Our great sponsors
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Just my $0.02, but as someone who made a living for a while poker botting before the Black Friday banking changes, I can't help but feel like you are approaching this in a bizarrely complex manner.
I guess I don't get why it is important to filter 'real' players for starters, and I definitely don't get why you'd land on just running uploaded Python code... the entire approach seems so needlessly convoluted.
I also don't understand why you are so worried about the cat and mouse game with the 'big sites' if you are just using play money. I haven't followed developments here in years, but back when I was earning a living it was enough to just run a screen scraper on your machine, that then passed of table state data to a seperate device (which is running the actual bot logic / storing player hand history databases, etc.) -- and even that wasn't strictly necessary unless you really raised some red flags.
Maybe take a look at some of the open source botting platforms like OpenHoldem, and use that as inspiration to re-evaluate your approach?
https://github.com/OpenHoldem/openholdembot/releases
This just seems like such an unsafe and half-cocked approach -- even if you got this python bot site up, I can tell you as a former pro poker botter that I would never ever have considered uploading my bot to your site, aside from your code execution concerns. You'd then see all my logic, and that's the biggest leak a poker botter could have.
Even if you pull this off, no one doing serious work on their bot logic is going to trust you with it -- for you it may be an intellectual exercise, but for that community it's a lucrative job where the only thing that makes you stand above the rest is a dynamic strategy that you are going to protect just as tightly as the key to a bitcoin wallet. The only submissions you will get are toy bots that have no chance of being competitive anyway... which kind of defeats the purpose of 'bots only' I think.
I don't mean to be discouraging, but as someone who made a living doing this for a few years I can say without a doubt no one who has put even a moderate amount of work tuning their bot is going to upload it for you to be able to rip the logic off.
If nothing else, you should be re-evaluating this in a manner where the only data exchanged between you and the client is the table state as it changes, as well as an API for submitting their action on their turn. Otherwise this is dead on arrival.
You could use a short response timeout (<1s) to make it impractical for human players to participate - for instance, that's what Battlesnake does (https://play.battlesnake.com/). Players provide an endpoint that follows the required API and their code never leaves their machines.