vaultpilot-mcp

register_btc_multisig_wallet

Idempotent

Register a multi-sig Bitcoin wallet policy on your Ledger by specifying cosigners, threshold, and name. Validates every xpub and requires device confirmation to anchor the policy.

Instructions

One-time registration of a multi-sig Bitcoin wallet policy with the Ledger BTC app (BIP-388 wallet policies). REQUIREMENTS: Ledger plugged in over USB, device unlocked, the 'Bitcoin' app open on-screen. Constructs a wsh(sortedmulti(M,@0/**,@1/**,...)) descriptor from the supplied cosigners, verifies the connected Ledger's master fingerprint matches exactly one cosigner slot, calls Ledger's registerWallet (the device walks every cosigner xpub fingerprint on-screen for verification — the user MUST confirm each fingerprint matches what they expect, since this is the moment that anchors the policy), and persists the descriptor + 32-byte HMAC. The HMAC is reused on every subsequent sign_btc_multisig_psbt call so the user only walks the descriptor approval flow once per setup. Phase 2 scope: P2WSH (wsh) only. Hard-validates every cosigner xpub via @scure/bip32 round-trip — typos that would silently register a wallet we can never sign with are refused up-front.

Input Schema

TableJSON Schema

Name	Required	Description
`name`	Yes	User-chosen label for the multi-sig setup, e.g. "Family vault". Must be printable ASCII, ≤ 16 bytes (Ledger BTC app caps wallet-policy names at 16 bytes). Surfaces on-device during the registration approval flow and is the lookup key for `sign_btc_multisig_psbt`. Must be unique within the registered wallet set.
`threshold`	Yes	M in M-of-N. Must be ≥ 1 and ≤ cosigner count. Phase 2 hard-caps at 15 (the Ledger BTC app's wallet-policy limit).
`cosigners`	Yes	Cosigner slots in the order they should appear in the descriptor's `@N` slots. Slot order is part of the descriptor identity — every cosigner must agree on the same ordering or they'll register different wallets. Exactly one entry's fingerprint+xpub must match the connected Ledger; the device flags it `isOurs` and uses it for signing. Phase 2 requires ≥ 2 cosigners (1-of-1 is single-sig).
`scriptType`	Yes	Script type for the multi-sig wrapper. Phase 2 supports "wsh" only (P2WSH native segwit, `bc1q...`-style addresses). Taproot multi-sig and P2SH-wrapped multi-sig are deferred.

Tool Definition Quality

B3.4/5.0

Behavior1/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

The description says 'One-time registration' implying the operation is not idempotent, but annotations set idempotentHint=true. This is a direct contradiction. Additionally, the description otherwise provides detailed behavioral context (device interaction, xpub validation, HMAC persistence).

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is compact for the complexity, with requirements stated upfront and process steps logically ordered. Every sentence adds value, though it could be slightly more streamlined by moving constraints into separate sentences.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Covers prerequisites, process, constraints, and hardware interaction thoroughly. Missing description of the return value or success indicator, which is a gap given no output schema. Does not mention error scenarios (e.g., device mismatch).

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% with good descriptions. The tool description adds high-level context (e.g., naming byte limit, cosigner ordering importance) but does not provide per-parameter details beyond what the schema already offers. Baseline 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description specifies the verb 'register', the resource 'multi-sig Bitcoin wallet policy', and the context 'with Ledger BTC app (BIP-388)'. It clearly distinguishes from sibling tools like sign_btc_multisig_psbt by stating it is a one-time setup that persists an HMAC for signing.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly lists hardware requirements (Ledger plugged in, device unlocked, Bitcoin app open) and explains the registration precedes signing. However, it does not explicitly state when not to use this tool, and the 'one-time' phrasing conflicts with the idempotentHint annotation, leaving ambiguity about re-calling.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/szhygulin/vaultpilot-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server