Skip to Content
Configuration

Configuration

zaileys-mcp is configured with environment variables when run standalone, or options when embedded. They map one-to-one.

Environment variables (standalone)

VariableDefaultDescription
ZAILEYS_SESSIONmcpSession id. Auth persists under ./.zaileys/auth/<id>.
ZAILEYS_AUTH_TYPEqrqr or pairing.
ZAILEYS_PHONEPhone number (E.164 digits, no +) for pairing-code login.
ZAILEYS_READONLYfalsetrue to expose only read tools (no sending or mutations).
ZAILEYS_ALLOWLISTComma-separated numbers/JIDs. Restricts outbound tools to these recipients.
ZAILEYS_TOOLSprogressiveTool-exposure strategy — see below.
{ "mcpServers": { "whatsapp": { "command": "npx", "args": ["-y", "zaileys-mcp"], "env": { "ZAILEYS_SESSION": "work", "ZAILEYS_READONLY": "false", "ZAILEYS_ALLOWLIST": "6281111111111,6282222222222", "ZAILEYS_TOOLS": "progressive" } } } }

Options (embedded)

serveMcp(client, options) and createMcpServer(client, options) accept:

OptionTypeDescription
readOnlybooleanExpose only read tools. Default false.
allowliststring[]Restrict outbound tools to these numbers/JIDs. Read tools are unaffected.
tools'progressive' | 'full' | 'core' | string[]How many tools are active at once. Default 'progressive'.
namestringServer name reported to MCP clients. Default 'zaileys'.
versionstringServer version reported to MCP clients.
transportTransportCustom MCP transport (serveMcp only). Default stdio.

Tool-exposure strategy

tools (env ZAILEYS_TOOLS) controls how many of the 60+ tools are active — i.e. visible in the agent’s context — at any moment. All tools always exist; this only changes what’s exposed up front.

ValueActive toolsDiscovery
progressive (default)~13 coreRest revealed on demand via find_tools
fullall 60+— (everything already active)
core~12 coreNone (locked minimal set)
string[]exactly the named toolsPlus find_tools to reach the rest

progressive is the recommended default: full capability, small context. See Tool Strategy for how find_tools works. Use full only with clients that comfortably handle large tool lists.

Read-only and allowlist

Two independent guardrails, both usable in any mode:

  • readOnly — write tools (send, react, edit, delete, group/profile/privacy mutations) are never registered. The agent physically cannot send.
  • allowlist — outbound tools refuse any recipient not on the list. Read tools still work everywhere.
await serveMcp(client, { readOnly: true }) // agent can read, never send await serveMcp(client, { allowlist: ['6281111111111'] }) // can only message one number

See Safety for when to use each.