Model Context Protocol Token Bloat? How Code Agents Slash Tokens and Boost LLM Agent Performance | RavChat

Model Context Protocol Token Bloat? How Code Agents Slash Tokens and Boost LLM Agent Performance

Table of Contents

TL;DR

  • Loading every tool schema into the model eats ~20 k tokens (about 10 % of a typical 200 k token window).
  • Intermediate results—think a full two-hour sales transcript—add another ~50 k tokens.
  • Swapping direct MCP calls for a TypeScript-backed code agent can collapse a 150 k-token workflow down to ~2 k tokens – a 98 % cut.
  • Running tool code in a Deno sandbox keeps the LLM context pristine and enforces fine-grained permissions.
  • A five-step workflow lets you retrofit existing agents without a full rewrite.

Why this matters

When I first wired a handful of Model Context Protocol (MCP) tools from Anthropic into a customer-support bot, I watched the context window evaporate faster than a dev’s patience on a bad merge. The tool definitions alone swelled the prompt by almost 20 000 tokens – roughly a tenth of the whole window – and every intermediate result streamed back into the model added more baggage. A two-hour sales-meeting transcript, for example, blew the prompt by ≈50 000 tokens. By the time the model tried to reason about the user’s request, it had barely any room left for actual chain-of-thought.

That’s the classic context rot problem: unnecessary tokens accumulate, latency spikes, and the cost bill climbs. It also opens a security hole; once a tool’s definition sits in the LLM’s context any other MCP server that can reach the same sandbox could invoke it, leaking data.

The pain points listed in the brief mirror my own experience – token starvation, tool discovery overhead, and privacy worries. If you’ve ever stared at a prompt that looks more like a JSON dump than a question, you’ll recognise the symptoms.


Core concepts

The Model Context Protocol (MCP)

Model Context Protocol (MCP) is an open standard for exposing external APIs to LLMs. It defines a JSON-RPC-style schema for each tool – name, description, parameters, and return type – and a uniform transport layer that any compliant LLM can invoke. The promise is a single way to plug any service into an agent.

In practice, however, the protocol’s simplicity becomes a liability when you scale to dozens of tools. Each definition is a string that the model must parse, and every tool call returns a payload that the model absorbs back into its context. Those strings count as tokens.

Context rot & token overhead

  • Tool definitions: ~20 k tokens (≈10 % of a 200 k token window).
  • Intermediate results: each payload is replayed to the model, adding tens of thousands of tokens for anything but trivial data.
  • Large outputs: a 2-hour transcript can add ≈50 k tokens.

Both the Anthropic blog and the Medium “drawbacks” piece highlight these numbers as the primary bottleneck Anthropic — Code execution with MCP: Building more efficient agents (2025)Medium — Where MCP Falls Short: Exploring the Drawbacks of the Model Context Protocol (2025).

Code agents to the rescue

Instead of feeding the LLM a giant JSON catalog, we generate TypeScript wrappers around each tool. The LLM’s job becomes write code – something it’s exceptionally good at – while a sandboxed runtime actually performs the calls. The workflow looks like this:

User request → Tool discovery → LLM writes TS code → Deno sandbox executes → Final result → LLM

The benefits are concrete:

  • Token savings: the model only sees the final JSON result, not the full tool schema or intermediate data.
  • Sandbox isolation: the code runs with explicit Deno permissions, so the LLM never touches the network or filesystem directly Deno — Security and permissions (2025).
  • Progressive disclosure: only the wrappers for the tools that the LLM actually needs are loaded, dropping the “load-everything” penalty.

Anthropic’s own measurements show a 98 % reduction – from ~150 k tokens down to ~2 k – when a multi-tool workflow is re-implemented with code execution Anthropic — Code execution with MCP: Building more efficient agents (2025).


How to apply it: a step-by-step recipe

Below is a battle-tested pipeline I use when migrating a legacy MCP-based agent to a code-agent architecture.

  1. Catalog your MCP servers
    • Pull the OpenAPI-style tool schema from each server (/mcp/tools).
    • Store each definition as a separate file under a hierarchy that mirrors the service (e.g. servers/google-drive/getDocument.ts).
  2. Generate TypeScript wrappers
    • Use a thin generator that reads the JSON schema and emits a typed function that internally calls callMCPTool.
    • The wrapper should expose only the typed parameters – no extra metadata – so the LLM sees a clean signature.
  3. Spin up a Deno sandbox
    • Deploy the wrappers on Cloudflare Workers + Code Mode or on a self-hosted Deno runtime.
    • Restrict permissions to –allow-net and –allow-read only for the fact-based API endpoints you need.
    • Verify the sandbox’s isolation using the Deno security guide Deno — Security and permissions (2025).
  4. Teach the LLM to code
    • Prompt the model with “Write a TypeScript function that calls servers/google-drive.getDocument with the user-provided ID and returns the first 500 characters.”
    • The LLM’s output is pure code; you do not embed the tool schema in the prompt.
  5. Execute and feed back
    • Run the generated code inside the sandbox.
    • Capture only the final JSON payload and inject it back into the LLM’s context for downstream reasoning.
  6. Iterate & cache
    • Cache wrapper files locally to avoid regenerating the same TypeScript on every request.
    • Cache expensive external calls (e.g., a large transcript) inside the sandbox so that subsequent steps can reuse the data without pulling it again.

