Server data from the Official MCP Registry
Deterministic pre-send lint for SMS/iMessage: silent carrier filtering and segment blowups.
Deterministic pre-send lint for SMS/iMessage: silent carrier filtering and segment blowups.
willitsend is a well-designed MCP server for pre-send SMS/iMessage compliance checking. The codebase is security-conscious with no malicious patterns, proper input validation, and appropriate use of environment variables. Minor code quality observations and one informational finding about optional API enrichment do not materially impact the security posture. Permissions align appropriately with the tool's purpose. Supply chain analysis found 1 known vulnerability in dependencies (1 critical, 0 high severity). Package verification found 1 issue.
4 files analyzed · 5 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: AGENTPHONE_API_KEY
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-abryfs-willitsend": {
"env": {
"AGENTPHONE_API_KEY": "your-agentphone-api-key-here"
},
"args": [
"-y",
"willitsend"
],
"command": "npx"
}
}
}From the project's GitHub README.
Your AI agent sends texts. Carriers silently drop the non-compliant ones, and the API never tells you. willitsend is the missing check between the model and the carrier: a deterministic preflight for outbound SMS/iMessage that catches silent filtering, segment blowups, and dropped iMessage features before you spend the send.
Try it in the browser: runs client-side, nothing leaves the page.
npx -y -p github:abryfs/willitsend willitsend-cli "Hey! Your appointment is tomorrow at 2pm." --first-message
Verdict: BLOCK
Segments: 1 (gsm7, 41 septets)
Channel: unknown
[BLOCK] first-message.opt-out: First message doesn't include opt-out instructions (e.g. "Reply STOP
to unsubscribe"). Carriers may silently filter first messages that lack one, with no API error.
Fix: Append "Reply STOP to unsubscribe." to the message body.
Source: https://docs.agentphone.ai/documentation/reference/messaging-rate-limits#first-message-requirements
[WARN] first-message.opt-in: No opt-in acknowledgment language found …
[INFO] first-message.brand: No brand_name was provided …
Messaging APIs report "sent" when a message reaches the downstream carrier, not when it reaches a phone. AgentPhone's rate-limit docs spell out the consequence: first messages that skip brand identification, opt-in acknowledgment, or opt-out instructions "may be silently filtered by carriers. The API will not return an error."
AI agents now send texts autonomously, and nothing sits between the model and the carrier. An agent that drops the opt-out line gets no error and no delivery. An agent that adds one emoji turns a 160-character message into three billable segments and never notices.
willitsend is the missing check: a deterministic, stateless lint for a draft message. Text and context in, verdict and evidence out. It sends nothing and stores nothing.
sequenceDiagram
participant A as AI agent
participant W as willitsend
participant API as Messaging API
participant C as Carrier
participant P as Phone
rect rgba(255,69,58,0.08)
note over A,P: without preflight
A->>API: send_message (no opt-out language)
API-->>A: "sent" ✓
C--xP: silently filtered. no error, no delivery
end
rect rgba(52,199,89,0.08)
note over A,P: with preflight
A->>W: preflight_message(draft, context)
W-->>A: BLOCK · missing opt-out · fix + citation
A->>W: preflight_message(fixed draft)
W-->>A: PASS
A->>API: send_message
API-->>A: "sent" ✓
C->>P: delivered
end
A fair question: AgentPhone's docs are agent-readable, so you could feed them into every generation call and ask the model to comply. Two things break, and one gets expensive:
| Approach | Tokens per message | 10,000 msgs/day at $3/M input |
|---|---|---|
| Feed both AgentPhone doc pages into each generation call | ~7,700 | |
preflight_message call result (default) | ~250 (+ ~1,450 once per session for the tool definition) | ~$7.50/day |
preflight_message with response_format: "concise" | ~4 on pass, ~44 on block (measured) | ~$0.35/day at a 90% pass rate |
Roughly 30× fewer tokens per message in default mode — several hundred× in concise mode — and the checker's own compute rounds to zero (~4µs locally, no API). If you compress the rules into your system prompt instead — our skill file does, at ~950 tokens — you keep the compose-time benefit but still have no verifier and no segment math. Bulk senders feel this most: the tool exists precisely for AI agents sending texts at volume.
As an MCP tool (Claude Code):
claude mcp add willitsend -- npx -y -p github:abryfs/willitsend willitsend-mcp
or in any MCP client config:
{
"mcpServers": {
"willitsend": {
"command": "npx",
"args": ["-y", "-p", "github:abryfs/willitsend", "willitsend-mcp"]
}
}
}
For AI agents — paste this block into your agent (or point it at this README):
Install the willitsend MCP server (pre-send SMS/iMessage lint, no API key needed):
- Claude Code: run `claude mcp add willitsend -- npx -y -p github:abryfs/willitsend willitsend-mcp`
- Any other MCP client: add {"command": "npx", "args": ["-y", "-p", "github:abryfs/willitsend", "willitsend-mcp"]} to its MCP server config.
Then, before every send_message (or equivalent) call, call preflight_message with the
draft body, is_first_message_to_contact (true/false when known), and brand_name.
