search_sdk + execute_script pair. Agents browse the SDK, then write small TypeScript snippets that call your API directly — chaining requests, transforming responses, and returning the final value in one round trip. The endpoint lives at /product-mcp/<source-slug>, runs each script in an isolated sandbox with egress guardrails, and writes structured telemetry for every call.
Managed Code Mode is opt-in per MCP server source. Reach out to Armature support to enable it on an organization and to provision a
source_slug for your API.When to use Code Mode
Reach for Managed Code Mode MCP when:- Your API has more than a handful of endpoints and you do not want to expose each one as a separate MCP tool.
- Agents need to chain calls (read, filter, then write) without burning tokens on intermediate tool round trips.
- You want a typed client experience for agents — full parameter shapes, response types, and JSDoc examples — without authoring tool schemas by hand.
- You want every script execution captured as telemetry you can analyze alongside your other Armature MCP runs.
How it works
- You upload an OpenAPI spec (plus an optional overlay and manifest) to Armature.
- Armature compiles the spec into a bundle containing a generated SDK, an operation map, an SDK index for prompting, and a vector search index.
- The bundle is stored as an immutable artifact and promoted to
activefor the source’s environment. - Agents connect their MCP client to
https://<your-org>.armature.app/product-mcp/<source-slug>. - On
initialize, the server sends back instructions plus the SDK index so the agent knows what calls are available. - The agent uses
search_sdkto look up exact schemas, then callsexecute_scriptto run a TypeScript snippet against a client bound to your API.
Connect an MCP client
Add the managed endpoint to your client’s MCP server configuration. The URL is your Armature subdomain plus/product-mcp/<source-slug>, and authentication uses your Armature API key.
?environment=staging to the URL. The server reads the mcp-session-id header on subsequent requests and groups telemetry by session.
The two tools
A managed Code Mode server exposes exactly two tools regardless of how large your spec is.search_sdk
Usesearch_sdk when you need to confirm the shape of a request body, a response type, or a parameter list before writing a script. It runs against the bundle’s SDK index and returns ranked snippets with operation IDs and signatures.
| Argument | Type | Required | Description |
|---|---|---|---|
query | string | yes | Free-text query (operation name, path fragment, or schema field). |
limit | integer | no | Number of matches to return. Defaults to 12, max 20. |
search_sdk is annotated as read-only and idempotent — agents can call it freely without producing side effects.
execute_script
execute_script is the primary action. The script body is wrapped in an async IIFE and executed in a sandbox with a single global — the generated client — bound to your API. Use top-level await and return the final value; whatever you return becomes the tool result.
| Argument | Type | Required | Description |
|---|---|---|---|
code | string | yes | TypeScript or JavaScript source to execute. Wrapped in async () => { … } automatically. |
clientName (for example, acme or api). Auth is injected for you based on the manifest — agents never see raw credentials. Network egress is limited to the API’s base URL.
@intent, @context, and @frustration_level tags. Armature captures them as structured telemetry so you can analyze why agents reached for the tool and whether the run satisfied them.
Publish or update a bundle
Bundles are uploaded over HTTP and signed with the same Armature API key used to authenticate. Editor role or higher is required to upload a bundle; admin or owner is required to promote one toactive.
POST https://<your-org>.armature.app/api/openapi-artifacts/upload
Required headers:
Authorization: Bearer amt_<key-id>_<secret>x-armature-timestamp: <unix-seconds>— within 300 seconds of now.x-armature-signature: <hex>—HMAC-SHA256(secret = api_key, message = "<timestamp>.<raw-body>").
| Field | Required | Description |
|---|---|---|
source | yes | The source_slug provisioned for your managed MCP server. |
environment | no | Target environment. Defaults to production. |
openapi | yes | The spec as a JSON object or a JSON/YAML string. |
overlay | no | OpenAPI overlay applied to the spec before compilation. |
manifest | no | Overrides for vendorName, clientName, auth, base URLs, and analytics tags. |
repository, commitSha, branch, pullRequestNumber | no | Provenance metadata recorded against the bundle row. |
promote | no | Set to true (admin+) to activate the bundle immediately. Otherwise it lands in generated. |
apiDiff against the currently active bundle (added, removed, signatureChanged, breaking), and a rollback.previousBundleId you can promote to revert.
Sandbox and egress guardrails
Everyexecute_script call runs in an isolated VM. The sandbox:
- Exposes only the generated client global and standard JavaScript primitives — no
require,process, file system, or child process access. - Restricts outbound HTTP to the base URL declared in your manifest. Calls to other hosts are blocked.
- Enforces a per-script timeout sourced from your manifest’s
scriptTimeoutEnv. - Strips secret values from telemetry — only manifest-declared analytics tags and the JSDoc header you write are recorded.
Roles and access
- Connecting an agent requires any role with access to the source’s MCP server record. Standard tool authorization applies on top of the sandbox.
- Uploading a bundle requires editor, admin, or owner.
- Promoting a bundle to active requires admin or owner.
Connect an existing MCP server
Register a hand-written MCP server with Armature instead of compiling one from OpenAPI.
Tool monitors
Schedule recurring health checks against any MCP server’s tools.