Non-custodial wallets, real-time mempool data, policy guardrails, Lightning tooling, and L402 auto-pay HTTP clients. Python-first. Agent-ready.
from bitpilot.lightning import (
LightningWallet, L402Client
)
ln = LightningWallet.from_lnd(
macaroon_path="~/.lnd/.../admin.macaroon",
tls_cert_path="~/.lnd/tls.cert",
host="localhost:10009",
)
async with L402Client(ln) as client:
response = await client.get(
"https://api.example.com/data"
)
response.raise_for_status()bitpilot Watcher feeds live Bitcoin network data to your agents and applications.
Every component is designed for autonomy, composability, and developer experience.
HD wallet operations (BIP32/39/44), UTXO management, transaction construction and signing. Non-custodial by design — keys never leave your machine.
→ wallet.get_balance()
→ wallet.propose_payment(...)
→ wallet.approve_proposal(id)
Real-time mempool monitoring, fee estimation, anomaly detection, and confirmation-time predictions. Pluggable backends — mempool.space or your own node.
→ watcher.estimate_fee(target_blocks=3)
→ watcher.explain_mempool()
→ watcher.detect_anomalies()
First-class integrations for LangChain, OpenAI Agents SDK, and MCP. Agents can read state and propose payments while approval/rejection remain human-controlled.
→ make_openai_tools(wallet, watcher)
→ make_langchain_tools(wallet, watcher)
→ make_mcp_tools(wallet, watcher)
Configurable spend limits, address whitelists, and approval flows. Every transaction is evaluated: ALLOW, REQUIRE_APPROVAL, or DENY. Both agents and humans follow the same rules.
→ Policy(max_per_tx_sats=100_000)
→ policy.check(proposal)
→ # → PolicyDecision.ALLOW
Pay-per-request APIs for agents, with Lightning settlement and policy-controlled spending.
Append-only JSONL ledger at ~/.bitpilot/audit.jsonl. Every proposal, approval, rejection, and broadcast with agent_id, timestamps, and sat amounts.
→ AuditLedger()
→ ledger.log_proposal(...)
→ bitpilot audit --last 20
Rate-limits proposals to protect against runaway agents or prompt injection. Auto-trips and blocks all spending until cooldown expires.
→ CircuitBreakerRule(max_proposals_per_minute=3)
→ breaker.is_tripped
→ bitpilot status
When an API responds with HTTP 402 plus an invoice challenge, `L402Client` pays it with your Lightning wallet and retries automatically.
→ client = L402Client(lightning_wallet)
→ await client.get("https://api/...")
→ auto pay + retry on 402
BIP-44 account-level isolation. Each agent gets its own keyspace, addresses, and policy. research_bot at 5k/day, payment_bot at 500k.
→ wallet.create_agent_subwallet("bot_a", policy)
→ sub.propose_payment(...)
Export proposals as Partially Signed Bitcoin Transactions. Agent A proposes → CFO agent reviews → hardware wallet finalizes.
→ wallet.export_psbt(proposal_id)
→ wallet.import_and_finalize_psbt(psbt)
Natural language descriptions for LLMs and human reviewers. Amount, fee, fiat conversion, confirmation estimate, and policy verdict in one call.
→ wallet.explain_proposal(id, btc_price_usd=65000)
→ "Send 75,000 sats (~$47.25)..."
Agents move quickly inside explicit policy boundaries. Human control remains available where it matters.
Keys are generated and stored locally. Encrypted at rest with AES-256-GCM. Never transmitted over any network.
Agents can read state, propose payments, and pay L402 invoices for API access. High-risk send approval remains policy and/or human gated.
No JavaScript supply chain for crypto operations. Cryptographic primitives from audited Rust libraries (BDK) via Python FFI.
Per-transaction caps, daily spending limits, address whitelists, and configurable fee ceilings. The most restrictive rule wins — for agents and humans alike.
We don't roll our own crypto. Transaction signing, key derivation, and script evaluation are delegated to BDK — battle-tested Rust Bitcoin libraries.
