> ## Documentation Index
> Fetch the complete documentation index at: https://docs.agentfront.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# CodeCall Plugin

> Execute AI-generated code securely using EnclaveVM. Let AI agents write and run code within your MCP server.

## Installation

```bash theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
npm install @frontmcp/plugin-codecall
```

## Basic Usage

```typescript theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
import { FrontMcp } from '@frontmcp/sdk';
import { CodeCallPlugin } from '@frontmcp/plugin-codecall';

@FrontMcp({
  plugins: [
    CodeCallPlugin.init()
  ]
})
export class MyServer {}
```

## Added Tools

### executeCode

Execute JavaScript code:

```typescript theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
const result = await mcp.callTool('executeCode', {
  code: `
    const sum = numbers.reduce((a, b) => a + b, 0);
    return { sum, average: sum / numbers.length };
  `,
  context: {
    numbers: [1, 2, 3, 4, 5]
  }
});
// { sum: 15, average: 3 }
```

## Configuration

```typescript theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
new CodeCallPlugin({
  // Enclave instance
  enclave: new Enclave({
    timeout: 5000,
    memoryLimit: 64 * 1024 * 1024
  }),

  // Allowed tools in code
  tools: {
    fetch: async (url) => {
      if (!isAllowed(url)) throw new Error('URL not allowed');
      return fetch(url).then(r => r.json());
    },
    log: console.log
  },

  // Code validation
  validation: {
    maxLength: 10000,
    blockedPatterns: ['eval', 'Function']
  }
})
```

## Providing Tools

Expose functions to executed code:

```typescript theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
new CodeCallPlugin({
  enclave: new Enclave(),
  tools: {
    // Database access
    db: {
      query: async (sql) => db.query(sql),
      findUser: async (id) => db.users.find(id)
    },

    // HTTP requests
    http: {
      get: async (url) => fetch(url).then(r => r.json()),
      post: async (url, data) => fetch(url, {
        method: 'POST',
        body: JSON.stringify(data)
      }).then(r => r.json())
    },

    // Utilities
    utils: {
      parseDate: (str) => new Date(str),
      formatCurrency: (n) => `$${n.toFixed(2)}`
    }
  }
})
```

## Security

### Sandbox Configuration

```typescript theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
new CodeCallPlugin({
  enclave: new Enclave({
    security: {
      astGuard: true,
      prototypeProtection: true,
      resourceLimits: true
    }
  })
})
```

### URL Allowlist

```typescript theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
const ALLOWED_URLS = [
  'https://api.example.com',
  'https://data.example.com'
];

new CodeCallPlugin({
  tools: {
    fetch: async (url) => {
      const parsed = new URL(url);
      if (!ALLOWED_URLS.some(u => url.startsWith(u))) {
        throw new Error('URL not allowed');
      }
      return fetch(url).then(r => r.json());
    }
  }
})
```

## Code Validation

Pre-validate code before execution:

```typescript theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
new CodeCallPlugin({
  validation: {
    // Use AST Guard
    astGuard: true,

    // Custom validators
    validators: [
      (code) => {
        if (code.includes('while(true)')) {
          throw new Error('Infinite loops not allowed');
        }
      }
    ]
  }
})
```

## With VectoriaDB

Enable code scanning with VectoriaDB:

```typescript theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
new CodeCallPlugin({
  enclave: new Enclave(),
  vectorDb: vectoriaDb,
  codeScanning: {
    enabled: true,
    blockSimilarToMalicious: true
  }
})
```

## Next Steps

<CardGroup cols={2}>
  <Card title="EnclaveVM" icon="shield" href="/enclave/docs/introduction">
    Learn about EnclaveVM
  </Card>

  <Card title="VectoriaDB" icon="database" href="/vectoriadb/docs/introduction">
    Add code scanning
  </Card>
</CardGroup>
