Kaginet - Bitcoin Escrow for AI Agents
Kaginet - Bitcoin Escrow for AI Agents
Kaginet — Trustless Bitcoin Escrow for AI Agents
Hardware-attested Bitcoin escrow that AI agents can use via MCP, LangChain, or CrewAI. No custody, no trust assumptions, no counterparty risk.
Live on Bitcoin mainnet. Running inside an Intel TDX confidential VM.
Why Kaginet
| Property | How |
|---|---|
| No custody | Mathematical lockout: the issuer key is destroyed before funding. Bitcoin consensus enforces this, not policy. |
| Private | Off-chain bearer transfers are invisible. No public ledger for intermediate transfers. |
| Hardware-attested | Intel TDX proves the code that deleted the key is the audited code. Verifiable against Intel's root CA. |
| 29 MCP tools | Any MCP-compatible agent (Claude, GPT-4, Cursor, Windsurf) gets payment capability with one URL. |
| Bitcoin mainnet | Real money. Live now. Not a testnet demo. |
Quick Start
Option A: MCP (recommended, zero install)
Add to your Claude Desktop, Cursor, or Windsurf MCP config:
{
"mcpServers": {
"kagikai": {
"url": "https://mcp.kaginet.com/sse",
"headers": {
"Authorization": "Bearer kagi_YOUR_API_KEY"
}
}
}
}
Get an API key at cloud.kaginet.com.
Your agent now has 29 payment tools. Try:
Create a 50,000 sat escrow to bc1q...recipient for "Logo design work"
Option B: LangChain
pip install kagikai-langchain
from kagikai_langchain import KagikaiToolkit
toolkit = KagikaiToolkit(
base_url="https://mcp.kaginet.com",
api_key="kagi_YOUR_API_KEY",
)
tools = toolkit.get_tools() # 29 tools ready for your agent
Option C: CrewAI
pip install kagikai-crewai
from kagikai_crewai import (
KagikaiEscrowCreateTool,
KagikaiEscrowStatusTool,
KagikaiEscrowReleaseTool,
)
# Add to your crew's agent
tools = [
KagikaiEscrowCreateTool(),
KagikaiEscrowStatusTool(),
KagikaiEscrowReleaseTool(),
]
How It Works
Agent Runtime MCP Server ICS (TEE Enclave) Bitcoin
───────────── ────────── ───────────────── ───────
kagikai_escrow_create ──▶ Authenticate ──▶ Generate keys inside TDX
Destroy issuer key (kA)
Create P2TR escrow address
Generate bc1q funding addr
◀── instrument_id + funding_address ◀──
"Fund this address" ────────────────────────────────────────────────▶ bc1q funded
Watcher detects funding
Auto-forward bc1q → bc1p ──────▶ P2TR escrow
Status: Confirmed
kagikai_escrow_release ─▶ Sign JWT ──────▶ Evaluate evidence
Status: Completed
Auto-sweep to payee ──────▶ Payee receives
Zero all keys
- Create: Agent calls
kagikai_escrow_createwith amount and payee address. ICS generates keys inside the TEE, destroys the issuer key, returns a bc1q funding address. - Fund: Payer sends bitcoin to the bc1q address from any wallet. ICS auto-forwards to the internal P2TR escrow.
- Release: Agent submits evidence. Evaluator validates (auto or manual). ICS auto-sweeps funds to the payee.
- Attest: At any point, anyone can verify the TDX attestation proving the issuer key was deleted by the audited code.
