THE SCRIPTING LAYER

Turn 200KB API responses
into 500 bytes

Skills package Python scripts that use the gateway SDK to call MCP tools, filter responses, and return compact results. The agent sees a normal tool — zero awareness that scripts are involved.

Read the docs
salesforce-workflows.skill
Runs in sandbox

Skill Package

salesforce-workflows/

SKILL.md

workflow.json

tools/

summarize_pipeline.py

Gateway registers tools/ as MCP tools on attach

tools/summarize_pipeline.py

from mcpgateway_sdk import MCPGateway
gw = MCPGateway() # auto-auth from env

# 1. Fetch opportunities via SDK
opps = await gw.tools.execute(
    "salesforce_opportunities_list",
    {"quarter": "Q1-2026"}
) # returns 200KB raw

# 2. Batch-fetch accounts (not N+1)
ids = [o["AccountId"] for o in opps]
accts = await gw.tools.execute("salesforce_accounts", {"ids": ids})

# 3. Cache for follow-up questions
await gw.cache.set("accounts", accts, ttl=600)

# 4. Return compact joined result
return {
    "total_deals": len(opps),
    "deals": joined[:10]
} # 800 bytes → agent
Script runs in Docker/K8s sandbox·SDK auto-injects scoped token·Agent receives 800 bytes, not 1.2 MB·pip install mcpgateway-sdk

THE PROBLEM

MCP's token bloat crisis

Perplexity is moving away from MCP. Y Combinator's CEO says "MCP sucks." The reason: unbounded responses that destroy context windows and make tool calling unreliable at scale.

72%

Context window burned by tool schemas before the first message

Community measurements, March 2026

351K

Tokens from a single Figma design context response (limit: 25K)

MCP Discussion #2211

236×

Input-token inflation from traditional MCP tool-calling

Cloudflare technical analysis

98.7%

Token reduction with programmatic tool calling

Anthropic engineering blog

HOW IT WORKS

Scripts replace raw tool calls

Instead of flooding the agent with megabytes of raw API data, the gateway intercepts tool calls and routes them through user-authored scripts that filter, join, and compact the results.

Before: The agent does the work

The agent calls raw MCP tools directly. A Salesforce opportunities list returns 200KB. The agent then calls accounts_get for each — 50+ additional calls. Over 1.2MB of raw JSON floods the context window in 10+ conversation turns.

POST/api/v1/tools/execute
// Agent calls raw tool directly
{
"tool": "salesforce_opportunities_list",
"arguments": {
"stage": "Closed Won"
}
}
200 OK
{
"opportunities": [
{ "id": "006...", "name": "Acme Corp", "amount": 450000 },
... 49 more records, each with 30+ fields ...
]
}
200KB response · Agent must process 50+ more calls

After: The gateway does the work

A script tool runs in a sandbox, calls the same raw tools via the gateway SDK, filters and joins the data, and returns a compact 800-byte summary. The agent sees a normal tool — zero awareness that scripts are involved.

POST/api/v1/tools/execute
// Agent calls script tool
{
"tool": "summarize_pipeline",
"arguments": {
"quarter": "Q1-2026"
}
}
200 OK
{
"quarter": "Q1-2026",
"total_deals": 12,
"total_pipeline_value": 2340000,
"deals": [
{ "name": "Acme Corp", "value": 450000, "account": "Acme Inc" },
... 11 more (compact, joined)
]
}
800 bytes · Script made 2 internal API calls · Agent saw none of it

TWO PATHS

From prototype to production

Start fast with agent-mediated scripts, then graduate to gateway-enforced tools when you need production guardrails.

Agent-Mediated

scripts/ folder

Scripts in a skill's scripts/ directory. Agent reads SKILL.md, decides when to run. No manifest needed. Wildcard SDK token scope. Best for prototyping and iteration.

  • Flexible execution
  • No workflow.json
  • Agent decides when to run
  • Wildcard tool access

Gateway-Enforced

tools/ + workflow.json

Scripts registered as first-class MCP tools with input/output schemas, allowed-tool lists, response budgets. Gateway dispatches, validates, enforces. Best for production.

  • Schema validation
  • Scoped token (allowed_tools only)
  • Response budget enforcement
  • Exposure mode control

Upgrade path: Start with scripts/ to iterate quickly. Move to tools/ when ready for production guardrails. Both live in the same skill package.

IN PRACTICE

Salesforce pipeline in one call

From 51 tool calls to 1

Without scripting, an agent fetching top deals with account details makes 51+ API calls — 1.2MB into context. With a script tool, one call returns an 800-byte joined summary. The script internally batches API calls, deduplicates account IDs, caches results for follow-up questions, and compacts the output.

POST/api/v1/tools/execute
// Script tool response
{
"quarter": "Q1-2026",
"total_deals": 12,
"total_pipeline_value": 2340000,
"top_deals": [
{
"name": "Acme Corp Enterprise",
"value": 450000,
"account": "Acme Inc",
"close_date": "2026-03-15"
},
... 11 more deals (joined with account data)
]
}
800 bytes · 51 calls collapsed into 1 · Cached for follow-ups

SECURITY

Gateway-enforced guardrails

Scoped Tokens

Each script invocation gets a temporary API key scoped to only the tools declared in allowed_tools. Auto-expires after execution.

Response Budgets

max_response_bytes enforced by the gateway before the agent sees results. Scripts that return too much get truncated.

Exposure Modes

script_only mode hides all raw REST tools from the agent. The agent can only interact through curated script tools.

Schema Validation

Input validated against inputSchema before execution. Output validated against outputSchema before returning to agent.

Sandbox Isolation

Scripts execute in Docker (dev) or Kubernetes (prod) containers. SDK communicates with the gateway over an internal channel.

Audit Correlation

Every nested SDK call is linked to the parent tool invocation via parent_call_id. Full observability across the call chain.

THREE PILLARS, CONNECTED

Skills package it. Sandboxes run it. Servers host the tools.

Get started

Ready to eliminate token bloat?

The scripting layer is shipped and ready. Read the docs to learn how script tools work, or get in touch to discuss your use case.

Read the docsContact us