New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@utcp/code-mode

Package Overview
Dependencies
Maintainers
1
Versions
18
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@utcp/code-mode

Code execution mode for UTCP - enables executing TypeScript code chains with tool access using isolated-vm for security

Source
npmnpm
Version
1.2.9
Version published
Weekly downloads
1.3K
80.48%
Maintainers
1
Weekly downloads
 
Created
Source

@utcp/code-mode

Execute TypeScript code with direct access to UTCP tools using isolated-vm for secure sandboxed execution.

Installation

npm install @utcp/code-mode @utcp/sdk @utcp/direct-call isolated-vm

Quick Start

import { CodeModeUtcpClient } from '@utcp/code-mode';
import { addFunctionToUtcpDirectCall } from '@utcp/direct-call';

// Register a function that returns a UTCP manual
addFunctionToUtcpDirectCall('getWeatherManual', async () => ({
  utcp_version: '0.2.0',
  tools: [{
    name: 'get_current',
    description: 'Get current weather for a city',
    inputs: {
      type: 'object',
      properties: { city: { type: 'string' } },
      required: ['city']
    },
    tool_call_template: {
      call_template_type: 'direct-call',
      callable_name: 'getWeather'
    }
  }]
}));

// Register the actual tool implementation
addFunctionToUtcpDirectCall('getWeather', async (city: string) => ({
  city,
  temperature: 22,
  condition: 'sunny'
}));

// Create client and register manual
const client = await CodeModeUtcpClient.create();
await client.registerManual({
  name: 'weather',
  call_template_type: 'direct-call',
  callable_name: 'getWeatherManual'
});

// Execute code with tool access
const { result, logs } = await client.callToolChain(`
  const data = weather.get_current({ city: 'London' });
  console.log('Weather:', data);
  return data;
`);

console.log(result);
// { city: 'London', temperature: 22, condition: 'sunny' }

API

CodeModeUtcpClient.create(root_dir?, config?)

Creates a new client instance.

const client = await CodeModeUtcpClient.create(
  process.cwd(),  // optional: root directory
  null            // optional: UtcpClientConfig
);

client.callToolChain(code, options?)

Executes TypeScript code with tool access.

const result = await client.callToolChain(code, {
  timeout: 30000,     // execution timeout in ms (default: 30000)
  memoryLimit: 128    // memory limit in MB (default: 128)
});

Returns:

{
  result: any;           // return value from code
  consoleOutput: string[]; // captured console.log/error output
}

client.getToolInterfaces()

Returns TypeScript interface definitions for all registered tools.

const interfaces = await client.getToolInterfaces();
console.log(interfaces);
// "interface Weather_get_current_Input { city: string; } ..."

CodeModeUtcpClient.AGENT_PROMPT_TEMPLATE

Static prompt template for AI agents explaining how to use code-mode.

const systemPrompt = CodeModeUtcpClient.AGENT_PROMPT_TEMPLATE;

Tool Access Patterns

Tools are accessed using their namespace:

// Namespaced tools (from manuals)
manual_name.tool_name({ param: value })

// Examples
weather.get_current({ city: 'Tokyo' })
procurement.search_parts({ mpn: 'ABC123' })

Runtime Context

Inside callToolChain, you have access to:

VariableDescription
__interfacesString with all TypeScript interface definitions
__getToolInterface(name)Get interface for specific tool
__availableToolsArray of available tool access patterns
console.log/error/warnCaptured and returned in consoleOutput
Standard JS globalsJSON, Math, Date, Array, etc.

Example: Chaining Tools

const result = await client.callToolChain(`
  // Get parts from supplier
  const parts = procurement.search_parts({ mpn: 'LM358' });
  
  // Get pricing for each part
  const pricing = parts.map(part => 
    procurement.get_pricing({ part_id: part.id })
  );
  
  // Return combined result
  return { parts, pricing };
`);

Using Text Templates

For loading tools from UTCP manual files:

import { CodeModeUtcpClient } from '@utcp/code-mode';
import '@utcp/text'; // Enables text call template support

const client = await CodeModeUtcpClient.create();

// Register from a UTCP manual file
await client.registerManual({
  name: 'myapi',
  call_template_type: 'text',
  file_path: './my-api-manual.utcp.json'
});

// Use tools defined in the manual
const result = await client.callToolChain(`
  return myapi.some_tool({ param: 'value' });
`);

Security

Code execution uses isolated-vm for sandboxing:

  • Isolated V8 context (no access to Node.js APIs)
  • Memory limits enforced
  • Execution timeouts
  • No file system or network access from sandbox

License

MPL-2.0

Keywords

utcp
code
typescript
execution
tool calling
chain

FAQs

Package last updated on 16 Jan 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026