Aegis Wallet

Inspiration

AI agents are getting smarter every day but have zero ability to transact with real money safely. Giving an AI your wallet keys is terrifying — it's either full access or nothing. There's no standard for giving an agent a spending budget it literally cannot exceed. Lightning macaroons and MCP gave us the primitives to solve this: cryptographic capability-based access control for AI agents, enforced at the protocol level.

What It Does

Aegis is a Bitcoin wallet where Claude is your AI financial agent. Claude connects to your Lightning wallet via MCP and gets real spending tools — but with a macaroon-enforced budget ceiling it cannot bypass. Within your set threshold, Claude autonomously pays Lightning invoices. Over threshold, it escalates to your biometric approval. Budget exhausted, it requests a top-up. The enforcement isn't software we wrote — it's LND's RPC middleware rejecting the call before it even attempts to route. The macaroon is the leash.

How We Built It

Lightning: LND + litd in Docker — litd's account system creates virtual balance ledgers with scoped macaroons enforced at the RPC middleware layer.
MCP Server: Node.js (@modelcontextprotocol/sdk) exposing 7 wallet tools — pay_invoice, get_balance, get_budget_status, request_approval, request_topup, create_invoice, list_payments. The macaroon never leaves the server. Claude IS the agent — no custom runtime.
Backend: Node.js + Express — REST API + WebSocket for real-time approval flow between Claude and the user.
Frontend: Next.js + Tailwind — agent dashboard, budget controls, live activity feed, biometric approval modals.
Network: Bitcoin mainnet with real sats.

Challenges We Ran Into

Budget enforcement at the protocol level — Making LND's RPC middleware reliably reject payments before they even attempt routing required deep understanding of litd's account system and macaroon scoping.
No custom agent runtime — Wiring Claude directly via MCP instead of building a bot meant we had to design tools that give Claude enough context to make good decisions while keeping the attack surface minimal.
Real-time approval flow — Connecting Claude's request_approval tool call to a WebSocket push to the user's browser for biometric confirmation, then piping the result back, all within a reasonable timeout.
Macaroon scoping — Getting the permissions right so Claude can pay and receive but cannot see node topology, bake new macaroons, or access on-chain funds.

Accomplishments We're Proud Of

Cryptographic budget enforcement. Claude's spending limit isn't a software check — it's enforced by LND's RPC middleware via macaroons. Claude literally cannot overspend.
Claude is the agent. No custom bot, no scripted flows. Claude reasons about payments, checks its budget, and escalates when needed — all through standard MCP tools.
Real mainnet sats. This isn't a testnet demo. Real Bitcoin, real Lightning invoices, real L402 payments.
Human-in-the-loop that doesn't suck. Over-threshold payments trigger a biometric prompt on your phone — not a form, not an email. One tap to approve.

What We Learned

Lightning macaroons are an underappreciated primitive for AI agent authorization — they give you cryptographic capability-based access control out of the box.
MCP is a powerful abstraction for agent tooling — by exposing wallet operations as MCP tools, we got Claude integration without writing a single line of agent orchestration code.
The hardest part of agentic finance isn't the payments — it's the escalation UX. Making the human-in-the-loop feel seamless is what makes it trustworthy.
L402 (HTTP 402 + Lightning) is the natural payment protocol for agents — Claude can handle the full pay-for-access flow autonomously.

What's Next for Aegis Wallet

Agent delegation — Claude attenuates its own macaroon to create sub-agents with even tighter budgets.
Multi-agent commerce — Buyer and seller agents transacting autonomously via L402.
Recurring budgets — Auto-refilling daily/weekly spending caps without manual top-ups.
Self-custodial L2 — Users run their own LND node, point MCP there, fully sovereign.
Mobile app — React Native + Expo with native biometrics.

Built With

bitcoin
claude
docker
express.js
l402
lightning-network
litd
lnd
mcp-(model-context-protocol)
next.js
node.js
react
sqlite
tailwind-css
webauthn
websocket

Submitted to

MIT Bitcoin Hackathon: Freedom for All
- Winner Community Prize

Created by

I worked on the MCP layer of the project. My contribution was creating the interface between Claude and the wallet system, so the AI could interact with the app through structured tools instead of having direct unrestricted access. This let us control what Claude could do, like checking balances, making payments, and requesting user approval, while keeping the system secure.

Luis Méndez Reyes
Pratyaksh Chandra
Praneeth G

Updates

Pratyaksh Chandra started this project — Apr 12, 2026 06:22 AM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.