true402 safety stalls as Virtuals Protocol GAME functions. Give a G.A.M.E agent a pay-per-call, on-chain rug/honeypot gate for Base tokens over x402 — USDC on Base, no account, no API key. The wallet is the identity, and the safety stalls have a free daily trial, so the functions work out of the box with no wallet configured.
pip install game-true402This pulls the canonical Python GAME SDK (game_sdk) plus the x402 payer (requests, eth-account). You also need a GAME API key from console.game.virtuals.io.
import os
from game_sdk.game.worker import Worker
from game_true402 import true402_functions
# Reads PAYER_PRIVATE_KEY from the env (a Base wallet holding a little USDC).
# Omit the key to rely on the free daily trial for the safety stalls.
worker = Worker(
api_key=os.environ["GAME_API_KEY"],
description="A cautious on-chain trader that vets tokens before buying.",
instruction="Always run check_token_report before acting on a token.",
get_state_fn=lambda function_result, current_state: (current_state or {}),
action_space=true402_functions(),
)
worker.run("Is token 0x… safe to buy on Base?")To compose the functions into a full multi-worker agent instead, register the same list on a WorkerConfig.action_space and pass the worker to an Agent(workers=[…]), then call agent.compile() and agent.run().
The agent gets four functions. Each pays its stall over x402 and returns the standard GAME (FunctionResultStatus, message, info) tuple; the info dict is the full stall JSON, fed into your get_state_fn on the next step.
check_token_report— primary pre-trade gate. Composite avoid / caution / ok verdict from a real on-chain buy/sell honeypot simulation (proves sellability, not just a static scan) plus liquidity, ownership/mint and recent rug activity. Call before buying. ~$0.01.check_token_safety— structural safety score 0–100 and flags (honeypot sim, liquidity, mint/ownership). Lighter than the report. ~$0.005.check_address_safety— screen any address before you send to / approve / call it: EOA-vs-contract, ETH+USDC balance, activity, ownership, upgradeable-proxy (EIP-1967) detection. ~$0.005.check_deployer— deployer wallet reputation (age, contracts shipped, fresh-throwaway flag) to catch serial ruggers a structural scan can't see. ~$0.008.
true402_functions() reads the environment, or you can pass an explicit PayOpts:
from game_true402 import true402_functions, PayOpts
action_space = true402_functions(PayOpts(
payer_private_key="0x…", # a Base wallet with a little USDC (gas is sponsored; USDC only)
max_amount_usd=0.10, # hard per-call ceiling — refuses to sign a 402 demanding more
))PAYER_PRIVATE_KEY— Base wallet key that signs x402 payments (needs USDC, not ETH). Unset means free-trial only.TRUE402_BASE_URL— defaults tohttps://true402.dev/api; override to point at a self-hosted instance.BASE_RPC_URL— defaults tohttps://mainnet.base.org; used only for a balance pre-check.
The payer refuses to sign anything that isn't USDC-on-Base within max_amount_usd (default $0.10), so a rogue or compromised endpoint can't make your agent authorize an unexpected asset, network, or amount. The private key signs locally and never leaves the process. This is the same verified x402 payer used by the CrewAI and LangChain integrations — signatures recover to the payer address.
Do I need a true402 account or API key? No. Payment is the auth: the agent POSTs, gets an HTTP 402 with payment terms, signs an EIP-3009 USDC authorization, and retries. The wallet is the identity.
Does it work without a funded wallet? Yes, up to a point. The safety stalls have a free daily trial, so the functions return real results with no
PAYER_PRIVATE_KEYset — until the trial is exhausted, then they require payment.Which function should the agent call before trading?
check_token_report. It is the composite avoid/caution/ok gate and folds in the honeypot simulation, liquidity, ownership and deployer signal.Why Python and not the Node GAME SDK? GAME's Python SDK is the canonical reference, and its executables run synchronously — a clean match for the synchronous x402 payer, with no async wrapping. A TypeScript build can wrap the same stalls via the
@true402.dev/langchainpayer.What does the executable return to the planner? A
(FunctionResultStatus.DONE | .FAILED, message, info)tuple. The message is an agent-readable summary; theinfodict is the full stall JSON for yourget_state_fn.
- Live check in your browser: true402.dev/check
- API reference: true402.dev/docs/api · OpenAPI: true402.dev/openapi.json
- Also available: LangChain · CrewAI · MCP server
MIT