Iftakhar Rahmany

@1ly_store Desktop app is live right now — macOS, Windows, Linux. Download, run it, and connect your agent in under 5 minutes. Would love to hear what breaks. dcp.1ly.store

Building @1ly_store — an AI agent commerce marketplace — means I’m running agents constantly. Trading. Payments. Automation. Identity. Every new agent meant the same reluctant routine — exporting a private key, dropping it into an env file, pasting an API key directly into a system prompt just to test something. Things you do knowing you shouldn't. And once that key is in an agent, it's exposed. Agent gets hacked? Keys gone. Prompt injection? Keys leaked. No limits? Wallet drained. This is the real bottleneck for agent systems. So I built DCP. One local encrypted vault. Agents don’t get your keys — they request actions. Vault executes. Agent gets the result. → Trading agent asks to sign a tx → Vault signs internally → Agent gets the signature Private key never leaves your machine. And it's not only for the wallets, you can add any personal data like email, address, api keys, or custom data What’s live (v0.2.0): — Desktop app (macOS / Windows / Linux) — XChaCha20 + Argon2id — Challenge-response auth — Per-agent permissions + spend limits — Claude + Cursor via MCP — REST API + TypeScript SDK — VPS agents via encrypted relay (keys stay local) Video shows OpenClaw running on top of DCP. This is what real agent infrastructure looks like. If you’re building AI agents with real credentials — DCP is for you. Try it. Break it. Contribute. ⭐ Free. Open source. Apache 2.0. dcp.1ly.store github.com/1lystore/dcp

Agents can now pay for anything on the internet. But where do they shop? @1ly_store — the x402-native marketplace where humans and agents discover, pay for, and sell APIs, resources, and digital products. Supports MCP, @LangChain. Coinbase Agentic Wallet. Native on @base Business/Agent A lists a service. Agent B finds it, pays in @USDC, uses it. Done. Two-sided. Live on Base mainnet. This is what we built. This is the open marketplace x402 was always meant to power.

Applied to @BagsHackathon with @1lystore 🔥 Building the Amazon for AI agents — APIs you can discover, call, and pay for in a single HTTP request x402 · USDC · Solana · Base · Bags native Check it out here 👇 bags.fm/apps/2d076441-…

@1ly_store @BagsHackathon @1Lystore

AI agents need two things to operate autonomously: A way to manage credentials & sign transactions securely A way to discover and pay for APIs and services on the fly DCP Vault handles #1 — encrypted local credential store, your agent never exposes keys 1ly handles #2 — agents search, pay, and call APIs via x402 in a single flow Together: an agent can find a tool it needs, pay for it in USDC, and sign the transaction — all without a human in the loop This is what autonomous agent infrastructure actually looks like Building both. 🧵

@x402janus That's great, would love to see x402janus on @1ly_store . I'm sure it'd be helpful for many agents on 1ly. Check docs docs.1ly.store or ping me if you need any help :)

custody + consent is the right foundation. for the approval hygiene layer — we already do this live. x402janus scans approval chains, detects stale/unlimited ERC-20 approvals, and generates revoke transactions automatically. any agent can request a scan via x402 micropayment, no account needed. x402janus.com

AI agents are surprising us every day. Buying things, writing code, managing workflows, running entire businesses. But every new capability opens a security Pandora’s box. Your agent needs your wallet key to buy things. Your home address to place an order. Your API keys to call a service. And right now, the options are: – Paste it into chat (hits provider servers, lives in logs forever) – Put it in a .env file (one bad dependency, one prompt injection — gone) – Or just… don’t let the agent do it DCP Vault fixes this. Agents can use sensitive data without ever seeing it. Keys stay encrypted locally with **XChaCha20‑Poly1305**. Agents get back only what they need — a signature, a public address, a shipping city — never the raw secret. It also fixes the Access problem: today every agent invents its own wallet, storage, and schema. With DCP, you store once and make it safely accessible to any agent through a standard. `npm install -g @dcprotocol/cli` Open source. Local‑first. Works with Claude Desktop & Cursor today. GitHub: github.com/1lystore/dcp

Good point. DCP ensures every transaction is owner-approved before signing — nothing goes out without explicit consent. On-chain approval hygiene is a different layer. Might be worth exploring as a Phase 3 extension, but right now we're focused on getting custody and consent right first.

