Today, many agents read keys and sensitive info from dotenv files, configs, or memory. One bad prompt or compromised tool can drain your wallet, API bill, or private data. DCP makes agents safe for real work: your wallets and API keys stay encrypted on your own machine. Give each agent only the scopes it needs; it asks, you approve from Telegram or App. Daily budgets, logs, and instant revoke keep you in control. Open source, non-custodial, and works with Claude, Cursor, OpenClaw, and Hermes.
AI agents are moving from answering questions to executing real work: signing transactions, using API keys, making payments, and calling tools across apps.
But there’s a problem: agents should not hold private keys, raw credentials, or sensitive information.
DCP is my attempt to solve that. It is a local permission vault for AI agents.
The flow is simple:
agent asks
you approve on Telegram or in the app
DCP signs locally
secret never enters the model context
What works today:
- desktop app
- local encrypted vault
- Telegram approvals
- Solana wallet signing
- API credential storage
- budgets and approval limits
- MCP-compatible agent flow
- open source repo
I built this because I think the next bottleneck for agents is not intelligence. It is permission.
If agents are going to act for us, they need a safe way to use wallets, credentials, and sensitive tools without taking custody.
Would love feedback from people building agents, wallets, MCP tools, x402 apps, or anything around agent commerce.
Telegram approval is smart for security but it breaks fully autonomous agent flows. How do you handle scheduled or headless tasks where no one is around to approve?
The Telegram approval flow is a clever UX choice for mobile-first teams. Curious how DCP handles permission scoping for design tool APIs specifically — if an agent is accessing a design system's token API, can you define read-only vs. write permissions per tool, or is it a single permission gate per service? Granular scoping seems key for preventing over-permissioned agents.
That's definitely sounds like one of the most useful products I've seen launched in some time. I've wanted to build something with OpenClaw for some time now, but always stopped myself because of the fear of possible leaks. Would you say it is a good use case for your vault?
Scoped permissions for agents feel important. Can teams issue temporary task-level keys that expire or revoke automatically after an agent run, instead of giving the agent broad credentials?
FYI, I REALLY want to try DCP, but downloading the installer (made sure it's the right version for my Apple silicon Macbook Air 15") it does install, but then gives me a "DCP is damaged; you should move it to trash" which I cannot get around - tried re-downloading and reinstalling, tried a few different things (running as admin, etc.) - nothing works.
This is exactly and precisely the solution I need, so, I hope I can figure it out... congrats on the launch, regardless!
A lot of teams try to solve this with a secrets manager (Vault/Infisical/Doppler) or by giving each agent its own wallet (Privy/Coinbase AgentKit/Sponge). What’s the crisp technical difference in DCP’s model of authority—i.e., what does DCP prevent that those approaches still can’t, and where are the tradeoffs?
Congrats on the launch! One question, if we hit the daily cap does it pause and wait for next day or does it notify you?
Would you give your private keys to your AI agents?
What if an agent makes the wrong decision?
the harder question underneath this product is whether detecting AI use in a technical interview is actually the right goal. a senior engineer who knows how to use AI tools effectively might be more valuable than one who can whiteboard without them. curious if there's a way to configure what counts as unauthorized versus what's just how people actually work now
About DCP on Product Hunt
“Give your AI agents encrypted permission and keys”
DCP launched on Product Hunt on May 22nd, 2026 and earned 107 upvotes and 28 comments, placing #15 on the daily leaderboard. Today, many agents read keys and sensitive info from dotenv files, configs, or memory. One bad prompt or compromised tool can drain your wallet, API bill, or private data. DCP makes agents safe for real work: your wallets and API keys stay encrypted on your own machine. Give each agent only the scopes it needs; it asks, you approve from Telegram or App. Daily budgets, logs, and instant revoke keep you in control. Open source, non-custodial, and works with Claude, Cursor, OpenClaw, and Hermes.
DCP was featured in Developer Tools (514.1k followers), Artificial Intelligence (471.1k followers) and Alpha (11 followers) on Product Hunt. Together, these topics include over 172.7k products, making this a competitive space to launch in.
Who hunted DCP?
DCP was hunted by Iftakhar Rahmany. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
Want to see how DCP stacked up against nearby launches in real time? Check out the live launch dashboard for upvote speed charts, proximity comparisons, and more analytics.
Iftakhar Rahmany
Hey PH! I’m Iftakhar, building DCP.
AI agents are moving from answering questions to executing real work: signing transactions, using API keys, making payments, and calling tools across apps.
But there’s a problem: agents should not hold private keys, raw credentials, or sensitive information.
DCP is my attempt to solve that. It is a local permission vault for AI agents.
The flow is simple:
agent asks
you approve on Telegram or in the app
DCP signs locally
secret never enters the model context
What works today:
- desktop app
- local encrypted vault
- Telegram approvals
- Solana wallet signing
- API credential storage
- budgets and approval limits
- MCP-compatible agent flow
- open source repo
I built this because I think the next bottleneck for agents is not intelligence. It is permission.
If agents are going to act for us, they need a safe way to use wallets, credentials, and sensitive tools without taking custody.
Would love feedback from people building agents, wallets, MCP tools, x402 apps, or anything around agent commerce.
Website: https://dcpagent.com
Docs: https://dcpagent.com/docs
Download: https://dcpagent.com/#download
GitHub: https://github.com/1lystore/dcp