feat(mcp): implement Code Mode with search and execute tools

- Add codemode executor (isolated-vm, 30s timeout, no network)
- Add codemode bindings: search, execute, get_latest_price (token-injected)
- Add createServerCodeModeOnly and pyth-mcp-codemode entrypoint
- Add pythProAccessToken config and PYTH_PRO_ACCESS_TOKEN env
- Add redact utils and logger serializers for token/sensitive data
- Add unit, integration, and security tests for Code Mode

Made-with: Cursor

Author: aditya520

apps/mcp/README.md

@@ -2,7 +2,22 @@
 
 MCP server that exposes Pyth Pro real-time and historical market data to AI assistants.
 
-## Tools
+## Modes
+
+### Legacy (stdio) — `pyth-mcp`
+
+Exposes 4 tools: `get_symbols`, `get_historical_price`, `get_candlestick_data`, `get_latest_price`. Use for local Claude Desktop / Claude Code. Token passed as tool parameter.
+
+### Code Mode only (stdio) — `pyth-mcp-codemode`
+
+Exposes 2 tools: `search`, `execute`. LLM writes async code against `codemode.*` functions. Token injected server-side — never exposed to the model. Use for hosted/public endpoint.
+
+```sh
+# Run Code Mode (requires PYTH_PRO_ACCESS_TOKEN for get_latest_price)
+PYTH_PRO_ACCESS_TOKEN=<token> node apps/mcp/dist/index-codemode.js
+```
+
+## Tools (Legacy mode)
 
 | Tool | Description |
 |------|-------------|
@@ -11,6 +26,8 @@ MCP server that exposes Pyth Pro real-time and historical market data to AI assi
 | `get_historical_price` | Point-in-time price snapshots |
 | `get_candlestick_data` | OHLC candlestick bars |
 
