Cloudflare shipped Code Mode for MCP on April 14, a reworking of how AI agents call APIs that cuts the token footprint of exposing the full Cloudflare API from more than a million tokens down to roughly a thousand. The claim deserves to be taken seriously, because the default MCP pattern (define every endpoint as a tool, pass those definitions into the model's context window) genuinely falls apart at scale. If the Cloudflare API alone would consume over a million tokens, more than any model's current context window, just describing what tools exist, every large SaaS API hits the same wall.
Code Mode replaces the "thousands of tools" approach with exactly two tools: search() and execute(). The search() tool lets the model query a typed SDK for relevant methods. The execute() tool runs model-written code against that SDK inside a sandboxed Cloudflare Dynamic Worker. Instead of the model selecting one pre-defined tool per step, it writes a short script that chains operations, runs the script, and inspects the result. The net effect is a fixed-token footprint for the entire API surface, regardless of whether the gateway fronts one service or fifty. WorkOS's independent testing reports an 81% token reduction in its scenario; Cloudflare's own blog claims 99.9% on the Cloudflare API specifically. Both numbers can be true. It depends on what you are comparing against and what fraction of tools get used per session.
The pattern here is bigger than Cloudflare. Anyone building MCP integrations for large APIs is hitting the same ceiling: the more endpoints you expose, the more context you burn before the agent has done any work. Code Mode is really "give the agent a REPL and an SDK," an approach Python users have recognized since notebook-as-agent-interface ideas started circulating two years ago. Cloudflare shipped it first because they already have a sandboxed runtime (Workers) to execute untrusted code safely. Everyone else will need a sandbox story before they can ship the same pattern. Expect Vercel, Fly, Render, and the major clouds to release similar capabilities in the next six months, and expect a year of security-argument debate about what sandbox isolation actually guarantees.
If you are building or running MCP servers, there are two actionable moves. First, audit your context cost: how many tokens does your tool list consume before the agent has done anything? If the answer is more than a few thousand, you have a scaling problem that a bigger model will not fix on its own. Second, consider whether your API surface can be represented as a typed SDK rather than a flat list of tools. For REST APIs with dozens to thousands of endpoints, the Code Mode pattern is probably the right long-term direction even if you never touch Cloudflare specifically. The harder question is the sandbox. Running model-generated code is a security problem every team eventually has to solve, and "trust the model provider's Python executor" is not a durable answer when your agents are touching production systems. Code Mode moves that conversation from "future concern" to "current design decision".