Security

Agents can search. Humans approve.

names.dev is designed so an AI agent can discover and recommend, but cannot spend money, move domains, write DNS records, or send deal terms without explicit approval.

Human approvals

Domain registration, DNS writes, offers, seller outreach, listing creation, and equity actions require a short-lived signed approval token.

No auto-purchase

Production writes require explicitly connected provider credentials and approval flows. Provider credentials are never exposed to agents.

Seller verification

Domain claims require DNS TXT verification before a domain can be treated as owned inventory.

Agent access

Production MCP access requires bearer tokens. Write tools still require per-action human approval.

Approval tokens

Approval tokens are single-use, scoped, logged, and expire quickly. All write attempts are audited.

Report security issues privately at hello@names.dev.

Security · names.dev