Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

rewritetoday/rewrite-inbound

Name: rewrite-inbound
Author: rewritetoday

rewrite-inbound/SKILL.md

npx skillsauth add rewritetoday/skills rewrite-inbound

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Rewrite Webhook Intake

Implement Rewrite webhook ingestion with security and reliability controls.

Workflow

Register a webhook in the dashboard, API, or CLI for the required Rewrite event types.
Verify the request signature from the raw body plus svix-* headers before trusting the payload.
Parse the standard event envelope and normalize it to your internal event schema.
Deduplicate by Rewrite webhook event ID before side effects.
Persist the raw payload plus the normalized representation for replay/debugging.
Enqueue downstream work and return a fast 2xx response.
Use delivery logs when troubleshooting missing or repeatedly failing deliveries.

Handler Design Rules

Keep webhook handler thin and idempotent.
Use the raw request body for signature verification.
Return within the 5 second webhook timeout budget.
Expect at-least-once delivery and 5 total retry attempts on failure.
Store raw payload and normalized event representation.
Prevent duplicate processing with webhook-event dedupe keys.
Treat Rewrite contactId as transport metadata that helps correlation, not as your app's canonical user identity.
Do not model this as end-user inbound SMS unless your application provides that layer itself.

Signature Verification (Inline Example)

import { Webhook } from "svix";

const wh = new Webhook(process.env.REWRITE_WEBHOOK_SECRET!);
const headers = { "svix-id": req.headers["svix-id"], "svix-timestamp": req.headers["svix-timestamp"], "svix-signature": req.headers["svix-signature"] };
const payload = wh.verify(rawBody, headers); // throws on invalid signature

Always pass the raw request body (Buffer/string before JSON parsing) to verify.

Resource Map

SDK and package setup: references/installation.md
Signature verification patterns: references/webhook-verification.md
Official webhook event envelope and payload shapes: references/payload-contract.md
Intake and retry-safe processing patterns: references/inbound-processing-patterns.md
Event routing and downstream actions: references/reply-routing.md
Delivery log inspection: references/delivery-logs.md

Output Contract

Expect the official Rewrite webhook delivery envelope documented in references/payload-contract.md:

{
  "id": "748395130237498911",
  "createdAt": "2026-03-19T18:42:13.000Z",
  "type": "message.sent",
  "data": {
    "id": "748395130237498500",
    "projectId": "748395130237498412",
    "contact": "Fernanda",
    "contactId": "748395130237498515",
    "to": "+5511999999999",
    "tags": [
      { "name": "use_case", "value": "otp_login" }
    ],
    "type": "SMS",
    "status": "SENT",
    "content": "Rewrite: your verification code is 123456",
    "country": "br",
    "analysis": {
      "characters": 41,
      "encoding": "gsm7",
      "segments": {
        "concat": 153,
        "count": 1,
        "reason": "fits",
        "single": 160
      }
    },
    "error": null,
    "deliveredAt": null,
    "scheduledAt": null,
    "templateId": null
  }
}

If your app needs a normalized internal schema, derive it from this envelope after signature verification and raw payload persistence.

rewritetoday/rewrite-inbound

rewrite-inbound/SKILL.md

Rewrite webhook ingestion workflow for your application. Use when the agent needs to configure Rewrite webhooks, verify signatures, parse and normalize event payloads, handle retries and dedupe, inspect delivery logs, and route delivery or OTP events safely.

2 stars

development

Updated May 4, 2026

$ install --global

skillsauth

npx skillsauth add rewritetoday/skills rewrite-inbound

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 4, 2026, 5:19 AM232.9s7 files scanned

SKILL.md

name:: rewrite-inbound
description:: Rewrite webhook ingestion workflow for your application. Use when the agent needs to configure Rewrite webhooks, verify signatures, parse and normalize event payloads, handle retries and dedupe, inspect delivery logs, and route delivery or OTP events safely.

Rewrite Webhook Intake

Implement Rewrite webhook ingestion with security and reliability controls.

