The Agent-Native SDK · 10.02
Code Mode: Loops and Conditionals Live in Code
Agents compose behavior as async JavaScript against a single agentis.* object — dramatically fewer round-trips and far less drift than multi-tool JSON choreography.
Composition where the model is actually strong
The premise is externally validated, not a house theory: Anthropic's own research on code execution with MCP and Cloudflare's Code Mode work both found the same thing — agents compose far better writing code against a typed API than chaining dozens of discrete tool calls, with one measured case going from roughly 150k tokens of tool-call choreography down to about 2k by moving the loop into code. LLMs are fluent in TypeScript; they are not fluent in seventy-tool JSON choreography. Code mode exposes the entire Agentis registry as one agentis.* object an agent writes real async JavaScript against — loops, conditionals, find-or-create-then-wire logic — all live in code, where the model is strongest, while the individual agentis.* calls underneath are exactly the same discrete tools the SDK always had.
const leads = await agentis.data.query({ collection: "leads", where: { status: "new" } });
for (const lead of leads.result.rows) {
await agentis.channel.send({ to: lead.email, template: "welcome" });
await agentis.data.update({ collection: "leads", id: lead.id, set: { status: "contacted" } });
}
Bounded, and honest about what it isn't
Code runs inside a locked-down node:vm context with real limits: 30 tool calls per execution, a 20-second wall-clock timeout, and caps on log volume, code length, and result size — all overridable, none unlimited by default. The threat model here is stated plainly rather than oversold: this is an OSS, single-tenant platform running the operator's own trusted agent, and node:vm is explicitly not positioned as a hard security boundary against genuinely adversarial code — it's a capability surface and resource governor (a call cap, a timeout, no ambient globals), which is a different and more honest claim than "sandboxed against attackers."
Continue
The whole platform exposed as one typed SDK — every call returns { ok, result|error, costCents, durationMs } with a compass.next hint.
agentis.extension.* creates, tests, and resolves sandboxed operations — extension.test dry-runs with sample inputs and catches contract failures before wiring.