One AI. Many Businesses. One Control Panel.

Antigravity Core

Every client business gets its own AI assistant — Karen — who answers messages, books appointments, sends reminders, chases payments, posts to social media, and alerts a human when something needs attention. This page is the map of how it all fits together.

Internet

Primary channel

Chatwoot

WhatsApp / IG / Widget

Twilio + ElevenLabs

Voice / SMS

Express Webhooks

62+ endpoints

Telegram Bot

Polling mode

AI Brain

Routing · Context · Reflection · Guardrails

Gemini

Free tier

Claude Opus

Complex tasks

Memory

pgvector search

Actions

190+ capabilities

BullMQ

10 job queues

PostgreSQL 16

pgvector · 3072-dim

Redis 7

Queues · Cache

Modules

AI Actions

Endpoints

Migrations

Integrations

Tenants Live

Start Here

What this is, who it's for, how to read it

What

A multi-client AI business engine

One codebase running on one server, serving many client businesses at once. Each client has their own isolated data, their own "Karen," their own branding. New clients get onboarded in hours, not weeks.

Who

Matthew (operator) · clients (results) · developers (code)

Matthew uses Telegram to run everything. Clients see outputs — booked appointments, paid invoices, posted content — without touching the system. Developers use this page as the architectural map.

How

Scroll top-to-bottom, or use the left sidebar

Sections go from user-facing (Channels, Actions) to under-the-hood (Database, Infrastructure) to business outcomes (Revenue, Plan vs Reality). Each section has a one-line plain-English summary before the tech details.

The Big Picture

A message's trip through the system

From a customer tapping "send" on WhatsApp to Karen replying, booking, or escalating — in about 14 seconds.

Safety filters catch prompt injection, PHI, and rate-limit abuse. Reflection re-scores risky drafts before they're sent. Memory stores every turn so Karen stays consistent across channels and time.

Want to change something?

How to adjust the system

Most changes don't require code. Some do. Here's the cheat sheet.

Change what Karen says

Pricing, tone, hours, product info, booking answers.

How: tell Karen in Telegram. She stores it in core memory instantly. No deploy.

Owner: Matthew (or any tenant admin)

Onboard a new client

New tenant, new channels, new branding, new data silo.

How: run the onboarding flow via Telegram. Tenant provisioned in ~1 hour. See CLIENT_ONBOARDING.md.

Owner: Matthew

Add a new AI action

A new thing Karen can do — e.g., check inventory, book a class, refund an order.

How: add src/actions/your_action.js, register in ai.js, dispatch in telegram.js. Deploy via git push hetzner.

Owner: developer

Stop, pause, or override

Pause a campaign, mute Karen for one contact, hand a conversation to a human.

How: ask Karen in Telegram. "Pause the broadcast." / "Hand off Jane Smith to staff."

Owner: anyone with operator access

Recover from a problem

Service down, bad deploy, data issue.

How: git revert HEAD && git push hetzner for rollback. Backups at /opt/irievybz/backups/. See DISASTER_RECOVERY.md.

Owner: Matthew

See what Karen did

Audit a response, check a conversation, review a decision.

How: Command Center at brain.irievybz.ai/command/. Every action is in audit_logs.

Owner: Matthew

How Karen Thinks

The AI Brain

In plain English: every incoming message is checked for safety, matched to the right amount of context and memory, answered by either a fast cheap model or a smart expensive one depending on difficulty, re-read by a second AI pass for anything risky, then sent. Technical: 3,184 lines across 7 core files — complexity classifier, context builder, LLM router, action parser, self-reflection loop, guardrails.

Message Pipeline

Message In

→

Rate Limits

→

PHI/PII Guard

→

Complexity Router

→

Context Assembly

→

LLM Call

→

Parse Actions

→

Self-Reflection

→

Output Guard

→

Store & Reply

⚡

Complexity Routing

Simple → Gemini Flash Lite (free, fast). Complex/strategic → Claude Opus (OpenRouter). Advisory → auto-enable web search. Custom model override per tenant.

