DEV Community: Surf The latest articles on DEV Community by Surf (@surfether). https://dev.to/surfether https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3948751%2Fa9ef23b9-4424-47dc-9ef1-6bd2e2a42839.png DEV Community: Surf https://dev.to/surfether en Domain Trust Scoring for AI Agents — Checking Before You Pay Surf Sun, 24 May 2026 08:11:55 +0000 https://dev.to/surfether/domain-trust-scoring-for-ai-agents-checking-before-you-pay-556g https://dev.to/surfether/domain-trust-scoring-for-ai-agents-checking-before-you-pay-556g <h2> AI agents are now spending real money autonomously. Here's how to add a simple trust check before your agent transacts with any domain. </h2> <p>AI agents are spending real money now. The x402 protocol has processed over 165 million transactions across ~69,000 active agents. That's a lot of autonomous USDC flying around to domains your agent has never seen before.</p> <p>The problem is a pretty natural consequence of that: <strong>agents can't easily tell if a domain they're about to pay is legitimate or not.</strong> A human glances at a URL and picks up on a dozen signals — the TLD, whether they recognize the registrar, how old the site looks. An agent doing the same thing has to either skip that check entirely or build the verification infrastructure itself.</p> <p>This post is about how to add a lightweight trust check to your agent before it transacts, using a pay-per-use API on the x402 protocol.</p> <h2> Why this matters </h2> <p>Consider an agent that searches for a service, finds a matching x402 endpoint, and prepares to pay. Without any trust verification, it's essentially trusting that:</p> <ul> <li>The domain is what it claims to be</li> <li>It wasn't registered yesterday as a throwaway</li> <li>It has some real operational presence (DNS, mail, etc.)</li> <li>It's using a legitimate registrar</li> </ul> <p>None of that is guaranteed. High-risk domains — <code>.xyz</code>, <code>.tk</code>, <code>.click</code> — cost pennies and are disproportionately used in phishing and fraud. A domain registered three weeks ago with no MX records and an obscure registrar is a different risk profile than <code>api.somestablecompany.io</code> that's been around for five years.</p> <p>A trust check doesn't solve everything. It's one signal among several. But it's a cheap, fast, structured signal your agent can act on before committing funds.</p> <h2> The API </h2> <p><a href="https://trustsource.cc" rel="noopener noreferrer">TrustSource</a> is an x402-enabled domain trust scoring API. You send a domain or URL, it returns a 0–100 score, a risk tier, and the underlying signals that drove the score. No API key, no account — it uses x402, so your agent pays 0.003 USDC per query and gets the result.</p> <p>The full OpenAPI spec is at <a href="https://trustsource.cc/openapi.json" rel="noopener noreferrer">trustsource.cc/openapi.json</a> if you want the machine-readable version.</p> <p>Here's what a response looks like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"domain"</span><span class="p">:</span><span class="w"> </span><span class="s2">"google.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"score"</span><span class="p">:</span><span class="w"> </span><span class="mi">90</span><span class="p">,</span><span class="w"> </span><span class="nl">"maxScore"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">,</span><span class="w"> </span><span class="nl">"tier"</span><span class="p">:</span><span class="w"> </span><span class="s2">"TRUSTED"</span><span class="p">,</span><span class="w"> </span><span class="nl">"breakdown"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"domainAge"</span><span class="p">:</span><span class="w"> </span><span class="mi">30</span><span class="p">,</span><span class="w"> </span><span class="nl">"tld"</span><span class="p">:</span><span class="w"> </span><span class="mi">20</span><span class="p">,</span><span class="w"> </span><span class="nl">"dnsPresence"</span><span class="p">:</span><span class="w"> </span><span class="mi">30</span><span class="p">,</span><span class="w"> </span><span class="nl">"registrar"</span><span class="p">:</span><span class="w"> </span><span class="mi">10</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"details"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"age"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"days"</span><span class="p">:</span><span class="w"> </span><span class="mi">10477</span><span class="p">,</span><span class="w"> </span><span class="nl">"label"</span><span class="p">:</span><span class="w"> </span><span class="s2">"established (5+ years)"</span><span class="p">,</span><span class="w"> </span><span class="nl">"created"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1997-09-15T07:00:00+0000"</span><span class="p">,</span><span class="w"> </span><span class="nl">"expires"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"tld"</span><span class="p">:</span><span class="w"> </span><span class="s2">".com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"dns"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"hasARecord"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"hasMxRecord"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"mxRecords"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"smtp.google.com"</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"registrar"</span><span class="p">:</span><span class="w"> </span><span class="s2">"markmonitor, inc."