Code Mode
Let AI write code to orchestrate multiple tools
Agent Mode lets DeepIntShield run approved tool calls for you automatically, so you don’t make a separate execute call for each tool. Use it when you want an autonomous agent loop instead of the explicit review-and-execute workflow.
When Agent Mode is enabled:
Agent Mode requires two configurations:
tools_to_execute: Which tools are available (whitelist)tools_to_auto_execute: Which tools can run automatically (subset of above)| Field | Purpose | Semantics |
|---|---|---|
tools_to_execute | Tools available to the LLM | ["*"] = all, [] = none, ["a", "b"] = specific |
tools_to_auto_execute | Tools that run without approval | Same semantics, must be subset of tools_to_execute |
The auto-execute configuration is managed per-client, allowing fine-grained control over which tools run automatically vs. requiring manual approval.
Max depth and other agent settings - max_agent_depth, tool_execution_timeout, and code_mode_binding_level - are managed from the MCP Gateway settings in the Web UI. Adjust them there to change how deep the agent loop can run and how long each tool execution may take.
The max_agent_depth setting limits how many iterations the agent can perform:
When the model requests several auto-executable tools at once, they run concurrently, so a turn with multiple independent tool calls finishes about as fast as its slowest call.
When a single response mixes auto-executable and non-auto-executable tools, DeepIntShield runs the auto-executable ones and then hands the request back to you so you can approve the rest. The response you receive has:
content field with a JSON summary of the tools that already rantool_callsfinish_reason set to "stop"{ "choices": [{ "index": 0, "finish_reason": "stop", "message": { "role": "assistant", "content": "The Output from allowed tools calls is - {\"filesystem-list_directory\":\"[\\\"file1.go\\\", \\\"file2.go\\\"]\"}\n\nNow I shall call these tools next...", "tool_calls": [{ "id": "call_pending", "type": "function", "function": { "name": "filesystem-write_file", "arguments": "{\"path\": \"output.txt\", \"content\": \"...\"}" } }] } }]}Your application then:
content field to see what was already executedtool_callsSafe for Auto-Execute:
read_file, list_directory)search, fetch_url)Require Human Approval:
write_file, create_file)delete_file, delete_record)run_command, execute_script){ "tools_to_execute": ["*"], "tools_to_auto_execute": [ "read_file", "list_directory", "search", "get_weather" ]}Individual tool executions are bounded by tool_execution_timeout:
Adjust the timeout (for example, to 60s) from the MCP Gateway settings in the Web UI.