than a client doing e-commerce research. Zones are created via POST — no code change required.
# Pool health — what's live right now curl http://localhost:8081/stats | jq # Get proxies filtered by use case and minimum health score curl "http://localhost:8081/proxies?protocol=socks5&use_case=bounty_hunt&min_health_score=0.85" # Export production-ready pool for a specific use case curl "http://localhost:8081/export?format=json&use_case=bounty_hunt" > proxies.json # Create a client zone with API key + filtered pool curl -X POST http://localhost:8081/zones \ -H "Content-Type: application/json" \ -d '{"name":"client_a","use_case":"scraping","min_health_score":0.7}' # WebSocket stream — real-time test logs as proxies are validated wscat -c ws://localhost:8081/ws/logs
── What's Running Right Now
No cloud spend beyond the base machine. Local GPU handles inference. Everything below is running as a systemd user service on a single box with an RTX 5060.
| Service | What it does | Port / Unit | Status |
|---|---|---|---|
| NISA | Voice layer — en-GB TTS, PAI-compatible, Stop hook wired into every terminal session | :8888 | live |
| BOTWAVE TRADES | 4× Telegram bots (plumbing / electrical / HVAC / GC) via systemd template unit | botwave-sc@*.service | live |
| CSM Provisioner | Agent command server — routes provisioning requests to the CSM engine | botwave-provisioner | live |
| WAVESOX API | FastAPI proxy pool server — health, stats, export, WebSocket stream | :8081 | live |
| Botwave Postgres | Primary database — bounty findings, substrate claims, CSM records | botwave-postgres | live |
| Local LLM Stack (Heretic) | Local LLM inference — gemma4-wave / qwen3.5-9b-heretic on RTX 5060 8GB VRAM | :11434 | live |
| BOTWAVEBOMBA Pipeline | News ingestor → bias scorer → feed generator → GitHub Pages push | cron · 6h | live |
# All BOTWAVE services — one command systemctl --user list-units 'botwave-*' --all --no-legend --no-pager # Trades specifically systemctl --user status 'botwave-sc@*' # WAVESOX health check curl -s http://localhost:8081/health | jq . # Substrate receipt count — proof the system is writing wc -l Telos/substrate/*/claims.jsonl Telos/audit/*.jsonl
── Public repos
"The moat is the substrate. Code is replaceable. Every run writes a receipt. Every receipt is a data point. After three months of runs, you own something no one can replicate by reading a README."
— BOTWAVE TELOS, Business Arm
── Three ways in
Bug bounty hunters
WAVESOX proxy access
Validated SOCKS5 proxy infrastructure, receipt-first tested, IAM zones. If you're running recon and burning your residential IP, this solves it. Design-partner pricing — first deployment free in exchange for a case study.
Request access →Sub-contractors
BOTWAVE TRADES
Plumbing, electrical, HVAC, or GC. Free for 30 days. If your guys text you questions all day, this answers them automatically.
Start free trial →Small SaaS founders
CSM buildout
Under 100 customers and no CSM process? Daily health scores, QBR decks, churn alerts — built on BOTWAVE tooling, configured for your stack.
Get in touch →