The core is free and open source (Apache-2.0). Desktop app, agent runtime, CLI, and source code are free. The public relay is available for beta testing.

Where are my keys stored in DCP?

On your laptop. Encrypted with XChaCha20. Master key lives in your OS keychain. We never see your keys — they never leave your machine. DCP is fully non-custodial.

What is a multi-agentic wallet?

A multi-agentic wallet lets you set up one wallet and use it across multiple AI agents. DCP is the first multi-agentic wallet — connect Claude, Cursor, OpenClaw, and VPS bots to a single vault, control them all from one dashboard, and approve requests from your phone.

Can I use one wallet with multiple AI agents?

Yes. That's DCP's core feature. Set up your wallet once, then connect as many agents as you want — Claude, Cursor, OpenClaw, trading bots, custom agents. Each agent gets its own budget limit, but they all access your single secure vault.

Is DCP a Solana agentic wallet?

Yes. DCP functions as a Solana agentic wallet that lets AI agents request wallet actions with daily spending limits and phone-based approval. It also vaults API keys for services like OpenAI, Anthropic, Stripe, and GitHub.

Which blockchains does DCP support?

DCP supports Solana in the beta. You can generate a Solana wallet or import one. Keys are encrypted locally with XChaCha20. DCP is non-custodial — you control everything.

How do I control multiple AI agents from one place?

DCP gives you one dashboard to manage all your AI agents. See which agents are connected, what they're requesting, set per-agent budget limits, and approve or revoke access instantly. One wallet, one dashboard, total control.

How do AI agent spending limits work?

DCP lets you set daily budget caps for each agent. If an agent tries to spend more than the daily limit, the transaction is blocked. This prevents runaway spending from compromised or misbehaving agents. You can adjust limits anytime from the DCP dashboard.

What if my AI agent is hacked while I'm sleeping?

Worst case: attacker spends up to your daily cap before you wake up and revoke. Set the cap low enough that it's acceptable. That's the whole point of budget limits — capping maximum damage.

Is DCP better than .env files for AI agents?

Yes. With .env files, agents read your keys directly — one prompt injection leaks everything. DCP encrypts keys locally and requires phone approval for each access request. Agents never see raw keys — they only get results.

Can I store API keys like OpenAI and Anthropic in DCP?

Yes. Store any API key — OpenAI, Anthropic, Stripe, AWS, whatever. Your AI agents request access, you approve from your phone. The agent gets results, never the raw key.

Does DCP work with Claude, Cursor, and OpenClaw?

Yes. Claude Desktop, Cursor, VS Code, and other stdio MCP clients can run the DCP agent locally. OpenClaw and VPS agents use the remote installer and HTTP MCP. Custom runtimes can integrate through MCP or HTTP MCP.

How do I secure my OpenClaw agent with DCP?

Use the remote invite command from DCP Desktop. It installs the DCP agent service on your VPS, pairs it with your Desktop vault, and configures OpenClaw MCP when the install shape can be detected.

Is MCP server security a problem in 2026?

Yes. MCP servers have known vulnerabilities — over 42,000 exposed endpoints leaked credentials in early 2026, including CVE-2025-6514 (remote code execution). DCP adds a security layer: even if your MCP server is compromised, attackers can't access raw keys without phone approval.

How is DCP different from Infisical or VaultAgent?

DCP is local-first (keys never leave your device) with phone approval. Infisical and VaultAgent are cloud-based. DCP also handles crypto wallets — they don't. And DCP is free & open source.

How is DCP different from Turnkey or Cobo agentic wallet?

DCP is free and handles both crypto AND API keys. Turnkey and Cobo are enterprise-only, crypto-only, and Cobo holds a key share (MPC). DCP is fully non-custodial and local-first — you control everything.

What if my laptop is off?

Requests queue until you're back online. For 24/7 bots, just leave your laptop sleeping. No need to be unlocked.

Yes. The entire stack is open source under Apache-2.0. Self-host the relay if you want full control over your infrastructure.

Export your data, uninstall. Your wallets, keys, everything — yours. No lock-in, no data hostage.

How to Secure Claude and Cursor MCP Agents

Claude Desktop, Cursor, OpenClaw, and custom MCP clients can call powerful tools. DCP gives those tools a vault-backed permission layer.

