@vurb/yaml
Advanced tools
Declarative MCP Server Engine — define tools, resources, and prompts in vurb.yaml. The docker-compose for MCP servers.
Declarative MCP Server Engine — define tools, resources, and prompts in
vurb.yaml. The docker-compose for MCP servers.
Write a single vurb.yaml file and get a fully compliant MCP server — with tools, resources, prompts — zero TypeScript required.
# vurb.yaml
version: "1.0"
server:
name: "github-tools"
connections:
github:
type: rest
base_url: "https://api.github.com"
auth:
type: bearer
token: "${SECRETS.GITHUB_TOKEN}"
secrets:
GITHUB_TOKEN:
label: "GitHub Personal Access Token"
type: api_key
required: true
sensitive: true
tools:
- name: search_repos
description: "Search GitHub repositories"
instruction: "Use for finding open-source projects by topic or keyword."
rules:
- "Max 10 results per query"
parameters:
query: { type: string, required: true, description: "Search query" }
execute:
connection: github
method: GET
path: "/search/repositories"
query: { q: "{{query}}", per_page: "10" }
response:
extract: ["items[].{full_name, description, stargazers_count, html_url}"]
vurb yaml dev # → MCP server running on stdio
vurb yaml validate # → validates your manifest
npm install @vurb/yaml
# Validate a manifest
vurb yaml validate
vurb yaml validate ./path/to/vurb.yaml
# Start a local dev server (stdio)
vurb yaml dev
# Start with Streamable HTTP transport
vurb yaml dev --transport http --port 3001
import { loadYamlServer, createYamlMcpServer } from '@vurb/yaml';
import { readFileSync } from 'fs';
// 1. Parse, validate, and compile the YAML
const compiled = await loadYamlServer(
readFileSync('vurb.yaml', 'utf-8'),
);
// 2. Create a real MCP server
const { server, close } = await createYamlMcpServer(compiled, {
transport: 'stdio', // or 'http'
});
version: "1.0"
server:
name: "my-server"
description: "What this server does"
capabilities:
tools: true
resources: true
prompts: true
instructions: |
System-level instructions for the AI agent.
Environment variables resolved at runtime via process.env[KEY].
secrets:
API_KEY:
label: "API Key"
type: api_key # api_key | oauth_token | email | password | custom
required: true
sensitive: true # masked in logs
Named HTTP clients with auth and headers.
connections:
api:
type: rest
base_url: "https://api.example.com/v1"
auth:
type: bearer # bearer | basic | custom
token: "${SECRETS.API_KEY}"
headers:
Accept: "application/json"
Every tool has three semantic layers:
| Field | Purpose | MCP Mapping |
|---|---|---|
description | Short summary | tools/list → description |
instruction | Detailed how-to-use | Mapped to custom_description |
rules | Hard constraints | Mapped to system_rules[] |
tools:
- name: create_ticket
description: "Creates a Jira ticket"
instruction: |
Use when the user needs IT access, equipment, or VPN setup.
Create one ticket per request type.
rules:
- "Never create duplicate tickets"
- "Priority 'highest' only for C-level executives"
tag: tickets
annotations:
readOnlyHint: false
parameters:
title: { type: string, required: true }
priority:
type: string
enum: [low, medium, high]
default: medium
execute:
connection: jira
method: POST
path: "/issue"
body:
fields:
summary: "{{title}}"
priority: { name: "{{priority}}" }
response:
extract: ["id", "key"]
resources:
- name: "Company Manual"
uri: "docs://manual"
mime_type: "text/markdown"
execute:
type: static
content: "# Manual\nWelcome."
- name: "Live Data"
uri: "data://metrics"
execute:
type: connection
connection: api
method: GET
path: "/metrics"
prompts:
- name: "welcome_email"
description: "Generates a welcome email"
arguments:
name: { type: string, required: true }
role: { type: string, required: true }
messages:
- role: user
content: "Write a welcome email for {{name}} ({{role}})."
These are parsed but not enforced by the open-source engine. They activate when deployed to Vinkius Cloud.
settings:
dlp:
enabled: true
patterns: ["*.cpf", "*.salary"]
finops:
enabled: true
max_array_items: 25
circuit_breaker:
threshold: 5
reset_seconds: 60
vurb.yaml → Parser → Validator → Compiler → MCP Server
│
├── ToolCompiler → tools/list, tools/call
├── ResourceCompiler → resources/list, resources/read
├── PromptCompiler → prompts/list, prompts/get
└── ResponseTransformer → dot-path extraction
Open-source (@vurb/yaml): Local execution via BasicToolExecutor — plain fetch(), no guards.
Vinkius Cloud: Enterprise execution with DLP redaction, SSRF protection, circuit breakers, FinOps token economy, and encrypted secret vault.
Apache 2.0 — see LICENSE.
FAQs
Declarative MCP Server Engine — define tools, resources, and prompts in vurb.yaml. The docker-compose for MCP servers.
We found that @vurb/yaml demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A critical vm2 sandbox escape can allow untrusted JavaScript to break isolation and execute commands on the host Node.js process.
Research
Five malicious NuGet packages impersonate Chinese .NET libraries to deploy a stealer targeting browser credentials, crypto wallets, SSH keys, and local files.
Security News
pnpm 11 turns on a 1-day Minimum Release Age and blocks exotic subdeps by default, adding safeguards against fast-moving supply chain attacks.