</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"meta"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"checkedAt"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2026-05-24T10:00:00.000Z"</span><span class="p">,</span><span class="w"> </span><span class="nl">"apiVersion"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"paidWith"</span><span class="p">:</span><span class="w"> </span><span class="s2">"x402/USDC"</span><span class="p">,</span><span class="w"> </span><span class="nl">"cached"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The four scoring signals:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Signal</th> <th>Max points</th> <th>What it measures</th> </tr> </thead> <tbody> <tr> <td>Domain age</td> <td>30</td> <td>WHOIS creation date — older = more trusted</td> </tr> <tr> <td>TLD</td> <td>20</td> <td> <code>.com/.org/.io</code> = trusted, <code>.tk/.xyz/.click</code> = risky</td> </tr> <tr> <td>DNS presence</td> <td>30</td> <td>Has A record (+20) and MX records (+10)</td> </tr> <tr> <td>Registrar</td> <td>20</td> <td>Known established registrar vs. unknown</td> </tr> </tbody> </table></div> <p>Tiers: <strong>TRUSTED</strong> (75+) / <strong>MODERATE</strong> (50–74) / <strong>CAUTION</strong> (25–49) / <strong>HIGH_RISK</strong> (0–24)</p> <p>Results are cached for 1 hour per domain, so repeat lookups are fast and the underlying WHOIS servers don't get hammered.</p> <h2> Integrating with your agent </h2> <p>Your agent needs to handle x402 payments to call this. If you're already using x402 in your stack, adding a trust check is straightforward. Here's a complete example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">x402Client</span><span class="p">,</span> <span class="nx">wrapFetchWithPayment</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@x402/fetch</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">registerExactEvmScheme</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@x402/evm/exact/client</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">privateKeyToAccount</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">viem/accounts</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// Set up x402 client (your agent's wallet)</span> <span class="kd">const</span> <span class="nx">signer</span> <span class="o">=</span> <span class="nf">privateKeyToAccount</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">AGENT_PRIVATE_KEY</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nf">x402Client</span><span class="p">();</span> <span class="nf">registerExactEvmScheme</span><span class="p">(</span><span class="nx">client</span><span class="p">,</span> <span class="p">{</span> <span class="nx">signer</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">fetchWithPayment</span> <span class="o">=</span> <span class="nf">wrapFetchWithPayment</span><span class="p">(</span><span class="nx">fetch</span><span class="p">,</span> <span class="nx">client</span><span class="p">);</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">checkTrustBeforePaying</span><span class="p">(</span><span class="nx">targetUrl</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">domain</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="nx">targetUrl</span><span class="p">).</span><span class="nx">hostname</span><span class="p">;</span> <span class="c1">// Query trust score — agent pays 0.003 USDC automatically</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetchWithPayment</span><span class="p">(</span> <span class="s2">`https://trustsource.cc/trustscore?domain=</span><span class="p">${</span><span class="nx">domain</span><span class="p">}</span><span class="s2">`</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">trust</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">domain</span><span class="p">}</span><span class="s2">: </span><span class="p">${</span><span class="nx">trust</span><span class="p">.</span><span class="nx">score</span><span class="p">}</span><span class="s2">/100 (</span><span class="p">${</span><span class="nx">trust</span><span class="p">.</span><span class="nx">tier</span><span class="p">}</span><span class="s2">)`</span><span class="p">);</span> <span class="k">return</span> <span class="nx">trust</span><span class="p">;</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">agentPurchaseFlow</span><span class="p">(</span><span class="nx">serviceUrl</span><span class="p">,</span> <span class="nx">purchaseAmount</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">trust</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">checkTrustBeforePaying</span><span class="p">(</span><span class="nx">serviceUrl</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">trust</span><span class="p">.</span><span class="nx">tier</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">HIGH_RISK</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`Aborting: </span><span class="p">${</span><span class="nx">trust</span><span class="p">.</span><span class="nx">domain</span><span class="p">}</span><span class="s2"> is HIGH_RISK (score: </span><span class="p">${</span><span class="nx">trust</span><span class="p">.</span><span class="nx">score</span><span class="p">}</span><span class="s2">)`</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">trust</span><span class="p">.</span><span class="nx">tier</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">CAUTION</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Your agent might want to flag this for review rather than abort</span> <span class="nx">console</span><span class="p">.</span><span class="nf">warn</span><span class="p">(</span><span class="s2">`Proceeding with caution: </span><span class="p">${</span><span class="nx">trust</span><span class="p">.