Code mode: how Cloudflare turns MCP tools into TypeScript and runs them in secure Workers

AI Botpress
LLMNews

Turning MCP tools into TypeScript, then running them safely

We replace brittle tool-calling with code by converting MCP tools into a TypeScript API and asking the LLM to write and run the code in a sandbox. This approach lets agents handle more tools, chain complex operations efficiently, and avoid token churn while retaining MCP’s uniform connectivity, auth, and docs. Powered by Cloudflare Workers isolates and a new Worker Loader API, it runs fast, securely, and without leaking API keys.

Points clés

  • We propose “code mode”: convert MCP tools into a TypeScript API and have the LLM write code against it, rather than invoking tools directly.
  • Agents handle many more and more complex tools when presented as TypeScript, and code mode avoids feeding intermediate results through the model, reducing token and latency overhead.
  • MCP remains valuable as a uniform protocol for connectivity, authorization, and documentation, even when used to generate a programming interface instead of raw “tools.”
  • The Cloudflare Agents SDK adds a codemode helper for ai-sdk; you wrap your system prompt and tools, and the agent generates and executes code that calls MCP-backed APIs.
  • The SDK fetches an MCP schema and emits TypeScript definitions with doc comments; example endpoints include searchagentscode with 30 results per page and fetchgenericurl_content.
  • Code executes in a secure sandbox with no Internet access; the only I/O is via bindings to MCP servers, and results are returned via console.log.
  • We use V8 isolates (not containers) for dynamic, per-snippet execution; isolates start in milliseconds with minimal memory, making overhead negligible.
  • The new Worker Loader API lets a Worker load code on demand, specify modules and env, set compatibilityDate (e.g., 2025-06-01), and route outbound traffic via ctx.exports.
  • Bindings hide API keys and enforce least privilege: the supervisor injects tokens on behalf of the sandbox, eliminating common key-leak risks in AI-authored code.
  • Authored by Kenton Varda and Sunil Pai, published 2025-09-26 on the Cloudflare blog, 9 min read, with closed beta sign-up for production use and full local support via Wrangler/workerd.

À retenir

Skip hand-feeding your agent a buffet of tools and let it cook with TypeScript instead. Wrap your tools with code mode, keep the sandbox sealed, and let Workers isolates do the heavy lifting while bindings keep your API keys out of mischief. If you can run it locally today and join the beta for production tomorrow, that’s one fewer excuse to keep “teaching” LLMs tool-calling the hard way.

Sources

Sélection aléatoire d'articles