Treasury Agent
The Treasury Agent operates an organisation’s Bit2Me Exchange account: buys and sells crypto with EUR, withdraws to pre-approved external wallets, and never moves money from the org wallet itself. Caps are EUR-denominated, allow-listed destinations are exact-match, all enforcement is server-side.
Required setup
- Bit2Me connector — create a Bit2Me API key with the Withdraw
scope (Read + Trade are implied). Paste label + key + secret in
/connectors. If Bit2Me requires 2FA on writes, also paste the Google Authenticator seed (TOTP) in the same form. See Bit2Me connector for details. - Optional wallet bind — bind the agent to a Sigil wallet. The
wallet’s address is then implicitly an allowed withdrawal target
under the reserved label
agent_wallet.
Configuration
| Field | Type | Notes |
|---|---|---|
bit2me_connection_id | UUID | The Bit2Me connection to sign requests with. |
allowed_currencies | string[] | Whitelist of crypto symbols (lowercased). Trades go through EUR. |
max_per_tx_eur | string | Per-call cap in EUR. Empty/0 = no cap. |
allowed_outputs | map | Operator-friendly label → {currency, network, address, memo?}. |
Tools
| Tool | Action |
|---|---|
treasury_buy(currency, eur_amount) | Swap EUR pocket → crypto pocket. Auto-creates the destination pocket if missing. |
treasury_sell(currency, amount) | Swap crypto pocket → EUR pocket. Cap is checked against the proforma’s reported EUR proceeds. |
treasury_withdraw(destination_label, amount, [currency, network]) | Send a pocket’s balance to an allow-listed external address. agent_wallet is the reserved label that resolves to the agent’s bound wallet (requires currency + network in that case). |
All write tools run Bit2Me’s two-step proforma → transaction flow
internally. The agent never sees raw IDs — the LLM sees {currency, eur_spent, transaction_id} and the audit log captures the rest.
Caps in practice
allowed_currencies: [usdc, eth]max_per_tx_eur: '500'allowed_outputs: dex_wallet_polygon: currency: usdc network: polygon address: '0x9c1…f81'With this config, the agent can:
- Buy up to 500 EUR worth of USDC or ETH per call (any larger request is refused).
- Sell USDC or ETH up to 500 EUR per call.
- Withdraw USDC on polygon to
0x9c1…f81(labeldex_wallet_polygon). - Withdraw to
agent_walletif a wallet is bound to the agent.
Any other destination, currency or excess amount is refused server-side
with ErrToolNotInvocable. The LLM gets the error and adapts.
TOTP handling
Bit2Me requires a 6-digit TOTP on crypto withdrawals even with the
Withdraw API scope. Paste the Google Authenticator seed once when
configuring the connector; Sigil generates the code per RFC 6238 on
every non-GET request and attaches X-TOTP and x-totp-type: gauth
headers automatically. Operators can preview the current code in the
portal during setup.
See Bit2Me connector — TOTP for the seed storage and rotation flow.