A pre-trade firewall for autonomous crypto agents (pay-per-call, no API key)

Most trading agents buy a token without checking whether it can be sold. RugGuard is one HTTP call you put between the model output and the router.

POST https://rugguard.redfleet.fr/v1/pretrade/check
{ "chain": "base",
  "contract": "0x4ed4...Efed",
  "intended_trade_usd": 100,
  "policy": "balanced" }

{ "policy_recommendation": "caution",
  "risk_score": 62,
  "verdict": "medium_risk",
  "max_suggested_exposure_usd": 20.0,
  "reason": [
    {"code": "OWNER_NOT_RENOUNCED", "severity": "high"},
    {"code": "TOP10_CONCENTRATION_HIGH", "severity": "high"} ],
  "scan_id": "pre_01HXKRC5...",
  "signature": "fEH4...",
  "key_fingerprint": "a0c71156d8747078" }

The contract is block | caution | allow. Response is Ed25519-signed so an auditor can later prove the agent saw the warning before trading.

Payment

No API key, no account. The wallet that pays is the identity. First call gets 402, client signs an EIP-3009 transfer for the exact price, second call settles on Base, response comes back. $0.01 quick scan, $0.05 deep scan, $0.01 pretrade. Whole round trip is sub-second on cache, under 5s cold.

Integration

# pip install rugguard-langgraph-agent
graph.add_node("pretrade", make_pretrade_check_node(
    private_key_hex=os.environ["X402_PRIVATE_KEY"],
    policy="balanced"))
graph.add_conditional_edges("pretrade", lambda s: s["decision"], {
    "allow": "execute_buy", "caution": "execute_buy",
    "block": "skip",        "error":   "skip" })

Same kit exists for Pydantic AI (rugguard-pydantic-ai-agent), Claude Desktop / Cursor over MCP (rugguard-mcp), and an educational Base sniper (rugguard-sniper-bot-example).

What's actually checked

14 deterministic heuristics on Base, 5 on Solana SPL. Owner renounced, LP locked, top-holder concentration, mint/freeze authority, GoPlus honeypot, RPC simulation, source verified, deployer rug history, bytecode MinHash against known rugs. No LLM in the hot path.

Per-heuristic recall is published live at /v1/metrics. Today's numbers (2026-05-17):

forward_sampler: { rugged: 843, pending: 2837 }
rug_census:      { rugged:  43 }

Base heuristic recall (rug_census):
  LP_NOT_LOCKED              100.0%
  LP_INSUFFICIENT_LIQUIDITY   83.3%
  MINT_AUTHORITY_ACTIVE        7.7%
  HONEYPOT_TAX_HIGH            0.0%

The 0% on HONEYPOT_* is a measurement bias I keep public: by the time a token is confirmed rugged, the contract is already drained and the honeypot signal is gone. The forward sampler runs T+0 / T+7 / T+14 / T+30 to catch it earlier. Long writeup at /validation.html.

Disclaimers

Not an audit. Not financial advice. Best-effort analytics, T&C cap liability at the cost of the call.

Links

• API: https://rugguard.redfleet.fr/openapi.json
• Pubkey: https://rugguard.redfleet.fr/v1/pubkey
• MCP package: https://pypi.org/project/rugguard-mcp/
• LangGraph: https://github.com/dbe006/rugguard-langgraph-agent
• Pydantic AI: https://github.com/dbe006/rugguard-pydantic-ai-agent
• Sniper example: https://github.com/dbe006/rugguard-sniper-bot-example
• Verifier CLI: https://pypi.org/project/rugguard-verify/

Plug it in, tell me what breaks.