+Code Mode exposes these via `codemode.get_symbols`, `codemode.get_latest_price`, etc. inside `execute()`.
+
 ## Setup
 
 ```sh
@@ -51,7 +68,7 @@ The access token is only needed for `get_latest_price`. All other tools work wit
 
 | Variable | Default | Description |
 |----------|---------|-------------|
-| `PYTH_PRO_ACCESS_TOKEN` | — | Bearer token for Router API |
+| `PYTH_PRO_ACCESS_TOKEN` | — | Bearer token for Router API. Required for Code Mode `get_latest_price`; injected server-side |
 | `PYTH_CHANNEL` | `fixed_rate@200ms` | Default price channel |
 | `PYTH_LOG_LEVEL` | `info` | Log level (debug/info/warn/error) |
 | `PYTH_REQUEST_TIMEOUT_MS` | `10000` | HTTP request timeout |

apps/mcp/package.json

@@ -1,10 +1,12 @@
 {
   "bin": {
-    "pyth-mcp": "./dist/index.js"
+    "pyth-mcp": "./dist/index.js",
+    "pyth-mcp-codemode": "./dist/index-codemode.js"
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.12.1",
     "@pythnetwork/pyth-lazer-sdk": "^5.2.1",
+    "isolated-vm": "^5.0.4",
     "pino": "catalog:",
     "zod": "^3.25.0"
   },
@@ -51,7 +53,7 @@
     "url": "https://github.com/pyth-network/pyth-crosschain"
   },
   "scripts": {
-    "build": "tsup src/index.ts --format esm --dts --clean",
+    "build": "tsup src/index.ts src/index-codemode.ts --format esm --dts --clean",
     "clean": "rm -rf dist/",
     "prepublishOnly": "pnpm run build",
     "start": "node dist/index.js",

apps/mcp/src/codemode/bindings.ts

@@ -0,0 +1,212 @@
+/**
+ * Code Mode bindings — maps codemode.* calls to Pyth API handlers.
+ * get_latest_price receives server-injected token; model never sees it.
+ */
+
+import type { HistoryClient } from "../clients/history.js";
+import type { RouterClient } from "../clients/router.js";
+import type { Config } from "../config.js";
+import { ASSET_TYPES, RESOLUTIONS } from "../constants.js";
+import type { Logger } from "pino";
+import { resolveChannel } from "../utils/channel.js";
+import { addDisplayPrices } from "../utils/display-price.js";
+import {
+  alignTimestampToChannel,
+  normalizeTimestampToMicroseconds,
+} from "../utils/timestamp.js";
+
+export type BindingContext = {
+  config: Config;
+  historyClient: HistoryClient;
+  routerClient: RouterClient;
+  logger: Logger;
+  /** Server-managed token for get_latest_price. Injected server-side only. */
+  serverToken: string | undefined;
+};
+
+/** Copy out isolate-held values (handles ivm.Reference) */
+function unwrapArg<T>(arg: unknown): T {
+  if (arg == null) return arg as T;
+  const ref = arg as { copy?: () => T };
+  if (typeof ref.copy === "function") return ref.copy() as T;
+  return arg as T;
+}
+
+export function createBindings(ctx: BindingContext): Record<
+  string,
+  (arg: unknown) => Promise<unknown>
+> {
+  const { config, historyClient, routerClient, logger, serverToken } = ctx;
+
+  return {
+    async get_symbols(arg: unknown) {
+      const p = unwrapArg<{
+        query?: string;
+        asset_type?: string;
+        limit?: number;
+        offset?: number;
+      }>(arg);
+      const asset_type = p?.asset_type;
+      const limit = Math.min(
+        200,
+        Math.max(1, p?.limit ?? 50),
+      );
+      const offset = Math.max(0, p?.offset ?? 0);
+
+      const { data: feeds } = await historyClient.getSymbols(
+        undefined,
+        asset_type && ASSET_TYPES.includes(asset_type) ? asset_type : undefined,
+      );
+
+      let filtered = feeds;
+      const q = (p?.query ?? "").trim().toLowerCase();
+      if (q) {
+        filtered = feeds.filter(
+          (f) =>
+            f.name.toLowerCase().includes(q) ||
+            f.symbol.toLowerCase().includes(q) ||
+            f.description.toLowerCase().includes(q),
+        );
+      }
+
+      const totalAvailable = filtered.length;
+      const page = filtered.slice(offset, offset + limit);
+      const hasMore = offset + limit < totalAvailable;
+
+      return {
+        count: page.length,
+        feeds: page,
+        has_more: hasMore,
+        next_offset: hasMore ? offset + limit : null,
+        offset,
+        total_available: totalAvailable,
+      };
+    },
+
+    async get_historical_price(arg: unknown) {
+      const p = unwrapArg<{
+        channel?: string;
+        price_feed_ids?: number[];
+        symbols?: string[];
+        timestamp: number;
+      }>(arg);
+
+      const effectiveSymbols =
+        (p?.price_feed_ids?.length ?? 0) > 0 ? undefined : p?.symbols;
+      if (
+        !(p?.price_feed_ids?.length ?? 0) &&
+        !(effectiveSymbols?.length ?? 0)
+      ) {
+        throw new Error(
+          "At least one of 'price_feed_ids' or 'symbols' is required",
+        );
+      }
+
+      const channel = resolveChannel(p?.channel, config);
+      let ids: number[] = p?.price_feed_ids ? [...p.price_feed_ids] : [];
+
+      if ((effectiveSymbols?.length ?? 0) > 0) {
+        const { data: allFeeds } = await historyClient.getSymbols();
+        for (const symbol of effectiveSymbols ?? []) {
+          const feed = allFeeds.find((f) => f.symbol === symbol);
+          if (!feed)
+            throw new Error(
+              `Feed not found: ${symbol}. Use get_symbols to discover available feeds.`,
+            );
+          ids.push(feed.pyth_lazer_id);
+        }
+      }
+      ids = [...new Set(ids)];
+
+      const timestampUs = alignTimestampToChannel(
+        normalizeTimestampToMicroseconds(p!.timestamp),
+        channel,
+      );