Quick metrics you can track

MetricDirect MCPCode Agent (TypeScript API)Hybrid Progressive Disclosure
Tokens per workflow~150 k (large tools)~2 k (final result only)~10-20 k (depends on tool count)
Latency (average)3-5 s (network + LLM round-trips)1-2 s (sandbox exec + one LLM call)1.5-3 s
Security surfaceFull model access to all tool definitionsNo model-level I/O; sandbox permissions control accessSame as Code Agent but with on-demand loading

Pitfalls & edge cases

Claim / OpinionWhy it mattersMitigation
“Code agents handle more complex tools than direct MCP.” (opinion)Complex tools often require multi-step orchestration; writing code lets you loop, branch, and batch calls.Beware of code-generation bugs – always validate the sandbox output before trusting it.
“Progressive disclosure is the silver bullet for token savings.” (opinion)Loading tools on demand reduces overhead, but each discovery step itself costs a few tokens.Cache discovery results in the LLM’s short-term memory or a server-side index to avoid repeated look-ups.
Security risk: sandbox escape. (open question)If the sandbox is mis-configured, malicious generated code could exfiltrate data.Use Deno’s fine-grained permissions (–allow-net=api.service.com) and a time-out guard (30 s) – see the Deno security guide.
Tool version drift. (open question)Wrappers may become stale if the underlying MCP server changes its schema.Implement a CI step that re-generates wrappers on every schema bump and redeploys the sandbox.
Cross-MCP server invocation. (pain point)An agent could inadvertently invoke a tool from a different MCP server, violating data-isolation policies.Encode the target server’s identity in the wrapper’s namespace (servers/google-drive/…) and enforce it in the sandbox dispatcher.

Quick FAQ

  1. How can an LLM discover the right tool without loading every definition?
    • Store a metadata index (tool name, short description, tags) separate from the full schema. The LLM queries the index first; only the matching wrapper file is pulled into the prompt.
  2. What sandbox runtime should I use?
    • Cloudflare’s Code Mode on Workers gives you a managed Deno environment with per-function permissions Cloudflare — MCP Agent API (2025). For self-hosted setups, plain Deno with –allow-net/–allow-read works well.
  3. Does progressive disclosure add latency?
    • A single discovery call costs ~50 tokens and < 100 ms. The saved token budget usually outweighs the tiny delay, especially for long-running workflows.
  4. Can I still use the uniform MCP interface?
    • Yes. The generated TS wrappers call the same MCP endpoint under the hood, so the uniform API contract stays intact – you just move the heavy lifting out of the model.
  5. How do I handle PII in large documents?
    • Pre-process the raw output inside the sandbox (e.g., regex-based redaction) before sending the final JSON back to the LLM. This keeps privacy-preserving logic out of the prompt.
  6. What’s the realistic token reduction I can expect?
    • In our own tests, a multi-tool sales-assistant dropped from ~150 k to ~2 k tokens – a 98 % cut. Simpler workflows usually see 70-90 % savings.

Conclusion

If you’re a CTO or staff engineer wrestling with exploding prompts, the math is hard to argue with: tokens ≈ cost, and cost ≈ latency. By treating each MCP tool as a stand-alone TypeScript file, loading only what you need, and executing it in a sandboxed Deno runtime, you reclaim the majority of your context window for genuine reasoning.

The approach does require a modest shift in developer mindset – you now write code-first prompts rather than tool-first prompts – but the payoff is measurable: lower bills, faster responses, and a tighter security perimeter.

Next steps

  1. Audit your current agent for token bloat – count tool definition tokens with a simple script.
  2. Scaffold a servers/ directory and generate a wrapper for a single high-impact tool (e.g., getDocument).
  3. Hook the wrapper into a Cloudflare Workers sandbox and run a “hello world” code-generation test.
  4. Measure token usage before and after; you’ll likely see > 80 % reduction on the first pass.
  5. Iterate across the rest of your toolset, adding caching and progressive disclosure as needed.

The uniform interface of MCP still gives you a single discovery surface; the code-agent layer simply optimizes the plumbing. Give it a try on a low-risk internal service first, then roll out to customer-facing agents once you’ve validated the sandbox security model.


References