What do I need to get started with Vurb.ts?

You need Node.js >= 18 and TypeScript >= 5.7. Install with: npm install Vurb.ts zod. The framework builds on top of the official @modelcontextprotocol/sdk which is included as a peer dependency.

Can I use Vurb.ts with existing MCP servers?

Yes. Vurb.ts uses the standard MCP SDK under the hood. You can incrementally adopt it by converting tools one at a time. Existing raw handlers continue to work alongside Vurb.ts tools on the same server.

Does Vurb.ts work with Claude, GPT, and other LLMs?

Yes. Vurb.ts is LLM-agnostic. It follows the Model Context Protocol standard, which is supported by Claude, GPT-5.2, Gemini, and any MCP-compatible client. The structured responses work with any LLM that can process text.

What makes Vurb.ts better than writing raw MCP handlers?

Raw handlers require manual switch/case routing, manual JSON.stringify, no validation, no domain context, and no security boundary. Vurb.ts gives you: automatic Zod validation, discriminator routing, Presenters with system rules and UI blocks, self-healing errors, middleware chains, and cognitive guardrails — all type-safe and zero-boilerplate.

What is the learning curve for Vurb.ts?

If you know TypeScript and basic MCP concepts, you can be productive in under 30 minutes. defineTool() requires zero Zod knowledge. createTool() requires basic Zod. Presenters are optional and can be added incrementally after your tools work.

Does Vurb.ts work with Vercel AI SDK or LangChain?

Yes. Vurb.ts is the perfect backend Server. If you are using LangChain, LlamaIndex, or Vercel AI SDK in your client application, simply connect them to your Vurb.ts backend via standard stdio or HTTP transports. They will automatically consume and execute your consolidated MVA actions flawlessly.

What components does the Vurb.ts architecture include?

The architecture includes: GroupedToolBuilder (tool definition), ToolRegistry (registration and routing), ExecutionPipeline (middleware + handler execution), Presenter Engine (MVA View layer), ResponseBuilder (manual response composition), VurbClient (tRPC-style type-safe client), and State Sync (cache signals).

Introduction

THE EXPRESS.JS FOR MCP SERVERS

Stop writing raw, chaotic MCP servers.
Your AI agent already knows Vurb.

Routes, data shaping, and security in one framework. Zero new syntax — if you know Zod and TypeScript, you already know Vurb. Your AI agent implements it via SKILL.md.

TELL YOUR AI AGENT

"Create an MCP server for invoice management with Presenters, PII redaction on customer_ssn, tenant isolation middleware, and deploy to Vinkius Cloud."

Open in Claude Open in ChatGPT

THE REAL PROBLEM

Your LLM is reading your database.
What is it seeing?

WITHOUT VURB — RAW MCP

raw-handler.ts

typescript

server.setRequestHandler(async (req) => {
  const user = await db.user.findUnique({
    where: { id: req.params.id },
  });
  // ⚠️ password_hash, ssn, tenant_id
  //    ALL sent directly to the LLM
  return { content: [{ type: 'text',
    text: JSON.stringify(user) }] };
});

The LLM sees password_hash, ssn, tenant_id — everything. No validation. No redaction. One migration adds a column → instant data leak.

WITH VURB

tools/users/get.ts

typescript

export default f.query('users.get')
  .withString('id', 'User ID')
  .returns(UserPresenter)
  .redactPII(['ssn', 'password_hash'])
  .handle(async (input, ctx) => {
    return ctx.db.user.findUnique({
      where: { id: input.id },
    });
  });

The LLM sees [REDACTED]. Schema allowlists fields. New columns are invisible unless declared. GDPR/HIPAA/SOC2 — built in.

Architect's Check

Verify that .redactPII() is chained BEFORE .handle(). If your AI agent forgot the Presenter, undeclared fields still leak. The schema is your security boundary — always audit it.

What You Tell the AI

The code below is what your AI agent produces when you give it the prompt above. Vurb ships a SKILL.md — your AI reads it and produces idiomatic architecture on the first pass.