MIT licensed. Every line of code is auditable. Security issues? Report them privately — see SECURITY.md.
| bitpilot | BDK (Rust) | Coinbase AgentKit | bitcoinjs-lib | |
|---|---|---|---|---|
| Language | Python-first | Rust | Python/JS | JavaScript |
| Chain focus | Bitcoin L1 + L2 | Bitcoin L1 | EVM/Solana | Bitcoin L1 |
| Agent-ready | ✓ | × | ✓ | × |
| Agent auto-spend | Policy-gated | × | MPC-based | × |
| Mempool data | ✓ | × | × | × |
| Audit trail | ✓ | × | × | × |
| Circuit breaker | ✓ | × | × | × |
| Lightning (L2) | ✓ | × | × | × |
| PSBT co-signing | ✓ | ✓ | × | ✓ |
| Supply chain | Zero npm | Rust-native | Mixed | npm |
# Core SDK
pip install bitpilot
# With agent frameworks
pip install bitpilot[agent]
# With L402 auto-pay client
pip install bitpilot[l402]from bitpilot import Wallet
wallet, mnemonic = Wallet.create(
network="testnet"
)
# Store mnemonic securely!
print(wallet.get_balance())from bitpilot import Watcher
watcher = Watcher.from_default_providers()
fee = await watcher.estimate_fee(
target_blocks=3
)
print(f"Fee: {fee.sat_per_vb} sat/vB")from bitpilot.lightning import (
LightningWallet, L402Client
)
ln = LightningWallet.from_lnd(...)
client = L402Client(ln)
response = await client.get(
"https://api.example.com/data"
)Everything you need to build Bitcoin-native agents, from wallet policy controls to L402 pay-per-request API access.
$ bitpilot init-wallet # Generate HD wallet
$ bitpilot balance # Show balance
$ bitpilot fees # Fee estimates
$ bitpilot propose --to tb1q... --amount-sats 50000
$ bitpilot approve --proposal-id <id>
$ bitpilot audit --last 20 # View audit trail
$ bitpilot status # Circuit breaker state
$ bitpilot report --since 30d --format csvWallet.create(network="testnet")
Create a new HD wallet with fresh mnemonic
wallet.get_balance()
Returns Balance with confirmed, unconfirmed, total sats
wallet.propose_payment(to, amount, fee_rate)
Create a payment proposal (policy-checked)
wallet.approve_proposal(id)
Sign, build, and broadcast → returns txid
wallet.explain_proposal(id, btc_price_usd)
Natural language description for LLMs
wallet.export_psbt(id)
Export as PSBT for multi-agent co-signing
wallet.create_agent_subwallet(id, policy)
BIP-44 isolated wallet per agent
wallet.spend_report(btc_price_usd)
Generate spend report with fiat values
Policy(max_per_tx_sats, max_per_day_sats)
Configurable spend limits
CircuitBreakerRule(max_proposals_per_minute=3)
Rate-limit proposals, auto-trip on burst
AddressWhitelistRule(["bc1q..."])
Only allow payments to approved addresses
FeeRateLimitRule(max_fee_rate_sat_vb=500)
Prevent fee drain attacks
breaker.is_tripped / breaker.reset()
Query and reset circuit breaker state
AuditLedger(path="~/.bitpilot/audit.jsonl")
Append-only JSONL event ledger
ledger.log_proposal(id, to, sats, agent_id)
Log proposal creation
ledger.tail(20) / ledger.filter_by_agent(id)
Query recent events, filter by agent
ledger.summary()
Total entries, sats moved, active agents
LightningWallet.from_lnd(macaroon, tls, host)
Connect to LND node
await ln.create_invoice(amount_sats=1000)
Create BOLT-11 invoice to receive
await ln.pay_invoice(bolt11="lnbc...")
Pay a Lightning invoice
await ln.get_balance()
Local/remote balance across channels
L402Client(lightning_wallet)
HTTP client with automatic 402 invoice payment + retry
await client.get("https://api/...")
Pay invoice challenge and continue the request in one call
make_openai_tools(wallet, estimator)
Read + propose toolset (approval/rejection not exposed to agents)
make_langchain_tools(wallet, estimator)
LangChain StructuredTools with type-safe inputs
make_mcp_tools(wallet, estimator)
MCP protocol tools for Claude, etc.
Watcher.from_default_providers()
Mempool.space + your own node
await watcher.estimate_fee(target_blocks=3)
Fee estimation with confidence
await watcher.explain_mempool()
LLM-friendly mempool summary
await watcher.detect_anomalies()
Fee spikes, congestion alerts
Five minutes from pip install to your first autonomous L402 API payment.
View on GitHub