prepare_btc_multisig_send

Initiator flow — build a tx FROM a registered multi-sig wallet, sign it with our Ledger key in the same call, return the partial PSBT for cosigners to sign. Pipeline: (1) fetch UTXOs across the wallet's gap-limit window, (2) coin-select with a multi-sig-aware vbyte estimator (P2WSH sortedmulti(M,...

Server VaultPilot MCP vaultpilot-mcp
Category Write
Risk class Medium
Parameters 53 required

What prepare_btc_multisig_send does on VaultPilot MCP

AI agents use prepare_btc_multisig_send to create or update resources in VaultPilot MCP — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your VaultPilot MCP environment.

ParameterTypeRequiredDescription
to string Yes Recipient address. Any of the four mainnet types is accepted as a destination.
amount string Yes Decimal BTC string (up to 8 fractional digits, e.g. "0.001") or "max" to sweep every UTXO across the wallet's gap-limit window. "max" picks the fee-aware amount
walletName string Yes Name of a registered multi-sig wallet (matches `register_btc_multisig_wallet`).
allowHighFee boolean Override the fee-cap guard. The cap is `max(10 × feeRate × vbytes, 2% of recipient value)` and uses the multi-sig vsize estimator.
feeRateSatPerVb number Fee rate in sat/vB. Optional — defaults to mempool.space's `halfHourFee` (~3-block target). Multi-sig txs are inherently larger than P2WPKH, so the absolute fee

Parameters from the server's own tool schema.

Why prepare_btc_multisig_send needs a policy

An AI agent can call prepare_btc_multisig_send faster than any human can review — one bad instruction and it creates or modifies resources in VaultPilot MCP by the hundred, each call as confident as the last.

Risk signalsBulk/mass operation — affects multiple targets

Questions about prepare_btc_multisig_send

What does the prepare_btc_multisig_send tool do? +

Initiator flow — build a tx FROM a registered multi-sig wallet, sign it with our Ledger key in the same call, return the partial PSBT for cosigners to sign. Pipeline: (1) fetch UTXOs across the wallet's gap-limit window, (2) coin-select with a multi-sig-aware vbyte estimator (P2WSH sortedmulti(M,...,N) inputs are ~2-4× P2WPKH), (3) resolve a fresh chain=1 change address (lowest unused index), (4) build PSBT v0 with witnessUtxo + nonWitnessUtxo (Ledger app 2.x requirement) + witnessScript + bip32_derivation for ALL cosigners, (5) sign with our Ledger via the existing co-signer flow (the device walks every output address + amount on-screen), (6) splice our signature into the PSBT, return the partial PSBT. We do NOT finalize or broadcast — the caller gathers remaining signatures externally, then runs combine_btc_psbts + finalize_btc_psbt. The fee-cap guard scales to multi-sig sizes automatically. Phase 3 supports wsh (P2WSH) wallets only; taproot lands in a follow-up PR. It is categorised as a Write tool in the VaultPilot MCP MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.

What parameters does prepare_btc_multisig_send accept? +

prepare_btc_multisig_send accepts 5 parameters: to, amount, walletName, allowHighFee, feeRateSatPerVb. Required: to, amount, walletName. The full parameter table on this page comes from the server's own tool schema.

How do I enforce a policy on prepare_btc_multisig_send? +

Register the VaultPilot MCP server in PolicyLayer and add a rule for prepare_btc_multisig_send: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches VaultPilot MCP. Nothing to install.

What risk level is prepare_btc_multisig_send? +

prepare_btc_multisig_send is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.

Can I rate-limit prepare_btc_multisig_send? +

Yes. Add a rate_limit block to the prepare_btc_multisig_send rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block prepare_btc_multisig_send completely? +

Set action: deny in the PolicyLayer policy for prepare_btc_multisig_send. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides prepare_btc_multisig_send? +

prepare_btc_multisig_send is provided by the VaultPilot MCP server (vaultpilot-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.