Skip to main content

Documentation Index

Fetch the complete documentation index at: https://sage-f6b5014e.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

GET /analyze/:id

Runs live security checks on a proposal’s recipient and token and aggregates every flag. Use latest as the id with ?vaultAddress= to target the most recent in-review proposal. Typically takes 5–15s. 
curl -s -H "Authorization: Bearer $AGENT_SECRET" \
  "https://api.trysage.xyz/analyze/PROPOSAL_ID"

# latest in-review for a vault
curl -s -H "Authorization: Bearer $AGENT_SECRET" \
  "https://api.trysage.xyz/analyze/latest?vaultAddress=VAULT_ADDRESS"

What It Checks

SourceFieldDetail
GoPlus address securityaddressSecurityCybercrime, phishing, sanctions, money laundering, darkweb, mixer, blacklist, fake KYC, malicious contracts
GoPlus token securitytokenSecurityMintable, freezable, closable, mutable metadata, missing DEX liquidity, trust status (native SOL is skipped)
RugcheckrugcheckToken risk score, risks, rating (non-native SPL tokens)
Sage threat intelsageThreatIntelCurated known-incident addresses — label, threat types, linked incident
Behavioral historyrecipientknown, totalTxCount, avgAmount

Response

{
  "proposalId": "…",
  "to": "…",
  "amount": "0.5",
  "token": "SOL",
  "recipient": { "known": false },
  "addressSecurity": { "safe": true, "flags": [], "dataSource": "GoPlus" },
  "tokenSecurity": { "nativeSol": true },
  "rugcheck": null,
  "sageThreatIntel": { "known": false },
  "totalFlags": 1,
  "allFlags": ["Unknown recipient (not in patterns)"],
  "safe": false
}
FieldDescription
allFlagsAggregated list of every red flag found across all sources
totalFlagsCount of allFlags
safetrue only when no flags were raised
Present allFlags prominently. When safe: true and totalFlags: 0, reassure the owner the proposal is clean.