The core is free and open source (Apache-2.0). Desktop app, agent runtime, CLI, and source code are free. The public relay is available for beta testing.

Where are my keys stored in DCP?

On your laptop. Encrypted with XChaCha20. Master key lives in your OS keychain. We never see your keys — they never leave your machine. DCP is fully non-custodial.

What is a multi-agentic wallet?

A multi-agentic wallet lets you set up one wallet and use it across multiple AI agents. DCP is the first multi-agentic wallet — connect Claude, Cursor, OpenClaw, and VPS bots to a single vault, control them all from one dashboard, and approve requests from your phone.

Can I use one wallet with multiple AI agents?

Yes. That's DCP's core feature. Set up your wallet once, then connect as many agents as you want — Claude, Cursor, OpenClaw, trading bots, custom agents. Each agent gets its own budget limit, but they all access your single secure vault.

Is DCP a Solana agentic wallet?

Yes. DCP functions as a Solana agentic wallet that lets AI agents request wallet actions with daily spending limits and phone-based approval. It also vaults API keys for services like OpenAI, Anthropic, Stripe, and GitHub.

Which blockchains does DCP support?

DCP supports Solana in the beta. You can generate a Solana wallet or import one. Keys are encrypted locally with XChaCha20. DCP is non-custodial — you control everything.

How do I control multiple AI agents from one place?

DCP gives you one dashboard to manage all your AI agents. See which agents are connected, what they're requesting, set per-agent budget limits, and approve or revoke access instantly. One wallet, one dashboard, total control.

How do AI agent spending limits work?

DCP lets you set daily budget caps for each agent. If an agent tries to spend more than the daily limit, the transaction is blocked. This prevents runaway spending from compromised or misbehaving agents. You can adjust limits anytime from the DCP dashboard.

What if my AI agent is hacked while I'm sleeping?

Worst case: attacker spends up to your daily cap before you wake up and revoke. Set the cap low enough that it's acceptable. That's the whole point of budget limits — capping maximum damage.

Is DCP better than .env files for AI agents?

Yes. With .env files, agents read your keys directly — one prompt injection leaks everything. DCP encrypts keys locally and requires phone approval for each access request. Agents never see raw keys — they only get results.

Can I store API keys like OpenAI and Anthropic in DCP?

Yes. Store any API key — OpenAI, Anthropic, Stripe, AWS, whatever. Your AI agents request access, you approve from your phone. The agent gets results, never the raw key.

Does DCP work with Claude, Cursor, and OpenClaw?

Yes. Claude Desktop, Cursor, VS Code, and other stdio MCP clients can run the DCP agent locally. OpenClaw and VPS agents use the remote installer and HTTP MCP. Custom runtimes can integrate through MCP or HTTP MCP.

How do I secure my OpenClaw agent with DCP?

Use the remote invite command from DCP Desktop. It installs the DCP agent service on your VPS, pairs it with your Desktop vault, and configures OpenClaw MCP when the install shape can be detected.

Is MCP server security a problem in 2026?

Yes. MCP servers have known vulnerabilities — over 42,000 exposed endpoints leaked credentials in early 2026, including CVE-2025-6514 (remote code execution). DCP adds a security layer: even if your MCP server is compromised, attackers can't access raw keys without phone approval.

How is DCP different from Infisical or VaultAgent?

DCP is local-first (keys never leave your device) with phone approval. Infisical and VaultAgent are cloud-based. DCP also handles crypto wallets — they don't. And DCP is free & open source.

How is DCP different from Turnkey or Cobo agentic wallet?

DCP is free and handles both crypto AND API keys. Turnkey and Cobo are enterprise-only, crypto-only, and Cobo holds a key share (MPC). DCP is fully non-custodial and local-first — you control everything.

What if my laptop is off?

Requests queue until you're back online. For 24/7 bots, just leave your laptop sleeping. No need to be unlocked.

Yes. The entire stack is open source under Apache-2.0. Self-host the relay if you want full control over your infrastructure.

Export your data, uninstall. Your wallets, keys, everything — yours. No lock-in, no data hostage.

DCP vs .env Files for AI Agents

Environment variables are fine for simple apps. AI agents need a safer permission boundary for wallets, credentials, budgets, and approvals.

.env files are not the enemy.

They are simple. They are familiar. They work.

For normal apps, that can be enough.

But AI agents are not normal apps.

Agents read instructions. Agents call tools. Agents follow chains of context. Agents can be asked to act across wallets, APIs, files, databases, and payment systems.

