@dcprotocol/cli

Command-line interface for managing your DCP vault. Create wallets, store credentials, manage agent permissions, and view audit logs.

Installation

npm install -g @dcprotocol/cli

After installation, the dcp command will be available globally.

Quick Start

# Initialize a new vault
dcp init

# Create a Solana wallet
dcp create-wallet --chain solana

# Get wallet address
dcp list

# Store a credential
dcp add identity.email your@email.com

# Generate pairing token for VPS
dcp pairing generate

# View activity log
dcp activity

Core Commands

dcp init

Initialize a new vault.

dcp init

# Prompts for:
# - Passphrase (min 12 characters)
# - Passphrase confirmation

# Creates vault at ~/.dcp/vault.db
# Stores master key in OS keychain

dcp create-wallet

Generate a new blockchain wallet.

dcp create-wallet --chain <chain>

# Supported chains:
dcp create-wallet --chain solana
dcp create-wallet --chain ethereum
dcp create-wallet --chain base

# Short form:
dcp create-wallet -c solana

# Output:
# ✓ Created solana wallet
# Address: 5YzW8d...AbC123
# Operations: sign_tx, sign_message, get_address

dcp list

List all wallets and data in vault.

dcp list

# Output:
# Scope                Type          Sensitivity    Public Address
# ─────────────────────────────────────────────────────────────────
# wallet:solana        WALLET_KEY    critical       5Yz...123
# wallet:ethereum      WALLET_KEY    critical       0xAb...456
# wallet:base          WALLET_KEY    critical       0xCd...789
# identity.email       DATA          sensitive      -
# api.openai           DATA          critical       -

dcp add

Store encrypted data in vault.

dcp add <scope> <value>

# Examples:
dcp add identity.email john@example.com
dcp add identity.name "John Doe"
dcp add api.openai sk-proj-...
dcp add api.github ghp_...

# Scopes are hierarchical (identity.*, api.*, etc.)

dcp read

Read stored data from vault.

dcp read <scope>

# Example:
dcp read identity.email
# Output: john@example.com

dcp read api.openai
# Output: sk-proj-...

dcp status

Show vault status and statistics.

dcp status

# Output:
# Vault Status
# ──────────────────────────────────────
# Location:        ~/.dcp/vault.db
# Unlocked:        Yes (session expires in 28m)
# Wallets:         3 (solana, ethereum, base)
# Data items:      5
# Active agents:   2
# Pending approvals: 0

dcp activity

View audit log of all vault operations.

dcp activity [--limit <n>] [--agent <name>]

# Examples:
dcp activity --limit 10
dcp activity --agent TradingBot

# Output:
# Time                Agent        Action         Details
# ────────────────────────────────────────────────────────
# 2026-03-20 10:30   TradingBot   SIGN           1.5 SOL - APPROVED
# 2026-03-20 10:15   AIAssistant  READ           identity.email - APPROVED
# 2026-03-20 09:45   TradingBot   GET_ADDRESS    solana - APPROVED

dcp pairing generate

Generate pairing token for VPS proxy setup.

dcp pairing generate [--name <agent-name>] [--ttl <minutes>]

# Example:
dcp pairing generate --name production-bot --ttl 60

# Output:
# ✓ Generated pairing token
#
# Token (expires in 60 minutes):
# dcp_pair_a1b2c3d4e5f6...
#
# On your VPS, run:
# npx @dcprotocol/proxy --token dcp_pair_a1b2c3d4e5f6...

dcp agents

Manage agent sessions and permissions.

dcp agents list                  # List active agents
dcp agents revoke <agent-name>   # Revoke agent access
dcp agents trust <agent-name>    # Trust agent (auto-approve)

# Example output:
# Active Agents
# ────────────────────────────────────────────────
# Name          Scopes            Trusted    Last Used
# TradingBot    sign:solana       Yes        2m ago
# AIAssistant   read:identity.*   No         15m ago

dcp config

Update vault configuration and budget limits.

dcp config set <key> <value>
dcp config get <key>
dcp config list

# Budget configuration examples:
dcp config set budget.sol.daily 50
dcp config set budget.sol.tx_limit 10
dcp config set budget.sol.auto_approve 2

# Consent mode:
dcp config set consent.mode once          # Approve each request
dcp config set consent.mode session       # Approve once per session

dcp update

Update existing vault data.

dcp update <scope> <new-value>

# Example:
dcp update identity.email newemail@example.com
dcp update api.openai sk-proj-new-key...

dcp remove

Remove data from vault.

dcp remove <scope>

# Example:
dcp remove api.github
# ⚠ Are you sure? (y/N): y
# ✓ Removed api.github

dcp recovery

Export vault for backup (requires passphrase).

dcp recovery export [--output <file>]

# Example:
dcp recovery export --output backup.json

# Creates encrypted backup file
# ⚠ Store in secure location (password manager, offline)

Session Management

The CLI maintains an unlocked session after you enter your passphrase. By default, sessions last 30 minutes and are stored securely in the OS keychain.

Environment Variables

Variable	Default	Description
`VAULT_DIR`	`~/.dcp`	Vault storage directory
`DCP_CLI_SESSION_MINUTES`	`30`	Session timeout in minutes
`DCP_NO_KEYCHAIN`	`false`	Disable OS keychain (less secure)

Common Workflows

Initial Setup

# 1. Install CLI
npm install -g @dcprotocol/cli

# 2. Initialize vault
dcp init

# 3. Create wallets
dcp create-wallet --chain solana
dcp create-wallet --chain ethereum

# 4. Store credentials
dcp add identity.email your@email.com
dcp add api.openai sk-proj-...

# 5. Check status
dcp status

Setting Up VPS Agent

# On your local machine:
dcp pairing generate --name production-bot --ttl 60

# Copy the token, then on VPS:
npx @dcprotocol/proxy --token dcp_pair_...

# Your VPS agent can now access vault via relay

Managing Agent Permissions

# View active agents
dcp agents list

# Trust an agent (auto-approve small transactions)
dcp agents trust TradingBot

# Revoke agent access
dcp agents revoke OldBot

# View what agents have done
dcp activity --agent TradingBot

Budget Configuration

# Set daily budget for SOL
dcp config set budget.sol.daily 100

# Set per-transaction limit
dcp config set budget.sol.tx_limit 20

# Set auto-approve threshold
dcp config set budget.sol.auto_approve 5

# Transactions under 5 SOL auto-approve
# Transactions 5-20 SOL require approval
# Transactions over 20 SOL blocked

Security Best Practices

Strong passphrase: Use 16+ characters with mix of letters, numbers, symbols
Backup your vault: Use dcp recovery export regularly
Review activity: Check dcp activity periodically
Revoke unused agents: Remove old agent sessions with dcp agents revoke
Set conservative budgets: Start with low limits and increase as needed
Use trusted agents: Only trust agents you control

Troubleshooting

Session Expired

# Error: Vault is locked
# Just run the command again - you'll be prompted for passphrase
dcp list
# Password: ********
# (command executes)

Keychain Access Denied

# If keychain prompts are annoying, increase session time
export DCP_CLI_SESSION_MINUTES=120

# Or disable keychain (less secure - session won't survive restarts)
export DCP_NO_KEYCHAIN=true

Vault Location

# Check where vault is stored
dcp status

# Use custom location
export VAULT_DIR=/path/to/custom/location
dcp status