The core is free and open source (Apache-2.0). Desktop app, agent runtime, CLI, and source code are free. The public relay is available for beta testing.

Where are my keys stored in DCP?

On your laptop. Encrypted with XChaCha20. Master key lives in your OS keychain. We never see your keys — they never leave your machine. DCP is fully non-custodial.

What is a multi-agentic wallet?

A multi-agentic wallet lets you set up one wallet and use it across multiple AI agents. DCP is the first multi-agentic wallet — connect Claude, Cursor, OpenClaw, and VPS bots to a single vault, control them all from one dashboard, and approve requests from your phone.

Can I use one wallet with multiple AI agents?

Yes. That's DCP's core feature. Set up your wallet once, then connect as many agents as you want — Claude, Cursor, OpenClaw, trading bots, custom agents. Each agent gets its own budget limit, but they all access your single secure vault.

Is DCP a Solana agentic wallet?

Yes. DCP functions as a Solana agentic wallet that lets AI agents request wallet actions with daily spending limits and phone-based approval. It also vaults API keys for services like OpenAI, Anthropic, Stripe, and GitHub.

Which blockchains does DCP support?

DCP supports Solana in the beta. You can generate a Solana wallet or import one. Keys are encrypted locally with XChaCha20. DCP is non-custodial — you control everything.

How do I control multiple AI agents from one place?

DCP gives you one dashboard to manage all your AI agents. See which agents are connected, what they're requesting, set per-agent budget limits, and approve or revoke access instantly. One wallet, one dashboard, total control.

How do AI agent spending limits work?

DCP lets you set daily budget caps for each agent. If an agent tries to spend more than the daily limit, the transaction is blocked. This prevents runaway spending from compromised or misbehaving agents. You can adjust limits anytime from the DCP dashboard.

What if my AI agent is hacked while I'm sleeping?

Worst case: attacker spends up to your daily cap before you wake up and revoke. Set the cap low enough that it's acceptable. That's the whole point of budget limits — capping maximum damage.

Is DCP better than .env files for AI agents?

Yes. With .env files, agents read your keys directly — one prompt injection leaks everything. DCP encrypts keys locally and requires phone approval for each access request. Agents never see raw keys — they only get results.

Can I store API keys like OpenAI and Anthropic in DCP?

Yes. Store any API key — OpenAI, Anthropic, Stripe, AWS, whatever. Your AI agents request access, you approve from your phone. The agent gets results, never the raw key.

Does DCP work with Claude, Cursor, and OpenClaw?

Yes. Claude Desktop, Cursor, VS Code, and other stdio MCP clients can run the DCP agent locally. OpenClaw and VPS agents use the remote installer and HTTP MCP. Custom runtimes can integrate through MCP or HTTP MCP.

How do I secure my OpenClaw agent with DCP?

Use the remote invite command from DCP Desktop. It installs the DCP agent service on your VPS, pairs it with your Desktop vault, and configures OpenClaw MCP when the install shape can be detected.

Is MCP server security a problem in 2026?

Yes. MCP servers have known vulnerabilities — over 42,000 exposed endpoints leaked credentials in early 2026, including CVE-2025-6514 (remote code execution). DCP adds a security layer: even if your MCP server is compromised, attackers can't access raw keys without phone approval.

How is DCP different from Infisical or VaultAgent?

DCP is local-first (keys never leave your device) with phone approval. Infisical and VaultAgent are cloud-based. DCP also handles crypto wallets — they don't. And DCP is free & open source.

How is DCP different from Turnkey or Cobo agentic wallet?

DCP is free and handles both crypto AND API keys. Turnkey and Cobo are enterprise-only, crypto-only, and Cobo holds a key share (MPC). DCP is fully non-custodial and local-first — you control everything.

What if my laptop is off?

Requests queue until you're back online. For 24/7 bots, just leave your laptop sleeping. No need to be unlocked.

Yes. The entire stack is open source under Apache-2.0. Self-host the relay if you want full control over your infrastructure.

Export your data, uninstall. Your wallets, keys, everything — yours. No lock-in, no data hostage.

Stop Giving AI Agents Private Keys

AI agents need wallets, payments, signatures, APIs, and data. They should get permissions, not raw private keys in .env files.

AI agents are finally becoming useful because they can do more than chat.

They can call APIs. They can pay for data. They can sign transactions. They can use wallets. They can run workflows across tools, apps, and chains.

