The core is free and open source (Apache-2.0). Desktop app, agent runtime, CLI, and source code are free. The public relay is available for beta testing.

Where are my keys stored in DCP?

On your laptop. Encrypted with XChaCha20. Master key lives in your OS keychain. We never see your keys — they never leave your machine. DCP is fully non-custodial.

What is a multi-agentic wallet?

A multi-agentic wallet lets you set up one wallet and use it across multiple AI agents. DCP is the first multi-agentic wallet — connect Claude, Cursor, OpenClaw, and VPS bots to a single vault, control them all from one dashboard, and approve requests from your phone.

Can I use one wallet with multiple AI agents?

Yes. That's DCP's core feature. Set up your wallet once, then connect as many agents as you want — Claude, Cursor, OpenClaw, trading bots, custom agents. Each agent gets its own budget limit, but they all access your single secure vault.

Is DCP a Solana agentic wallet?

Yes. DCP functions as a Solana agentic wallet that lets AI agents request wallet actions with daily spending limits and phone-based approval. It also vaults API keys for services like OpenAI, Anthropic, Stripe, and GitHub.

Which blockchains does DCP support?

DCP supports Solana in the beta. You can generate a Solana wallet or import one. Keys are encrypted locally with XChaCha20. DCP is non-custodial — you control everything.

How do I control multiple AI agents from one place?

DCP gives you one dashboard to manage all your AI agents. See which agents are connected, what they're requesting, set per-agent budget limits, and approve or revoke access instantly. One wallet, one dashboard, total control.

How do AI agent spending limits work?

DCP lets you set daily budget caps for each agent. If an agent tries to spend more than the daily limit, the transaction is blocked. This prevents runaway spending from compromised or misbehaving agents. You can adjust limits anytime from the DCP dashboard.

What if my AI agent is hacked while I'm sleeping?

Worst case: attacker spends up to your daily cap before you wake up and revoke. Set the cap low enough that it's acceptable. That's the whole point of budget limits — capping maximum damage.

Is DCP better than .env files for AI agents?

Yes. With .env files, agents read your keys directly — one prompt injection leaks everything. DCP encrypts keys locally and requires phone approval for each access request. Agents never see raw keys — they only get results.

Can I store API keys like OpenAI and Anthropic in DCP?

Yes. Store any API key — OpenAI, Anthropic, Stripe, AWS, whatever. Your AI agents request access, you approve from your phone. The agent gets results, never the raw key.

Does DCP work with Claude, Cursor, and OpenClaw?

Yes. Claude Desktop, Cursor, VS Code, and other stdio MCP clients can run the DCP agent locally. OpenClaw and VPS agents use the remote installer and HTTP MCP. Custom runtimes can integrate through MCP or HTTP MCP.

How do I secure my OpenClaw agent with DCP?

Use the remote invite command from DCP Desktop. It installs the DCP agent service on your VPS, pairs it with your Desktop vault, and configures OpenClaw MCP when the install shape can be detected.

Is MCP server security a problem in 2026?

Yes. MCP servers have known vulnerabilities — over 42,000 exposed endpoints leaked credentials in early 2026, including CVE-2025-6514 (remote code execution). DCP adds a security layer: even if your MCP server is compromised, attackers can't access raw keys without phone approval.

How is DCP different from Infisical or VaultAgent?

DCP is local-first (keys never leave your device) with phone approval. Infisical and VaultAgent are cloud-based. DCP also handles crypto wallets — they don't. And DCP is free & open source.

How is DCP different from Turnkey or Cobo agentic wallet?

DCP is free and handles both crypto AND API keys. Turnkey and Cobo are enterprise-only, crypto-only, and Cobo holds a key share (MPC). DCP is fully non-custodial and local-first — you control everything.

What if my laptop is off?

Requests queue until you're back online. For 24/7 bots, just leave your laptop sleeping. No need to be unlocked.

Yes. The entire stack is open source under Apache-2.0. Self-host the relay if you want full control over your infrastructure.

Export your data, uninstall. Your wallets, keys, everything — yours. No lock-in, no data hostage.

The Next Big Agent Primitive Is Permission

Everyone is building more capable AI agents. But there is one primitive missing from most agent stacks: permission. Real permission that answers what agents can access, spend, and do.