</span><span class="nx">domain</span><span class="p">}</span><span class="s2"> scored </span><span class="p">${</span><span class="nx">trust</span><span class="p">.</span><span class="nx">score</span><span class="p">}</span><span class="s2">/100`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Proceed with the actual purchase...</span> <span class="p">}</span> </code></pre> </div> <h2> Decision logic patterns </h2> <p>How you act on the score depends on your agent's risk tolerance. A few approaches that make sense depending on context:</p> <p><strong>Hard block on HIGH_RISK:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">if </span><span class="p">(</span><span class="nx">trust</span><span class="p">.</span><span class="nx">tier</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">HIGH_RISK</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">action</span><span class="p">:</span> <span class="dl">"</span><span class="s2">abort</span><span class="dl">"</span><span class="p">,</span> <span class="na">reason</span><span class="p">:</span> <span class="s2">`Domain scored </span><span class="p">${</span><span class="nx">trust</span><span class="p">.</span><span class="nx">score</span><span class="p">}</span><span class="s2">/100`</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <p><strong>Threshold-based with escalation:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">if </span><span class="p">(</span><span class="nx">trust</span><span class="p">.</span><span class="nx">score</span> <span class="o">&lt;</span> <span class="mi">50</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">action</span><span class="p">:</span> <span class="dl">"</span><span class="s2">escalate</span><span class="dl">"</span><span class="p">,</span> <span class="na">requiresHumanApproval</span><span class="p">:</span> <span class="kc">true</span> <span class="p">};</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">trust</span><span class="p">.</span><span class="nx">score</span> <span class="o">&lt;</span> <span class="mi">75</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">action</span><span class="p">:</span> <span class="dl">"</span><span class="s2">proceed_with_log</span><span class="dl">"</span><span class="p">,</span> <span class="na">riskFlag</span><span class="p">:</span> <span class="kc">true</span> <span class="p">};</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">action</span><span class="p">:</span> <span class="dl">"</span><span class="s2">proceed</span><span class="dl">"</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <p><strong>Cost-proportional gating</strong> (sensible for variable-cost purchases):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Require higher trust for larger transactions</span> <span class="kd">const</span> <span class="nx">minimumScore</span> <span class="o">=</span> <span class="nx">purchaseAmount</span> <span class="o">&gt;</span> <span class="mf">1.00</span> <span class="p">?</span> <span class="mi">70</span> <span class="p">:</span> <span class="mi">50</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">trust</span><span class="p">.</span><span class="nx">score</span> <span class="o">&lt;</span> <span class="nx">minimumScore</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">action</span><span class="p">:</span> <span class="dl">"</span><span class="s2">abort</span><span class="dl">"</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <h2> What it doesn't cover </h2> <p>Worth being explicit about the limitations:</p> <ul> <li> <strong>WHOIS privacy protection</strong> — many domains redact registration data under GDPR. When that happens, the age score falls back to 0 ("unknown"). This is a known limitation of the public WHOIS system, not something this API can work around.</li> <li> <strong>Recently compromised legitimate domains</strong> — a 10-year-old <code>.com</code> with good DNS can still be a phishing site if the domain was hijacked. This API scores structural signals, not content.</li> <li> <strong>Very new legitimate services</strong> — a startup that launched last month will score low on domain age even if it's completely legitimate. Context matters.</li> </ul> <p>The score is best used as a filter to catch obvious red flags, not as a definitive verdict on any domain.</p> <h2> Using it without x402 </h2> <p>If your agent stack doesn't support x402 yet, you can still test it by running the payment manually. Get some Base Sepolia testnet USDC from <a href="https://faucet.circle.com" rel="noopener noreferrer">faucet.circle.com</a>, switch to testnet (<code>NETWORK=eip155:84532</code>, <code>FACILITATOR_URL=https://x402.org/facilitator</code>), and use the example client from the <a href="https://docs.cdp.coinbase.com/x402/quickstart-for-buyers" rel="noopener noreferrer">x402 quickstart for buyers</a>.</p> <h2> Resources </h2> <ul> <li>API endpoint: <a href="https://trustsource.cc" rel="noopener noreferrer">trustsource.cc</a> </li> <li>OpenAPI spec: <a href="https://trustsource.cc/openapi.json" rel="noopener noreferrer">trustsource.cc/openapi.json</a> </li> <li>Agentic.Market listing: <a href="https://agentic.market" rel="noopener noreferrer">agentic.market</a> </li> <li>x402 protocol docs: <a href="https://docs.x402.org" rel="noopener noreferrer">docs.x402.org</a> </li> <li>x402 buyer quickstart: <a href="https://docs.cdp.coinbase.com/x402/quickstart-for-buyers" rel="noopener noreferrer">docs.cdp.coinbase.com/x402/quickstart-for-buyers</a> </li> </ul> <p>If you're building agent payment flows and have thoughts on what other trust signals would be useful, happy to hear them.</p> ai agents x402 security