Runlayer MCP. Govern every agent, server, and policy in your AI stack.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
Runlayer is an enterprise control plane for governing your MCP ecosystem. It lets you manage all AI agents, servers, and security policies from one place.
Your agent can onboard new MCP endpoints, audit access logs, and scan for unauthorized 'shadow AI' without ever touching a dashboard.
It’s the central point of record for who talks to what.
What your AI agents can do
Create agent
Registers a new AI agent type (e.g., Claude or Cursor) to the control plane with defined security rules.
Create api key
Generates and stores a unique API key for external services, which must be saved immediately after creation.
Create mcp server
Adds a new MCP endpoint to the governance system by providing its name and connection details.
Retrieve complete audit trails (get_audit_logs) and run full network scans (run_mcp_sweep_scan) to identify every connected resource, including unauthorized endpoints.
Register new MCP servers (create_mcp_server), update their credentials (update_mcp_server), or decommission them entirely using the API.
Onboard, configure, or delete AI agents (e.g., create_agent, delete_agent) while assigning specific permissions to each one.
Define granular access rules (create_policy) and apply them across entire groups of servers or agents, ensuring least privilege is maintained.
Codify reusable functions as Skills (create_skill), so multiple agents can use the same approved piece of logic without duplicating code.
Ask AI about this MCP
Supported MCP Clients
Gemini Waiting for input…
Runlayer MCP Server: 27 Tools for Enterprise Governance
Use these tools to manage the full lifecycle of your AI infrastructure—from onboarding new servers to auditing every single access attempt.
019d7600create agent
Registers a new AI agent type (e.g., Claude or Cursor) to the control plane with defined security rules.
019d7600create api key
Generates and stores a unique API key for external services, which must be saved immediately after creation.
019d7600create mcp server
Adds a new MCP endpoint to the governance system by providing its name and connection details.
019d7600create policy
Establishes a formal security rule or access requirement that must be followed by all connected agents and servers.
019d7600create skill
Defines a reusable capability, standardizing code blocks so multiple agents can use the same approved function.
019d7600delete agent
Removes an AI agent from governance. This action disconnects it from all servers and policy assignments.
019d7600delete mcp server
Decommissions a registered MCP server, automatically removing its links to agents and policies.
019d7600delete policy
Removes an access control policy. Resources governed by this policy will no longer enforce these rules.
019d7600delete skill
Deletes a standardized skill definition, leaving the underlying MCP servers available for new use cases.
019d7600get agent
Retrieves detailed status information about one specific AI agent, including its assigned resources and compliance standing.
019d7600get audit logs
Returns a chronological log of all actions taken across the organization, detailing who did what and when.
019d7600get mcp server
Fetches detailed configuration data for one specific MCP server by its UUID, verifying its current status.
019d7600get organization
Retrieves an overview of the entire Runlayer setup, confirming overall organizational settings and resource inventory.
019d7600get scan results
Displays the findings from a previous network sweep scan, specifically listing discovered policy violations or unauthorized services.
019d7600get skill
Gets detailed information about a specific Skill, showing its usage count and which servers it requires to run.
019d7600list agents
Lists all registered AI agents in the organization with key details like type, assigned servers, and policy compliance status.
019d7600list api keys
Shows a complete inventory of all API keys used by your services, helping you identify unused or compromised credentials.
019d7600list mcp servers
Provides an initial overview of every registered MCP server in the organization, including its UUID and operational state.
019d7600list members
Lists all user accounts associated with your Runlayer instance for role auditing or access review.
019d7600list policies
Displays a summary of all defined security policies, showing their enforcement status and current violation counts across resources.
019d7600list skills
Lists available standardized skills, detailing which underlying MCP servers each skill depends on for execution.
019d7600revoke api key
Immediately disables a key using its ID. This is used during security incidents when an API key must be cut off instantly.
019d7600run mcp sweep scan
Initiates a full-system audit scan to proactively detect 'shadow AI' or any MCP server operating outside defined policies.