Simple	Gemini Flash Lite	Free
Complex	Claude Opus	OpenRouter
Advisory	Opus + Web Search	Premium

📈

Context Assembly

Channel-aware system prompt, date/time in tenant TZ, top 5 knowledge entries (vector search), core memory, formatting rules, role-filtered actions, context-filtered actions based on user intent.

💡

Self-Reflection

Triggers: first message, complaints, high-value actions, failures. Gemini Flash scores draft on helpfulness, accuracy, tone (1-5). Auto-revises if any <3 before delivery.

🧠

Memory System

Two-tier: Archival (pgvector semantic search, 3072-dim, capped 100 results) + Core (persistent per-tenant/contact: Preferences, Goals, History, Context).

🔒

Guardrails

Prompt injection: 42 patterns (33 high-severity = block). PII tokenization: credit cards (Luhn), SSN, emails, phones. PHI: 25+ medical patterns, 3 modes (log/redact/block). Output validation.

🎯

Action Execution

AI embeds [ACTION:name:param] in responses. Parsed via regex, filtered against role permissions, max 3/response. Confidence scoring + auto-escalation.

Core Files

File	Lines	Purpose
ai.js	710	Orchestrator — chat(), model routing, security guards, tool loop
prompts.js	608	Prompt templates, 190+ AVAILABLE_ACTIONS, execution rules
prompt-builder.js	516	Prompt assembly, classifiers, advisory injection, role filtering
context-builder.js	492	Memory + history gathering, knowledge retrieval, channel-aware prompts
model.js	285	OpenRouter API, retry logic (exponential backoff), token tracking
reflection.js	173	Self-evaluation triggers, scoring, revision loop
gemini.js	400	Gemini API client, key pool rotation, function calling

Communication Channels

How Karen Reaches People

In plain English: a customer can message on WhatsApp, reply by email, call the phone, or chat on the website — Karen treats it as one conversation with one person. No repeating yourself. Technical: 7 channels, cross-channel identity merge via matched email/phone.

✉

Telegram PRIMARY

Bot API (polling). ~2,700 lines / 7 files. Text, voice, photos, video, docs, slash commands, inline buttons. Message splitting at 4096 chars with Markdown repair.

💬

Via Chatwoot Cloud. Blocked — Meta OAuth

📷

Instagram

Via Chatwoot Cloud. Blocked — Meta OAuth

🌐

Web Widget

Chatwoot self-hosted. Per-tenant token. Visitor tracking. Live

📞

Voice Calls

Twilio + ElevenLabs AI voice. Inbound/outbound, DTMF, booking intent detection. Live (Oshun)

✉

Email & SMS

SMTP (Gmail/Hostinger) + Listmonk. Twilio SMS. Live

Message Journey

Received

→

Identify Tenant

→

Service Gate

→

Route by Type

→

AI chat()

→

Parse Actions

→

Execute

→

Store & Reply

Nurture Sequence — 8 Steps Over 14 Days

Karen proactively demonstrates value — she creates things, not just text.

Day 1

Intro

Shows business knowledge she gathered, asks priorities

Day 2

Widget

Demonstrates website chat widget setup

Day 3

Voice

Sets up voice agent or shows preview

Day 4

Drafts welcome email template

Day 5

Images

Generates sample social media image

Day 7

Review

Stats: conversations, bookings, contacts, knowledge

Day 10

Ads

Starts ad education flow

Day 14

Growth

Two-week accomplishment summary

Slash Commands

Command	Action
/start	Welcome + onboarding or dashboard
/help	Feature list + quick actions
/recover	Link account to new Telegram
/onboard	Start business onboarding
/teach	Add knowledge to Karen
/voice	Voice agent setup/preview
/billing	Subscription management
/subscribe	Start subscription flow
/setup	Integration setup wizard
/status	System status + health
/cancel	Cancel current action

190+ Capabilities

Actions Catalog

In plain English: a list of every specific thing Karen can do — book an appointment, take a payment, generate an image, post to Instagram, send an email. Search or filter below. Technical: AI embeds [ACTION:name:param] in responses; parsed, permission-checked by tenant tier, executed.

