zrok (Open-Source Tunnel) MCP for AI. Expose any local port securely with conversation.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
How this MCP server connects to your AI agent
zrok (Open-Source Tunnel) manages secure network tunnels, letting you expose local development services—like web servers or databases—to the outside world.
It handles everything from creating public shares to managing entire isolated environments, so your AI agent can act like a remote DevOps engineer for your machine.
What AI agents can do with zrok (Open-Source Tunnel) Automation
Get account
Retrieves your account status, usage limits, and billing information.
Create share
Creates a new tunnel share that can be set as either publicly or privately accessible.
Delete share
Closes and removes an existing public or private resource share.
Checks which virtual environments are currently registered and available for tunneling.
Activates a new development environment, making your local machine visible to the zrok controller.
Generates an immediate, temporary public URL for any specific local port (HTTP/TCP/UDP).
Retrieves the current status, public URL, and specific configuration of a live tunnel.
Closes down an active share or tunnel immediately when testing is done.
Ask an AI about this
Waiting for input…
What AI agents can do with zrok (Open-Source Tunnel): 10 Tools
Manage all aspects of secure resource sharing here. Use these tools to authenticate, list environments, create tunnels, and delete shares programmatically.
Make your AI actually useful.
Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.
Start using zrok (Open-Source Tunnel) on VinkiusGet Account
Retrieves your account status, usage limits, and billing information.
Create Share
Creates a new tunnel share that can be set as either publicly or privately...
Delete Share
Closes and removes an existing public or private resource share.
Disable Environment
Takes a registered environment offline, preventing any new shares from being created...
Enable Environment
Activates an existing development environment and makes its resources available for...
Get Share
Fetches all the current details for one specific, active share or tunnel.
List Environments
Returns a list of every environment currently registered with your zrok account.
List Shares
Provides an overview of all active and running network shares across all...
Login Account
Authenticates your credentials and obtains a necessary token to connect services.
Register Account
Sets up a brand new zrok account profile for initial use on the platform.
Security and governance baked right in.
Pick your AI client below to get set up. Just create a Vinkius account, subscribe, and you're instantly up and running. We handle the entire backend infrastructure, delivering out-of-the-box support for HTTPS Streamable, SSE, and OAuth2—zero messy routing required.
Claude AI
Open Claude Settings
Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.
Add Custom Connector
Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL:
https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp
Replace [YOUR_TOKEN_HERE] with your token
from cloud.vinkius.com. For OAuth-protected servers, expand
Advanced settings to add credentials.
Start a conversation
Open a new chat. The zrok (Open-Source Tunnel) integration is available immediately — no restart needed.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with zrok (Open-Source Tunnel), then connect any of our 5,100+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 5,100+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by zrok. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Built on the Model Context Protocol (MCP) for Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This connection provides 10 powerful capabilities that interface natively with Claude, ChatGPT, Cursor, and other compatible AI platforms. No middleware. No custom integration required.
The old way of sharing local services was pain., Solved with Vinkius AI Gateway
Today, if your frontend needs to talk to the backend running on your laptop, you usually face an absolute mess. You either have to set up a complex VPN connection for everyone, or you spend ages logging into cloud consoles just to punch holes in the firewall rules—and those holes never get closed right.
With this MCP, that entire headache vanishes. Your agent manages the network plumbing through simple conversation. You tell it which port needs exposure and whether it's public or private. It gives you a live URL instantly, letting you focus on coding, not networking.
zrok (Open-Source Tunnel) MCP: Securely Manage Tunnels
The manual steps that go away include logging into the cloud provider console, navigating to the networking section, manually creating a security group rule for HTTP traffic, and then remembering to delete it weeks later.
What's different now is control. You don't just expose; you manage. The MCP lets you list active shares, get details on what's running, and shut everything down with one command. It’s instant, auditable, and clean.
What your AI can actually do with this
Need to show a client your local staging environment? You don't have to mess with firewalls and complex VPNs anymore. This MCP lets you use natural language to build secure connections from your laptop or development box right out of the gate. Your AI agent handles the entire network plumbing, creating temporary shares for HTTP sites, TCP ports, or UDP streams on demand.
It manages multiple isolated environments, letting you keep production services separate from dev testing without ever needing manual command-line work. Because credentials pass through a zero-trust proxy in Vinkius, your keys are only used when needed; they never sit on disk. You just tell your agent what to expose—whether it's listing all active tunnels or deleting an old share—and the connection happens securely.
019e5d6c-4d32-7210-8a53-7664c216ffd5 
Here's how it actually works
The bottom line is you manage network exposure using simple conversation instead of complex shell commands.
First, you authenticate your account with the MCP to get a secure token.
Next, tell the agent which environment needs access and use it to create a temporary share for your local service.
Finally, once testing is complete, instruct the agent to delete the share, closing the public tunnel entirely.
Who is this actually for?
The developer who's tired of fighting with firewall rules and VPN setups. The DevOps engineer who needs instant, auditable visibility into remote test environments.
