code-mode
Code-Mode is a TypeScript library that lets AI agents execute complex workflows through a single code execution interface instead of traditional function calls. It works with MCP and UTCP protocols to discover and chain multiple tool operations efficiently.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | universal-tool-calling-protocol/code-mode |
| Owner | universal-tool-calling-protocol |
| Primary language | TypeScript |
| License | MPL-2.0 — OSI-approved |
| Stars | 1.5k |
| Forks | 99 |
| Open issues | 3 |
| Latest release | v1.0.6 (2025-11-23) |
| Last updated | 2026-06-18 |
| Source | https://github.com/universal-tool-calling-protocol/code-mode |
What code-mode is
Node.js-based library providing sandboxed TypeScript execution with dynamic tool discovery, auto-generated type interfaces, and support for MCP/UTCP/HTTP/CLI protocols. Enables agents to batch tool calls into single code blocks with full observability and timeout protection.
Get the code-mode source
Clone the repository and explore it locally.
git clone https://github.com/universal-tool-calling-protocol/code-mode.gitcd code-mode# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires Node.js runtime; evaluate CPU/memory overhead of sandboxed VM per execution, especially at high concurrency.
- Tool discovery and type generation happen at runtime; measure startup latency and cache strategy for production systems.
- Sandboxing relies on Node.js isolates; review isolation guarantees against your threat model (not browser-grade isolation).
- Agent must be capable of generating valid TypeScript; fallback handling for malformed code is essential.
- Timeout configuration and error recovery must align with agent retry logic to avoid cascading failures.
When to avoid it — and what to weigh
- Strict deterministic control required — Code execution introduces variability; if your system requires rigid, pre-validated call sequences, traditional function calls may be safer.
- Zero code execution tolerance — Project security policy prohibits executing arbitrary code (even sandboxed); requires alternative tool-calling approaches.
- Single-tool, simple operations — For agents that call one tool at a time, Code-Mode overhead outweighs batching benefits; use standard tool interfaces.
- No TypeScript/JavaScript runtime available — Requires Node.js environment; not suitable for Python-only, Rust-only, or browser-only deployments without additional layers.
License & commercial use
MPL-2.0 (Mozilla Public License 2.0). Permissive copyleft license permitting commercial use, modification, and distribution under compliance with MPL-2.0 terms (source disclosure for modifications, patent grants). Not GPL-class viral licensing.
MPL-2.0 permits commercial use and integration into proprietary products. Requires disclosure of modifications to the library itself, but does not affect proprietary agent or application code. Suitable for commercial SaaS and internal enterprise use. Consult legal review for high-risk compliance scenarios.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Strong |
| Assessment confidence | High |
Project claims 'Secure VM Sandboxing' via Node.js isolates and 'Zero External Dependencies—tools only accessible through registered UTCP/MCP servers.' Node.js isolates provide process-level isolation but not kernel-level security; evaluate against your threat model. Timeout protection prevents runaway code. Full console output capture may expose sensitive logs. No third-party security audit or CVE history provided; assess isolation guarantees independently before processing sensitive data.
Alternatives to consider
OpenAI Function Calling / Tool Use (Claude, Gemini)
Standard LLM function-calling interface; lower latency for single calls but requires multiple round-trips for multi-step workflows; better for deterministic, pre-defined tool sets.
Anthropic Computer Use / Tool Use with Vision
Visual agent capability; not optimized for code-driven orchestration; better for GUI automation, screenshot interpretation, and click-based workflows.
LangChain / LlamaIndex Agent Frameworks
Higher-level abstractions for agent loops, memory, and tool orchestration; more ecosystem integrations; less focused on code execution efficiency; steeper learning curve.
Build on code-mode with DEV.co software developers
Evaluate Code-Mode for multi-step agent orchestration. Start with the CLI, review isolation guarantees, and pilot in non-critical environments before production deployment.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
code-mode FAQ
Is the sandbox truly secure for untrusted code?
Does Code-Mode work with non-JavaScript agents?
What if the agent generates invalid TypeScript?
How does tool discovery scale with large tool catalogs?
Custom software development services
Adopting code-mode is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate mcp servers software in production.
Ready to streamline agent workflows?
Evaluate Code-Mode for multi-step agent orchestration. Start with the CLI, review isolation guarantees, and pilot in non-critical environments before production deployment.