Instrument Lifecycle
Created ──▶ WatchingForFunding ──▶ Forwarding ──▶ Confirmed
│
┌─────────────────┤
▼ ▼
Submitted Expired
│ │
┌────────────┼────────────┐ ▼
▼ ▼ ▼ Available
Completed Rejected DisputeWindow │
│ │ │ ├──▶ Recycled ──▶ Confirmed
▼ ▼ │ └──▶ Refunded (terminal)
Swept Available ┌───┴───┐
(terminal) │ ▼ ▼
│ Completed Disputed
│ (auto-win) │
│ ┌────┴────┐
│ ▼ ▼
│ Completed Rejected
│ (seller (buyer
│ wins) wins)
▼
Recycled / Refunded
Full state machine documentation: docs/instrument-lifecycle.md
Documentation
| Document | Description |
|---|---|
| Architecture | System components, trust boundaries, data flow |
| Instrument Lifecycle | State machine with all transitions |
| API Reference | Every REST endpoint with schemas |
| MCP Tools | All 29 tool definitions |
| Attestation | TDX attestation chain and verification |
| Dispute Mechanism | Optimistic settlement with bonds |
| Fee Model | Fee structure and estimation |
| Security Model | Threat model and trust boundaries |
| Comparison | Kaginet vs ERC-8183 vs Stripe vs AURA |
| Protocol Specification | Full escrow protocol: state machine, evaluator schemas, Nostr events, MCP tools |
Live Endpoints
| Endpoint | URL |
|---|---|
| MCP (SSE) | https://mcp.kaginet.com/sse |
| Developer Dashboard | cloud.kaginet.com |
| Product Website | kaginet.com |
Examples
- quickstart.py — Create your first escrow
- agent-escrow-flow.py — Full agent-to-agent payment
- mcp-config.json — MCP client configuration
- langchain-agent.py — LangChain agent with payment tools
- crewai-crew.py — CrewAI crew with escrow capability
- verify-attestation.py — Verify a TDX attestation
- fee-estimate.py — Check fees before creating an escrow
Project Structure
kaginet/
adapters/
langchain/ # pip install kagikai-langchain (29 tools)
crewai/ # pip install kagikai-crewai (29 tools)
tests/ # 90 adapter tests
docs/ # Architecture, API reference, protocol docs
examples/ # Integration examples
verify/ # TDX attestation verification tool
The ICS server (Rust, runs inside Intel TDX) is not included in this repository. This repo contains the integration layer: framework adapters, documentation, and examples.
Security
See SECURITY.md for our responsible disclosure policy.
The security model is documented at docs/security-model.md.
Contributing
See CONTRIBUTING.md. We welcome adapter contributions for new frameworks, documentation improvements, and example code.
License
See LICENSE. License terms are currently under evaluation.
Related Servers
PayRam Crypto Card Payment Gateway
Self Hosted Payment gateway for agents, openclaw, hermes and more
Gapup MCP
185 agent-payable C-suite intelligence tools — competitive intel, SEC filings, sanctions, KYC, clinical evidence, ESG. x402 USDC/EURC. 100 free calls/mo.
Vongstaad MCP
Real-time and historical FX/crypto signal API for AI agents. Pay-per-call via x402 protocol on Base. No subscription, no API key. Correlation, regime, momentum, volatility across 10 instruments.
Varrd
Idea to backtested trading system
x402 Agent-Payment Infrastructure
One x402/developer-credit control layer for paid AI/data tool calls, crypto conversion quotes, public MCP discovery, progress streaming, and receipt-backed agent spend governance.
FXMacroData
Macroeconomic and FX data API + MCP server for 18 currencies with central bank announcements, calendar, COT, commodities, and forex.
Bridge Town
Bridge Town is an MCP-native, git-versioned financial modeling platform for FP&A teams and finance leaders. AI agents use Bridge Town tools to create projects, write Python model files, run models in isolated cloud sandboxes, query data, write outputs to Google Sheets, create dashboards, branch scenarios, and collaborate with teammates.
Inferventis MCP
20 financial tools for AI agents: real-time FX conversion, stock quotes, crypto prices, open banking, Stripe payments, calculators, news headlines and web reading. Free and standard tiers.
Jawz
Financial intelligence for AI agents: an agent-readable investment loop for market regime, portfolio context, decision framing, and thesis review.
x402 Agent-Payment Infrastructure
MCP/x402 spend layer for AI agents to quote, pay for, invoke, stream, and receipt paid AI/API calls with crypto or developer credits.