Notifications
Clear all
Topic starter
07/06/2026 8:37 pm
TL;DR: Cloudflare’s Code Mode cuts token usage by 32% for a simple task and 81% for a 31-event batch workflow by having agents generate code from MCP server schemas instead of calling tools directly, according to WorkOS. The efficiency gain matters because it shifts MCP design toward hybrid execution models where code generation becomes part of the control surface, not just the model output.
NHIMG editorial — based on content published by WorkOS: Cloudflare: Code Mode Cuts Token Usage by 81%
By the numbers:
- Code Mode used 32% fewer tokens for the simple single-event task.
- Code Mode used 81% fewer tokens for the complex 31-event task.
Questions worth separating out
Q: How should security teams govern MCP agents that can switch between tool calls and generated code?
A: Security teams should treat tool calls and generated code as separate execution modes with different control requirements.
Q: Why does code generation change the risk profile of MCP workflows?
A: Code generation changes the risk profile because it lets an agent loop, branch, and reuse state inside a sandbox instead of exposing every step as a discrete tool call.
Q: What breaks when MCP governance only models tool permissions?
A: When governance only models tool permissions, it misses the authority created by generated code.
Practitioner guidance
- Classify agent execution modes separately Inventory which MCP workflows use direct tool calls and which use generated code inside a sandbox.
- Restrict code-generation authority to bounded tasks Allow generated code only for workflows where loops, conditionals, or repeated calls are necessary and where the allowed APIs are tightly scoped.
- Instrument the sandbox as a governed runtime Capture execution IDs, code payloads, outbound calls, and completion status from the Worker layer.
What's in the full article
WorkOS's full article covers the implementation detail this post intentionally leaves for the source:
- The side-by-side demo mechanics for direct MCP tool calls versus generated code execution.
- The Worker and Code Executor flow used to run generated code in a sandboxed environment.
- The execution ID and runtime setup details that show how Cloudflare tracks each agent run.
- The practical beta-access context for teams evaluating Code Mode in their own environments.
👉 Read WorkOS's analysis of Cloudflare Code Mode and MCP efficiency →
Code-generated MCP workflows: what it means for AI agent teams?
Explore further
08/06/2026 8:15 am
Code-generated MCP execution creates an identity control boundary that tool calling never had. Direct tool invocation exposes each action as a separate authorisation event, but generated code collapses multiple actions into one sandboxed runtime. That shifts governance from per-call permissioning toward runtime boundary control, which is a different discipline entirely. The practitioner conclusion is that agent execution mode now belongs in identity design, not just in application architecture.
A few things that frame the scale:
- 59.8% of organisations see value in a solution that simplifies non-human access management and introduces dynamic ephemeral credentials, according to The 2024 Non-Human Identity Security Report.
- 23.7% of organisations share secrets through insecure methods such as email or messaging applications, which shows how quickly non-human control failures become operational exposure.
A question worth separating out:
Q: How do IAM teams decide when to permit agent-generated code in production?
A: IAM teams should permit agent-generated code only when the workflow needs repetition, branching, or runtime computation that direct tool calling cannot handle well. The decision should depend on task scope, logging quality, sandbox isolation, and whether the workflow can be certified after execution. If those controls are weak, direct tool calls remain the safer model.
👉 Read our full editorial: Cloudflare Code Mode changes MCP efficiency for AI agents