019d7600update agent
Modifies an existing agent’s configuration, allowing you to adjust its access rights without deleting and recreating the entire profile.
019d7600update mcp server
Updates a server's operational parameters—like rotating credentials or changing policy associations—without service downtime.
019d7600update policy
Refines an existing security rule, enabling you to tighten access controls or adjust audit requirements for specific resources.
019d7600update skill
Updates a standardized skill's definition, letting you modify its documentation or change the underlying MCP servers it calls.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Runlayer, then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,700+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
What you can do with this MCP connector
Runlayer isn't an AI itself; it’s your enterprise control plane. It governs every piece of infrastructure that talks to your models—the security guard for all your model endpoints. When you use this, you manage your entire MCP ecosystem from one place. You never have to touch a dashboard to get a full picture.
To start, you can check the whole setup with get_organization, or see who's on the payroll by calling list_members. If you need an inventory of connected servers, use list_mcp_servers; for details on any specific endpoint, just run get_mcp_server using its UUID. You can also get a rundown of every registered AI agent with list_agents, or check the detailed status of one particular agent by running get_agent.
When you need to add capacity, you use create_mcp_server to onboard a new endpoint, or you call update_mcp_server to change credentials without taking the service offline. If an endpoint is dead weight, you decommission it using delete_mcp_server. Similarly, when you build out your workforce, you register agents with create_agent, and you can adjust their rights later by calling update_agent; if an agent leaves or gets compromised, you use delete_agent to sever all its connections.
Security is where this thing shines. You define rules using create_policy and apply them across groups of resources; you can refine those access controls later with update_policy. If a policy needs to go, delete_policy takes it out, but the governed resources keep running under whatever rule set they're currently on.
For credential control, you generate unique keys using create_api_key, which you must save right away. You track all existing credentials with list_api_keys, and if there’s an incident, you immediately cut off access with revoke_api_key. The system also handles capabilities: you define reusable functions as Skills via create_skill, letting multiple agents use the same approved logic without duplicating code.
To manage these standardized pieces, you can get details using get_skill or list available skills with list_skills; if a skill is deprecated, you delete it using delete_skill. You update its definition using update_skill when necessary.
The auditing mechanisms are airtight. You track every damn thing that happens by calling get_audit_logs, giving you a chronological log of exactly who did what and when across the organization. For proactive security, you run a full system audit scan with run_mcp_sweep_scan to detect unauthorized endpoints or 'shadow AI,' then review all findings using get_scan_results.
You can also view a summary of all defined policies and how many violations they've seen by running list_policies. To maintain governance, you use the centralized tools: you add new standardized code blocks with create_skill, update them with update_skill, or delete them with delete_skill.
This system gives you total control over your whole stack. You can get a full overview of all registered skills using list_skills. If you need to remove an agent from the governance record, you use delete_agent. You manage every component—agents, policies, servers, and capabilities—through structured API calls. This lets your AI client perform these actions directly without ever needing to click through a dashboard.
How Runlayer MCP Works
- 1 First, generate an Organization API Key from the Runlayer dashboard. You need this key to authorize your agent's commands.
- 2 Next, connect your preferred AI client (your agent) and configure its host URL with your organization's Runlayer instance address.
- 3 Finally, you prompt your agent using natural language—e.g., 'Run a scan for unauthorized servers.' The agent converts that command into the necessary tool calls.
The bottom line is: it turns complex infrastructure maintenance from clicking through multiple dashboards into simple conversational commands sent to one central endpoint.
Who Is Runlayer MCP For?
IT security teams, AI governance officers, platform engineers, and compliance managers. You use this if your organization has a rapidly growing number of MCP servers (10+) and you need continuous visibility into who can talk to what. This is for people tired of manual audit work.
Manages the full server lifecycle: using create_mcp_server when a new service launches, and update_mcp_server when credentials expire.
Defines security boundaries by creating policies with create_policy and running automated checks using run_mcp_sweep_scan to detect vulnerabilities.
