DCP

What is DCP?

DCP is a local permission layer for AI agents that need to use wallets, API keys, and other credentials without reading them directly from disk. It runs on the user’s laptop, keeps secrets encrypted locally, and asks for approval on a phone when an agent wants to take an action that uses those permissions.

The product is designed for agents that work through MCP or similar integrations, including Claude, Cursor, OpenClaw, LangChain, VPS agents, and other systems that can connect to a local or remote permission service. DCP supports scoped permissions, daily budget caps, and activity logging so users can define what each agent may do and review what happened afterward.

Key Features

• Local-first secret storage: wallets, API keys, identity data, and other credentials are kept on the user’s device instead of exposed in .env files or passed directly to agents.
• Phone-based approvals: agents request permission, and the user approves or denies the request from a connected phone, reducing the need to switch back to the laptop.
• Scoped permissions per agent: different agents can be given different access rules, such as read-only access, spending limits, or full approval requirements.
• Daily budget caps: users can set hard limits on how much an agent can spend in a day, with requests blocked once the cap is reached.
• Activity logging: signatures and approvals are recorded so users can see what an agent asked for and what was allowed.
• Broad agent support: DCP is presented as working with Claude, Cursor, OpenClaw, Hermes, LangChain, MCP agents, VPS agents, and custom connections.
• Open-source desktop app: the product is described as free and open source, with installation packages for macOS, Windows, and Linux.

How to Use DCP

Install the desktop app on your laptop and add the credentials you want agents to use, such as wallets, API keys, or identity fields. DCP encrypts them locally and stores them on the device.

Next, connect your agents through the supported workflow: Claude and Cursor via MCP, VPS or remote agents through the provided install command, or custom agents through the documented connection method. Pair DCP with Telegram so approval prompts arrive on your phone.

After setup, the agent makes a request when it needs to sign, spend, or access a credential. You review the request on your phone and tap approve or deny, or let DCP auto-approve smaller actions within the limits you configured.

Use Cases

• Protecting agent-used API keys: keep OpenAI, Anthropic, Stripe, AWS, and other keys on the local machine instead of placing them in plaintext environment files.
• Controlling Solana wallet actions: let a trading or automation agent sign transactions only within a defined daily limit, with manual approval for larger requests.
• Using Claude or Cursor with guarded access: connect a coding or assistant agent to local credentials so it can request access without ever seeing raw keys.
• Running VPS or remote agents: connect remote automation to DCP so the agent can request permissions through the same approval flow as local agents.
• Separating permissions by task: give a research agent read-only access while allowing a trading agent to sign transactions or spend funds under stricter rules.

FAQ

What does DCP do differently from a .env file? DCP keeps credentials encrypted on the user’s device and makes agents request access when they need to use them, instead of letting agents read plaintext secrets directly from disk.

Does DCP give agents their own wallet? The page positions DCP as a permission layer rather than a wallet provider for the agent. The user keeps control of the keys locally and approves actions as needed.

Which agents can connect to DCP? The page mentions Claude, Cursor, OpenClaw, Hermes, LangChain, MCP agents, VPS agents, and custom setups.

Can DCP limit spending? Yes. The page describes daily budget caps and auto-approval rules for smaller actions, with larger requests sent to the phone for approval.

What platforms are supported? The download section lists macOS for Apple Silicon and Intel, Windows 64-bit, and Linux on Debian/Ubuntu.

Alternatives

• Agent wallet products: tools that give each agent its own wallet rather than acting as a local permission layer. These are closer to embedded wallet management than to approval-based access control.
• Manual .env credential management: the common workflow of storing keys in local environment files and letting applications read them directly. This is simpler to set up but leaves secrets exposed to the running process.
• General secret managers: systems for storing and rotating secrets centrally. They often focus on infrastructure access, while DCP is oriented around interactive agent approvals and per-action permissions.
• Custom approval scripts or internal tooling: teams can build their own gatekeeping workflow for agent actions, but that typically requires more engineering work than using a purpose-built permission layer.