prepare_btc_lifi_swap

Build an unsigned Bitcoin PSBT-v0 that bridges native BTC to a token on another chain via LiFi's aggregator. LiFi auctions the route across intent solvers (NEAR Intents, Garden, Thorswap, Chainflip, Symbiosis, …) and returns a PSBT depositing to the chosen solver's vault address with an OP_RETURN...

Server VaultPilot MCP vaultpilot-mcp
Category Destructive
Risk class Critical
Parameters 75 required

What prepare_btc_lifi_swap does on VaultPilot MCP

AI agents call prepare_btc_lifi_swap to permanently remove resources in VaultPilot MCP — typically in cleanup and lifecycle workflows. It does its job in a single call, and there is no undo.

ParameterTypeRequiredDescription
amount string Yes Decimal BTC string (up to 8 fractional digits, e.g. "0.005"). "max" is NOT supported — bridges commit to an exact deposit amount via the OP_RETURN memo at quote
wallet string Yes Paired Bitcoin source address. Phase 1 source-side scope: native segwit (`bc1q…`) and taproot (`bc1p…`) only. Multi-source consolidation is out of scope here —
toChain string Yes Destination chain. EVM `SupportedChain` (ethereum/arbitrum/polygon/base/optimism) for an EVM bridge, or `"solana"` for native SOL/SPL delivery. TRON is NOT rout
toToken string Yes Destination token. EVM hex when `toChain` is EVM; SPL mint (base58) when `toChain === "solana"`. `"native"` resolves to the chain's conventional native sentinel
toAddress string Yes Destination wallet — REQUIRED. The Bitcoin source address is not a valid recipient on any destination chain. Format must match the destination (Solana base58 fo
slippageBps integer Slippage tolerance in basis points (50 = 0.5%, 100 = 1%). Default ~50. Hard-capped at 500 (5%); above 100 (1%) requires `acknowledgeHighSlippage: true` to opt i
acknowledgeHighSlippage boolean Required when `slippageBps > 100`. Mirrors the `prepare_swap` guard — forces the caller to state that an unusually-high slippage is intentional.

Parameters from the server's own tool schema.

Why prepare_btc_lifi_swap needs a policy

An AI agent that decides to call prepare_btc_lifi_swap doesn't hesitate, doesn't double-check, and doesn't stop at one. Whatever it removes from VaultPilot MCP is gone — there is no undo for destructive operations.

Risk signalsBulk/mass operation — affects multiple targets

Questions about prepare_btc_lifi_swap

What does the prepare_btc_lifi_swap tool do? +

Build an unsigned Bitcoin PSBT-v0 that bridges native BTC to a token on another chain via LiFi's aggregator. LiFi auctions the route across intent solvers (NEAR Intents, Garden, Thorswap, Chainflip, Symbiosis, …) and returns a PSBT depositing to the chosen solver's vault address with an OP_RETURN memo committing to the cross-chain destination. Destinations: every EVM chain (ethereum/arbitrum/polygon/base/optimism) and Solana — TRON has no LiFi route from BTC and is rejected. Source-side scope (Phase 1, mirrors prepare_btc_send): native segwit and taproot only. Returns a 15-min handle the agent forwards to send_transaction; the Ledger BTC app clear-signs every output (vault deposit + OP_RETURN + change-back-to-source + LiFi fee output) on-screen, so there is NO blind-sign hash to pre-match in chat. The verification block surfaces the vault address, OP_RETURN bytes (hex + ASCII prefix), expected and minimum output on the destination, slippage, the chosen solver, and execution duration estimate. Server-side checks before forwarding: every PSBT input belongs to the source address, exactly one OP_RETURN output is present, the deposit output address matches the LiFi-advertised vault, and nonWitnessUtxo is hydrated on every input (Ledger 2.x rejects segwit/taproot inputs without it). It is categorised as a Destructive tool in the VaultPilot MCP MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.

What parameters does prepare_btc_lifi_swap accept? +

prepare_btc_lifi_swap accepts 7 parameters: amount, wallet, toChain, toToken, toAddress, slippageBps, acknowledgeHighSlippage. Required: amount, wallet, toChain, toToken, toAddress. The full parameter table on this page comes from the server's own tool schema.

How do I enforce a policy on prepare_btc_lifi_swap? +

Register the VaultPilot MCP server in PolicyLayer and add a rule for prepare_btc_lifi_swap: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches VaultPilot MCP. Nothing to install.

What risk level is prepare_btc_lifi_swap? +

prepare_btc_lifi_swap is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.

Can I rate-limit prepare_btc_lifi_swap? +

Yes. Add a rate_limit block to the prepare_btc_lifi_swap rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block prepare_btc_lifi_swap completely? +

Set action: deny in the PolicyLayer policy for prepare_btc_lifi_swap. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides prepare_btc_lifi_swap? +

prepare_btc_lifi_swap is provided by the VaultPilot MCP server (vaultpilot-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.