/api/healthpublicBackend health and current mode.
No request body.{
"ok": true,
"service": "hoodscope-backend",
"mode": "demo",
"capabilities": {
"engine": false,
"mcp": false,
"paidToolsEnabled": false
}
}How to run the app, call the chat API, turn on the live RobinX engine and RobinX MCP backend, read the widget contract, and point your own frontend at it. It also lays out the tool surface we are building toward: an agent that does not just read Robinhood Chain, but deploys, analyses, and trades on it.
Bugglo is an agentic loop, not a search box. A request is planned by the RobinX engine, executed against on-chain tools, and returned as a typed reply the interface knows how to render. Without credentials the same endpoints keep working in demo mode, so you can build the whole frontend before you ever pay for a token.
app/apiThe demo agent and the live RobinX agent return the same reply shape. If the live agent fails, times out, or returns an invalid shape, the response falls back to demo rather than breaking the UI — so a missing key degrades the answer, never the app.
Install, run, and open the app. Demo mode needs no keys at all.
npm install
npm run dev
# open http://localhost:3000npm run verify # lint, unit tests, production build
npm startRun verify before every deploy. It is the same gate CI uses.
Everything except AUTH_SECRET is optional. Add a key, get a capability; leave it out, keep demo mode.
AUTH_SECRET=replace-with-long-random-secret
NEXT_PUBLIC_GOOGLE_CLIENT_ID=...
GOOGLE_CLIENT_ID=...
# live mode — all three required, none of them has a default.
# Miss any one and the route stays on the demo agent.
ROBINX_ENGINE_KEY=...
ROBINX_ENGINE_URL=<OpenAI-compatible chat-completions base URL>
ROBINX_ENGINE_MODEL=<model id from your provider>
# optional — spend caps. Over any of them /api/chat returns 429 "Server busy".
ENGINE_MAX_PER_MINUTE=5
ENGINE_MAX_PER_DAY=150
ENGINE_USER_USD_PER_DAY=0.25
ENGINE_GLOBAL_USD_PER_DAY=5
ENGINE_TRUSTED_PROXIES=1
# optional
CHAT_TIMEOUT_MS=25000
ROBINX_URL=https://api.robinx.io
ROBINX_WALLET_KEY=0x...
ROBINX_MAX_USD_PER_CALL=0.10
ROBINX_ALLOWED_TOOLS=robinx_stats,robinx_verdict,robinx_tokenBase URL in development is http://localhost:3000. The chat endpoint requires a session cookie from Google or wallet login.
/api/healthpublicBackend health and current mode.
No request body.{
"ok": true,
"service": "hoodscope-backend",
"mode": "demo",
"capabilities": {
"engine": false,
"mcp": false,
"paidToolsEnabled": false
}
}/api/chatsession requiredSend a message to the demo or live agent.
{
"message": "Rug check this contract: 0x...",
"mode": "Auto",
"history": [
{ "role": "user", "text": "What can you do?" },
{ "role": "assistant", "text": "I can analyze Robinhood Chain data." }
]
}{
"reply": {
"kind": "text",
"text": "Answer text..."
},
"source": "demo",
"backend": "demo"
}/api/auth/sessioncookieRead the current auth session.
No request body. Uses the HTTP-only session cookie.{
"authenticated": true,
"user": {
"provider": "google",
"email": "user@example.com"
}
}/api/auth/googlepublicLog in with a Google ID token.
{
"credential": "GOOGLE_ID_TOKEN_FROM_GIS"
}{
"ok": true,
"user": {
"provider": "google",
"email": "user@example.com"
}
}/api/auth/wallet/noncepublicCreate a wallet login challenge.
{
"address": "0x..."
}{
"message": "HoodScope wants you to sign in...",
"expiresIn": 300
}/api/auth/wallet/verifypublicVerify the signed wallet challenge.
{
"address": "0x...",
"message": "HoodScope wants you to sign in...",
"signature": "0x..."
}{
"ok": true,
"user": {
"provider": "wallet",
"address": "0x..."