Maintains the system integrity by listing agents (list_agents), checking policy compliance, and reviewing all activity through get_audit_logs.
What Changes When You Connect
- Instant Shadow AI Discovery: Use
run_mcp_sweep_scanto find unauthorized endpoints immediately. This is key for compliance teams who can't afford unexpected data leaks from unmanaged services. - Full Audit Trail Access: The
get_audit_logstool provides a single, chronological source of truth. You don't have to piece together access history from ten different system logs; you just ask your agent. - Controlled Agent Lifecycle: Instead of manually managing permissions, use
create_agent,update_agent, anddelete_agent. Your AI client handles the complexity of assigning servers and policies automatically. - Policy-as-Code Enforcement: Define access rules with
create_policyand enforce them system-wide. You can't just tell your team to follow the rules; Runlayer forces it using these tools. - Operational Flexibility: Need to change a server credential? Use
update_mcp_server. You modify the endpoint without needing maintenance windows or downtime.
Real-World Use Cases
The Compliance Check
A Compliance Manager needs proof that no unauthorized AI tools are accessing customer data. Instead of manually checking 20 dashboards, they tell their agent: 'Run a scan for policy violations.' The agent calls run_mcp_sweep_scan and then uses get_scan_results, instantly delivering a report listing every unapproved MCP server.
The Server Decommission
A Platform Engineer is retiring an old service endpoint. They don't just delete it; they use the agent to call delete_mcp_server. This action automatically checks and disconnects all associated agents and policies, preventing orphaned access rights.
The Access Review
An AI Governance Officer needs to know who has read access to a sensitive database. They ask their agent to get_audit_logs for that resource over the last quarter. The system returns a full list of users and agents, letting them identify exactly which accounts need revocation via revoke_api_key.
The Capability Reuse
A company has several microservices needing to perform date formatting (a common task). Instead of coding it into every service, the engineer uses create_skill to standardize the logic. Now all agents can call that skill ID for consistent, governed execution.
The Tradeoffs
Manual Dashboard Auditing
Trying to check every server's policy status by clicking through 15 different MCP dashboards and cross-referencing spreadsheets. This is slow, error-prone, and only gives you a snapshot in time.
→
Use list_mcp_servers first to get an inventory list, then use your agent to call get_audit_logs for the whole group. The system handles the cross-referencing automatically.
Assuming Isolation
An engineer assumes a server they created yesterday is still restricted by old policies because they forgot to update the governance layer.
→
Always use list_policies and then run get_mcp_server. This forces you to verify that the current policy rules are correctly attached to the resource.
Using API Keys for Everything
Creating dozens of individual, permanent API keys for every small service instead of centralizing key management.
→
Use create_api_key and treat those keys as ephemeral. Regularly run list_api_keys to audit them, and use revoke_api_key immediately if a service is decommissioned.
When It Fits, When It Doesn't
You need this server if your AI usage crosses the line from 'experimental' to 'production-scale.' Don't buy it just because you have 10 servers; get it when manually managing security becomes a full-time job. If your primary concern is simply connecting two agents together, you don't need Runlayer—a simple messaging queue handles that fine. But if you care about governance (who can read what), auditability (get_audit_logs), and preventing unauthorized expansion ('shadow AI'), then this control plane is non-negotiable. The core value isn't the tools; it's treating all your MCP endpoints as governed resources, making policy enforcement a first-class citizen in your stack.
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Runlayer. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 27 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Available Capabilities
Tracking every agent interaction shouldn't require opening ten different log tabs.
Today, when an engineer modifies a service, the change ripples out. The operations team has to check Server A’s dashboard for policy changes, then open Agent B’s logs, and finally verify the API key rotation in a separate vault. It's a manual, multi-system checklist that guarantees someone misses something.
With Runlayer, you ask your agent: 'Show me all recent access patterns.' The system calls `get_audit_logs` for every resource—policies, servers, agents—and presents one clean timeline. You get instant compliance reporting without the manual cross-referencing.