Step 1 — Context src/vurb.ts

typescript

import { initVurb } from '@vurb/core';

interface AppContext {
  db: PrismaClient;
  user: { id: string; role: string; tenantId: string };
}
const f = initVurb<AppContext>();

Step 2 — Presenter views/InvoicePresenter.ts

typescript

const InvoicePresenter = f.presenter({
  name: 'Invoice',
  schema: InvoiceModel,
  rules: (inv) => [
    inv.status === 'overdue' ? 'Invoice is overdue. Mention it.' : null,
  ],
  suggest: (inv) => [
    inv.status === 'draft'
      ? suggest('billing.send', 'Send invoice', { id: inv.id })
      : null,
  ].filter(Boolean),
});

Step 3 — Tool tools/billing/get.ts

typescript

export const getInvoice = f.query('billing.get')
  .describe('Retrieve an invoice by ID')
  .withString('id', 'The unique invoice identifier')
  .returns(InvoicePresenter)
  .use(async ({ ctx, next }) => {
     const user = await auth.verify(ctx.token);
     return next({ ...ctx, user });
  })
  .handle(async (input, ctx) => {
    return ctx.db.invoice.findUnique({
      where: { id: input.id, tenantId: ctx.user.tenantId },
    });
  });

Context → Presenter → Tool. Standard TypeScript. Zero proprietary syntax. Your AI already speaks Zod and TypeScript — the SKILL.md teaches it the architecture.

TELL YOUR AI AGENT

"Build a patient records MCP server with Prisma. Redact SSN and diagnosis from LLM output. Add an FSM that gates discharge tools until the attending physician signs off."

Open in Claude Open in ChatGPT

Installation

bash

npm install @vurb/core @modelcontextprotocol/sdk zod

Node.js 18+. MCP · Zod · TypeScript · WinterCG — zero new syntax to learn. Works with Vercel AI SDK, LangChain, and LlamaIndex via standard stdio or HTTP transports.

COMPLIANCE & ZERO RISK

Security by design.
Not by afterthought.

The biggest CTO/CISO panic in 2026: LLMs leaking password_hash, SSNs, and medical data. Vurb guarantees the LLM sees [REDACTED].

EGRESS

Egress Firewall

Zod schema strips undeclared fields at RAM level. password_hash never reaches the wire. New columns are invisible unless declared.

DLP

PII Redaction

V8-optimized via fast-redact. GDPR, LGPD, HIPAA — impossible to bypass. The developer cannot accidentally skip it.

FSM

State Gate

Removes tools from tools/list based on workflow state. Empty cart → cart.pay doesn't exist. Anti-hallucination.

SANDBOX

Zero-Trust V8 Isolate

LLM sends JavaScript to your data. Sealed isolate — zero access to process, fs, net.

SKILLS

Agent Skills

Progressive three-layer disclosure — domain expertise on demand. Zero context window waste.

DEPLOY

One Command Deploy

vurb deploy → Vinkius Cloud with tamper-proof audit logs. Or self-host on Vercel / Cloudflare.

TIP

Vurb blocks PII locally by default. Need to prove it in a compliance audit (SOC2/GDPR/HIPAA)? Connect to Vinkius Cloud for tamper-proof Audit Logs →

Ecosystem Packages

Package	Purpose
@vurb/vercel	Deploy to Vercel — App Router, Edge or Node.js
@vurb/cloudflare	Deploy to Cloudflare Workers — D1, KV, R2
@vurb/oauth	OAuth Device Flow (RFC 8628)
@vurb/prisma-gen	Auto-generate tools from Prisma schema
@vurb/openapi-gen	Generate tools from OpenAPI/Swagger specs
@vurb/skills	Progressive instruction distribution
@vurb/testing	Test harness — blast radius, snapshots
@vurb/inspector	Real-time TUI dashboard

START

Quickstart

Zero to Vinkius Cloud in under 40 seconds.

Core

Other

Prompt

Resources

StateSync

Other

Sandbox

Client

Core

Credentials

Domain Models

FHP

FSM

Governance

Model

Observability

Presenter

Prompt

Resources

Sandbox

Security

Serialization

Server

StateSync

Introduction

What You Tell the AI

Installation

Ecosystem Packages

Introduction ​

What You Tell the AI ​

Installation ​

Ecosystem Packages ​

Introduction

What You Tell the AI

Installation

Ecosystem Packages