}
}curl -sS -X POST http://localhost:3000/api/chat \
-H 'content-type: application/json' \
-H 'cookie: hoodscope_session=...' \
--data '{
"message": "What can you do?",
"mode": "Auto",
"history": []
}'const res = await fetch("/api/chat", {
method: "POST",
credentials: "include",
headers: { "content-type": "application/json" },
body: JSON.stringify({
message: "Show the latest DEX tokens",
mode: "Deep",
history: [],
}),
});
if (!res.ok) throw new Error(await res.text());
const data = await res.json();
console.log(data.source, data.reply);The UI renders a widget automatically when reply.kind is one of the kinds below. An invalid shape is rejected before it can reach the UI, and the client falls back to the demo agent. Greyed kinds ship alongside the tools in the agent surface — they are not live yet.
textPlain assistant response. Shape: { kind, text }.rugcheckContract risk widget: risk score, verdict, checks, summary.trendingTrending tokens with mentions, sentiment, change, sparkline.sentimentBullish, bearish, and neutral split for a ticker or query.walletWallet stats, labels, and risk flags.bundle (planned)Launch-bundle map: sniper clusters and true insider supply.deploy (planned)Deployment preview: constructor args, LP plan, unsigned transaction.quote (planned)Swap route, price impact, and the simulated outcome before you sign.position (planned)Portfolio X-ray: concentration, correlation, and outstanding approvals.message: string, max 2000 characters.mode: Auto, Fast, or Deep.history: 12 most recent items./api/chat returns 401 when signed out.{ "error": "message (string) is required" }
{ "error": "rate limit exceeded", "retryAfterMs": 41200 }Always check res.ok before treating a response as success.
Live mode activates on its own the moment ROBINX_ENGINE_KEY is set. The engine plans the route, calls RobinX MCP tools, and returns a typed reply. Some tools are paid through x402 in USDC, which is why the wallet key and the per-call ceiling exist.
The tool layer itself — what RobinX MCP hands the model, the fleet of servers it is cross-checked against, the guardrails around it, and how far it is meant to go — has its own page: RobinX MCP.
Only the tools named in ROBINX_ALLOWED_TOOLS. An unlisted tool is not visible to the model at all — an allowlist, not a filter applied after the fact.
A failed tool, a timeout, or a malformed reply degrades to the demo agent with source: "demo". The user gets a worse answer, never a broken page.
Bugglo reads Robinhood Chain today. The thing we are actually building is an agent that can operate on it end to end: analyse a launch down to the bundle that bought it, deploy a token from one sentence, and close the loop by trading — all from the same chat box, all against the same guardrails.
Below is the full tool surface, with the status of each tool stated honestly. Nothing here is dressed up as further along than it is. The fastest way to kill a promise is to fake it. For the long-form version — how the agent plans across these tools, what stops it doing harm, and where the whole thing is pointed — read RobinX MCP.
Everything Bugglo does today lives here. The agent plans its own route across these tools, cross-checks them against each other, and reports where they disagree — a clean verdict from one source is worthless.
Who actually bought this launch, and were they all funded by the same wallet?
robinx_tokenSupply, liquidity, holder spread, and lock state for any token on Robinhood Chain.
Liverobinx_verdictComposite rug-check: contract source, honeypot behaviour, LP lock, ownership powers.
Liverobinx_deployerThe address that shipped the contract, and the thread back to everything else it has ever touched.
Liverobinx_statsDeployer reputation and the full history of every contract an address has ever shipped.
Liverobinx_feedThe live launch feed — what deployed in the last hour, with liquidity attached to it.
Liverobinx_leaderboardRanked movement across the chain, with volume shown next to the liquidity backing it.
Livechain_holder_graphClusters holders by funding path, so one entity standing behind forty wallets reads as one entity.
Buildingchain_bundle_scanBundler detection: same-block buy bundles, wallets funded from a single source minutes before launch, sniper clusters, and the real insider allocation hiding behind a "fair launch".
Plannedchain_wash_scanWash-trading detection: circular transfers, self-crossing fills, and volume that never reaches a new wallet.
Plannedchain_mempool_watchPending-transaction watch — see the deployer pull liquidity while the transaction is still unconfirmed.
ResearchOne sentence, one reviewable transaction bundle. The agent assembles the deploy, the pool, the lock, and the renounce — then hands it to your wallet to sign. It never holds a key and it never fires on its own.
