Nunchuk open-sources Bitcoin tooling for AI agents with multisig guardrails and spending caps

AI is creeping into payments, but handing an autonomous agent a wallet key is a fast path to loss. Nunchuk’s new open-source release tackles that head-on by giving agents capability without carte blanche.

What shipped - Two MIT-licensed repositories: Nunchuk CLI and Agent Skills for Nunchuk CLI. - The CLI lets AI agents work with shared Bitcoin wallets while users keep their private keys. - Agent Skills exposes tasks—wallet setup and creation, participant invitations, policy configuration, and transactions—to AI models.

The architecture Nunchuk relies on multisignature wallets, so multiple keys must approve a transaction. Policies set real constraints: per-transaction or time-bound limits, explicit approval steps, and optional delays. If an action crosses a configured threshold, a human signature is required. Crucially, receiving Bitcoin is isolated from spending authority: deposits do not expand what the agent can move. That separation is deliberate.

Hugo Nguyen, Nunchuk’s founder and CEO, argues that common choices—giving an agent its own wallet or granting delegated signing—create a single point of failure. Once configured, an error, compromise, or poor decision can drain funds without friction. Here, the agent operates within “bounded authority”; beyond that, people sign.

Why this design matters The hard problem is not “can an agent send a transaction,” it’s “how much discretion should it have at any given moment.” Nunchuk’s model treats authority like a budget you must consciously allocate and periodically re-approve. By decoupling funding from authorization, teams avoid a subtle trap: every successful workflow tends to attract more inflows, and without explicit caps, the blast radius of a bad action quietly grows.

From a risk perspective, multisig with policy gates right-sizes autonomy. Developers get automation for routine flows—recurring payouts, fee management, invoice settlement—while preserving a backstop for anything atypical. Operationally, this mirrors corporate card programs and treasury controls: small, reversible actions run on rails; large or unusual ones demand human intent.

Where it helps first Nguyen says the target users are builders fusing AI automation with financial capability who are uncomfortable placing real crypto in an unconstrained wallet. That tracks with what many teams feel today: they want agents to be useful with money, but within explicit guardrails. A CLI plus model-facing skills offers a clean seam between agent logic and custody policy, which should accelerate integrations.

Trade-offs worth noting No framework removes judgment. Misconfigured limits, poor approval hygiene, or weak participant practices can still create openings. Friction remains by design—delays and approvals slow urgent actions—so product teams will have to tune policies to their risk budget. And while policy controls reduce damage from a compromised agent, they don’t remove the need to monitor sub-threshold behavior.

Context on Nunchuk Launched in 2020, Nunchuk built an open-source mobile Bitcoin wallet around multisig to improve self-custody and inheritance planning—storing Bitcoin with multiple keys rather than a single private key. Today’s software extends that ethos to AI: keep keys with humans, let agents do the busywork, and bind spend to rules you can verify.

If AI is going to touch real Bitcoin, this kind of separation of duties—multisig plus policy-based limits and explicit approvals—will likely become the default pattern. It gives agents real capability without assuming they will always be right.