Runlayer MCP for AI. Govern every agent, server, and policy in your AI stack.

Q: How do I check for unauthorized MCP servers using Runlayer? (runmcpsweepscan)

You run the runmcpsweepscan tool. This initiates a system-wide audit that discovers endpoints not explicitly registered, which are often 'shadow AI' services running outside your governance control.

Q: What is the difference between listmcpservers and getmcpserver? (listmcpservers)

Listing servers (listmcpservers) gives you a comprehensive inventory of all registered UUIDs. Getting details (getmcpserver) requires knowing a specific server's UUID and pulls its deep configuration data.

Q: Can I restrict an agent’s access to only certain servers? (createagent)

Yes. When you use createagent, you specify which MCP servers are allowed for that agent, ensuring it can't interact with restricted endpoints.

Q: How do I review my current security policies in Runlayer? (listpolicies)

Use the listpolicies tool. It shows every defined rule, along with metrics like enforcement status and how many violations have been logged against those rules.

Q: If I delete a policy, what happens to the resources? (deletepolicy)

Using deletepolicy means that all resources previously governed by it immediately lose those specific security and access restrictions. Confirming this before deletion is critical.

Claude

ChatGPT

Cursor

Gemini

Windsurf

VS Code

JetBrains

Vercel

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

Connect to your AI in seconds.

Runlayer is an enterprise control plane for governing your MCP ecosystem. It lets you manage all AI agents, servers, and security policies from one place.

Your agent can onboard new MCP endpoints, audit access logs, and scan for unauthorized 'shadow AI' without ever touching a dashboard.

It’s the central point of record for who talks to what.

What your AI can do

Create api key

Generates and stores a unique API key for external services, which must be saved immediately after creation.

Create agent

Registers a new AI agent type (e.g., Claude or Cursor) to the control plane with defined security rules.

Revoke api key

Immediately disables a key using its ID. This is used during security incidents when an API key must be cut off instantly.

+ 24 more capabilities included

Audit and Visibility

Retrieve complete audit trails (get_audit_logs) and run full network scans (run_mcp_sweep_scan) to identify every connected resource, including unauthorized endpoints.

Server Lifecycle Management

Register new MCP servers (create_mcp_server), update their credentials (update_mcp_server), or decommission them entirely using the API.

Agent Onboarding and Control

Onboard, configure, or delete AI agents (e.g., create_agent, delete_agent) while assigning specific permissions to each one.

Security Policy Definition

Define granular access rules (create_policy) and apply them across entire groups of servers or agents, ensuring least privilege is maintained.

Capability Standardization

Codify reusable functions as Skills (create_skill), so multiple agents can use the same approved piece of logic without duplicating code.

Ask an AI about this

Included with Plan

Waiting for input…

AI Agent

Runlayer MCP Server: 27 Tools for Enterprise Governance

Use these tools to manage the full lifecycle of your AI infrastructure—from onboarding new servers to auditing every single access attempt.

Make your AI actually useful.

Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.

Start using Runlayer on Vinkius

Create Api Key

Generates and stores a unique API key for external services, which must be saved immediately after creation.

Create Agent

Registers a new AI agent type (e.g., Claude or Cursor) to the control plane with...

Revoke Api Key

Immediately disables a key using its ID. This is used during security incidents when...

Create Mcp Server

Adds a new MCP endpoint to the governance system by providing its name and...

Create Policy

Establishes a formal security rule or access requirement that must be followed by...

Create Skill

Defines a reusable capability, standardizing code blocks so multiple agents can use the same approved function.

Delete Agent

Removes an AI agent from governance. This action disconnects it from all servers and policy assignments.

Delete Mcp Server

Decommissions a registered MCP server, automatically removing its links to agents...

Delete Policy

Removes an access control policy. Resources governed by this policy will no longer...

Delete Skill

Deletes a standardized skill definition, leaving the underlying MCP servers...

Get Agent

Retrieves detailed status information about one specific AI agent, including its...

Get Audit Logs

Returns a chronological log of all actions taken across the organization, detailing who did what and when.

Get Mcp Server

Fetches detailed configuration data for one specific MCP server by its UUID, verifying its current status.

Get Organization

Retrieves an overview of the entire Runlayer setup, confirming overall...