Launch MYTOKEN, 1B supply, 4% of it to the pool, LP locked 12 months, ownership renounced.
token_deployDeploy an ERC-20 from a prompt: name, symbol, supply, decimals, tax rules, with verified source published at deploy time.
Plannedtoken_lp_seedCreate the pool and seed initial liquidity in the same intent as the deploy, so the token is never live and unbacked.
Plannedtoken_lp_lockLock LP for a stated duration and return the lock receipt the agent can later verify against chain state.
Plannedtoken_ownershipRenounce ownership, transfer it, or permanently disable mint — each one an explicit state change you sign for.
Plannedtoken_airdropBatch distribution against a holder list, previewed down to who receives what before a single transfer leaves.
ResearchThe endgame: you state an outcome, not an order. Research, decision, and execution close into a single loop — behind the ceilings in the next section, because an agent that can spend money without a hard limit is a liability, not a product.
Sell half if it 2x. Dump it all if liquidity drops under $100k.
trade_quoteRoute and price a swap across Robinhood Chain DEXes, with the price impact and the route stated up front.
Plannedtrade_simulateDry-run any transaction against live chain state and report exactly what leaves your wallet — catching approval drains and honeypot sells while walking away is still free.
Plannedtrade_swapExecute the quoted swap. Never auto-fires; the agent prepares it, you sign it.
Plannedtrade_limitResting limit order — fill at your price or not at all.
Plannedtrade_approvalsEvery allowance you have ever granted, ranked by what it could cost you, revocable in one call. Most wallets get drained by a signature from eight months ago.
Plannedtrade_conditionalStanding exits that survive the tab closing: an on-chain intent that settles without you awake and without a centralised bot holding your keys.
ResearchWrite and trade tools do not return a signed transaction. They return an unsigned one, plus the simulation of what it would do, and the UI hands it to your wallet. The agent proposes; you sign.
{
"reply": {
"kind": "deploy",
"token": { "name": "MYTOKEN", "symbol": "MYT", "supply": "1000000000" },
"plan": [
{ "step": "token_deploy", "verifiedSource": true },
{ "step": "token_lp_seed", "liquidityUsd": 4000 },
{ "step": "token_lp_lock", "months": 12 },
{ "step": "token_ownership", "action": "renounce" }
],
"simulation": { "gasUsd": 1.84, "leavesWallet": "4000 USDC + gas" },
"transactions": ["0x02f8...unsigned"],
"requiresSignature": true
},
"source": "live",
"backend": "robinx-engine+robinx-mcp"
}The honest problem with an agent that can spend money is that its worst case is your whole wallet. So the worst case has to be enforced somewhere the agent cannot argue with. These are the limits the write and trade tools ship behind — and the reason they are not live yet.
Read tools run server-side. Write and trade tools compile to an unsigned transaction your wallet signs. There is no custody path, so there is no key to steal from us.
Every state-changing call is dry-run against live chain state first, and the UI shows exactly what leaves your wallet. Approval drains and honeypot sells are caught while walking away is still free.
ROBINX_ALLOWED_TOOLS bounds what the model can reach; ROBINX_MAX_USD_PER_CALLbounds what a paid tool call may cost. Both are enforced server-side, outside the model's reach.
For autonomous execution, a ceiling in the environment is not enough — it has to be a number on-chain that the agent physically cannot exceed. That is a contract we have to write and get audited, and we will not ship autonomous trading until it exists.
Set a Backend URL in Settings and the interface will call your service instead. It has to honour the same contract.
GET /api/healthPOST /api/chatGET /api/auth/session{
"reply": { "kind": "text", "text": "Hello from your backend" },
"source": "live",
"backend": "my-service"
}Bugglo ships a manifest, 192 and 512px icons, an Apple touch icon, a service worker, and an offline fallback page.
localhost in dev./manifest.webmanifest/sw.js/pwa-icon-192.png/pwa-icon-512.png/offlineNever send a private key or seed phrase through chat — no Bugglo feature will ever ask for one, and any prompt that does is an attack. Keep ROBINX_ENGINE_KEY and AUTH_SECRET in the server environment only. Wallet login asks for a message signature and nothing else. If you enable x402 paid tools, fund a dedicated low-balance wallet — never your main one.