Expand description
Code Mode - LLM-generated query validation and execution.
This crate provides the infrastructure for “Code Mode”, which allows MCP clients to generate and execute structured queries (GraphQL, SQL, REST) with a validation pipeline that ensures security and provides human-readable explanations.
§Architecture
describe_schema() → LLM generates code → validate_code() → user approval → execute_code()§Key Components
- Validation Pipeline: Parse → Policy Check → Security Analysis → Explanation → Token
- Approval Tokens: HMAC-signed tokens binding code hash to validation result
- Explanations: Template-based business-language descriptions of queries
- Policy Evaluation: Pluggable trait for Cedar/AVP/custom policy engines
§Example Usage
ⓘ
use pmcp_code_mode::{
CodeModeConfig, ValidationPipeline, ValidationContext
};
// Create a validation pipeline
let config = CodeModeConfig::enabled();
let pipeline = ValidationPipeline::new(config, b"secret-key".to_vec());
// Validate a query
let context = ValidationContext::new("user-123", "session-456", "schema-hash", "perms-hash");
let result = pipeline.validate_graphql_query("query { users { id name } }", &context)?;Re-exports§
pub use config::resolve_server_id_from_env;pub use config::CodeModeConfig;pub use sql::SqlStatementInfo;pub use sql::SqlStatementType;pub use sql::SqlValidator;pub use executor::filter_blocked_fields;pub use executor::find_blocked_fields_in_output;pub use executor::ApiCallLog;pub use executor::ArrayMethodCall;pub use executor::BinaryOperator;pub use executor::BuiltinFunction;pub use executor::CompileError;pub use executor::ExecutionConfig;pub use executor::ExecutionPlan;pub use executor::ExecutionResult;pub use executor::HttpExecutor;pub use executor::JsExecutor;pub use executor::MockExecutionMode;pub use executor::MockHttpExecutor;pub use executor::MockedCall;pub use executor::PathPart;pub use executor::PathTemplate;pub use executor::PlanCompiler;pub use executor::PlanExecutor;pub use executor::PlanMetadata;pub use executor::PlanStep;pub use executor::SdkExecutor;pub use executor::UnaryOperator;pub use executor::ValueExpr;pub use executor::McpExecutor;pub use validation::ValidationContext;pub use validation::ValidationPipeline;pub use templates::TemplateContext;pub use handler::format_error_response;pub use handler::format_execution_error;pub use handler::CodeModeHandler;pub use handler::CodeModeToolBuilder;pub use handler::ExecuteCodeInput;pub use handler::ValidateCodeInput;pub use handler::ValidationResponse;pub use policy::get_baseline_policies;pub use policy::get_code_mode_schema_json;pub use policy::AuthorizationDecision;pub use policy::NoopPolicyEvaluator;pub use policy::OperationEntity;pub use policy::PolicyEvaluationError;pub use policy::PolicyEvaluator;pub use policy::ServerConfigEntity;pub use policy::get_openapi_baseline_policies;pub use policy::get_openapi_code_mode_schema_json;pub use policy::normalize_operation_format;pub use policy::normalize_path_to_pattern;pub use policy::OpenAPIServerEntity;pub use policy::ScriptEntity;pub use policy::get_sql_baseline_policies;pub use policy::get_sql_code_mode_schema_json;pub use policy::SqlServerEntity;pub use policy::StatementEntity;pub use policy::cedar::CedarPolicyEvaluator;pub use avp::AvpClient;pub use avp::AvpConfig;pub use avp::AvpError;pub use avp::AvpPolicyEvaluator;pub use schema_exposure::CodeModeExposurePolicy;pub use schema_exposure::DerivationMetadata;pub use schema_exposure::DerivationStats;pub use schema_exposure::DerivedSchema;pub use schema_exposure::ExposureMode;pub use schema_exposure::FilterReason;pub use schema_exposure::FilteredOperation;pub use schema_exposure::GlobalBlocklist;pub use schema_exposure::McpExposurePolicy;pub use schema_exposure::MethodExposurePolicy;pub use schema_exposure::Operation;pub use schema_exposure::OperationCategory;pub use schema_exposure::OperationDetails;pub use schema_exposure::OperationParameter;pub use schema_exposure::OperationRiskLevel;pub use schema_exposure::SchemaDeriver;pub use schema_exposure::SchemaFormat;pub use schema_exposure::SchemaMetadata;pub use schema_exposure::SchemaSource;pub use schema_exposure::ToolExposurePolicy;pub use schema_exposure::ToolOverride;
Modules§
- avp
- Amazon Verified Permissions (AVP) policy evaluator for Code Mode.