Everyone is building more capable AI agents.

Better models. Better tools. Better memory. Better workflows. Better browser control. Better code execution. Better crypto integrations.

But there is one primitive missing from most agent stacks:

permission.

Not authentication.

Not API keys.

Not "put secrets in .env."

Real permission.

The kind that answers:

What can this agent access?
What can it spend?
What needs approval?
What did it do?
Can I revoke it instantly?
Can different agents have different powers?

That is the next major layer in agent infrastructure.

Agents Are Becoming Workers

If agents are just chatbots, they do not need much permissioning.

But agents are becoming workers.

A personal agent might manage your inbox, calendar, wallet, and subscriptions.

A coding agent might need GitHub tokens, deployment keys, and API credentials.

A Solana agent might need to sign transactions or pay x402 endpoints.

A research agent might need paid data sources.

A remote OpenClaw agent might run on a VPS and need access to private user context.

The more useful agents become, the more sensitive access they need.

That creates a new problem.

The Old Model Breaks

The old model is:

OPENAI_API_KEY=***
GITHUB_TOKEN=***
SOLANA_PRIVATE_KEY=***

This was fine when software was deterministic.

It is not fine when autonomous agents are making decisions.

Agents are probabilistic, tool-using, context-sensitive systems. They can misunderstand instructions. They can be prompt-injected. They can call the wrong tool. They can be given bad context. They can be delegated tasks by other agents.

So raw access becomes dangerous.

Not because agents are evil.

Because raw access has no boundary.

Permission Is the Boundary

A permission layer gives agents controlled power.

It lets users say:

This agent can read my email address. This agent cannot read my API keys. This agent can request Solana signatures. This agent can auto-approve up to $5/day. This agent needs approval above that. This agent is revoked. This action was logged.

That is how we move from experimental agents to trusted agents.

DCP: A Local Control Panel for Agents

DCP is built around this idea.

It gives users a local vault and control panel for AI agents.

Inside DCP Desktop, users can:

create a local vault
create a Solana wallet
store API keys and private data
connect local MCP clients like Claude, Cursor, VS Code, and OpenClaw
pair remote VPS agents
connect Telegram approvals
set per-agent permissions
configure budgets and auto-approval thresholds
review activity logs
revoke agent access instantly

This turns agent access from messy configs into a managed permission system.

One Vault. Many Agents.

The future is not one agent.

It is many.

Claude for reasoning. Cursor for code. OpenClaw for persistent personal assistance. Remote agents for automation. Specialist agents for research, trading, support, or operations.

Each agent should not get the same keys.

Each agent should not require a separate secret setup.

Each agent should not live forever in a forgotten config file.

DCP lets users manage many agents from one place.

One vault. Different permissions. Instant revoke.

Why This Matters for MCP

MCP makes it easier for agents to connect to tools.

That is great.

But the more tools agents can use, the more important permissions become.

A tool interface without a permission layer can become a risk surface.

DCP works through MCP so agents can request approved actions without directly reading raw secrets.

That means agents can become more capable while users keep control.

Capability and safety should grow together.

Why This Matters for Solana

Solana gives agents economic rails.

MCP gives agents tool access.

x402 gives agents payment flows.

DCP gives agents permission boundaries.

These pieces fit together.

If agents are going to pay, sign, and operate economically, they need a wallet model users can trust.

Private keys in .env will not be the final answer.

Permissioned agent wallets will be.

Permission Is What Makes Agents Real

The most important question for agent adoption is not:

Can the agent do it?

It is:

Can I trust the agent to do it safely?

That is a permission problem.

DCP is built for that problem.

Agents ask. Users approve, deny, budget, revoke, and audit.

That is the primitive that makes agents safe enough for real work.

The next big agent primitive is permission.

The Next Big Agent Primitive Is Permission

Agents Are Becoming Workers

The Old Model Breaks

Permission Is the Boundary

DCP: A Local Control Panel for Agents

One Vault. Many Agents.

Why This Matters for MCP

Why This Matters for Solana

Permission Is What Makes Agents Real

Ready to secure your AI agents?

More from DCP

How to Secure Claude and Cursor MCP Agents

DCP vs .env Files for AI Agents

Stop Giving AI Agents Private Keys