Treat verdict "block" as do-not-send: apply the returned fix strings and re-run until
pass. Treat "needs_context" as a signal to determine whether this is a first message
(check conversation history), never as permission to send. For high-volume loops pass
response_format: "concise" (~4 tokens on pass).
No API key required. Set AGENTPHONE_API_KEY if you want a live iMessage/SMS capabilities lookup for phone-number destinations; without it the tool runs offline. The config above installs straight from this repo (a prepare script builds on install) — nothing to sign up for. willitsend also publishes to npm and the MCP Registry under the server name io.github.abryfs/willitsend; once a release is cut, registry-aware clients can add it by name and npx -y willitsend starts the server directly. See docs/publishing.md for the release runbook.
As a library (npm install github:abryfs/willitsend):
import { preflight } from "willitsend";
const report = preflight({
body: "Acme: thanks for signing up. Your order shipped. Reply STOP to unsubscribe.",
is_first_message_to_contact: true,
brand_name: "Acme",
});
report.verdict; // "pass" | "warn" | "block" | "needs_context"
report.findings; // each with severity, fix, and a citation URL
report.trace.segments; // { encoding, units, segments, perSegment, ... }
As a CLI: npx -y -p github:abryfs/willitsend willitsend-cli --help (or npx -y -p willitsend willitsend-cli once installed from npm). Exit codes: 0 pass/warn, 1 block, 2 needs context, 3 usage error. It drops into CI or a shell pipeline as-is.
| Rule | Severity | Source |
|---|---|---|
first-message.opt-out: first message to a contact must carry opt-out instructions | block | AgentPhone docs |
first-message.brand: first message must identify the brand (checked only against a brand_name you provide, never guessed) | block | AgentPhone docs |
first-message.opt-in: first message should acknowledge how the contact opted in | warn | AgentPhone docs |
first-message.media-only: compliance text can't ride in an image | warn | AgentPhone docs |
segments.unicode-blowup: one non-GSM character re-encodes the whole message as UCS-2 | warn | AgentPhone docs |
imessage.feature-fallback: send_style, threaded replies, and carousels drop without a trace on SMS fallback | warn | AgentPhone docs |
imessage.invalid-send-style, imessage.carousel-count: invalid effect names, carousels outside the documented 2-20 range | block | AgentPhone docs |
imessage.new-contact-cap: iMessage caps new-contact sends at 50/day per line | info | AgentPhone docs |
destination.invalid, destination.voip: malformed destinations; known-VoIP lines (line type is never guessed from the number) | block / warn | send API / AgentPhone docs |
content.shaft: sex/alcohol/firearms/tobacco terms carriers filter (hate speech has no keyword rule: word lists can't detect it and we don't pretend) | warn | Twilio guidelines |
content.url-shortener: shared public shorteners (bit.ly, tinyurl, …) conflict with CTIA dedicated-shortener guidance | warn | CTIA MP&BP (PDF) |
content.spam-patterns: ALL-CAPS runs, $$$, !!! | info | heuristic |
Rules come in two labeled tiers. Rules sourced from AgentPhone's own documentation can block. Industry-sourced rules warn at most, because a keyword heuristic has no business vetoing your send.
A finding that depends on context you didn't supply doesn't pretend to be certain. If you never say whether this is the first message to a contact, the opt-out rule reports conditionally and the verdict is needs_context. You get no fake pass and no fake block.
flowchart LR
F[findings] --> B{any block finding<br/>with known context?}
B -- yes --> BLOCK
B -- no --> C{any block finding<br/>waiting on context?}
C -- yes --> NC[NEEDS_CONTEXT]
C -- no --> W{any warning?}
W -- yes --> WARN
W -- no --> PASS
Every report also carries a send trace: destination classification, assumed channel (iMessage/SMS/MMS), full segment math (encoding, septet and code-unit counts, placement-aware per-segment packing), and, given a 10DLC campaign tier, what this message costs against published daily segment caps.
Reproduce every number here from the repo; none of them require an account.
test/parity.test.ts; run npm test.npm run bench on yours. Preflighting every outbound message is cheaper than logging it.You will find no delivery-rate improvement claims here. That claim needs send data we don't have.
Carriers filter with systems whose rules they don't publish. The policy layer is public (conduct codes, content categories, volume caps); the runtime filtering decisions are deliberately opaque, and only part of the outcome is observable (some blocks return explicit filter errors, some messages are accepted and silently never delivered). This tool covers the deterministic, documented layer, and nothing else:
pass is not a delivery guarantee. It means nothing documented will kill the message.locale field).destination_line_type from a lookup service if you have one; libphonenumber-js gives a free approximation, with known limits for US numbers.No telemetry. No network calls, except the optional capabilities lookup you enable with an API key. The tool never logs, stores, or echoes message bodies in its output. The playground runs in your browser and sends nothing anywhere.
dry_run parameter on the send endpoint itself. The library is written to drop in, as a pure function with no state and a dependency-free core.git clone https://github.com/abryfs/willitsend && cd willitsend
npm install # builds via prepare
npm test # 191 tests: unit, Twilio parity, held-out acceptance
npm run bench
MIT
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.