All Voice Calendar Email Social Content Marketing Commerce Medical CRM / Team Lead Gen Admin

voice_previewsPreview available AI voices

voice_createCreate new voice agent

voice_updateUpdate voice agent settings

voice_statusCheck voice agent status

voice_callInitiate outbound call

call_historyView call logs and transcripts

connect_calendarConnect Google Calendar via OAuth

check_availabilityCheck open time slots

book_appointmentCreate booking with confirmation

list_eventsList upcoming calendar events

cancel_bookingCancel an existing booking

send_emailSend transactional email via SMTP

connect_emailConfigure email integration

set_recovery_emailSet account recovery email

post_socialPost to single platform

post_everywherePublish to all connected platforms

social_accountsList connected social accounts

social_setupConnect new social platform

social_mapMap content to platforms

extract_contentExtract content from URL

create_visualGenerate branded visual

generate_imageAI image generation (Kling/FLUX)

generate_videoAI video generation (Kling)

video_storyboardMulti-frame storyboard creation

browse_driveBrowse Google Drive files

use_from_driveUse Drive asset in content

set_creative_rulesSet brand creative guidelines

analyze_brandAI brand analysis

content_planGenerate content calendar

content_batchBatch generate content

content_scheduleSchedule content for posting

content_statusCheck content pipeline status

content_post_nowImmediately post content

content_engine_runRun daily content engine

create_documentGenerate formatted document

repurposeRepurpose content for new platform

marketing_reportFull marketing performance report

content_performanceContent engagement metrics

follower_growthSocial follower trends

web_analyticsWebsite traffic overview

ga4_reportGoogle Analytics 4 report

gsc_reportGoogle Search Console report

bing_reportBing Webmaster report

health_scoresCustomer health scoring

ad_learnStart ad education flow

ad_stepAdvance ad creation step

ad_statusCheck ad campaign status

subscribeStart subscription flow

billing_statusCheck billing & subscription

order_statusTrack order fulfillment

sales_summaryRevenue & sales overview

sync_productsSync product catalog

list_productsList available products

post_visitLog post-procedure visit

post_visit_summaryGenerate visit summary

start_care_planStart automated care plan

care_plan_statusCheck care plan progress

cancel_care_planCancel active care plan

care_dashboardCare metrics dashboard

get_patient_chartRetrieve patient chart (HIPAA)

record_paymentRecord procedure payment

log_procedureLog completed procedure

mark_procedure_completeMark procedure as done

save_contactCreate/update contact

list_contactsSearch contact database

invite_teamInvite team member

update_permissionsChange team permissions

create_taskCreate task assignment

list_tasksView task board

nurture_createCreate nurture sequence

set_prioritiesSet business priorities

escalate_to_humanRoute to human agent

audit_logView security audit trail

create_pipelineCreate lead pipeline

pipeline_statusCheck pipeline metrics

create_upload_linkGenerate content upload link

curate_pipelineCurate submitted content

invite_clientSend client invitation

onboardStart tenant onboarding

teachAdd knowledge to Karen

fill_gapFill business profile gap

export_dataExport tenant data

deployDeploy code changes

system_statusCheck system health

shellExecute shell command

delete_accountDelete tenant account

check_statusCheck subscription status

20+ External Services

Integrations & Webhooks

In plain English: Karen talks to the other tools your business already uses — Cal.com for bookings, Stripe/PayPal for payments, Listmonk for email, Chatwoot for chat, Twilio for phone. When one of those tools has news, it pings our server and Karen reacts. Technical: 62+ HTTP endpoints, signature-verified webhooks.

