A transparent look at how every component in the system connects — from browser to blockchain.
The platform is split into two layers: the admin stack that users interact with, and isolated bot containers that execute on-chain autonomously.
Each bot runs a continuous asyncio loop. Here is exactly what happens on every iteration.
The bot calls getBalance on its treasury wallet. If balance is below the configured reserve + fee buffer, the cycle is skipped and the bot sleeps.
solana.rpc.async_apiSpendable = balance − sol_reserve − fee_buffer. Then multiplied by the configured buyback_percent (1–100%). This prevents the wallet from running dry.
in-memory arithmeticRequests a quote from Jupiter Aggregator (lite-api.jup.ag) for SOL → TOKEN. Jupiter routes through all DEXes to find the best price with minimal slippage.
GET /swap/v1/quoteJupiter returns a serialized VersionedTransaction. The bot signs it with the treasury keypair (decrypted in-memory, never written to disk) and submits via Solana RPC.
solders · VersionedTransactionBuyback & Burn: calls the SPL Token burn instruction on the received tokens.
Buyback Only: tokens stay in treasury.
Add Liquidity: pairs SOL + tokens into the Raydium or PumpSwap pool.
Stats (SOL spent, tokens burned/bought, cycle count) are written to a JSON file on the data volume, readable by the admin service. A Telegram message is sent if enabled.
json · aiohttp · Telegram Bot APIasyncio.sleep(INTERVAL_SECONDS) — configurable from 60 s to several hours. The bot uses almost zero CPU while sleeping.
asyncio.sleepPrivate keys are sensitive. Here is every layer of protection applied to keypairs and API credentials.
Every treasury and creator wallet is encrypted with AES-256-GCM before being written to the database. The encryption key is never stored alongside the ciphertext — it lives only in the server environment.
All admin API endpoints require a signed JWT token. Tokens are issued on login/register and expire after 30 days. The signing secret is a configurable environment variable — never hardcoded.
Each bot runs in a dedicated Docker container with its own filesystem, process namespace, and network stack. A crash or compromise in one bot cannot affect any other bot or the admin service.
Every component chosen for reliability, performance, and Solana ecosystem fit.
All buybacks, burns, and liquidity operations are on-chain Solana transactions — finalised in ~400 ms with sub-cent fees.
Jupiter routes every swap across all major Solana DEXes to find best price. Bots use the lite API (no Metis dependency) for lower latency.
Add Liquidity mode deposits into the pool that graduated pump.fun tokens live on — PumpSwap or Raydium AMM V4, auto-detected at startup.
Async Python web framework with Pydantic validation. Handles auth, bot management, stats, avatar uploads, and the public API — all in a single process.
Sits between FastAPI and PostgreSQL in transaction pooling mode. Caps actual DB connections to ~20 regardless of concurrent API requests or future bot count.
Stores users, bots, API keys (SHA-256 hashed), bot stats, and encrypted keypairs. SQLAlchemy async ORM with asyncpg driver.
The admin service manages bot containers via the Docker socket API at runtime. Each bot is an independent container with its own lifecycle and logs.
Serves all static HTML/CSS/JS files directly (no FastAPI overhead) and proxies only API calls. Handles uploads with 7-day browser caching headers.
Python's cryptography library encrypts every private key before DB write. A unique 12-byte IV per key and a 16-byte authentication tag prevent tampering.