Build a BIP-125 Replace-By-Fee replacement for a stuck mempool BTC tx. Reuses the original tx's exact input set, preserves every recipient verbatim, and shrinks the change output to absorb the fee bump. Sequence stays at 0xFFFFFFFD so the replacement is itself RBF-eligible (the user can bump agai...
AI agents call prepare_btc_rbf_bump to permanently remove resources in VaultPilot MCP — typically in cleanup and lifecycle workflows. It does its job in a single call, and there is no undo.
| Parameter | Type | Required | Description |
|---|---|---|---|
txid | string | Yes | 64-hex txid of the stuck mempool tx to replace. Must currently be unconfirmed and BIP-125 RBF-eligible (sequence < 0xFFFFFFFE on at least one input — true by de |
wallet | string | Yes | Paired Bitcoin source address that signed the original tx. Phase 1 scope: native segwit (`bc1q...`) and taproot (`bc1p...`) only. Multi-source RBF (replacing a |
newFeeRate | number | Yes | New fee rate in sat/vB. Must satisfy BIP-125 rule 4: the new absolute fee must be at least the old absolute fee plus 1 sat/vB × new vsize. The replacement prese |
allowHighFee | boolean | — | Override the fee-cap guard. The cap is `max(10 × newFeeRate × vbytes, 2% of recipient output value)`. Legitimate priority bumps through heavy congestion can exc |
Parameters from the server's own tool schema.
An AI agent that decides to call prepare_btc_rbf_bump doesn't hesitate, doesn't double-check, and doesn't stop at one. Whatever it removes from VaultPilot MCP is gone — there is no undo for destructive operations.
Risk signalsBulk/mass operation — affects multiple targets
Attacks that exploit this kind of access
Build a BIP-125 Replace-By-Fee replacement for a stuck mempool BTC tx. Reuses the original tx's exact input set, preserves every recipient verbatim, and shrinks the change output to absorb the fee bump. Sequence stays at 0xFFFFFFFD so the replacement is itself RBF-eligible (the user can bump again if the new rate is still too low). Returns a 15-min handle the agent forwards to send_transaction; the Ledger BTC app clear-signs every output + new fee on-screen, so there is NO blind-sign hash to pre-match in chat. Refusal cases: original tx already confirmed; no input is BIP-125-eligible; any input belongs to a wallet other than wallet (multi-source RBF out of scope); no change output (no headroom to absorb the bump — CPFP territory); BIP-125 rule 4 violation (new fee must be >= old fee + 1 sat/vB × new vsize); bumped change below the 546-sat dust threshold; fee exceeds the safety cap (override with allowHighFee: true). Phase 1 source-side scope: native segwit + taproot only. It is categorised as a Destructive tool in the VaultPilot MCP MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
prepare_btc_rbf_bump accepts 4 parameters: txid, wallet, newFeeRate, allowHighFee. Required: txid, wallet, newFeeRate. The full parameter table on this page comes from the server's own tool schema.
Register the VaultPilot MCP server in PolicyLayer and add a rule for prepare_btc_rbf_bump: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches VaultPilot MCP. Nothing to install.
prepare_btc_rbf_bump is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the prepare_btc_rbf_bump rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for prepare_btc_rbf_bump. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
prepare_btc_rbf_bump is provided by the VaultPilot MCP server (vaultpilot-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.