+      const { data: prices } = await historyClient.getHistoricalPrice(
+        channel,
+        ids,
+        timestampUs,
+      );
+      return prices.map((price) => addDisplayPrices(price));
+    },
+
+    async get_candlestick_data(arg: unknown) {
+      const p = unwrapArg<{
+        channel?: string;
+        from: number;
+        to: number;
+        resolution: string;
+        symbol: string;
+      }>(arg);
+
+      if (!p?.symbol) throw new Error("symbol is required");
+      if (p.from >= p.to) throw new Error("'from' must be before 'to'");
+
+      const resolution = p.resolution;
+      if (!RESOLUTIONS.includes(resolution as (typeof RESOLUTIONS)[number])) {
+        throw new Error(
+          `Invalid resolution. Valid: ${RESOLUTIONS.join(", ")}`,
+        );
+      }
+
+      const channel = resolveChannel(p.channel, config);
+      const { data } = await historyClient.getCandlestickData(
+        channel,
+        p.symbol,
+        resolution,
+        p.from,
+        p.to,
+      );
+
+      if (data.s === "no_data")
+        throw new Error(
+          "No candlestick data available for the requested range. Try a different time range or symbol.",
+        );
+      if (data.s === "error")
+        throw new Error(data.errmsg ?? "Unknown error from Pyth History API");
+
+      return data;
+    },
+
+    async get_latest_price(arg: unknown) {
+      const p = unwrapArg<{
+        channel?: string;
+        price_feed_ids?: number[];
+        properties?: string[];
+        symbols?: string[];
+      }>(arg);
+
+      if (!serverToken) {
+        throw new Error(
+          "Server is not configured with a Pyth Pro access token. get_latest_price is unavailable.",
+        );
+      }
+
+      const effectiveSymbols =
+        (p?.price_feed_ids?.length ?? 0) > 0 ? undefined : p?.symbols;
+      const effectiveCount =
+        (effectiveSymbols?.length ?? 0) + (p?.price_feed_ids?.length ?? 0);
+
+      if (effectiveCount === 0) {
+        throw new Error(
+          "At least one of 'symbols' or 'price_feed_ids' is required",
+        );
+      }
+      if (effectiveCount > 100) {
+        throw new Error(
+          "Combined total of symbols and price_feed_ids must not exceed 100",
+        );
+      }
+
+      const channel = resolveChannel(p?.channel, config);
+      const { data: feeds } = await routerClient.getLatestPrice(
+        serverToken,
+        effectiveSymbols,
+        p?.price_feed_ids,
+        p?.properties,
+        channel,
+      );
+      return feeds.map((f) => addDisplayPrices(f));
+    },
+  };
+}

apps/mcp/src/codemode/executor.ts

@@ -0,0 +1,89 @@
+/**
+ * Code Mode executor — runs LLM-generated code in an isolated V8 sandbox.
+ *
+ * Deny-by-default outbound policy:
+ * - No fetch(), no XMLHttpRequest, no WebSocket — isolate has no network APIs
+ * - No require(), no import — no module loading
+ * - No process, no global — no env var leaks
+ * - Only codemode.* calls are allowed via host callback; those route through approved bindings
+ *
+ * The isolate receives only: __hostCall (callback) and a bootstrap that defines codemode.
+ * User code cannot bypass this to access external networks.
+ */
+
+import ivm from "isolated-vm";
+
+export type ExecutionResult =
+  | { ok: true; result: unknown }
+  | { ok: false; error: string; logs?: string[] };
+
+export interface ExecutorOptions {
+  timeoutMs?: number;
+  memoryLimitMb?: number;
+}
+
+const DEFAULT_TIMEOUT_MS = 30_000;
+const DEFAULT_MEMORY_MB = 128;
+
+/** Host callback: (toolName, arg) => Promise<result> */
+export type HostBindingFn = (toolName: string, arg: unknown) => Promise<unknown>;
+
+const BOOTSTRAP = `
+const codemode = {
+  get_symbols: (arg) => __hostCall('get_symbols', arg),
+  get_historical_price: (arg) => __hostCall('get_historical_price', arg),
+  get_candlestick_data: (arg) => __hostCall('get_candlestick_data', arg),
+  get_latest_price: (arg) => __hostCall('get_latest_price', arg),
+};
+`.trim();
+
+export function createExecutor(options: ExecutorOptions = {}): {
+  execute(code: string, hostCall: HostBindingFn): Promise<ExecutionResult>;
+} {
+  const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+  const memoryLimitMb = options.memoryLimitMb ?? DEFAULT_MEMORY_MB;
+
+  async function execute(
+    code: string,
+    hostCall: HostBindingFn,
+  ): Promise<ExecutionResult> {
+    const isolate = new ivm.Isolate({ memoryLimit: memoryLimitMb });
+    let disposed = false;
+    const dispose = () => {
+      if (!disposed) {
+        disposed = true;
+        isolate.dispose();
+      }
+    };
+
+    try {
+      const ctx = await isolate.createContext();
+
+      const hostCallCallback = new ivm.Callback(
+        async (name: string, arg: unknown): Promise<unknown> => {
+          return hostCall(name, arg);
+        },
+        { async: true },
+      );
+      ctx.global.set("__hostCall", hostCallCallback);
+
+      await ctx.eval(BOOTSTRAP, { timeout: 5_000 });
+
+      const wrapped = `(async () => { ${code} })()`;
+      const resultRef = await ctx.eval(wrapped, {
+        copy: true,
+        timeout: timeoutMs,
+      });
+
+      dispose();
+      return { ok: true, result: resultRef };
+    } catch (err) {
+      dispose();
+      const message =
+        err instanceof Error ? err.message : String(err ?? "Unknown error");
+      return { ok: false, error: message };
+    }
+  }
+
+  return { execute };
+}