- config
- Code Mode configuration.
- executor
- AST-based JavaScript execution for Code Mode.
- handler
- Code Mode Handler trait for unified soft-disable and tool management.
- policy
- Policy evaluation framework for Code Mode.
- policy_
annotations - Policy annotation parser for Cedar policies.
- schema_
exposure - Schema Exposure Architecture for MCP Built-in Servers.
- sql
- SQL validation for Code Mode.
- templates
- Code Mode instruction and policy templates.
- validation
- Validation pipeline for Code Mode.
Structs§
- ApiCall
- An API call extracted from the JavaScript code.
- Approval
Token - Approval token that authorizes code execution.
- Code
Location - Location in source code.
- GraphQL
Query Info - Information extracted from a parsed GraphQL query.
- GraphQL
Validator - GraphQL query validator.
- Hmac
Token Generator - HMAC-based token generator for MVP.
- Java
Script Code Info - Information extracted from parsed JavaScript code.
- Java
Script Validator - JavaScript code validator for OpenAPI Code Mode.
- JsCode
Executor - Adapter bridging [
HttpExecutor] toCodeExecutorfor JavaScript/OpenAPI servers (Pattern B: JS+HTTP). - McpCode
Executor - Adapter bridging [
McpExecutor] toCodeExecutorfor MCP composition servers (Pattern D: JS+MCP). - Output
Declaration - Declared output type from @returns annotation.
- Policy
Violation - A policy violation found during validation.
- Safety
Violation - A safety violation found during JavaScript validation.
- SdkCode
Executor - Adapter bridging [
SdkExecutor] toCodeExecutorfor SDK-backed servers (Pattern C: JS+SDK). - Security
Analysis - Security analysis of code.
- Security
Issue - Potential security issues found during analysis.
- Template
Explanation Generator - Template-based explanation generator for MVP.
- Token
Secret - Zeroizing wrapper for HMAC token secrets.
- Validation
Metadata - Detailed metadata about a validation.
- Validation
Result - Result of validating code through the pipeline.
Enums§
- Code
Language - Supported code languages for validation and execution.
- Code
Type - Type of code being validated/executed.
- Complexity
- Estimated complexity of a query.
- Execution
Error - Errors that can occur during execution.
- GraphQL
Operation Type - GraphQL operation type.
- Http
Method - HTTP methods that can be called via the api object.
- Risk
Level - Risk level assessed for a query or workflow.
- Safety
Violation Type - Types of safety violations in JavaScript code.
- Security
Issue Type - Types of security issues.
- Token
Error - Errors from token generator construction.
- Unified
Action - Unified action model that maps to business permissions. Works consistently across GraphQL, OpenAPI, and SQL servers.
- Validation
Error - Errors that can occur during validation.
Traits§
- Code
Executor - High-level trait for executing validated code.
- Explanation
Generator - Trait for generating human-readable explanations.
- Token
Generator - Trait for token generators.
Functions§
- canonicalize_
code - Canonicalize code for consistent hashing.
- compute_
context_ hash - Compute a context hash from schema and permissions.
- hash_
code - Compute the SHA-256 hash of canonicalized code.