Kubernetes-Native Incident Response for Bitcoin Infrastructure
Hackathon Submission: Building Cool Agents category Built with kagent + agentgateway + agentregistry + bitcoin-mcp
Bitcoin node operators don't sleep. Fee spikes hit at 3am. Mempool floods during NFT mints. Hashrate drops when a mining pool goes offline. Block times stretch to 30+ minutes and nobody knows why until the Telegram group panics.
The standard response is a wall of Grafana dashboards, a PagerDuty rule, and a runbook that nobody reads. The operator wakes up, SSHs into the node, runs six commands, cross-references three block explorers, and makes a judgment call. Every. Single. Time.
Bitcoin SRE Agent replaces the runbook with an AI agent that detects, investigates, diagnoses, and recommends -- using the same tools an experienced operator would use, orchestrated by kagent and secured by agentgateway.
agentregistry
(discover bitcoin-mcp)
|
v
Incident agentgateway (port 3000)
Trigger +---------------------------+
(alert / | Rate Limit (60 req/min) |
cron / | OTEL Tracing --> Jaeger |
manual) | CORS |
\ +---------------------------+
\ |
v v
+-----------------------------------+
| kagent Agent CRD |
| bitcoin-sre-agent |
| |
| System Prompt: |
| - SRE incident protocol |
| - Fee interpretation rules |
| - Mempool analysis playbook |
| - Node health checklist |
| - Escalation criteria |
| |
| Tools: |
| kagent ToolServer CRD |
| bitcoin-mcp (49 tools) |
+-----------------------------------+
| | |
v v v
get_fee_ analyze_ get_mining_
estimates mempool info
| | |
v v v
+-----------------------------------+
| Bitcoin Network |
| (Local node or Satoshi API) |
+-----------------------------------+
| Project | Role in This Agent |
|---|---|
| kagent | Defines the agent (Agent CRD) and its tools (ToolServer CRD). The Agent CRD holds the SRE system prompt, tool bindings, and A2A skill metadata. The ToolServer CRD wraps bitcoin-mcp as a Kubernetes-native tool provider. |
| agentgateway | Sits in front of bitcoin-mcp enforcing rate limits and exporting OpenTelemetry traces. Every tool call the agent makes is rate-limited and auditable -- critical for an SRE agent that might fire hundreds of calls during an incident. |
| agentregistry | Publishes the bitcoin-mcp server so other agents and operators can discover it. The registry entry describes all 49 tools, categories, and config -- making it easy to compose bitcoin-mcp into other agent workflows. |
The agent follows a four-phase protocol for every incident:
DETECT --> INVESTIGATE --> DIAGNOSE --> RECOMMEND
The agent identifies anomalies by comparing current state against baseline thresholds:
| Signal | Tool | Threshold |
|---|---|---|
| Fee spike | get_fee_estimates |
> 3x 7-day average |
| Mempool flood | analyze_mempool |
> 100K unconfirmed txs |
| Slow blocks | get_mining_info |
> 20 min since last block |
| Hashrate drop | get_mining_info |
> 10% decline in 24h |
| Node desync | get_node_status |
Headers ahead of blocks |
| Peer loss | get_peer_info |
< 4 outbound connections |
For each detected anomaly, the agent gathers context:
- Fee spike: Check mempool size and composition, recent block fullness, inscription activity
- Mempool flood: Analyze fee distribution, estimate clearing time at current hashrate
- Slow blocks: Check difficulty adjustment timeline, compare with expected block interval
- Node issues: Verify sync state, check peer diversity, inspect bandwidth
The agent correlates signals to identify root cause:
- Fee spike + mempool flood + inscription activity = NFT/ordinals mint event
- Fee spike + mempool flood + no inscriptions = organic demand surge
- Slow blocks + hashrate drop = mining pool outage or energy disruption
- Node desync + low peers = local network issue
Based on diagnosis, the agent produces actionable recommendations:
- Fee spike (transient): "Wait 2-3 blocks. Fees should normalize to ~15 sat/vB."
- Fee spike (sustained): "Use 25 sat/vB for next-block confirmation. Consider batching."
- Mempool flood: "Estimated clearing time: 45 minutes. Non-urgent txs can wait."
- Mining anomaly: "No action needed. Difficulty adjusts in ~3 days."
- Node health: "Restart bitcoind. If sync doesn't resume, check disk space."
cd submissions/agents
docker compose up -d
python demo.pypip install bitcoin-mcp httpx rich
python demo.pyThe demo connects to bitcoin-mcp (via Satoshi API -- no local node required), runs a full health check, analyzes current fees and mempool, and produces a situation report.