Runlayer MCP Server: Control your entire AI infrastructure.
You don't have to treat every new microservice endpoint as a silo. You can onboard it via `create_mcp_server` and immediately apply security rules using `create_policy`. This process is automated, making governance part of the deployment flow.
The difference now is that your AI infrastructure isn't just running; it’s controlled. Every service gets registered, policies get attached, and every action leaves a clear trail. You finally move from reactive cleanup to proactive governance.
Common Questions About Runlayer MCP
How do I check for unauthorized MCP servers using Runlayer? (run_mcp_sweep_scan) +
You run the run_mcp_sweep_scan tool. This initiates a system-wide audit that discovers endpoints not explicitly registered, which are often 'shadow AI' services running outside your governance control.
What is the difference between list_mcp_servers and get_mcp_server? (list_mcp_servers) +
Listing servers (list_mcp_servers) gives you a comprehensive inventory of all registered UUIDs. Getting details (get_mcp_server) requires knowing a specific server's UUID and pulls its deep configuration data.
Can I restrict an agent’s access to only certain servers? (create_agent) +
Yes. When you use create_agent, you specify which MCP servers are allowed for that agent, ensuring it can't interact with restricted endpoints.
How do I review my current security policies in Runlayer? (list_policies) +
Use the list_policies tool. It shows every defined rule, along with metrics like enforcement status and how many violations have been logged against those rules.
If I delete a policy, what happens to the resources? (delete_policy) +
Using delete_policy means that all resources previously governed by it immediately lose those specific security and access restrictions. Confirming this before deletion is critical.
What should I do if an API key is compromised? How does `revoke_api_key` work? +
The key is immediately invalidated upon execution. This action cannot be reversed, so always use it for suspicious or unused keys to secure your organization's data.
How detailed are the records I get when running `get_audit_logs`? +
The logs provide complete details: timestamps, who performed the action (actor identity), what was done (action type), which resource was affected, and the final outcome. This is essential for compliance reporting.
If I modify a reusable capability using `update_skill`, are agents or servers still connected to it? +
Yes, modifying the skill does not break existing connections. The system maintains those dependencies, ensuring that active agents and assigned MCP servers continue functioning with the updated definition.
Do I need a Runlayer enterprise subscription to use this MCP? +
Yes, this MCP server requires an active Runlayer organization with API access. Runlayer is an enterprise-grade control plane, so you need a valid organizational subscription. Contact Runlayer sales to get started and obtain your organization API key.
Can this MCP server detect unauthorized AI usage (shadow AI)? +
Yes! The run_mcp_sweep_scan tool initiates comprehensive shadow AI discovery across devices, detecting unauthorized MCP servers, OpenClaw installs, Skills, and agents. Results include policy violations and security risks across your organization's endpoints.
What types of AI agents does Runlayer support? +
Runlayer supports Claude Desktop, Cursor, VS Code with Copilot, Windsurf, and custom AI agents. Each agent type can be registered with specific security policies, assigned MCP servers, and monitored through the audit trail. New agent types can be added as custom integrations.
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
More in this category
Spider
High-performance Rust-powered web scraping and crawling — scrape, crawl, and search up to 100K+ pages/second with built-in anti-bot protection.
Kong Gateway
Manage your API Gateway infrastructure — list services, configure routes, and manage consumers or plugins directly from any AI agent.
AutoGen
Orchestrate Microsoft AutoGen multi-agent workflows — manage sessions, agent roles, workflows, and monitor execution logs from any AI agent.
You might also like
Upstream Lens
Monitor upstream oil and gas operations with production data analytics, well performance tracking, and field reporting tools.
BoomTown (OvationCXM)
Orchestrate customer journeys via OvationCXM — manage journeys, teams, and support issues directly from any AI agent.
YAML Parser Engine
Convert YAML to JSON and JSON to YAML with absolute precision — including anchors, aliases, and multi-document support. The engine behind Kubernetes, GitHub Actions, and Docker Compose config processing. 30M+ weekly downloads.