Get Scan Results

Displays the findings from a previous network sweep scan, specifically listing...

Get Skill

Gets detailed information about a specific Skill, showing its usage count and which...

List Api Keys

Shows a complete inventory of all API keys used by your services, helping you...

List Agents

Lists all registered AI agents in the organization with key details like type, assigned servers, and policy compliance status.

List Mcp Servers

Provides an initial overview of every registered MCP server in the organization, including its UUID and operational state.

List Members

Lists all user accounts associated with your Runlayer instance for role auditing or...

List Policies

Displays a summary of all defined security policies, showing their enforcement...

List Skills

Lists available standardized skills, detailing which underlying MCP servers each...

Run Mcp Sweep Scan

Initiates a full-system audit scan to proactively detect 'shadow AI' or any MCP...

Update Agent

Modifies an existing agent’s configuration, allowing you to adjust its access rights without deleting and recreating the entire profile.

Update Mcp Server

Updates a server's operational parameters—like rotating credentials or changing policy associations—without service downtime.

Update Policy

Refines an existing security rule, enabling you to tighten access controls or adjust...

Update Skill

Updates a standardized skill's definition, letting you modify its documentation or...

Security and governance baked right in.

Pick your AI client below to get set up. Just create a Vinkius account, subscribe, and you're instantly up and running. We handle the entire backend infrastructure, delivering out-of-the-box support for HTTPS Streamable, SSE, and OAuth2—zero messy routing required.

Claude AI

Open Claude Settings

Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.

Add Custom Connector

Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL:

https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp

Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. For OAuth-protected servers, expand Advanced settings to add credentials.

Start a conversation

Open a new chat. The Runlayer integration is available immediately — no restart needed.

Antigravity

Configure Agent Environment

Open your Antigravity agent's workspace configuration or mcp-servers.json file.

Bind the Endpoint

Add the Vinkius endpoint URL to your agent's MCP connections list:

"mcp_servers": {
  "runlayer": {
    "serverUrl": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
  }
}

Provide your secure token in place of [YOUR_TOKEN_HERE] to ensure your agent requests are authenticated.

Execute

Start your Antigravity session. The agent will autonomously discover and utilize the Runlayer tools with full Vinkius guardrails applied.

VS Code Copilot

⚡

One-Click Install (Recommended)

In your Vinkius Dashboard, simply click the Add to VS Code button for this server. We'll automatically configure your local workspace.

Or configure manually

Open MCP Settings

Open VS Code, press Ctrl/Cmd + Shift + P, and search for GitHub Copilot: MCP Servers.

Add Server Config

Add the Vinkius endpoint configuration to your mcp-servers.json file:

"runlayer": {
  "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
}

Ensure you replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.

LangChain

Install Dependencies

Install the LangChain MCP adapters for your environment:

pip install langchain-mcp-adapters

Connect the Server

Use the SSEClient in LangChain to connect to the Vinkius managed endpoint:

from langchain_mcp_adapters.client import SSEClient

# Connect to Vinkius
client = SSEClient(url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp")
tools = client.get_tools()

CrewAI

Define the Tool

Load the Vinkius MCP tools into your CrewAI agents:

from crewai import Agent
from mcp_crewai import MCPTool

# Connect securely to Vinkius
vinkius_tools = MCPTool(url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp")

# Assign to Agent
researcher = Agent(
    role='Data Researcher',
    tools=vinkius_tools.get_all()
)

Execute Task

Run your CrewAI process. The agent will autonomously route tasks to the Vinkius managed server.

Choose How to Get Started

Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.

Build Your Own

Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.

Import from OpenAPI, Swagger, or YAML specs
Create Agent Skills with progressive disclosure
Deploy to edge with MCPFusion framework
Built in DLP, auth, and compliance on every call
Real time usage dashboard and cost metering
Publish to catalog or keep private

Start building

Make Your AI Do More

Start with Runlayer, then connect any of our 5,100+ other servers whenever your AI needs more. One click, no limits.

