Research Findings
API Insights
- Namecheap DNS API uses POST with form parameters; responses are XML.
- Authentication: `ApiUser`, `ApiKey`, `UserName`, `ClientIp`. IP must be whitelisted.
- Commands: `dnsns.*` for DNS records; `domains.getList` for listing owned domains.
- Records include `ID`, `Type`, `Name`, `Value`, `TTL`, and `MXPref` for MX.
- Apex records use `HostName="@"`.
- TTL options: typical values are 60, 1800, 3600, etc.
- There is no direct “update record” command; to modify a single record you must either use `setHostRecords` (replace entire zone) or delete + add.
- Error responses include numeric codes and human‑readable text; common errors: duplicate record, invalid IP, rate limit.
Protocols & Data Mapping
- XML parsing in Go is straightforward with `encoding/xml`.
- MCP tools will map naturally: add_record → `dnsns.addHost`, list_records → `dnsns.getList`, etc.
- MX records require special handling: split `value` into priority and host.
- Domain parsing: need SLD and TLD for API calls. For accurate parsing across all TLDs, using `golang.org/x/net/publicsuffix` is advisable.
Operational Concerns
- Rate limiting: likely generous, but implement 1–2 QPS and retries to be safe.
- Logging: avoid logging credentials; log errors with context.
- Sandbox environment available at `https://api.sandbox.namecheap.com/xml.response` – use for development.
- Credentials via environment variables; can also use a `.env` file with a small loader.
Security
- IP whitelist is an effective control: only requests from authorized server IPs accepted.
- MCP over stdio limits exposure; but still keep API key secret.
- Consider mandating `MCP_SECRET` token for extra protection if the binary might be spawned by untrusted processes (unlikely).
Implementation Strategy
- Build incrementally: start with `domains.list` to prove auth, then `dns.list_records`, then add/create/delete.
- Use a simple `Client` struct that handles POST, XML, and error checks.
- MCP server: either use existing Go SDK or minimal custom JSON‑RPC; the latter is lightweight.
- Unit tests with mocked HTTP responses; integration tests against sandbox.
Open Items
- Domain splitting edge cases (multi‑part TLDs) – resolve with publicsuffix library.
- Confirm exact error code for duplicate record; handle gracefully.
- Decide on default TTL (3600 standard).
- Whether to support wildcard `*` names – yes, just pass through.