Developer documentation

Bugglo API and integration guide

How to run the app, call the chat API, turn on the live RobinX engine and RobinX MCP backend, read the widget contract, and point your own frontend at it. It also lays out the tool surface we are building toward: an agent that does not just read Robinhood Chain, but deploys, analyses, and trades on it.

Demo mode
Default. No API key required.
Live ready
ROBINX_ENGINE_KEY is present.
Live data
The RobinX engine is calling RobinX MCP tools.
Overview

What you are integrating with

Bugglo is an agentic loop, not a search box. A request is planned by the RobinX engine, executed against on-chain tools, and returned as a typed reply the interface knows how to render. Without credentials the same endpoints keep working in demo mode, so you can build the whole frontend before you ever pay for a token.

Stack

  • Next.js App Router, React client UI
  • API routes under app/api
  • Google login via Google Identity Services
  • Wallet login via EIP-1193 signed message
  • Installable PWA with offline fallback
  • Vitest regression tests

Two backends, one contract

The demo agent and the live RobinX agent return the same reply shape. If the live agent fails, times out, or returns an invalid shape, the response falls back to demo rather than breaking the UI — so a missing key degrades the answer, never the app.

Getting started

Quickstart

Install, run, and open the app. Demo mode needs no keys at all.

Run it locally

shell
npm install
npm run dev

# open http://localhost:3000

Ship it

shell
npm run verify   # lint, unit tests, production build
npm start

Run verify before every deploy. It is the same gate CI uses.

Getting started

Configuration

Everything except AUTH_SECRET is optional. Add a key, get a capability; leave it out, keep demo mode.

.env.local
AUTH_SECRET=replace-with-long-random-secret
NEXT_PUBLIC_GOOGLE_CLIENT_ID=...
GOOGLE_CLIENT_ID=...

# live mode — all three required, none of them has a default.
# Miss any one and the route stays on the demo agent.
ROBINX_ENGINE_KEY=...
ROBINX_ENGINE_URL=<OpenAI-compatible chat-completions base URL>
ROBINX_ENGINE_MODEL=<model id from your provider>

# optional — spend caps. Over any of them /api/chat returns 429 "Server busy".
ENGINE_MAX_PER_MINUTE=5
ENGINE_MAX_PER_DAY=150
ENGINE_USER_USD_PER_DAY=0.25
ENGINE_GLOBAL_USD_PER_DAY=5
ENGINE_TRUSTED_PROXIES=1

# optional
CHAT_TIMEOUT_MS=25000
ROBINX_URL=https://api.robinx.io
ROBINX_WALLET_KEY=0x...
ROBINX_MAX_USD_PER_CALL=0.10
ROBINX_ALLOWED_TOOLS=robinx_stats,robinx_verdict,robinx_token
HTTP API

Endpoints

Base URL in development is http://localhost:3000. The chat endpoint requires a session cookie from Google or wallet login.

GET/api/healthpublic

Backend health and current mode.

request
No request body.
response
{
  "ok": true,
  "service": "hoodscope-backend",
  "mode": "demo",
  "capabilities": {
    "engine": false,
    "mcp": false,
    "paidToolsEnabled": false
  }
}
POST/api/chatsession required

Send a message to the demo or live agent.

request
{
  "message": "Rug check this contract: 0x...",
  "mode": "Auto",
  "history": [
    { "role": "user", "text": "What can you do?" },
    { "role": "assistant", "text": "I can analyze Robinhood Chain data." }
  ]
}
response
{
  "reply": {
    "kind": "text",
    "text": "Answer text..."
  },
  "source": "demo",
  "backend": "demo"
}
GET/api/auth/sessioncookie

Read the current auth session.

request
No request body. Uses the HTTP-only session cookie.
response
{
  "authenticated": true,
  "user": {
    "provider": "google",
    "email": "user@example.com"
  }
}
POST/api/auth/googlepublic

Log in with a Google ID token.

request
{
  "credential": "GOOGLE_ID_TOKEN_FROM_GIS"
}
response
{
  "ok": true,
  "user": {
    "provider": "google",
    "email": "user@example.com"
  }
}
POST/api/auth/wallet/noncepublic

Create a wallet login challenge.

request
{
  "address": "0x..."
}
response
{
  "message": "HoodScope wants you to sign in...",
  "expiresIn": 300
}
POST/api/auth/wallet/verifypublic

Verify the signed wallet challenge.

request
{
  "address": "0x...",
  "message": "HoodScope wants you to sign in...",
  "signature": "0x..."
}
response
{
  "ok": true,
  "user": {
    "provider": "wallet",
    "address": "0x..."
  }
}

curl

shell
curl -sS -X POST http://localhost:3000/api/chat \
  -H 'content-type: application/json' \
  -H 'cookie: hoodscope_session=...' \
  --data '{
    "message": "What can you do?",
    "mode": "Auto",
    "history": []
  }'