# Apply the ToolServer and Agent CRDs
kubectl apply -f toolserver.yaml
kubectl apply -f agent.yamlsubmissions/agents/
README.md # This file
toolserver.yaml # kagent ToolServer CRD for bitcoin-mcp
agent.yaml # kagent Agent CRD for the SRE agent
demo.py # Main demo -- full incident response scenario
docker-compose.yml # Full stack: bitcoin-mcp + agentgateway + jaeger
gateway-config.yaml # agentgateway config with rate limiting + OTEL
blog.md # dev.to-ready blog post
incidents/
fee_spike.py # Fee spike incident simulation
node_health.py # Node health check scenario
Running python demo.py produces output like this:
=== Bitcoin SRE Agent -- Incident Response Demo ===
[1/4] NODE HEALTH CHECK
Block Height: 889,241
Sync Status: SYNCED
Peers: 12 inbound, 8 outbound
Network: mainnet
Version: /Satoshi:27.0.0/
Status: HEALTHY
[2/4] FEE ENVIRONMENT
Next Block: 42 sat/vB
30 min: 28 sat/vB
1 hour: 15 sat/vB
1 day: 5 sat/vB
Assessment: ELEVATED -- likely transient congestion
[3/4] MEMPOOL ANALYSIS
Unconfirmed TXs: 87,234
Mempool Size: 312 MB
Min Fee: 3.01 sat/vB
Congestion: MODERATE
Est. Clear Time: ~35 minutes at current hashrate
[4/4] SITUATION REPORT
Overall Status: YELLOW -- elevated fees, mempool congested
Root Cause: Organic demand surge (no inscription spike detected)
Recommendation: Non-urgent transactions should wait 1-2 hours.
Use 15 sat/vB for confirmation within 1 hour.
Network is otherwise healthy -- no action needed.
The ToolServer CRD tells kagent how to run bitcoin-mcp:
apiVersion: kagent.dev/v1alpha1
kind: ToolServer
metadata:
name: bitcoin-mcp
spec:
config:
stdio:
command: uvx
args: ["bitcoin-mcp"]
description: "Bitcoin network analysis -- 49 tools"kagent launches bitcoin-mcp as a subprocess and exposes its 49 tools to any Agent that references it. No container images, no port management -- kagent handles the lifecycle.
The Agent CRD defines the SRE agent's behavior:
apiVersion: kagent.dev/v1alpha2
kind: Agent
metadata:
name: bitcoin-sre-agent
spec:
systemMessage: |
You are a Bitcoin SRE specialist...
[500+ word incident response protocol]
tools:
- type: McpServer
mcpServer:
toolServer: bitcoin-mcp
a2aConfig:
skills:
- id: bitcoin-sre
name: Bitcoin SRE
description: Monitor Bitcoin node health, detect anomalies...The system prompt encodes the full SRE playbook: detection thresholds, investigation procedures, diagnostic logic, and recommendation templates. The A2A skill config allows other agents to discover and delegate to the Bitcoin SRE agent.
In production, the SRE agent might fire dozens of tool calls per incident. Without guardrails:
- A runaway investigation loop could hammer bitcoin-mcp with thousands of requests
- There's no audit trail of what the agent examined during an incident
- No way to enforce read-only access during investigation vs. write access for remediation
agentgateway solves all three:
- Rate limiting: 60 req/min prevents runaway loops while allowing burst during active incidents
- OTEL tracing: Every tool call is traced to Jaeger -- complete incident forensics after the fact
- CORS: Enables browser-based dashboards to display agent activity in real time
This isn't just about Bitcoin. The pattern -- domain-specific MCP server + kagent orchestration + agentgateway security + agentregistry discovery -- applies to any infrastructure SRE use case:
- Database SRE: Wrap pg_stat tools as MCP, detect slow queries, recommend index changes
- Kubernetes SRE: Wrap kubectl as MCP, detect pod crash loops, recommend resource adjustments
- Network SRE: Wrap SNMP/NetFlow as MCP, detect anomalous traffic, recommend firewall rules
The Bitcoin SRE Agent is a proof of concept for AI-native operations: agents that don't just alert you to problems, but investigate them, explain what's happening, and tell you what to do.
- bitcoin-mcp -- 49-tool MCP server for Bitcoin network intelligence
- kagent -- Kubernetes-native AI agent framework
- agentgateway -- Open-source gateway for securing MCP traffic
- agentregistry -- Discovery and distribution for MCP servers and agents
Built for the MCP & AI Agents Hackathon -- Building Cool Agents category. Because Bitcoin infrastructure deserves an SRE that never sleeps.