programmatic-tool-calling-ai-sdk

The system executes LLM-generated JavaScript code within Vercel Sandbox, which provides strong isolation, mitigating direct host system compromise. `new Function(code)` is used solely for syntax validation, not direct execution on the host. The MCP `stdio` transport feature (e.g., `npx mcp-server-commands`) runs predefined commands specified in `mcp-config.ts`, not dynamically generated by the LLM, preventing direct command injection into the host OS. Parameter normalization in `mcp-bridge.ts` adds a layer of defense against malformed inputs. A minor concern for a production system is the hardcoded Firecrawl API key in `mcp-config.ts` (though acceptable for a POC), which should ideally be an environment variable. The long `maxDuration` for the API route and sandbox (up to 10 and 5 minutes respectively) could be a theoretical vector for resource exhaustion if not managed by Vercel's platform, but within the sandbox environment, this is primarily a cost/performance consideration.