Use this MCP plus 5,100+ others, all in one place
Add new capabilities to your AI anytime you want
Every connection is secured and compliant automatically
Track usage and costs across all your servers
Works with Claude, ChatGPT, Cursor, and more
New servers added to the catalog every week

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Runlayer. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

VINKIUS INFRASTRUCTURE

Cloud Hosted

Managed infra

V8 Isolated

Sandboxed per request

Zero-Trust Proxy

No stored credentials

DLP Enforced

Policy on every call

GDPR Compliant

EU data residency

Token Compression

~60% cost reduction

Your data is protected. See how we built it.

Works with Claude, ChatGPT, Cursor, and more

The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.

This connection provides 27 powerful capabilities that interface natively with Claude, ChatGPT, Cursor, and other compatible AI platforms. No middleware. No custom integration required.

Tracking every agent interaction shouldn't require opening ten different log tabs.

Today, when an engineer modifies a service, the change ripples out. The operations team has to check Server A’s dashboard for policy changes, then open Agent B’s logs, and finally verify the API key rotation in a separate vault. It's a manual, multi-system checklist that guarantees someone misses something.

With Runlayer, you ask your agent: 'Show me all recent access patterns.' The system calls `get_audit_logs` for every resource—policies, servers, agents—and presents one clean timeline. You get instant compliance reporting without the manual cross-referencing.

Runlayer MCP Server: Control your entire AI infrastructure.

You don't have to treat every new microservice endpoint as a silo. You can onboard it via `create_mcp_server` and immediately apply security rules using `create_policy`. This process is automated, making governance part of the deployment flow.

The difference now is that your AI infrastructure isn't just running; it’s controlled. Every service gets registered, policies get attached, and every action leaves a clear trail. You finally move from reactive cleanup to proactive governance.

Support 24/7 support@vinkius.com ↗

Security Vinkius Trust Center ↗

SLA Service Level Agreement ↗

Report Listing Send Report ↗

What your AI can actually do with this

Runlayer isn't an AI itself; it’s your enterprise control plane. It governs every piece of infrastructure that talks to your models—the security guard for all your model endpoints. When you use this, you manage your entire MCP ecosystem from one place. You never have to touch a dashboard to get a full picture.

To start, you can check the whole setup with get_organization, or see who's on the payroll by calling list_members. If you need an inventory of connected servers, use list_mcp_servers; for details on any specific endpoint, just run get_mcp_server using its UUID. You can also get a rundown of every registered AI agent with list_agents, or check the detailed status of one particular agent by running get_agent.

When you need to add capacity, you use create_mcp_server to onboard a new endpoint, or you call update_mcp_server to change credentials without taking the service offline. If an endpoint is dead weight, you decommission it using delete_mcp_server. Similarly, when you build out your workforce, you register agents with create_agent, and you can adjust their rights later by calling update_agent; if an agent leaves or gets compromised, you use delete_agent to sever all its connections.

Security is where this thing shines. You define rules using create_policy and apply them across groups of resources; you can refine those access controls later with update_policy. If a policy needs to go, delete_policy takes it out, but the governed resources keep running under whatever rule set they're currently on.

For credential control, you generate unique keys using create_api_key, which you must save right away. You track all existing credentials with list_api_keys, and if there’s an incident, you immediately cut off access with revoke_api_key. The system also handles capabilities: you define reusable functions as Skills via create_skill, letting multiple agents use the same approved logic without duplicating code.

To manage these standardized pieces, you can get details using get_skill or list available skills with list_skills; if a skill is deprecated, you delete it using delete_skill. You update its definition using update_skill when necessary.

The auditing mechanisms are airtight. You track every damn thing that happens by calling get_audit_logs, giving you a chronological log of exactly who did what and when across the organization. For proactive security, you run a full system audit scan with run_mcp_sweep_scan to detect unauthorized endpoints or 'shadow AI,' then review all findings using get_scan_results.

You can also view a summary of all defined policies and how many violations they've seen by running list_policies. To maintain governance, you use the centralized tools: you add new standardized code blocks with create_skill, update them with update_skill, or delete them with delete_skill.

This system gives you total control over your whole stack. You can get a full overview of all registered skills using list_skills. If you need to remove an agent from the governance record, you use delete_agent. You manage every component—agents, policies, servers, and capabilities—through structured API calls. This lets your AI client perform these actions directly without ever needing to click through a dashboard.

