Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.agentfront.dev/llms.txt

Use this file to discover all available pages before exploring further.

Installation

npm install @frontmcp/plugin-codecall

Basic Usage

import { FrontMcp } from '@frontmcp/sdk';
import { CodeCallPlugin } from '@frontmcp/plugin-codecall';

@FrontMcp({
  plugins: [
    CodeCallPlugin.init()
  ]
})
export class MyServer {}

Added Tools

executeCode

Execute JavaScript code: 
const result = await mcp.callTool('executeCode', {
  code: `
    const sum = numbers.reduce((a, b) => a + b, 0);
    return { sum, average: sum / numbers.length };
  `,
  context: {
    numbers: [1, 2, 3, 4, 5]
  }
});
// { sum: 15, average: 3 }

Configuration

new CodeCallPlugin({
  // Enclave instance
  enclave: new Enclave({
    timeout: 5000,
    memoryLimit: 64 * 1024 * 1024
  }),

  // Allowed tools in code
  tools: {
    fetch: async (url) => {
      if (!isAllowed(url)) throw new Error('URL not allowed');
      return fetch(url).then(r => r.json());
    },
    log: console.log
  },

  // Code validation
  validation: {
    maxLength: 10000,
    blockedPatterns: ['eval', 'Function']
  }
})

Providing Tools

Expose functions to executed code: 
new CodeCallPlugin({
  enclave: new Enclave(),
  tools: {
    // Database access
    db: {
      query: async (sql) => db.query(sql),
      findUser: async (id) => db.users.find(id)
    },

    // HTTP requests
    http: {
      get: async (url) => fetch(url).then(r => r.json()),
      post: async (url, data) => fetch(url, {
        method: 'POST',
        body: JSON.stringify(data)
      }).then(r => r.json())
    },

    // Utilities
    utils: {
      parseDate: (str) => new Date(str),
      formatCurrency: (n) => `$${n.toFixed(2)}`
    }
  }
})

Security

Sandbox Configuration

new CodeCallPlugin({
  enclave: new Enclave({
    security: {
      astGuard: true,
      prototypeProtection: true,
      resourceLimits: true
    }
  })
})

URL Allowlist

const ALLOWED_URLS = [
  'https://api.example.com',
  'https://data.example.com'
];

new CodeCallPlugin({
  tools: {
    fetch: async (url) => {
      const parsed = new URL(url);
      if (!ALLOWED_URLS.some(u => url.startsWith(u))) {
        throw new Error('URL not allowed');
      }
      return fetch(url).then(r => r.json());
    }
  }
})

Code Validation

Pre-validate code before execution: 
new CodeCallPlugin({
  validation: {
    // Use AST Guard
    astGuard: true,

    // Custom validators
    validators: [
      (code) => {
        if (code.includes('while(true)')) {
          throw new Error('Infinite loops not allowed');
        }
      }
    ]
  }
})

With VectoriaDB

Enable code scanning with VectoriaDB: 
new CodeCallPlugin({
  enclave: new Enclave(),
  vectorDb: vectoriaDb,
  codeScanning: {
    enabled: true,
    blockSimilarToMalicious: true
  }
})

Next Steps

EnclaveVM

Learn about EnclaveVM

VectoriaDB

Add code scanning