AgentSIMOTP sessions for agents

Changelog

What's new

v0.17.0
webdocs

Site-wide OG images and docs clean-up

A shared OpenGraph image worker now covers every route on the marketing site. Docs were scrubbed of internal artifacts and rewritten to be end-user facing.

The marketing site received a new shared OG image layer — a single worker renders on-brand 1200×630 cards for every route instead of each page carrying its own bespoke image logic. The design uses the AgentSIM keypad mark with a cyan/green radial glow on a dark canvas.

Alongside that, the public docs were overhauled:

  • Removed research and internal planning documents that had leaked into the published Mintlify site.
  • Rewrote copy that overstated the substrate (removed "real SIM" language — these are Telnyx programmable numbers, not physical SIMs).
  • Added an /about page on the marketing site.
  • Blog posts were rewritten to match the accurate @agentsim/sdk API surface.
v0.16.0
apisecuritybilling

Security hardening, billing fixes, and phone pool reliability

Sensitive request headers are now redacted from API logs. Tainted phone numbers are retired immediately to prevent cross-tenant SMS leaks. Metered billing and Stripe checkout flows were stabilised.

Several reliability and security issues were addressed across the API, dashboard, and MCP server.

Security

  • API logs no longer emit sensitive request headers (authorization tokens, etc.).
  • Tainted phone numbers — numbers that received SMS intended for another session — are now retired immediately and removed from the pool, preventing cross-tenant message exposure.

Billing

  • Metered billing fallback path was hardened; existing Stripe customers are now redirected to the customer portal instead of a new checkout session.
  • Plan tier is now queried from the database rather than an environment variable, fixing cases where the wrong quota was applied.
  • Replenish retries no longer loop on provider ordering failures.

Dashboard

  • Playground diagnostic endpoint added for verifying Stripe environment connectivity.
  • Server Actions now log database errors instead of silently swallowing them.
  • Upstream playground API calls include retry logic with diagnostics.

MCP server

  • Railway start command was corrected to use the uv project venv Python binary.
v0.15.0
dashboardauthonboarding

Playground improvements and onboarding flow

New users are redirected to the playground on first login, where they can now reveal their full API key, see a welcome banner, and simulate an OTP without setting anything up.

A cluster of onboarding and playground improvements shipped across the 0.11–0.15 window.

Playground

  • Full API key is now revealed in the playground (previously shown as a hint only).
  • A welcome banner greets new users and explains what to do next.
  • Simulate OTP button lets you test the full flow without provisioning a real number first.
  • A countdown timer adds urgency cues during live sessions.
  • Post-OTP CTAs guide users toward integrating the SDK.

Auth and onboarding

  • New users are automatically redirected to the playground via an onboarded_at check on first login.
  • Google OAuth state is now stored in a cookie, fixing state_mismatch errors on callback.
  • Inbound SMS is now associated with recently-expired sessions (catches messages that arrive a few seconds after the TTL).

Sign-up

  • Phone number field added to the sign-up form (used for account contact, not OTP).
v0.10.0
launchsdkmcp

Initial public release

AgentSIM is now publicly available. Provision a temporary US phone number, wait for an OTP, and release — from Python, TypeScript, or directly through the MCP server.

AgentSIM is live. The core product: temporary, programmable US phone numbers that AI agents can use to receive SMS OTPs, with a blocking waitForOtp / wait_for_otp call that returns the parsed code as soon as it arrives.

What ships today

  • REST API at api.agentsim.dev — provision, wait, release endpoints with API key auth.
  • TypeScript SDK (@agentsim/sdk) — zero runtime dependencies, typed responses, Symbol.asyncDispose support for await using patterns.
  • Python SDK (agentsim-sdk, import as agentsim) — async-first with httpx and Pydantic v2 models.
  • Hosted MCP server at mcp.agentsim.dev/mcp — connect any MCP-capable agent with a single line of config; tools: provision_number, wait_for_otp, get_messages, release_number.
  • Console at console.agentsim.dev — dashboard for API keys and usage.

Known scope

Numbers are Telnyx programmable numbers, US-only. They work well for services that accept standard US numbers. Strict consumer platforms (Stripe Identity, WhatsApp, Google Account) have anti-VoIP gates and are not reliably supported — check the support matrix before building.