JavaScript

js
const res = await fetch("/api/chat", {
  method: "POST",
  credentials: "include",
  headers: { "content-type": "application/json" },
  body: JSON.stringify({
    message: "Show the latest DEX tokens",
    mode: "Deep",
    history: [],
  }),
});

if (!res.ok) throw new Error(await res.text());
const data = await res.json();
console.log(data.source, data.reply);
Reply contract

Widget response kinds

The UI renders a widget automatically when reply.kind is one of the kinds below. An invalid shape is rejected before it can reach the UI, and the client falls back to the demo agent. Greyed kinds ship alongside the tools in the agent surface — they are not live yet.

textPlain assistant response. Shape: { kind, text }.
rugcheckContract risk widget: risk score, verdict, checks, summary.
trendingTrending tokens with mentions, sentiment, change, sparkline.
sentimentBullish, bearish, and neutral split for a ticker or query.
walletWallet stats, labels, and risk flags.
bundle (planned)Launch-bundle map: sniper clusters and true insider supply.
deploy (planned)Deployment preview: constructor args, LP plan, unsigned transaction.
quote (planned)Swap route, price impact, and the simulated outcome before you sign.
position (planned)Portfolio X-ray: concentration, correlation, and outstanding approvals.
HTTP API

Limits and errors

Request limits

  • message: string, max 2000 characters.
  • mode: Auto, Fast, or Deep.
  • history: 12 most recent items.
  • Rate limit: 30 requests per IP per 60 seconds.
  • /api/chat returns 401 when signed out.

Error shape

json
{ "error": "message (string) is required" }
{ "error": "rate limit exceeded", "retryAfterMs": 41200 }

Always check res.ok before treating a response as success.

The agent

Live mode: RobinX engine + RobinX MCP

Live mode activates on its own the moment ROBINX_ENGINE_KEY is set. The engine plans the route, calls RobinX MCP tools, and returns a typed reply. Some tools are paid through x402 in USDC, which is why the wallet key and the per-call ceiling exist.

The tool layer itself — what RobinX MCP hands the model, the fleet of servers it is cross-checked against, the guardrails around it, and how far it is meant to go — has its own page: RobinX MCP.

What the model is allowed to touch

Only the tools named in ROBINX_ALLOWED_TOOLS. An unlisted tool is not visible to the model at all — an allowlist, not a filter applied after the fact.

What happens when it breaks

A failed tool, a timeout, or a malformed reply degrades to the demo agent with source: "demo". The user gets a worse answer, never a broken page.

The agent

The on-chain agent surface

Bugglo reads Robinhood Chain today. The thing we are actually building is an agent that can operate on it end to end: analyse a launch down to the bundle that bought it, deploy a token from one sentence, and close the loop by trading — all from the same chat box, all against the same guardrails.

Below is the full tool surface, with the status of each tool stated honestly. Nothing here is dressed up as further along than it is. The fastest way to kill a promise is to fake it. For the long-form version — how the agent plans across these tools, what stops it doing harm, and where the whole thing is pointed — read RobinX MCP.

Live callable todayBuilding half-wired, landing soonPlanned designed, not startedResearch needs primitives that don't exist yet

Read — chain intelligence

Everything Bugglo does today lives here. The agent plans its own route across these tools, cross-checks them against each other, and reports where they disagree — a clean verdict from one source is worthless.

Who actually bought this launch, and were they all funded by the same wallet?

robinx_token

Supply, liquidity, holder spread, and lock state for any token on Robinhood Chain.

Live
robinx_verdict

Composite rug-check: contract source, honeypot behaviour, LP lock, ownership powers.

Live
robinx_deployer

The address that shipped the contract, and the thread back to everything else it has ever touched.

Live
robinx_stats

Deployer reputation and the full history of every contract an address has ever shipped.

Live
robinx_feed

The live launch feed — what deployed in the last hour, with liquidity attached to it.

Live
robinx_leaderboard

Ranked movement across the chain, with volume shown next to the liquidity backing it.

Live
chain_holder_graph

Clusters holders by funding path, so one entity standing behind forty wallets reads as one entity.

Building
chain_bundle_scan

Bundler detection: same-block buy bundles, wallets funded from a single source minutes before launch, sniper clusters, and the real insider allocation hiding behind a "fair launch".

Planned
chain_wash_scan

Wash-trading detection: circular transfers, self-crossing fills, and volume that never reaches a new wallet.

Planned
chain_mempool_watch

Pending-transaction watch — see the deployer pull liquidity while the transaction is still unconfirmed.

Research

Write — deploy and token lifecycle

One sentence, one reviewable transaction bundle. The agent assembles the deploy, the pool, the lock, and the renounce — then hands it to your wallet to sign. It never holds a key and it never fires on its own.

Launch MYTOKEN, 1B supply, 4% of it to the pool, LP locked 12 months, ownership renounced.

token_deploy

Deploy an ERC-20 from a prompt: name, symbol, supply, decimals, tax rules, with verified source published at deploy time.

