MCP-as-Code-API

also known as Code-Execution-with-MCP, MCP-as-Typed-API, Filesystem-Mirrored Tools, Tools-as-Code-Modules

Materialize MCP servers as a directory of typed code wrappers so the agent writes code that imports them and large tool outputs flow between calls inside the sandbox without ever entering the model's context window.

This pattern helps complete certain larger patterns —

specialisesModel Context Protocol★★— Standardise how agents discover and call tools so that a tool written once is usable by any conformant agent.

Context

A team is running an agent that is connected to many Model Context Protocol (MCP) servers at once: a Google Drive server, a Slack server, an internal Postgres server, a GitHub server. Each server exposes tens or hundreds of tools with verbose JSON outputs. The agent already has a code-execution sandbox available (a Python or TypeScript runtime it can use as its action channel).

Problem

Conventional tool calling loads every advertised tool schema into the system prompt and routes every tool result back through the model's context window, even when the model is only going to pass that result straight to the next tool. A single workflow that joins a 5 megabyte spreadsheet with a paginated Slack thread can burn six-figure token counts before any actual reasoning happens, and most of those tokens are plumbing the model never has to read.

Forces

Tool schemas are static and discoverable on the filesystem, but model context is scarce and per-turn-priced.
Intermediate data often flows tool-to-tool with no semantic reasoning in between, yet conventional MCP routes every byte through the model.
Code execution can manipulate large objects locally for free, but only if tool wrappers exist as callable code.
Typed wrappers give the model autocomplete-like affordances, but typing every tool by hand does not scale; wrappers must be generated from MCP schemas.
Security boundaries previously enforced by the model reading tool output now shift to the sandbox; untrusted data may flow without an LLM checkpoint.

Example

An assistant must take meeting notes from Google Drive, identify action items, and post them in the right Slack channels. The naive approach pulls the entire transcript into context, then pulls the channel list, then formats messages — burning ~150K tokens. With MCP-as-Code-API, the model writes a short TypeScript that imports gdrive.getDocument and slack.postMessage, filters action items in-process, and prints only a confirmation. Total tokens dropped to ~2K because the transcript never crossed the context boundary.

Diagram

flowchart TD A[Agent context<br/>small] -->|writes script| SCR[Generated code] SCR --> SAND[Sandbox runtime] subgraph FS[Tool wrapper tree on filesystem] W1[servers/gdrive/getDocument.ts] W2[servers/slack/listChannels.ts] W3[servers/.../tool.ts] end SAND -->|imports| FS FS --> MCP[MCP servers] MCP --> FS FS --> SAND SAND -->|only printed / saved output| A SAND -.large intermediate data stays in sandbox memory.-> SAND

Solution

Therefore:

At connection time, walk each MCP server's tool list and emit a file per tool (e.g. servers/gdrive/getDocument.ts, servers/slack/listChannels.ts) with full type signatures derived from the JSON schema. Expose this tree to the agent as a readable filesystem and let it explore via standard list/read primitives rather than loaded schemas. The agent then writes execution code — a short script that imports the wrappers, chains calls, transforms results in-memory, and prints only the final answer. Tool outputs live in sandbox variables; only what the script prints (or saves to a designated output) crosses back into model context. Pair with progressive disclosure: the model reads only the tool files it intends to use.

What it gives you

Massive token reduction — Anthropic reports 98.7% on representative workflows.
Large tool outputs (sheets, transcripts, binaries) never enter context.
Composition becomes ordinary programming: filters, joins, retries are code, not prompted loops.
Tool discovery becomes filesystem navigation, reusing well-trained model behaviour.
Schemas are loaded on demand rather than all upfront.

What it costs you

Requires a working code-execution sandbox with network egress controls.
Model must be strong at code generation in the chosen runtime.
Untrusted data flowing through code without LLM checkpoints widens the prompt-injection surface inside the sandbox.
Wrapper generation must stay in sync with upstream MCP schema changes.
Debugging failures spans two layers — generated code and tool wrappers — rather than one tool call.

What this pattern forbids. The model must not request raw tool outputs into context when they exceed a configured size; it must route large outputs through sandbox variables and return only printed summaries. It must not invent wrapper modules — only those materialized on the filesystem from real MCP schemas are callable.

The smaller patterns that complete this one —

usesSandbox Isolation★★— Run agent-emitted code or actions in a contained environment with restricted filesystem, network, and process privileges.

And the patterns that stand alongside it, or against it —

composes-withCode-as-Action Agent★— Have the agent emit a code snippet as its action each step, executed in a constrained interpreter, instead of emitting JSON tool calls; tool composition becomes function nesting and control flow inside the snippet.
complementsTool Search Lazy Loading★— Defer loading tool schemas into the context window until a search step shows they are needed.
alternative-toTool Loadout★★— Select a small task-relevant subset of available tools per request rather than exposing the full registry to the model.
alternative-toTool Explosion✕— Anti-pattern: expose every available tool in every request and watch function-calling accuracy collapse.
complementsMCP Bidirectional Bridge★— Run a framework as both MCP client (consuming external MCP servers as tools) and MCP server (publishing its own agents, tools, and workflows back over MCP) so capabilities flow both directions across the protocol boundary.

Neighbourhood

Click any neighbour to follow the language. Scroll to zoom, drag to pan.

References

Provenance

Source: patterns/mcp-as-code-api.md on GitHub · commit 4314cd3 · view history
Added to catalog: 2026-05-19
Last updated: 2026-05-21
Contribute: open an issue or PR at github.com/agentpatternscatalog/patterns.