Skip to content

Mcp code mode #3510

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
aditya520 wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Mcp code mode #3510

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
735560f
docs(mcp): add code mode adoption plan
aditya520 Mar 2, 2026
e87a6e7
feat(mcp): implement Code Mode with search and execute tools
aditya520 Mar 2, 2026
fc97625
fix(mcp): address 6 Code Mode review issues
aditya520 Mar 2, 2026
b188620
fix(mcp): close VM escape, enforce async timeout, handle undefined re…
aditya520 Mar 6, 2026
8520863
fix(mcp): remove stale isolated-vm from lockfile
aditya520 Mar 9, 2026
f4e6929
chore(mcp) fix comments
aditya520 Mar 9, 2026
bddb3ae
fix(mcp): bridge async bindings through sandbox-realm Promises
aditya520 Mar 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 20 additions & 2 deletions apps/mcp/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,22 @@ Any MCP client that supports StreamableHTTP can connect using the URL:
https://mcp.pyth.network/mcp
```

## Tools
## Modes

### Legacy (stdio) — `pyth-mcp`

Exposes 4 tools: `get_symbols`, `get_historical_price`, `get_candlestick_data`, `get_latest_price`. Use for local Claude Desktop / Claude Code. Token passed as tool parameter.

### Code Mode only (stdio) — `pyth-mcp-codemode`

Exposes 2 tools: `search`, `execute`. LLM writes async code against `codemode.*` functions. Token injected server-side — never exposed to the model. Use for hosted/public endpoint.

```sh
# Run Code Mode (requires PYTH_PRO_ACCESS_TOKEN for get_latest_price)
PYTH_PRO_ACCESS_TOKEN=<token> node apps/mcp/dist/index-codemode.js
```

## Tools (Legacy mode)

| Tool | Description | Auth Required |
|------|-------------|---------------|
Expand Down Expand Up @@ -81,6 +96,9 @@ Try these with any connected AI assistant:
For contributors working on the MCP server itself.

### Build
Code Mode exposes these via `codemode.get_symbols`, `codemode.get_latest_price`, etc. inside `execute()`.

## Setup
Comment on lines +99 to +101
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration Bot Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 README has misplaced Code Mode text under ### Build and broken heading hierarchy with ## Setup

The ### Build subsection (under ## Local Development) now contains an orphaned Code Mode description sentence (Code Mode exposes these via...) instead of the build command. The build command was moved into a new ## Setup top-level section, which breaks the document hierarchy — ## Setup sits at the same level as ## Local Development but the build instructions logically belong under ### Build. The Code Mode sentence appears to belong in the ## Modes or ## Tools (Legacy mode) section instead.

Prompt for agents 
In apps/mcp/README.md, lines 98-101, the sentence 'Code Mode exposes these via codemode.get_symbols, codemode.get_latest_price, etc. inside execute().' appears to be misplaced under the '### Build' heading. It should be moved to the '## Modes' section (around line 51-64) or the '## Tools (Legacy mode)' section (around line 66). Additionally, the '## Setup' heading on line 101 should be removed or changed to '### Build' to restore the original subsection hierarchy under '## Local Development'. The build command on line 103-105 should remain under the '### Build' subsection.
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.


```sh
pnpm --filter @pythnetwork/mcp build
Expand Down Expand Up @@ -116,7 +134,7 @@ To connect a client to a local build via stdio:

| Variable | Default | Description |
|----------|---------|-------------|
| `PYTH_PRO_ACCESS_TOKEN` | — | Bearer token for Router API |
| `PYTH_PRO_ACCESS_TOKEN` | — | Bearer token for Router API. Required for Code Mode `get_latest_price`; injected server-side |
| `PYTH_CHANNEL` | `fixed_rate@200ms` | Default price channel |
| `PYTH_LOG_LEVEL` | `info` | Log level (debug/info/warn/error) |
| `PYTH_REQUEST_TIMEOUT_MS` | `10000` | HTTP request timeout |
Expand Down
79 changes: 79 additions & 0 deletions apps/mcp/docs/CODE_MODE_ADOPTION_PLAN.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
# Pyth MCP Code Mode Adoption Plan

## Decision

Adopt Code Mode and host on Cloudflare Workers by default.

This is the shortest path to:
- Stable `search` + `execute` tool surface as APIs evolve
- Strong token security via server-side injection
- Full observability with low operational overhead

## Why This Direction

- Code Mode keeps MCP tool count fixed while backend APIs grow.
- Server-side token injection avoids passing `access_token` in model-visible calls.
- Cloudflare execution sandboxing is production-ready for generated code workloads.
- Cloudflare access controls and centralized logging align with security requirements.

## Architecture (Target)

- Expose Code Mode tools:
- `search`
- `execute`
- Keep existing traditional tools as fallback during rollout.
- Route `get_latest_price` through a wrapper that injects a server-managed token.
- Never expose the token in tool schema, prompt context, or user-provided arguments.

## Hosting Recommendation

Primary:
- Cloudflare Workers + Dynamic Worker Loader

Fallback (only if Cloudflare is not allowed):
- Kubernetes + Node + `isolated-vm` + OpenTelemetry

## Security Requirements

- Use one server-managed Pyth Pro token from a secret manager.
- Inject token only inside execution boundary.
- Block outbound network from generated code except approved tool proxy path.
- Enforce per-request timeouts and rate limits.
- Redact secrets from all logs and error payloads.

## Observability Requirements

- Traces:
- MCP request span
- code execution span
- upstream API spans
- Metrics:
- execution latency (p50/p95/p99)
- sandbox timeout/error rates
- upstream error rates
- tool calls per execution
- response size
- Structured logs:
- `requestId`, `sessionId`, `clientName`, `toolsCalled`, `executionTimeMs`
- Dashboards:
- reliability
- security events
- Code Mode adoption and efficiency

## Rollout Plan

1. Add feature flag: `ENABLE_CODE_MODE`.
2. Implement `search` and `execute` with token-injecting wrapper.
3. Add tests for:
- token injection
- sandbox timeout/network blocking
- multi-step one-roundtrip execution
4. Launch internal beta with fallback tools enabled.
5. Make Code Mode default after stability and observability targets are met.

## Exit Criteria for Default-On

- No token leakage in request/response/log pipelines.
- Sandbox timeout and error rates within SLO.
- Code Mode handles majority of complex multi-step queries.
- Traditional fallback remains available for client compatibility.
6 changes: 5 additions & 1 deletion apps/mcp/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
{
"bin": {
"pyth-mcp": "./dist/index.js",
"pyth-mcp-codemode": "./dist/index-codemode.js"
},
"dependencies": {
"@modelcontextprotocol/sdk": "^1.12.1",
"@pythnetwork/pyth-lazer-sdk": "^5.2.1",
Expand Down Expand Up @@ -29,7 +33,7 @@
"url": "https://github.com/pyth-network/pyth-crosschain"
},
"scripts": {
"build": "tsup src/index.ts src/http.ts --format esm --dts --clean",
"build": "tsup src/index.ts src/index-codemode.ts src/http.ts --format esm --dts --clean",
"clean": "rm -rf dist/",
"start": "node dist/http.js",
"start:dev": "tsx src/http.ts",
Expand Down
Loading
Loading