OpenRouterAI / LLM

Google GeminiAI / LLM

WhisperTranscription

TwilioVoice / SMS

ElevenLabsVoice Agent

TelegramMessaging

ChatwootOmnichannel

ListmonkEmail

Gmail SMTPEmail

StripePayments

PayPalPayments

Google CalendarScheduling

Cal.comScheduling

InstagramSocial

FacebookSocial

BlotatoMulti-Social

PrintifyCommerce

PrintfulCommerce

Google DriveStorage

Kling AIMedia Gen

GA4Analytics

Search ConsoleAnalytics

Brave SearchWeb Search

Webhook Security

Provider	Method	Status
Twilio	HMAC-SHA1, timing-safe	Verified
Chatwoot	HMAC-SHA256 (cloud + self-hosted)	Verified
Stripe	Raw body + signature	Verified
ElevenLabs	X-Webhook-Secret header	Verified
Printify	X-Printify-Signature	Verified
PayPal	Not implemented	NOT VERIFIED

Autonomous Operations

Background Jobs & Automation

In plain English: things that happen on their own without anyone asking — hourly health checks, daily content generation, appointment reminders, payment follow-ups, weekly reports, auto-repairs for common problems. Technical: Watchdog + Consolidator, 10 BullMQ queues, 15+ cron jobs running 24/7.

Watchdog — Self-Healing Monitor

Check Infrastructure

→

Detect Issues

→

Alert via Telegram

→

Auto-Remediate

What It Monitors

DB connectivity, Redis health, BullMQ depths, Listmonk config, memory integrity, per-tenant health, voice bridge (ElevenLabs), API status.

What It Auto-Fixes

BullMQ cron drift (re-schedules), Listmonk config, stale data. All remediations logged to audit trail.

Cron Schedule

When	Job	What It Does
Every hour	Infrastructure check	Full health sweep
8 AM EST	Daily summary	Consolidated report to Matthew
Every 3 hrs	Config drift	Detect and fix inconsistencies
9 AM EST	Voice bridge	ElevenLabs agent health
Every 30 min	Reminders	Scan bookings, send reminders
1 PM EST	Review requests	Ask happy customers for reviews
8 PM EST	Evening update	End-of-day summary
Midnight UTC	Memory digest	Overnight consolidation
Mon 9 AM	Weekly BI	Client business intelligence
Sat 8 PM JA	Analytics digest	Weekly analytics summary
Wed 10 AM	Win-back scan	Re-engage inactive customers
Sun 11 PM	Health scores	Customer health calculation
Sun 3 AM	Retention cleanup	Data retention enforcement

BullMQ Queues (10)

follow-ups

Scheduled messages. 3 retries, exponential backoff. 1s–30 day delay.

campaigns

Marketing campaign execution. 3 retries.

reminders

Appointment/booking reminders. 2 retries.

billing

Day 3 warn → 7 suspend → 14 final → 30 cancel.

voice-callbacks

Post-call follow-up. 2 retries.

nurture

8-step onboarding drip. 2 retries.

care-followups

Medical care plan steps. 3 retries.

activity-analytics

Engagement tracking. 2 retries.

booking-confirm

Booking confirmation. 2 retries.

consolidation

Memory consolidation. 2 retries.

Defense in Depth

Multi-Tenancy & Security

In plain English: every client's data is walled off from every other client's, medical info is specially protected, bad actors can't trick Karen into leaking data, and every action is logged so we can always answer "what happened and when." Technical: 3-layer tenant isolation, HIPAA-compliant PHI vault, 42-pattern prompt-injection filter, full audit trail.

Tenant Isolation — 3 Layers

Database

tenant_id on every table. Composite indexes. Parameterized SQL. Advisory locks for atomic operations.

Application

Every query filtered by tenant_id. Role-based permissions. Service gating by tier. Custom prompt sandbox (10KB, injection scan).

Cache

Per-tenant entries, 1-min TTL. Max 1000. 5-min cleanup. Invalidation on billing/config changes.