Workflow

Register a webhook in the dashboard, API, or CLI for the required Rewrite event types.
Verify the request signature from the raw body plus svix-* headers before trusting the payload.
Parse the standard event envelope and normalize it to your internal event schema.
Deduplicate by Rewrite webhook event ID before side effects.
Persist the raw payload plus the normalized representation for replay/debugging.
Enqueue downstream work and return a fast 2xx response.
Use delivery logs when troubleshooting missing or repeatedly failing deliveries.

Handler Design Rules

Keep webhook handler thin and idempotent.
Use the raw request body for signature verification.
Return within the 5 second webhook timeout budget.
Expect at-least-once delivery and 5 total retry attempts on failure.
Store raw payload and normalized event representation.
Prevent duplicate processing with webhook-event dedupe keys.
Treat Rewrite contactId as transport metadata that helps correlation, not as your app's canonical user identity.
Do not model this as end-user inbound SMS unless your application provides that layer itself.

Signature Verification (Inline Example)

import { Webhook } from "svix";

const wh = new Webhook(process.env.REWRITE_WEBHOOK_SECRET!);
const headers = { "svix-id": req.headers["svix-id"], "svix-timestamp": req.headers["svix-timestamp"], "svix-signature": req.headers["svix-signature"] };
const payload = wh.verify(rawBody, headers); // throws on invalid signature

Always pass the raw request body (Buffer/string before JSON parsing) to verify.

Resource Map

SDK and package setup: references/installation.md
Signature verification patterns: references/webhook-verification.md
Official webhook event envelope and payload shapes: references/payload-contract.md
Intake and retry-safe processing patterns: references/inbound-processing-patterns.md
Event routing and downstream actions: references/reply-routing.md
Delivery log inspection: references/delivery-logs.md

Output Contract

Expect the official Rewrite webhook delivery envelope documented in references/payload-contract.md:

{
  "id": "748395130237498911",
  "createdAt": "2026-03-19T18:42:13.000Z",
  "type": "message.sent",
  "data": {
    "id": "748395130237498500",
    "projectId": "748395130237498412",
    "contact": "Fernanda",
    "contactId": "748395130237498515",
    "to": "+5511999999999",
    "tags": [
      { "name": "use_case", "value": "otp_login" }
    ],
    "type": "SMS",
    "status": "SENT",
    "content": "Rewrite: your verification code is 123456",
    "country": "br",
    "analysis": {
      "characters": 41,
      "encoding": "gsm7",
      "segments": {
        "concat": 153,
        "count": 1,
        "reason": "fits",
        "single": 160
      }
    },
    "error": null,
    "deliveredAt": null,
    "scheduledAt": null,
    "templateId": null
  }
}

If your app needs a normalized internal schema, derive it from this envelope after signature verification and raw payload persistence.

Related Skills

rewritetoday/sms-best-practices

development

VerifiedTrustedCommunity

General SMS best-practices guide for Rewrite-based systems. Use when the agent needs to define SMS architecture, contacts and segments strategy, deliverability, templates, retries, observability, webhook handling, or rollout guardrails before or alongside implementation.

2SKILL.mdUpdated May 4, 2026

rewritetoday/sms-best-practices

rewritetoday/send-sms

tools

VerifiedTrustedCommunity

Production SMS delivery workflow for Rewrite. Use when the agent needs to send transactional or campaign SMS, manage Rewrite contacts or segments, implement batching, enforce idempotency, use templates and scheduling, and integrate the official Rewrite SDKs, REST client, CLI, or ecosystem packages.

2SKILL.mdUpdated May 4, 2026

rewritetoday/send-sms

rewritetoday/agent-sms-inbox

development

VerifiedTrustedCommunity

Secure SMS agent workflow for building a text message chatbot, messaging agent, or SMS bot on Rewrite. Covers LLM-driven replies over application-owned inbound conversations with prompt-injection defense, action policy gates, risk-level escalation, and outbound send controls.

2SKILL.mdUpdated May 4, 2026

rewritetoday/agent-sms-inbox