TZURTZURBack to TZUR for Agents

TZUR for Agents · Legal

Frequently Asked Questions

What is TZUR for Agents?

It is a Bitcoin-only, non-custodial Windows desktop application that you run on your own computer and that AI agents can operate on your behalf, under permissions you define. The principle is simple: agents operate, you authorize. It reuses the audited TZURCore Bitcoin engine; it never reimplements the cryptography.

What is the "operational wallet"?

TZUR for Agents holds a separate "operational" wallet that you fund yourself from your own funds. It is deliberately isolated from any other wallet you keep. The idea is that you give your agents access only to this operational wallet, with whatever balance you choose to put in it, so the rest of your Bitcoin is never exposed to an agent at all. You stay in control of how much it holds and when it gets topped up.

Is it custodial? Does anyone hold my Bitcoin?

No. It is fully non-custodial. Your keys are generated and stored locally on your computer. Blocksight OÜ has no access to your keys and cannot move, freeze, or recover your funds.

Can an agent see my seed phrase or private keys?

No. There is no agent capability that returns key material - that capability simply does not exist in the agent interface. Agents reach the wallet only through a scoped local interface; signing happens only inside the wallet core. The recovery phrase is shown only to you, behind a Windows Hello gesture and screen-capture protection.

Can a hacked or confused agent steal my Bitcoin?

Honest answer: an agent cannot move your funds without your authorization or outside the policy you set - but it can still *propose* a payment, and a compromised or mistaken agent might propose a bad one.

Here is what that means in practice. The controls in TZUR stop an agent from sending funds without your approval or beyond the limits you defined. They do not, and cannot, stop a misbehaving agent from *asking* to send a payment. So when you approve, do not trust the agent's words. Verify the payment details that the wallet itself renders on screen - the recipient address and the amount - before you approve. Your approval is bound to those exact parameters with a single-use token; if anything about the payment changes after you approve, it is rejected. Default-deny is the rule: an agent is limited to the scopes you grant and cannot name an action it was not given.

Can an agent spend my Bitcoin on its own? What does "autonomous" spending mean, and what are its limits?

Only if you let it, and only within tight limits. Spending is off by default - it is controlled by a master switch that resets to OFF every time the app restarts, so autonomy is never the default state.

When you do turn spending on, an agent can broadcast a payment in one of two ways:

  • Per-payment approval. You approve that specific payment with a present-user Windows Hello gesture. The approval produces a single-use token bound to the payment's parameters; any post-approval change is rejected.
  • Within an allowance you explicitly enabled. "Autonomous" spending means a payment can go through without a fresh gesture *only* if it fits inside an envelope you defined: a per-transaction cap, a daily cap, a recipient allowlist, and an approval threshold. Anything outside that envelope falls back to your approval.

The daily-spend ledger persists across restarts, so the daily cap cannot be reset simply by relaunching the app. "Autonomous" here never means unlimited - it means "within the box you drew."

How do agents connect to the wallet?

Over a local Model Context Protocol (MCP) server bound to your own machine on loopback (127.0.0.1). Each agent authenticates with a per-agent bearer token read from the transport. The server does not accept connections from the public internet, and no agent instructions, drafts, approvals, or audit records are sent to Blocksight.

I connect my own AI agent - whose terms apply?

You bring your own AI agent or MCP client - for example Claude Desktop, Claude Code, or any other MCP client - and connect it to TZUR. Blocksight does not provide, control, endorse, or take responsibility for that third-party AI. When you use it, you do so under that provider's own terms, privacy policy, and availability, and you accept them. You are responsible for what you instruct and authorize through that agent, and for protecting the bearer token you issue to it. TZUR's job is to enforce *your* permissions and approvals at the wallet boundary, whatever agent you plug in.

What is the agent token and how do I protect it?

The agent token (a per-agent bearer token) is the credential an agent presents to authenticate to your local MCP server. Think of it like a key to a specific door: it lets that agent reach the wallet over loopback, but only within the scopes you granted - it never unlocks key material or spending beyond your policy.

To protect it: issue a separate token per agent so you can identify and revoke them individually; never paste it into untrusted tools, logs, chats, or shared files; keep it on the machine you control; and revoke it immediately if an agent is decommissioned or you suspect it leaked. Revoking access is instant. The token is yours to safeguard - treat it as sensitive.

Can an agent trade on an exchange?

Exchange features are optional and gated, and they are not active until you configure a third-party exchange yourself. Until then, no trading is possible.

When you do enable it, you transact with that third-party exchange under *its* terms, and TZUR is not a party to the trade. TZUR is not a broker, exchange, money-services business, or custodian. Your exchange API credentials are sealed inside the app and are never reachable by an agent. And every order still requires the same owner approval as any other fund-moving action - an agent cannot trade on its own outside your policy.

What can I see and control?

You watch every agent action live in the supervision cockpit, and a tamper-evident audit log records each one. You set each agent's permissions, spending limits, and the wallet it operates, and you can revoke any agent's access immediately. Agents cannot disable or edit the audit log.

How does the audit log work?

It is an append-only, hash-chained, tamper-evident log kept locally on your device and sealed at rest with Windows DPAPI, and you can view it live. Hash-chaining means any alteration to an earlier entry breaks the chain and is detectable. It is not stored off your device and it is not immutable in an absolute sense - a factory reset of the app clears it.

What can the wallet do?

Send and receive Bitcoin, generate addresses, create payment requests, monitor payments, estimate fees, prepare and (with your authorization) broadcast payments, and explain transactions using public chain data from BlockSight. It does not do lending, staking, yield, money transmission, or financial, investment, or tax advice. Optional exchange features are gated and require your own third-party exchange configuration.

Which Bitcoin standards does it use?

BIP-39 (12-word seed), BIP-32 (HD derivation), and BIP-84 (Native SegWit / bech32, path m/84'/0'/0'). Randomness comes from the operating system CSPRNG (BCryptGenRandom). Same seed, same addresses, always.

Are my balances real-time and guaranteed?

No. Balances are read from Electrum servers, which TZUR treats as untrusted data providers only - it verifies their responses over TLS and with Merkle proofs, and signing and broadcast always happen locally. Electrum sync can lag or fail, so balances are not guaranteed to be real-time. Public chain data is supplied by BlockSight.

How is the wallet secured on my device?

Idle auto-lock; a PIN hardened with PBKDF2-HMAC-SHA256 at 600,000 iterations; Windows Hello unlock; screen-capture protection on the recovery phrase; and DPAPI (with optional TPM) sealing of sensitive data at rest.

What if I lose my computer?

Your wallet can be restored from your 12-word recovery phrase in any BIP-39 compatible wallet. Back it up offline and keep it safe. If you lose both your computer and your recovery phrase, no one - including Blocksight OÜ - can recover your Bitcoin.

Is my Bitcoin insured?

No. Non-custodial means you hold your own Bitcoin; it is not covered by any deposit-protection scheme. Your security is your recovery phrase and your device.

How much does it cost?

A one-time licence is USD $119 for a single computer, sold at https://tzur.live with payment processed by Stripe, Inc.

How do I report a security issue or get support?

For security and privacy matters, email legal@blocksight.live. For general support, email contact@tzur.live. We take all reports seriously and respond promptly.

Who makes TZUR for Agents?

Blocksight OÜ, an Estonian private limited company, registry code 17474529, registered at Vesivärava tn 50-301, 10152 Tallinn, Estonia, as part of the BlockSight ecosystem. These terms are governed by the law of the Republic of Estonia.

Last Updated: 8/6/2026