What is sandbox isolation?

Every MCP handler runs in its own isolated runtime with a private memory space. Complete separation from the host and from other handlers - by design.

Can my MCP server access the host operating system?

No. Handlers running in Vinkius have zero access to the host process, filesystem, network sockets, or child processes. The sandbox is completely sealed.

What happens if a handler runs too long?

It gets killed instantly. Hard CPU limits protect your infrastructure from runaway loops and rogue handlers. No warnings, no grace periods.

Is there a memory limit?

Yes. Every handler runs with a hard memory ceiling. If usage exceeds it, the handler is killed immediately. No swap, no fallback.

How are dynamic executions like 'eval()' handled?

Dynamic code generation is completely blocked. Your server only executes the logic you deployed, neutralizing injection vectors.

Zero trust isn't a policy. It's the runtime.

Q: Is my MCP source code safe from leaks?

Yes. Your handler code is never readable at runtime. Even in a breach scenario, your source code cannot be extracted.

Every call. Contained. Sealed runtime isolation for every MCP server. No host access, no side channels, no escape routes. Hardened into the Vinkius.

Sealed Runtime

Nothing gets in. Nothing gets out.

Every MCP tool handler runs in complete isolation. Your handler and the Vurb.ts Framework - that's all that exists. No host access, no side channels, no escape routes.

Isolation

Total Memory Isolation

Every handler runs in its own sealed space. One handler cannot read, write, or even detect another. Complete separation - by design.

Surface

Zero Attack Surface

Your handler sees Vurb.ts and nothing else. Everything dangerous is absent - not restricted, not blocked. Gone.

IP Protection

Source Code Protection

Your enterprise code is never readable at runtime. Even in a breach scenario, your intellectual property cannot be extracted.

Cleanup

Zero Residue

When a session ends, everything related to it is destroyed. No zombie processes. No orphaned state. Gone.

Speed

Instant Start

Your handler starts executing in microseconds. Zero cold-start penalty. Governance and validation ready before the first byte.

Hard Limits

Every resource capped. Every violation fatal.

Zero Tolerance.

CPUTIMEOUT

Hard CPU time limit per handler execution. Exceeds it - killed instantly. No warnings, no grace periods. Protects against infinite loops and runaway recursion.

MEMCEILING

Hard memory ceiling per handler. No swap, no fallback. If your handler allocates beyond the limit, execution terminates immediately.

EXITCLEANUP

When a session ends or a handler is killed, all resources are destroyed. No zombie processes, no orphaned state, no residual memory.

NETEGRESS

No outbound network access from handlers. SSRF is architecturally impossible - the runtime has no network primitives.

DLPREDACT

Automatic pattern-based redaction of PII, credentials, and secrets in tool responses. Sensitive data never reaches the agent.

LOGSTREAM

Every tool call, every enforcement action, every governance decision streamed to your SIEM in real time.

SIEM Streaming

Every event. Your SIEM. Splunk. Datadog. Webhook.

Every tool call, every enforcement action, every governance decision - forwarded to your existing security infrastructure in real time. Cryptographically signed. Automatically retried.

Splunk

Splunk HEC

Native HTTP Event Collector integration. Paste your HEC token and endpoint - events flow to Splunk in seconds.

JSON payload · custom index · source type

Datadog

Datadog Logs

First-class Datadog integration with multi-site support. US1, US3, US5, EU1, AP1, and GOV.

API key · site selection · tag enrichment

Webhook

Custom Webhook

Send events to any HTTPS endpoint with HMAC signature verification. Integrate with PagerDuty, Opsgenie, or internal tooling.

HMAC-SHA256 · retry policy · custom headers

Cryptographically Signed

Every event payload is signed with HMAC-SHA256. Verify authenticity and integrity at your endpoint.

Automatic Retry

Failed deliveries are retried with exponential backoff. No events lost during transient outages.

Per-Server Toggle

Enable or disable streaming per MCP server. Configure multiple destinations per server.

Test Delivery

Send a test event to verify your endpoint configuration before going live. One click.

Fully Auditable

Read every line. Before you trust us.

View on GitHub

Open Source Runtime

The Vurb.ts framework is fully open source. Read every line of the sandbox, the governance engine, and the enforcement layer before you trust it.

Lockfile Integrity

Every dependency is pinned with cryptographic hashes. No phantom updates. No supply chain surprises. What you audit is what runs.

Zero Dynamic Execution

eval(), Function(), import() - all blocked at the runtime level. Your server only executes the logic you deployed.

Full Audit Trail

Every deployment, every configuration change, every access event is logged with actor, timestamp, and action. Immutable audit history.

AI agents never stop.
MCP Servers need Vinkius.

Autonomous agents don't sleep. Every tool call hits a hardened isolation perimeter - cryptographic lockfiles, zero-trust RBAC, and hard execution quotas enforced at the payload level. No wrappers. Titanium-grade governance for autonomous compute.

Try for Free·No credit card