On Solana especially, this gets interesting fast. Low fees, fast settlement, x402 payments, token-native apps, and agent tooling make Solana one of the best places for AI agents to become real economic actors.

But there is one problem:

A lot of agents still need private keys sitting in .env files.

That is not a real permission system.

That is handing your agent the master key and hoping it behaves.

Agents Need Power

The answer is not to cage agents.

If agents are going to be useful, they need to act.

A Solana agent should be able to:

pay for APIs
buy data
sign transactions
use x402 endpoints
manage small operational budgets
interact with wallets
run automated workflows
work across Claude, Cursor, OpenClaw, and custom MCP clients

Agents that can only suggest actions are limited.

The future is agents that can do real work.

But real work needs real permissions.

Private Keys Are Too Much Trust

Today, many agent setups look like this:

SOLANA_PRIVATE_KEY=***
OPENAI_API_KEY=***
DATABASE_URL=...

That works for demos.

It does not work for real users.

Because once an agent has raw access, it can potentially:

sign anything
spend too much
leak credentials
access data it should not need
act without a clear approval trail
keep access after you stop trusting it

That is not how users will safely run personal agents, trading agents, payment agents, or business agents.

Agents need wallets.

They do not need custody.

The Missing Layer: Permissioned Wallets

The better model is simple:

Agents ask. Users approve, deny, budget, or revoke.

That is what DCP is building.

DCP is a local permission layer for AI agents. It lets agents request sensitive actions without taking possession of raw private keys.

Instead of giving an agent your private key, you connect it to DCP.

The agent can request:

wallet address
transaction signing
message signing
x402 payment signing
scoped API credential access
identity/profile data
budget checks

But private keys and secrets stay in your local vault unless you explicitly allow a scoped data read.

For signing, the agent gets the signed result, not the raw private key.

How It Works

The flow looks like this:

AI Agent
  ↓
DCP Agent / MCP
  ↓
Local DCP Vault
  ↓
Policy Check
  ↓
Approve / Deny / Budget / Log
  ↓
Wallets, API Keys, User Data

If the action is sensitive, DCP can show the user an approval request.

For example:

OpenClaw wants to send 0.02 SOL on Solana.

The user can approve or deny.

DCP can also enforce:

daily budgets
per-transaction limits
auto-approval thresholds
per-agent permissions
activity logs
instant revoke

This gives agents power without giving up control.

Why This Matters for Solana

Solana is becoming one of the most natural homes for agent commerce.

Agents can pay per request. Agents can use x402. Agents can interact with fast, cheap on-chain systems. Agents can hold operational balances. Agents can become real participants in internet-native markets.

But for that to reach normal users, the wallet UX has to be safe.

The question is not:

Should agents use wallets?

They will.

The real question is:

Do agents hold private keys, or do they request permission?

DCP is focused on the second path.

DCP Is Not a Cage

This is important.

DCP is not trying to stop agents from acting.

It is trying to make agents safe enough to act more.

A good permission system does not reduce capability. It increases trust.

When users know they can set limits, approve actions, inspect logs, and revoke access, they are more likely to let agents do real work.

That is the unlock.

Not reckless agents. Not caged agents. Safe agents.

The Agent Stack Needs Two Layers

For Solana agent commerce, there are two big pieces:

1. Payment rails Agents need ways to pay for APIs, data, services, and tasks. This is where x402 and Solana payments matter.

2. Permission rails Users need ways to control what agents can access, sign, spend, and use. This is where DCP fits.

Payment rails make agents useful.

Permission rails make agents trustworthy.

You need both.

Give Agents Permissions, Not Keys

AI agents are going to do real work.

On Solana, that work will involve wallets, payments, signatures, APIs, and data.

The winning model is not private keys in .env.

The winning model is:

local vaults
scoped access
approval flows
budgets
logs
instant revoke
non-custodial signing

Agents should be able to act.

Users should stay in control.

Give AI agents permissions. Not your keys.

DCP: https://dcpagent.com

GitHub: https://github.com/1lystore/dcp

Stop Giving AI Agents Private Keys

Agents Need Power

Private Keys Are Too Much Trust

The Missing Layer: Permissioned Wallets

How It Works

Why This Matters for Solana

DCP Is Not a Cage

The Agent Stack Needs Two Layers

Give Agents Permissions, Not Keys

Ready to secure your AI agents?

More from DCP

How to Secure Claude and Cursor MCP Agents

DCP vs .env Files for AI Agents

The Next Big Agent Primitive Is Permission