Built · Hosted · Managed by Vinkius Runlayer MCP Server - Governance for AI Agents

Server ID 019d7600-c015-729f-b3e1-234f6ff12987

Vinkius Inspector

Compliance Grade A+

Score 100/100

Report View Report ↗

Who is this actually for?

IT security teams, AI governance officers, platform engineers, and compliance managers. You use this if your organization has a rapidly growing number of MCP servers (10+) and you need continuous visibility into who can talk to what. This is for people tired of manual audit work.

Platform Engineer

Manages the full server lifecycle: using create_mcp_server when a new service launches, and update_mcp_server when credentials expire.

Security Architect

Defines security boundaries by creating policies with create_policy and running automated checks using run_mcp_sweep_scan to detect vulnerabilities.

AI Governance Officer

Maintains the system integrity by listing agents (list_agents), checking policy compliance, and reviewing all activity through get_audit_logs.

What Changes When You Connect

Instant Shadow AI Discovery: Use run_mcp_sweep_scan to find unauthorized endpoints immediately. This is key for compliance teams who can't afford unexpected data leaks from unmanaged services.

Full Audit Trail Access: The get_audit_logs tool provides a single, chronological source of truth. You don't have to piece together access history from ten different system logs; you just ask your agent.

Controlled Agent Lifecycle: Instead of manually managing permissions, use create_agent, update_agent, and delete_agent. Your AI client handles the complexity of assigning servers and policies automatically.

Policy-as-Code Enforcement: Define access rules with create_policy and enforce them system-wide. You can't just tell your team to follow the rules; Runlayer forces it using these tools.

Operational Flexibility: Need to change a server credential? Use update_mcp_server. You modify the endpoint without needing maintenance windows or downtime.

See it in action

01 01

The Compliance Check

A Compliance Manager needs proof that no unauthorized AI tools are accessing customer data. Instead of manually checking 20 dashboards, they tell their agent: 'Run a scan for policy violations.' The agent calls run_mcp_sweep_scan and then uses get_scan_results, instantly delivering a report listing every unapproved MCP server.

02 02

The Server Decommission

A Platform Engineer is retiring an old service endpoint. They don't just delete it; they use the agent to call delete_mcp_server. This action automatically checks and disconnects all associated agents and policies, preventing orphaned access rights.

03 03

The Access Review

An AI Governance Officer needs to know who has read access to a sensitive database. They ask their agent to get_audit_logs for that resource over the last quarter. The system returns a full list of users and agents, letting them identify exactly which accounts need revocation via revoke_api_key.

04 04

The Capability Reuse

A company has several microservices needing to perform date formatting (a common task). Instead of coding it into every service, the engineer uses create_skill to standardize the logic. Now all agents can call that skill ID for consistent, governed execution.

The honest tradeoffs

Manual Dashboard Auditing

Anti-pattern

Trying to check every server's policy status by clicking through 15 different MCP dashboards and cross-referencing spreadsheets. This is slow, error-prone, and only gives you a snapshot in time.

The Fix

Use list_mcp_servers first to get an inventory list, then use your agent to call get_audit_logs for the whole group. The system handles the cross-referencing automatically.

Assuming Isolation

Anti-pattern

An engineer assumes a server they created yesterday is still restricted by old policies because they forgot to update the governance layer.

The Fix

Always use list_policies and then run get_mcp_server. This forces you to verify that the current policy rules are correctly attached to the resource.

Using API Keys for Everything

Anti-pattern

Creating dozens of individual, permanent API keys for every small service instead of centralizing key management.

The Fix

Use create_api_key and treat those keys as ephemeral. Regularly run list_api_keys to audit them, and use revoke_api_key immediately if a service is decommissioned.

When It Fits, When It Doesn't

You need this server if your AI usage crosses the line from 'experimental' to 'production-scale.' Don't buy it just because you have 10 servers; get it when manually managing security becomes a full-time job. If your primary concern is simply connecting two agents together, you don't need Runlayer—a simple messaging queue handles that fine. But if you care about governance (who can read what), auditability (get_audit_logs), and preventing unauthorized expansion ('shadow AI'), then this control plane is non-negotiable. The core value isn't the tools; it's treating all your MCP endpoints as governed resources, making policy enforcement a first-class citizen in your stack.