Needs to instantly expose a local backend service on port 8080 so a mobile client can hit it for testing without complex networking setup.
Must monitor and manage multiple isolated staging environments across several containers or VMs, ensuring that old tunnels are always cleaned up after use.
Needs a secure, time-limited public URL for a specific API endpoint to test integration with a third-party service.
What Changes When You Connect
Avoid manual firewall configuration. With create_share, your agent can instantly expose a local dev web server without you touching the OS settings or network rules.
Maintain clean environments easily. You can use list_environments to see what's active, and then disable_environment if a project phase is finished, preventing accidental access.
Get instant visibility into your setup. Running list_shares shows you every tunnel currently live—you don't have to SSH into multiple machines just to check status.
Secure credential handling: Credentials pass through a zero-trust proxy in Vinkius, meaning the keys are only used during the call and never stored on disk. You get powerful access with minimal risk.
Control your resources completely. When a share is done, calling delete_share immediately tears down the public endpoint, preventing resource leakage or forgotten tunnels.
See it in action
Debugging API Endpoints
A developer needs to test their new user registration API running on localhost:3000. Instead of configuring a VPN for the QA team, they ask their agent to use create_share for port 3000. The AI provides a temporary public URL that the QA team can use immediately.
Migrating Staging Services
A DevOps engineer needs to validate connectivity between two isolated staging databases (one on VM A, one on container B). They first run list_environments and then instruct the agent to create shares for both ports, confirming full cross-platform access before migration.
Handling Temporary Webhooks
A service requires a webhook endpoint but only runs locally on port 80. The engineer uses create_share to generate a public link for that single hour, ensuring the endpoint is available just long enough for the integration test.
Cleaning Up Test Infrastructure
After a massive testing cycle involving multiple services and environments, the engineer calls list_shares to confirm all tunnels are visible, then systematically uses delete_share on every entry. This prevents accidental public exposure.
The honest tradeoffs
Manual Firewall Setup
The developer spends an hour logging into the cloud console and manually opening ports 80, 443, and 22 for testing. This is slow, error-prone, and needs manual closing later.
Instead, ask your agent to use create_share with the correct port and protocol. The MCP handles all the necessary network routing automatically, getting you a public URL in seconds.
Forgetting Old Tunnels
The team finishes testing the staging API but forgets to close the tunnel share, leaving it exposed publicly indefinitely and wasting resources.
Always confirm with list_shares first. Then, use delete_share on every entry that is no longer needed. It's a quick command that cleans up your infrastructure.
Skipping Authentication
Trying to create shares or list environments without first running the necessary authentication flow.
Always start by calling login_account to authenticate your identity. This ensures every subsequent action is tied to a verified user context.
When It Fits, When It Doesn't
Use this MCP if your core problem is exposing local services (like dev web servers or internal APIs) over the internet without manually configuring network infrastructure, firewalls, or VPNs. You need temporary, auditable tunnels for development and QA testing.
Don't use this if you are trying to manage credentials storage itself; that MCP handles key management. Also, don't use it if your goal is merely internal service discovery within a private VPC—that requires different networking tools. This tool is purely about making 'local' things look 'public' in a controlled way.
Questions you might have
How do I create a public tunnel for my local web server? +
Use the create_share tool. Specify the backend (e.g., http://localhost:8080), set share_mode to 'public', and backend_mode to 'proxy'. The agent will return the public URL.
Can I see all my currently active tunnels across all environments? +
Yes! Run the list_shares tool. It will retrieve a list of all active shares associated with your account, including their tokens and backend configurations.
How do I stop an environment from being active in zrok? +
You can use the disable_environment tool. This will remove the environment registration from the zrok controller, effectively disconnecting that machine or container.
How do I get started with my zrok account using `register_account`? +
You use register_account to establish your initial presence on the platform. This process handles creating the necessary credentials and links your local machine to the zrok controller so you can start managing environments.
What information does `get_account` provide about my usage limits? +
get_account gives you a full overview of your quota. You'll see exactly how many environments and shares you've used against your allowed limits, plus any current data transfer statistics.
If I need to inspect details about one tunnel, how do I use `get_share`? +
get_share retrieves the specific parameters for an existing share. It confirms if the service is running and provides its exact public endpoint URL along with the protocol type (HTTP/TCP/UDP).
How do I start using an environment with `enable_environment`? +
enable_environment activates a machine or container that has already been registered. This moves the environment from a dormant state to fully operational, allowing you to create new shares on it.
What happens when I run `delete_share`? +
delete_share instantly takes a public tunnel offline and revokes all external access. This is critical for cleaning up resources or securing services that are no longer needed immediately.
We've already built the connector for zrok (Open-Source Tunnel). Just plug in your AI agents and start using Vinkius.
No hosting. No infrastructure. No complex setup.
All 10 tools are live and waiting.
You're up and running in seconds.
Gemini Vinkius gives your AI agents access to the full catalog of app connectors, all fully managed, secure, and enterprise-ready. One subscription, every tool you need.
Built, hosted, and secured by Vinkius. You just connect and go.