Agents Access Full APIs via Safe Code Execution
Bypass MCP tool context explosion (1.1M tokens for Cloudflare's 2600 endpoints) by letting agents generate TypeScript code against typed SDKs and run it in isolated V8 sandboxes like Cloudflare Workers with programmable guardrails.
Ditch Tool Dumping for Code Generation
Traditional MCP approaches fail at scale: bundling all tools explodes context windows—Cloudflare's full OpenAPI spec is 2.3M tokens, converting to ~1.1M tokens in tools, unusable even on largest models. Splitting into product-based MCP servers (e.g., Cloudflare's 16 servers covering ~2500 endpoints) reduces context but leaves incomplete coverage (6 tools vs. 30 endpoints per suite) and forces user selection. CLI introspection works (e.g., Wrangler lists D1 databases via --help) but requires shell access. Tool search (e.g., Cloud Code's keyword matching loads k=8 relevant tools) wastes context (~2100 tokens loaded, only 500 used). Core fix: generate typed TypeScript SDKs from OpenAPI specs, let agents write concise code against them (e.g., listWorkers() or deploy hello-world Worker with Access policy), enabling full API access in ~1000 tokens.
Secure Untrusted Code with Isolated Sandboxes
Executing agent-generated code risks filesystem reads, secret exfiltration, infinite loops, or crypto mining—historically mitigated via DSLs, VMs, or code review, all cumbersome. Use V8 isolates like Cloudflare Workers: execute code from strings in lightweight, programmable sandboxes. No process.env secrets by default (Node compat off errors it out); block outbound net via global functions unless explicitly allowed (flick a boolean or domain whitelist). Demo: agent lists Workers, deploys secure ones, inspects DNS—all read-only across 2600+ endpoints post-auth. Scales to billions of requests; similar primitives emerging in Deno (deno run), Pydantic Logit (Python interpreter), WorkerD (dynamic Workers for fib sequences).
Client Evolution: Programmatic Calling and MCP Middleware
Clients stall on complex stateful MCP (resumability, connections); future simplifies to programmatic tool calling—one "code" tool where agents generate/run scripts. Save mini-scripts for reuse (e.g., cron web scraping, auto-fixed on breakage). Proliferate cloud-native stateless agents (100s per user) via easier MCP SDKs as middleware—flag mcp: true in TypeScript frameworks (native by year-end), exposing 1000s of endpoints from one Next.js app. Services must harden: robust rate limiting against sandbox loops hammering APIs. Result: agents treat APIs as typed code targets, not rigid tools—MCP lives as protocol, not bloated context.