Claude and Cursor are already where many developers live.

That is why MCP matters.

MCP lets these agents reach tools. Once connected, an agent can do more than answer questions. It can read data, call APIs, trigger workflows, sign messages, and interact with systems outside the chat window.

That is powerful.

It also changes the security model.

The question is not:

Can Claude or Cursor call a tool?

They can.

The real question is:

How much authority does that tool give the agent?

MCP Makes Agents Useful

MCP is useful because it gives agents hands.

A Claude or Cursor agent can connect to a local tool and ask for things like:

read a file
query a database
call an API
fetch a credential
check a budget
sign a wallet message
prepare or sign a transaction

That is the point.

Agents become useful when they can act.

But once agents can act, users and developers need boundaries.

The Risk Is Hidden Authority

The risky setup looks simple:

Claude / Cursor
  ↓
MCP server with private keys or API keys loaded
  ↓
Wallets, credentials, APIs, data

This works.

But it often gives the agent more power than the user intended.

If the MCP server has raw private keys, high-limit API keys, or broad database credentials, the agent can inherit that authority through a tool call.

Now the user has hard questions:

Which agent can use this?
What can it read?
What can it sign?
What can it spend?
Does this need approval?
What happened last night?
How do I revoke it?

Those questions should not be afterthoughts.

They are the permission layer.

The Better Pattern: Vault-Backed MCP

DCP adds a local permission boundary between MCP agents and sensitive actions.

The flow is:

Claude / Cursor / OpenClaw / MCP client
  ↓
DCP Agent MCP server
  ↓
Local DCP Vault
  ↓
Policy, budget, approval, log
  ↓
Wallets, credentials, user data

The agent still gets useful tools.

The vault keeps custody.

For wallet operations, DCP signs inside the vault and returns the result. The agent does not receive the private key.

For data and credentials, DCP uses scopes so the agent asks for a specific kind of access instead of inheriting everything in the process.

What Tools Does DCP Expose?

DCP currently exposes these MCP tools:

vault_get_address
vault_budget_check
vault_scope_guide
vault_read
vault_write
vault_sign_tx
vault_sign_message
vault_sign_x402

That list matters because it shows the shape of the product.

DCP is not just a secret store.

It is an action interface for agents.

Agents can ask for an address, check a budget, read or write scoped vault data, sign a Solana transaction, sign a Solana message, or sign a Solana x402 payment payload.

What Approval Looks Like

For simple public data, DCP can return the result directly.

Example:

What is my Solana wallet address from DCP?

For sensitive actions, DCP can require approval.

Example:

Request approval to sign this Solana transaction.

The approval request can show the user:

which agent is asking
what action it wants
amount, currency, and destination when available
whether the request is within budget
approve or deny controls

The user can approve, deny, set budgets, revoke access, and audit what agents asked for.

That is the difference between a tool and a permissioned tool.

Why This Matters for Developers

Developers do not want every agent integration to become a custom security project.

They want a simple path:

1. Install DCP. 2. Create or unlock a vault. 3. Connect Claude, Cursor, OpenClaw, or another MCP client. 4. Give the agent scoped permissions. 5. Let the agent ask for sensitive actions.

That is much better than copying wallet keys into .env, pasting API keys into random tool configs, or building one-off approval logic for every agent.

The agent gets a stable MCP interface.

The user gets control.

Use DCP If

Use DCP if:

you run Claude or Cursor with MCP tools
you are building Solana agents
you want agents to sign without holding private keys
you want x402 payment signing for agent workflows
you need scoped access to credentials or user data
you want one vault for multiple agents
you want budgets, approvals, logs, and revoke
you want local custody instead of raw secrets inside the agent process

MCP makes agents more capable.

DCP makes that capability safer to use.

Give AI agents permissions. Not your keys.

How to Secure Claude and Cursor MCP Agents

MCP Makes Agents Useful

The Risk Is Hidden Authority

The Better Pattern: Vault-Backed MCP

What Tools Does DCP Expose?

What Approval Looks Like

Why This Matters for Developers

Use DCP If

Ready to secure your AI agents?

More from DCP

DCP vs .env Files for AI Agents

Stop Giving AI Agents Private Keys

The Next Big Agent Primitive Is Permission