Feature Gating by Tier

Feature	Starter $50	Messenger $150	Autopilot $250	Studio $500	Sovereign
Web widget	✓	✓	✓	✓	✓
WhatsApp / Instagram	✗	✓	✓	✓	✓
Voice inbox	✗	✓	✓	✓	✓
Automation / Follow-ups	✗	✗	✓	✓	✓
Content & social posting	✗	✗	✓	✓	✓
Bookings / Calendar	✗	✗	✓	✓	✓
Video generation	✗	✗	✗	✓	✓
AI Voice agent	✗	✗	✗	✓	✓
Strategic advisory	✗	✗	✗	✓	✓
Unrestricted	✗	✗	✗	✗	✓

HIPAA Compliance

PHI Detection

25+ patterns: diagnoses, medications, labs, procedures, reproductive health, JA patient IDs. 3 modes: log, redact, block.

PII Tokenization

Credit cards (Luhn), SSNs, emails, phones, govt IDs. Strict mode for medical. Tokens before LLM calls.

Safe Harbor

Option D tokenization (migrations 090+091). Encrypted DB volume. Full audit trail.

Prompt Injection

42 patterns: 33 high-severity (block), 9 medium. Custom prompt sandbox: 10KB + injection scan.

PostgreSQL 16 + pgvector

Database & Schema

In plain English: where everything is saved — every contact, every message, every booking, every payment, every memory Karen has about a customer. Never forgets. Technical: PostgreSQL 16 with pgvector for semantic search, 12+ core tables, 3072-dim embeddings, 92 migrations.

Table	Purpose	Key Columns
tenants	Tenant accounts + config	id, name, tier, telegram_chat_id, system_prompt, features JSONB
contacts	Customer/lead records	id, tenant_id, name, email, phone, all channel IDs, tags[], total_spent
conversations	Full message log (immutable)	id, tenant_id, contact_id, channel, direction, content, sentiment
bookings	Appointments/orders	id, tenant_id, contact_id, service, start_time, status, price
memory_conversations	Vector-embedded summaries	content, embedding (vector 3072), tags[]
memory_profiles	Vector-embedded profiles	contact_id, category, confidence, embedding
memory_knowledge	Vector-embedded knowledge	title, content, category, embedding, tags[]
audit_logs	Security event trail	action, actor, event_type, details JSONB
scheduled_jobs	Background job queue	job_type, payload JSONB, scheduled_for, status
team_tasks	Task tracking	title, status, assigned_to, due_date
webhook_logs	Webhook history	provider, event_type, payload JSONB, status
tenant_users	Multi-user per tenant	tenant_id, user_id, role, status

pgvector: 3072-dimensional embeddings, HNSW indexes. Functions: search_conversations(), search_profiles(), search_knowledge(), search_by_tags().

92+ migrations (Mar–Apr 2026): initial schema → billing → core memory → widget funnel → onboarding → watchdog → RBAC → audit → voice → storyboards → analytics → content engine → health scores → PHI detection → creative pipeline. All idempotent.

Docker + Hetzner VPS

Infrastructure & Deployment

In plain English: the whole system runs on one rented server in Germany (Hetzner). Pushing code is a single git push — the server rebuilds and swaps in the new version automatically, with one command to roll back if something breaks. Technical: 4 Docker services, post-receive git hook, healthcheck + revert.

Service	Image	Port	Purpose
postgres	pgvector/pgvector:pg16	5432	Database + vector search
redis	redis:7-alpine	6379	Queues, cache, sessions
core	Custom Node.js 20	3001	Main engine
mcp-bridge	Custom	3002	Remote DevOps MCP

All ports 127.0.0.1 only. Internal Docker network. Health checks for ordered startup.

Deploy Pipeline

git commit

→

git push hetzner

→

post-receive hook

→

docker build

→

docker up

→

health check

Rollback: git revert HEAD → push → rebuild. Full history preserved.