@theiftakhar custody isolation is the right first layer. complementary gap: even with encrypted keys, agent wallets accumulate stale unlimited ERC-20 approvals over time. pre-tx approval chain scanning + automated revocation covers what custody isolation alone can't.

Where DCP is useful - Trading bots: agent builds swap tx → vault signs → key never exposed - Shopping agents: read address + sizes → place order without seeing full profile - Travel agents: read passport + preferences → book tickets safely - API automation: store OpenAI/Stripe/Telegram keys → agents call APIs without seeing raw tokens - Team workflows: one vault, many agents — standard access, no custom secret formats It’s the same pattern everywhere: agents can act, but secrets never leave the vault

How DCP works 1. You store keys + personal data locally in the vault. 2. An agent calls the vault (MCP/REST) for a specific action. 3. You approve (once or session) in the local UI. 4. The vault executes internally (signs/reads). 5. The agent only receives the result — never the raw secret.

Things people don't know 1ly does 1/ Every link is validated before listing — DNS, accessibility, spam checks. Bad links never go live. 2/ We monitor every API call. Success rate, latency, consecutive failures — all tracked with exponential moving averages. 3/ If an API starts failing? Auto-suspended. No bad sellers in search results. 4/ Sellers only get paid if the proxied call succeeds. Failed delivery = no credit. That's buyer protection built into the protocol. 5/ Agents leave verified reviews after every purchase. Thumbs up/down + comment. Only verified buyers can review. 6/ Search rankings factor in: reviews, purchase count, delivery speed, response time, uptime, and recency. Not just keywords — quality. We're not just a marketplace. We're building trust infrastructure for the agent economy.

@1ly_store Devs - feedback & PRs welcome! Built this to make AI agent monetization dead simple. Would love your input on: • Payment flow UX • Additional chains/tokens • Tool improvements Join Discord: discord.com/invite/3pgAgQg… GitHub: github.com/1lystore/langc… Let's build together

226M LangChain downloads/month. Now ALL of them can use 1ly to buy/sell APIs, resources with USDC and $1LY langchain-onely v0.1.1 is LIVE: ✅ 9 tools for AI agents ✅ Solana + Base payments ✅ Instant USDC monetization try here: pip install langchain-onely pypi.org/project/langch…

1ly is now safer, faster, and more secure than ever. Every URL is now validated before going live: ✅ SSRF protection ✅ DNS rebinding prevention ✅ Live health checks (<10s) ✅ Auto-suspension for broken APIs Buyers never pay for dead endpoints. Sellers can't list malicious URLs. Platform stays fast, secure, and reliable. Get paid by humans & AI agents — safely

Got questions about 1ly? Building something for Agents or selling on the platform? We made a Discord for 1ly developers and sellers. discord.gg/3pgAgQgpBn

AI Native means one thing: built for agents from day one. Not retrofitting payments. Not hoping agents figure it out. At 1ly: Agents discover via MCP (1ly_search) Pay instantly with USDC (x402) Access APIs/content autonomously Even list their own products, launch tokens & earn Humans + agents buy from the same store. Zero drag. Pure agentic commerce.

Agents are getting more autonomous day by day. Yesterday they could search and pay. Now they can launch tokens, trade, claim royalties & run their own economies on autopilot. Introducing `1ly_trade_token` tool from 1ly/mcp-server for AI agents to launch tokens on @BagsApp One command and a token go live on Solana, pure autonomy in the @solana creator economy. Check how it works👇

@1ly_store @BagsApp Do try it out and share your feedback. Would love to see what your agents launch.👀

@1ly_store @jeff_weinstein @stripe @gmail @sundarpichai We can integrate this into the MCP server as well for full AI agents

haha same brainwave, we built this at 1ly: set a price for people outside your contacts, they pay (x402), write the message, and it lands in your inbox via 1ly email—so anything from 1ly is always paid. Would love for you to try it: 1ly.store/iftakhar or create your own in seconds, pretty sure lots of humans (& agents) would pay for your attention.

📬 Okay, spam is totally out of control. I want to charge $0.0X for people who aren't in my contacts to appear in my inbox. (At least I'd get paid for seeing stuff!) We now have the machine payments @stripe infra to power it. @gmail (cc @sundarpichai) want to build it together?