Skip to main content

true402 safety stalls as Virtuals Protocol GAME functions — pay-per-call on-chain rug/honeypot & address safety for Base AI agents over x402 (USDC, no account, no API key).

Project description

game-true402

true402 safety stalls as Virtuals Protocol GAME functions. Give a G.A.M.E agent a pay-per-call, on-chain rug/honeypot gate for Base tokens over x402 — USDC on Base, no account, no API key. The wallet is the identity, and the safety stalls have a free daily trial, so the functions work out of the box with no wallet configured.

§01 · Install

pip install game-true402

This pulls the canonical Python GAME SDK (game_sdk) plus the x402 payer (requests, eth-account). You also need a GAME API key from console.game.virtuals.io.

§02 · Use

import os
from game_sdk.game.worker import Worker
from game_true402 import true402_functions

# Reads PAYER_PRIVATE_KEY from the env (a Base wallet holding a little USDC).
# Omit the key to rely on the free daily trial for the safety stalls.
worker = Worker(
    api_key=os.environ["GAME_API_KEY"],
    description="A cautious on-chain trader that vets tokens before buying.",
    instruction="Always run check_token_report before acting on a token.",
    get_state_fn=lambda function_result, current_state: (current_state or {}),
    action_space=true402_functions(),
)

worker.run("Is token 0x… safe to buy on Base?")

To compose the functions into a full multi-worker agent instead, register the same list on a WorkerConfig.action_space and pass the worker to an Agent(workers=[…]), then call agent.compile() and agent.run().

§03 · The functions

The agent gets four functions. Each pays its stall over x402 and returns the standard GAME (FunctionResultStatus, message, info) tuple; the info dict is the full stall JSON, fed into your get_state_fn on the next step.

  • check_token_reportprimary pre-trade gate. Composite avoid / caution / ok verdict from a real on-chain buy/sell honeypot simulation (proves sellability, not just a static scan) plus liquidity, ownership/mint and recent rug activity. Call before buying. ~$0.01.
  • check_token_safety — structural safety score 0–100 and flags (honeypot sim, liquidity, mint/ownership). Lighter than the report. ~$0.005.
  • check_address_safety — screen any address before you send to / approve / call it: EOA-vs-contract, ETH+USDC balance, activity, ownership, upgradeable-proxy (EIP-1967) detection. ~$0.005.
  • check_deployer — deployer wallet reputation (age, contracts shipped, fresh-throwaway flag) to catch serial ruggers a structural scan can't see. ~$0.008.

§04 · Configuration

true402_functions() reads the environment, or you can pass an explicit PayOpts:

from game_true402 import true402_functions, PayOpts

action_space = true402_functions(PayOpts(
    payer_private_key="0x…",   # a Base wallet with a little USDC (gas is sponsored; USDC only)
    max_amount_usd=0.10,        # hard per-call ceiling — refuses to sign a 402 demanding more
))
  • PAYER_PRIVATE_KEY — Base wallet key that signs x402 payments (needs USDC, not ETH). Unset means free-trial only.
  • TRUE402_BASE_URL — defaults to https://true402.dev/api; override to point at a self-hosted instance.
  • BASE_RPC_URL — defaults to https://mainnet.base.org; used only for a balance pre-check.

§05 · Safety

The payer refuses to sign anything that isn't USDC-on-Base within max_amount_usd (default $0.10), so a rogue or compromised endpoint can't make your agent authorize an unexpected asset, network, or amount. The private key signs locally and never leaves the process. This is the same verified x402 payer used by the CrewAI and LangChain integrations — signatures recover to the payer address.

§06 · FAQ

  1. Do I need a true402 account or API key? No. Payment is the auth: the agent POSTs, gets an HTTP 402 with payment terms, signs an EIP-3009 USDC authorization, and retries. The wallet is the identity.

  2. Does it work without a funded wallet? Yes, up to a point. The safety stalls have a free daily trial, so the functions return real results with no PAYER_PRIVATE_KEY set — until the trial is exhausted, then they require payment.

  3. Which function should the agent call before trading? check_token_report. It is the composite avoid/caution/ok gate and folds in the honeypot simulation, liquidity, ownership and deployer signal.

  4. Why Python and not the Node GAME SDK? GAME's Python SDK is the canonical reference, and its executables run synchronously — a clean match for the synchronous x402 payer, with no async wrapping. A TypeScript build can wrap the same stalls via the @true402.dev/langchain payer.

  5. What does the executable return to the planner? A (FunctionResultStatus.DONE | .FAILED, message, info) tuple. The message is an agent-readable summary; the info dict is the full stall JSON for your get_state_fn.

§07 · Links

§08 · License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

game_true402-0.1.0.tar.gz (7.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

game_true402-0.1.0-py3-none-any.whl (9.5 kB view details)

Uploaded Python 3

File details

Details for the file game_true402-0.1.0.tar.gz.

File metadata

  • Download URL: game_true402-0.1.0.tar.gz
  • Upload date:
  • Size: 7.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.12

File hashes

Hashes for game_true402-0.1.0.tar.gz
Algorithm Hash digest
SHA256 71382071729cc44e36a59c29f3dea2180ec01a90c39dc75a39e0011a9b9c0fa5
MD5 c1b8d9a5292dc81fd8c9c992cb735cfa
BLAKE2b-256 9a6489a1fb616153845625919ec0bf328866e1c1bba52275cecc94589dbb8dcb

See more details on using hashes here.

File details

Details for the file game_true402-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: game_true402-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 9.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.12

File hashes

Hashes for game_true402-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 db5485bb4a3dd82f9dda4e8f917ebe25c65c68eb2fc070a55f87c23f19825e66
MD5 523643f0f56ea693e99e3763024570cd
BLAKE2b-256 b3d06f04e9698e3efbb340bf8abb808357aa558419796558085e19f47154f812

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page