Questions you might have

How do I check for unauthorized MCP servers using Runlayer? (run_mcp_sweep_scan) +

You run the run_mcp_sweep_scan tool. This initiates a system-wide audit that discovers endpoints not explicitly registered, which are often 'shadow AI' services running outside your governance control.

What is the difference between list_mcp_servers and get_mcp_server? (list_mcp_servers) +

Listing servers (list_mcp_servers) gives you a comprehensive inventory of all registered UUIDs. Getting details (get_mcp_server) requires knowing a specific server's UUID and pulls its deep configuration data.

Can I restrict an agent’s access to only certain servers? (create_agent) +

Yes. When you use create_agent, you specify which MCP servers are allowed for that agent, ensuring it can't interact with restricted endpoints.

How do I review my current security policies in Runlayer? (list_policies) +

Use the list_policies tool. It shows every defined rule, along with metrics like enforcement status and how many violations have been logged against those rules.

If I delete a policy, what happens to the resources? (delete_policy) +

Using delete_policy means that all resources previously governed by it immediately lose those specific security and access restrictions. Confirming this before deletion is critical.

What should I do if an API key is compromised? How does `revoke_api_key` work? +

The key is immediately invalidated upon execution. This action cannot be reversed, so always use it for suspicious or unused keys to secure your organization's data.

How detailed are the records I get when running `get_audit_logs`? +

The logs provide complete details: timestamps, who performed the action (actor identity), what was done (action type), which resource was affected, and the final outcome. This is essential for compliance reporting.

If I modify a reusable capability using `update_skill`, are agents or servers still connected to it? +

Yes, modifying the skill does not break existing connections. The system maintains those dependencies, ensuring that active agents and assigned MCP servers continue functioning with the updated definition.

Do I need a Runlayer enterprise subscription to use this MCP? +

Yes, this MCP server requires an active Runlayer organization with API access. Runlayer is an enterprise-grade control plane, so you need a valid organizational subscription. Contact Runlayer sales to get started and obtain your organization API key.

Can this MCP server detect unauthorized AI usage (shadow AI)? +

Yes! The run_mcp_sweep_scan tool initiates comprehensive shadow AI discovery across devices, detecting unauthorized MCP servers, OpenClaw installs, Skills, and agents. Results include policy violations and security risks across your organization's endpoints.

What types of AI agents does Runlayer support? +

Runlayer supports Claude Desktop, Cursor, VS Code with Copilot, Windsurf, and custom AI agents. Each agent type can be registered with specific security policies, assigned MCP servers, and monitored through the audit trail. New agent types can be added as custom integrations.

Connect to your AI in seconds.

Create api key

Create agent

Revoke api key

Runlayer MCP Server: 27 Tools for Enterprise Governance

Make your AI actually useful.

Create Api Key

Create Agent

Revoke Api Key

Create Mcp Server

Create Policy

Create Skill

Delete Agent

Delete Mcp Server

Delete Policy

Delete Skill

Get Agent

Get Audit Logs

Get Mcp Server

Get Organization

Get Scan Results

Get Skill

List Api Keys

List Agents

List Mcp Servers

List Members

List Policies

List Skills

Run Mcp Sweep Scan

Update Agent

Update Mcp Server

Update Policy

Update Skill

Security and governance baked right in.

Claude AI

Open Claude Settings

Add Custom Connector

Start a conversation

Claude Code

Open your terminal

Add the MCP Server

Start coding

Cursor

One-Click Install (Recommended)

Open Cursor Settings

Add New Server

Use in Composer

Antigravity

Configure Agent Environment

Bind the Endpoint

Execute

VS Code Copilot

One-Click Install (Recommended)

Open MCP Settings

Add Server Config

Windsurf

One-Click Install (Recommended)

Open Windsurf Settings

Add Server Endpoint

LangChain

Install Dependencies

Connect the Server

CrewAI

Define the Tool

Execute Task

Choose How to Get Started

Build Your Own

Make Your AI Do More

Works with Claude, ChatGPT, Cursor, and more

Tracking every agent interaction shouldn't require opening ten different log tabs.

Runlayer MCP Server: Control your entire AI infrastructure.

What your AI can actually do with this

Here's how it actually works

Who is this actually for?

What Changes When You Connect

See it in action

The Compliance Check

The Server Decommission

The Access Review

The Capability Reuse