No escape. No compromise.Runtime isolation, by design.
Every MCP tool handler runs inside a sealed V8 isolate. No process access, no filesystem, no network escape — with hard CPU limits, memory ceilings, and automatic lifecycle cleanup.
Sealed Runtime Architecture.
Every tool handler deployed to Vinkius runs inside its own V8 isolate. The runtime starts empty — no process, no require, no filesystem. Only your handler logic and the Vurb.ts Framework are injected. Everything else is absent from the runtime.
Sealed by Default.
Heap Isolation
Each isolate owns its private V8 heap. Objects cannot cross isolate boundaries. A handler in Isolate A cannot read, write, or reference any object in Isolate B.
V8 enforces memory isolation at the engine level — the same isolation model used by Chrome to separate tabs from different origins. This is hardware-grade isolation, not application-level sandboxing.
Zero API Surface
Every dangerous host API is physically absent from the runtime. Not restricted by policy. Removed entirely.
The isolate starts empty. Only the Vurb.ts Framework and your handler logic are loaded. Every dangerous API that Node.js provides by default simply doesn't exist inside the isolate.
AST-Level Stripping
Source code is compiled to V8 bytecode before execution. The original source is never readable at runtime inside the isolate.
Your code is never read by the platform. AST stripping guarantees that even in the unlikely event of an isolate breach, the source code of your enterprise handlers cannot be exfiltrated.
Lifecycle Binding
Isolate lifetime is bound to the SSE connection. When the TCP connection drops, the AbortController cascades through every pending fetch, timer, and promise. Then the isolate is destroyed.
Zero zombie processes. Zero orphaned sockets. Zero dangling state. The death of the connection is the death of the isolate. No garbage collection, no cleanup — annihilation.
V8 Snapshots
MCP definition is pre-loaded into the isolate snapshot. Your handler starts executing with zero cold-start overhead.
The snapshot contains the compiled Vurb.ts Framework, governance rules, and schema validators. When a connection arrives, the isolate is instantiated from the snapshot in microseconds.
CPU Guillotine. Memory Ceiling.
Zero Tolerance.5s hard timeout — infinite loop? Isolate.terminate(). Instantly.
128MB fixed ceiling — exceed it, killed. No swap. No negotiation.
TCP death → AbortController cascade → every fetch, timer, promise killed.
DNS-resolved, IP-pinned egress. All reserved and private ranges blocked at network layer.
Sensitive data patterns scanned per response. Detected matches redacted in RAM, never logged.
Every enforcement action emits a structured OpenTelemetry span. Full observability.
"The ceiling is the ceiling. Exceed it, and the isolate dies."
Apache 2.0
Vurb.ts Framework is fully open-source. Governance rules, introspection engine, CLI — every line visible on GitHub.
Cryptographic Lockfiles
Every deployment generates a SHA-256 signed lockfile. Contract drift is detected at build time, not in production.
No eval. No new Function.
Dynamic code generation is blocked at the AST level. Your handlers execute exactly what you wrote — nothing injected, nothing modified.
Governance Audit Trail
Every capability check, every DLP scan, every SSRF block — logged as structured OpenTelemetry spans. Export to Jaeger, Datadog, or your own collector.
Deploy to sealed V8.
Every handler sealed in a V8 isolate. CPU guillotine, memory ceiling, SSRF proxy, DLP — all enforced by default. No configuration required.
No credit card · Free tier forever