Boot Sequence (10 Stages)

Env Validation

Load .env, validate required vars

Database Connection

Verify PostgreSQL — fail fast if unreachable

Express Server

HTTP on port 3001 for webhooks

Telegram Bot

Initialize polling, register handlers

BullMQ Workers

Start 10 queue processors

Consolidation

Memory aggregation, vector embedding

Watchdog

Health monitoring, integrity checks

Health Monitor

/health endpoint for Docker

Tenant Cache

Preload configs into memory

Scheduler

Schedule all recurring crons

Business Model

Revenue & Client Offering

4 tiers + performance commission. Target: 1000 clients, $150K+/mo, 85-94% margin.

Web Starter

$50/mo

Website chat widget
AI conversations
Knowledge extraction
Basic analytics

AI Messenger

$150/mo

Everything in Starter
WhatsApp + Instagram
Voice inbox
Cross-channel merge
Follow-ups

AI Autopilot

$250/mo

Everything in Messenger
Full automation
Booking + calendar
Content creation
Social posting
Lead nurture
Email campaigns

AI Studio

$500/mo

Everything in Autopilot
AI Voice agent
AI Video generation
Strategic advisory
Advanced analytics
Custom integrations

Automation Value — Hours Saved Per Client

Conversations

20 hrs/wk

Social content

10 hrs/wk

Follow-up emails

7 hrs/wk

Scheduling

3.5 hrs/wk

Reporting

2.5 hrs/wk

Total: ~43 hours/week saved per client. That's a full-time employee replaced.

Revenue Projections (1000 Clients)

Scenario	Avg/Client	Monthly	Cost	Margin
Conservative	$150	$150,000	$22,500	85%
Target	$250	$250,000	$22,500	91%
Aggressive	$350	$350,000	$22,500	94%

Current Traction

Tenants Live

$500

Monthly Revenue

48K

Contacts Ready

Sovereign Intelligence Master Plan

Plan vs Reality

Cross-referenced against the master plan. Over-built, under-deployed.

Phase 1

Foundation

1–20 clients

Complete

Phase 2

Multi-Tenant

20–100 clients

In Progress

Phase 3

Full Autonomy

100–500 clients

Features Built

Phase 4

Platform Scale

500–1,000 clients

Not Started

Ahead of Schedule

Feature	Planned Phase	Status
BullMQ job queues at scale	Phase 3	Built — 10 queues
Video generation pipeline	Phase 3	Built — Kling API
Social media automation	Phase 3	Built — Blotato + engine
HIPAA / PHI compliance	Not planned	Built — 3-mode detection
Self-reflection AI loop	Not planned	Built — auto-revise
E-commerce system	Not planned	Built — Stripe/PayPal/Printify
Medical care plans	Not planned	Built — full automation
Prompt injection defense	Not planned	Built — 42 patterns
Git-backed deploys	Not planned	Built — bare repo + hook

Gaps — What's Not Done

Item	Plan Says	Status	Blocker
WhatsApp connected	Deploy next	Not connected	Meta OAuth
Instagram / FB messaging	Deploy next	Not connected	Meta OAuth
Social accounts linked	Deploy next	Pipeline built, not linked	OAuth per client
65K email blast (Oshun)	Deploy next	43K+5K ready, not sent	Waiting on channels
2nd paying client	Deploy next	0 additional	Need case study
Automated onboarding	60% → 90%	~60% automated	Bot needs work
Kubernetes	Phase 4	Not started	Not needed yet
DB replication	Phase 4	Not started	Single point of failure
Grafana / Prometheus	Phase 4	Custom watchdog only	No visual monitoring

Key Insight: Over-built, under-deployed. The engine has Phase 3 features but Phase 1 client count. The biggest gaps are deployment and client acquisition. The master plan says: "Deploy over build."

Top Blockers

Meta OAuth

Blocks WhatsApp + Instagram. Karen can't reach clients where they are.

Client Acquisition

1 paying client. Need 20+ for Phase 2. Oshun case study is the key.

Oshun Broadcast

43K phones + 5K emails sitting idle. Biggest revenue lever.

Onboarding Automation

Still 60% manual. Target: 90%. Need onboarding bot for self-serve.

Antigravity Core System Reference · Generated 2026-04-12 · NexusHub International