Planned
token_lp_seed

Create the pool and seed initial liquidity in the same intent as the deploy, so the token is never live and unbacked.

Planned
token_lp_lock

Lock LP for a stated duration and return the lock receipt the agent can later verify against chain state.

Planned
token_ownership

Renounce ownership, transfer it, or permanently disable mint — each one an explicit state change you sign for.

Planned
token_airdrop

Batch distribution against a holder list, previewed down to who receives what before a single transfer leaves.

Research

Trade — execution

The endgame: you state an outcome, not an order. Research, decision, and execution close into a single loop — behind the ceilings in the next section, because an agent that can spend money without a hard limit is a liability, not a product.

Sell half if it 2x. Dump it all if liquidity drops under $100k.

trade_quote

Route and price a swap across Robinhood Chain DEXes, with the price impact and the route stated up front.

Planned
trade_simulate

Dry-run any transaction against live chain state and report exactly what leaves your wallet — catching approval drains and honeypot sells while walking away is still free.

Planned
trade_swap

Execute the quoted swap. Never auto-fires; the agent prepares it, you sign it.

Planned
trade_limit

Resting limit order — fill at your price or not at all.

Planned
trade_approvals

Every allowance you have ever granted, ranked by what it could cost you, revocable in one call. Most wallets get drained by a signature from eight months ago.

Planned
trade_conditional

Standing exits that survive the tab closing: an on-chain intent that settles without you awake and without a centralised bot holding your keys.

Research

Write and trade tools do not return a signed transaction. They return an unsigned one, plus the simulation of what it would do, and the UI hands it to your wallet. The agent proposes; you sign.

planned — chat reply for a deploy intent
{
  "reply": {
    "kind": "deploy",
    "token": { "name": "MYTOKEN", "symbol": "MYT", "supply": "1000000000" },
    "plan": [
      { "step": "token_deploy",   "verifiedSource": true },
      { "step": "token_lp_seed",  "liquidityUsd": 4000 },
      { "step": "token_lp_lock",  "months": 12 },
      { "step": "token_ownership", "action": "renounce" }
    ],
    "simulation": { "gasUsd": 1.84, "leavesWallet": "4000 USDC + gas" },
    "transactions": ["0x02f8...unsigned"],
    "requiresSignature": true
  },
  "source": "live",
  "backend": "robinx-engine+robinx-mcp"
}
The agent

Guardrails

The honest problem with an agent that can spend money is that its worst case is your whole wallet. So the worst case has to be enforced somewhere the agent cannot argue with. These are the limits the write and trade tools ship behind — and the reason they are not live yet.

The agent never holds your keys

Read tools run server-side. Write and trade tools compile to an unsigned transaction your wallet signs. There is no custody path, so there is no key to steal from us.

Simulate before signature

Every state-changing call is dry-run against live chain state first, and the UI shows exactly what leaves your wallet. Approval drains and honeypot sells are caught while walking away is still free.

Tool allowlist and spend ceiling

ROBINX_ALLOWED_TOOLS bounds what the model can reach; ROBINX_MAX_USD_PER_CALLbounds what a paid tool call may cost. Both are enforced server-side, outside the model's reach.

Spend-cap vault Research

For autonomous execution, a ceiling in the environment is not enough — it has to be a number on-chain that the agent physically cannot exceed. That is a contract we have to write and get audited, and we will not ship autonomous trading until it exists.

Integrate

Point the UI at your own backend

Set a Backend URL in Settings and the interface will call your service instead. It has to honour the same contract.

Required routes

  • GET /api/health
  • POST /api/chat
  • GET /api/auth/session
  • A compatible session cookie if chat is protected.
  • JSON responses, not streamed text.
  • CORS headers if you serve from another origin.

Status labels in the UI

  • Demo mode — API reachable, no live credentials.
  • Live ready — credentials present.
  • Live data — the last reply came from the live backend.
  • Backend offline — health or chat request failed.

The smallest response that works

json
{
  "reply": { "kind": "text", "text": "Hello from your backend" },
  "source": "live",
  "backend": "my-service"
}
Integrate

Install as an app

Bugglo ships a manifest, 192 and 512px icons, an Apple touch icon, a service worker, and an offline fallback page.

Install checklist

  • Serve over HTTPS, or localhost in dev.
  • Load the site once so the service worker registers.
  • The browser then offers Install App / Add to Home Screen.
  • Chat still needs network and an authenticated session.

Assets

  • /manifest.webmanifest
  • /sw.js
  • /pwa-icon-192.png
  • /pwa-icon-512.png
  • /offline

Security

Never send a private key or seed phrase through chat — no Bugglo feature will ever ask for one, and any prompt that does is an attack. Keep ROBINX_ENGINE_KEY and AUTH_SECRET in the server environment only. Wallet login asks for a message signature and nothing else. If you enable x402 paid tools, fund a dedicated low-balance wallet — never your main one.

Try Bugglo