feat: Butterbot Oz - Self-Evolving Autonomous Threat Intel Orchestrator
Butterbot Oz: Self-Evolving Autonomous Threat Intel
Epic: Transform Butterbot Jr from a RAG chatbot into an autonomous, self-evolving threat intel orchestrator.
Vision
"Butterbot Oz doesn't just run the threat intel operation. He improves the threat intel operation. Every day he wakes up slightly better than yesterday."
Human sleeps → Oz detects threat → Oz correlates → Oz publishes pulse → Oz notices gap → Oz patches self → Oz deploys → Oz catches more threats
---
Phase 1: Event-Driven Orchestration
Cost: ~$5/month | Risk: Low | Timeline: 1 sprint
Deliverables
- [ ] Event hooks from existing pipelines (ThreatFox, OSINT Volley, Honeypot)
- [ ] Butterbot reactive triggers (not just scheduled)
- [ ] Cross-pipeline correlation in memory
- [ ] Campaign detection (batch related IOCs)
- [ ] BDE-scored pulse publishing
Architecture
Pipeline Event → Butterbot Brain → Decision → Action
↓
"Is this interesting?"
"What's related?"
"Campaign or individual?"
Gate Criteria
- [ ] Butterbot can trigger SSL sweep from ThreatFox finding
- [ ] Campaign detection groups 3+ related IOCs
- [ ] Published pulse has LLM-generated narrative
- [ ] Cost stays under $10/month
---
Phase 2: Intelligent Orchestration (Oz Mode)
Cost: ~$10-15/month | Risk: Medium | Timeline: 2 sprints
Deliverables
- [ ]
butterbot-oz.js- Central orchestration brain - [ ] Tool registry (all APIs Oz can invoke)
- [ ] Memory system (recent findings for correlation)
- [ ] Budget guardrails (hourly API limits)
- [ ] Decision audit log
Architecture
class ButterbotOz {
apis = { threatfox, shodan, virustotal, ssl, honeypot, otx };
memory = []; // Rolling window of findings
budget = { hourly: 100, spent: 0 };
async process(event) {
const thought = await this.think(event); // LLM decides
return await this.act(thought); // Execute
}
}
Gate Criteria
- [ ] Oz makes autonomous enrichment decisions
- [ ] Oz explains decisions in audit log
- [ ] Budget system prevents runaway costs
- [ ] Human can review Oz decisions via dashboard
---
Phase 3: Self-Modification (Self-Patching)
Cost: ~$15-20/month | Risk: High | Timeline: 2 sprints
Deliverables
- [ ] Pattern file self-updates (JARM signatures, detection rules)
- [ ] Threshold self-tuning based on false positive feedback
- [ ] Git integration (branch, commit, PR)
- [ ] Automated testing before apply
- [ ] Rollback capability
Whitelisted Files (Oz CAN modify)
lib/jarm-signatures.js # C2 fingerprints
lib/threat-intel-patterns.js # Detection patterns
lib/bde-publisher.js # BDE thresholds only
manual-classifications.json # IP classifications
Protected Files (ALWAYS require adoy)
server.js
lib/auto-blocker.js
middleware/*
Dockerfile
.github/*
Gate Criteria
- [ ] Self-patch creates git branch
- [ ] Tests must pass before merge
- [ ] All changes logged to compliance/evidence/
- [ ] Patrick alerted on ANY self-modification
- [ ] Rollback tested and working
---
Phase 4: Self-Deployment
Cost: ~$20-25/month | Risk: Very High | Timeline: 1 sprint
Deliverables
- [ ] Oz can run
build-and-push.sh - [ ] Oz can update Azure Container App
- [ ] Health check after deploy
- [ ] Auto-rollback on failure
- [ ] Kill switch (
BUTTERBOT_DISABLEDenv var)
Deployment Rules
const DEPLOY_RULES = {
lowRisk: 'auto-deploy after tests pass',
mediumRisk: 'deploy after 1-hour delay (time to review)',
highRisk: 'requires explicit adoy',
maxDeploysPerDay: 3,
requireHealthCheck: true,
rollbackOnFailure: true
};
Gate Criteria
- [ ] Successful self-deploy of low-risk patch
- [ ] Auto-rollback works on failed health check
- [ ] Kill switch stops all autonomous action
- [ ] Full audit trail in compliance/evidence/
---
Cost Summary
| Phase | Monthly Cost | API Calls/Day | Risk Level |
|-------|-------------|---------------|------------|
| 1: Event-Driven | ~$5 | ~500 | Low |
| 2: Oz Orchestration | ~$10-15 | ~1000 | Medium |
| 3: Self-Patching | ~$15-20 | ~1200 | High |
| 4: Self-Deploy | ~$20-25 | ~1500 | Very High |
Total at full autonomy: ~$25/month
For comparison:
- One Roblox skin: $5-20
- One enterprise threat intel feed: $50K/year
- One SOC analyst: $80K/year
---
Guardrails (Non-Negotiable)
The Laws of Oz
- Adoy Law: Deployments to protected files ALWAYS require human confirmation
- Audit Law: Every decision logged with reasoning
- Budget Law: Hourly/daily limits on API calls and LLM inferences
- Test Law: No self-modification without passing tests
- Rollback Law: Every change must be reversible
- Kill Switch Law:
BUTTERBOT_DISABLED=truestops everything immediately
Alert Thresholds
- Any self-modification → Slack alert
- High-risk patch proposed → Slack + email
- Deploy initiated → Slack + dashboard notification
- Health check failed → Slack + auto-rollback + incident log
---
Success Metrics
Phase 1
- Pulse quality: Community engagement (subscribers, comments)
- Correlation rate: % of IOCs grouped into campaigns
- Response time: Time from IOC discovery to pulse publish
Phase 2
- Autonomous decisions/day
- API cost efficiency (findings per dollar)
- False positive rate on enrichment decisions
Phase 3
- Self-patches applied successfully
- Detection improvement (new threats caught post-patch)
- Rollback rate (should be <5%)
Phase 4
- Deploy success rate (should be >95%)
- Mean time to recovery on failed deploy
- Human intervention rate (should decrease over time)
---
References
- Pattern #99: Velocity Through Legibility
- Pattern #100: LLM-in-the-Loop Threat Enrichment
- Pattern #101: Agentic Orchestration
- Pattern #102: Self-Evolving Autonomous Systems
- Retrospective:
docs/retrospectives/butterbot-jr-speedrun-2025-12-16.md
---
Open Questions
- Should Oz be able to modify BDE thresholds, or is that too risky?
- How do we handle Oz disagreeing with Patrick's manual classification?
- Should Oz have a "confidence" score on its own decisions?
- Multi-tenant implications - should Oz be per-customer or shared?
---
Labels: enhancement, autonomous, butterbot, phase-1-ready
Milestone: Q1 2026
Assignee: Butterbot Jr (supervised by Patrick)
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