Skip to main content
For inbound SMS and iMessage, Comms treats the sender phone number as the verified subscriber identity for that run. When a verified phone number exists, Comms only retrieves MCP records connected to that phone number.

What gets stripped

Before an MCP call, Comms removes user-supplied scope fields such as:
  • email
  • subscriberEmail
  • name
  • customerName
  • bookingReference
  • confirmationNumber
  • customerId
  • userId
  • phone
The user can still type those values in conversation, but the runtime does not use them to widen the MCP lookup.

What gets injected

Comms injects the verified sender phone number into supported phone fields:
  • subscriberPhoneE164
  • verifiedPhoneE164
  • customerPhoneE164
  • phone
  • phoneE164
  • phoneNumber
  • contactPhone
  • contactPhoneE164
  • memberPhoneE164
  • participantPhoneE164

Example

If a subscriber texts: 
What reservations do I have? My email is my personal email.
The model might try to call: 
{
  "email": "<user-typed email>"
}
Comms rewrites the tool arguments to: 
{
  "subscriberPhoneE164": "<verified sender phone>"
}
The MCP server only receives the verified phone scope.

Failing closed

If an agent has MCP selected but no callable subscriber-safe tool schemas are available, Comms fails the run instead of letting the model improvise with private-data claims.