So when an agent has raw secrets in its environment, the risk changes.

SOLANA_PRIVATE_KEY=***
OPENAI_API_KEY=***
DATABASE_URL=...

That setup is easy.

It is also a lot of trust.

The Problem With `.env` for Agents

An environment variable gives the running process raw access.

That is fine when the process is a predictable app with a narrow job.

It is more dangerous when the process is an agent that can reason, call tools, inspect outputs, follow prompts, and take actions based on changing context.

If the agent can read the secret, then the agent can potentially:

use it outside the intended task
leak it through logs or tool output
spend more than expected
sign something the user did not understand
keep working with credentials after trust changes
give every connected workflow the same level of authority

That is not a permission model.

That is ambient authority.

Agents Need Capabilities, Not Raw Secrets

The safer pattern is to stop giving the agent the secret first.

Instead, give the agent a way to request a specific capability.

Bad pattern:

Agent reads SOLANA_PRIVATE_KEY from .env
Agent signs directly

Better pattern:

Agent asks DCP to sign a specific Solana transaction
DCP checks policy, budget, and approval
DCP signs inside the local vault
Agent receives the result

For API credentials, the same idea applies.

The agent should request the scoped data it needs, not inherit every credential loaded into the process.

What DCP Changes

DCP moves the sensitive boundary out of the agent and into a local vault.

The agent connects through MCP and gets tools such as:

vault_get_address
vault_budget_check
vault_scope_guide
vault_read
vault_write
vault_sign_tx
vault_sign_message
vault_sign_x402

That means an agent can ask for useful things without automatically owning the most sensitive material.

For example, the agent can ask:

What is my Solana wallet address from DCP?

Or:

Check if sending 0.01 SOL is within my DCP budget.

Or:

Request approval to sign this Solana transaction.

DCP can then apply the rules that a plain .env file cannot:

which agent is asking
what scope it has
whether the amount is within budget
whether user approval is required
what activity should be logged
whether access should be revoked later

`.env` Is Still Useful

This is not a call to delete every .env file.

Environment variables are still good for many app settings:

local development config
non-sensitive feature flags
service URLs
internal app defaults
secrets inside tightly controlled backend services

The problem is not .env.

The problem is giving autonomous or semi-autonomous agents raw access to secrets when they only need permission to do a narrower job.

Wallets Make This Urgent

With API keys, a mistake can mean bill shock, leaked data, or account abuse.

With wallets, a mistake can mean direct asset loss.

If a Solana private key sits inside an agent environment, the agent does not need to ask for permission before signing. It already has the key.

That may be acceptable for a demo.

It is not a good default for users, teams, payment agents, trading agents, x402 workflows, or agents running on remote machines.

Agents need to sign.

They do not need custody.

DCP Is a Permission Boundary

DCP is designed around a different contract:

Your agent can ask. You can say yes, no, not above this budget, or never again.

That is the difference.

.env gives access.

DCP gives permission.

And for agent workflows, permission is the product.

When To Use DCP Instead of `.env`

Use DCP when:

an agent needs to sign Solana transactions
an agent needs x402 payment signing
an agent needs wallet access without private-key custody
an agent needs scoped access to credentials or user data
you want per-agent budgets
you want approval prompts for sensitive actions
you want one vault shared across Claude, Cursor, OpenClaw, and custom MCP agents
you want logs and revocation instead of invisible background access

Keep .env for normal app config.

Use DCP when the agent needs power and the user still needs control.

Give AI agents permissions. Not your keys.

DCP vs .env Files for AI Agents

The Problem With `.env` for Agents

Agents Need Capabilities, Not Raw Secrets

What DCP Changes

`.env` Is Still Useful

Wallets Make This Urgent

DCP Is a Permission Boundary

When To Use DCP Instead of `.env`

Ready to secure your AI agents?

More from DCP

How to Secure Claude and Cursor MCP Agents

Stop Giving AI Agents Private Keys

The Next Big Agent Primitive Is Permission

DCP vs .env Files for AI Agents

The Problem With .env for Agents

Agents Need Capabilities, Not Raw Secrets

What DCP Changes

.env Is Still Useful

Wallets Make This Urgent

DCP Is a Permission Boundary

When To Use DCP Instead of .env

Ready to secure your AI agents?

More from DCP

How to Secure Claude and Cursor MCP Agents

Stop Giving AI Agents Private Keys

The Next Big Agent Primitive Is Permission

The Problem With `.env` for Agents

`.env` Is Still Useful

When To Use DCP Instead of `.env`