VVaubaan
Vaubaan · MCP gateway for agent fleets

Your agents can build anything. Your cloud’s IAM can’t keep up.

You run Claude Code across GitHub, Vercel, Supabase, and more. But cloud permissions weren’t designed for autonomous agents — they’re too coarse, different everywhere, and one leaked PAT nukes everything. Vaubaan is one MCP endpoint, one risk model, and zero cloud tokens in agent context.

Live integrations
GitHub Vercel Supabase Railway Stripe Cloudflare DNS+5 more

Cloud IAM breaks at agent scale

You’ve moved past “can AI code?” The new bottleneck: giving a fleet of agents safe access to your infrastructure without spending a week on IAM per cloud.

10 clouds, 10 security models

GitHub has org/repo permissions. Vercel has team roles. Supabase has service keys. Each cloud has a different IAM model, none designed for autonomous agents. You spend days understanding each one — before writing a single line of agent config.

One token, unbounded blast

Your agent holds a PAT that can read every repo, merge to main, deploy to prod, and subscribe to paid add-ons. The "Allow / Deny" dialog doesn't scale when a fleet generates hundreds of calls per hour.

No delegation, no trail

Your orchestrator spins up 5 sub-agents with the same credentials. One merges the wrong PR. Another drops a staging table. Who authorized what? When? You're grepping 5 cloud audit logs, correlating timestamps by hand.

Think in risks, not permissions

Instead of mapping tool × resource × action matrices across clouds, you check a box. ~15 risks per provider. Done in 30 seconds.

Vaubaan — risk checklist

Each risk carries a 6D severity vector: reversibility, blast radius, data sensitivity, cost, visibility, persistence. The UI sorts by severity — scan in 30 seconds.

Without Vaubaan — per-cloud IAM
// GitHub Fine-grained PAT
{
  "repositories": ["acme/website"],
  "permissions": {
    "contents": "write",
    "pull_requests": "write",
    "metadata": "read",
    "actions": "none",
    "administration": "none"
    // 18 more fields...
  }
}

// Now do Vercel. Now Supabase.
// Now Railway. Now Stripe.
// Now figure out which combo
// lets the agent deploy previews
// but not prod. Per cloud.

Agents delegate to agents. The envelope only shrinks.

Any vbn_live_* token can mint children via POST /api/v1/tokens/mint. Each child gets a strict subset of the parent’s risks. TTL is monotonically decreasing. Max depth is 5.

Human (root · 12 risks · TTL 8h)
└─ Orchestrator (8 risks · TTL 4h)
├─ Coder (3 risks: read-code, feature-branch, create-pr · TTL 1h)
│ └─ PR bot (1 risk: create-pr · single-use)
└─ Infra agent (4 risks: deploy-preview, read-logs, env-vars · TTL 1h)
Strict subset

A child can never hold a risk its parent doesn’t. Escalation is out-of-band — the child asks the parent, not the gateway.

Cascade revoke

Revoke a parent token — every descendant is cascade-deleted. One click, full cleanup.

Full audit chain

Every audit entry records the full delegation_chain from root to leaf. Forensics traces who authorized what, at every level.

The agent never sees a cloud credential

Your agent authenticates with a vbn_live_* token. For every allowed call, Vaubaan mints a JIT upstream token (GitHub installation token, Vercel OAuth token, etc.), uses it once, and drops it. The agent’s context never contains a real cloud secret.

Agent
vbn_live_*
Vaubaan
classify → check risks → audit
JIT token
minted, used once, dropped
Provider
GitHub, Vercel, Supabase…

Four steps to your first audited call

1

Connect providers

GitHub App install, Vercel OAuth, Supabase PAT. Upstream credentials stay in Vaubaan. The agent never sees them.

2

Bind resources

Pin each project to specific repos, Vercel projects, Supabase refs. Everything else is invisible to the agent.

3

Accept risks

Tick a checklist of ~15 human-readable risks per provider. Get a vbn_live_* token. 30 seconds.

4

Ship your agent

Paste the token in mcp.json. Every call: classify risks, check envelope, JIT-mint upstream token, forward, audit.

One security model. 11 providers.

You learn one risk model, one token format, one audit schema. We handle the per-cloud complexity behind the proxy.

GitHub
Vercel
Supabase
Railway
Stripe
Cloudflare DNS
Upstash Redis
Gmail
Resend
SSH
Bash

Building multi-agent systems?

Read the agent-facing reference — written for LLMs. How to authenticate, delegate to sub-agents, handle denials, and escalate. Drop it in your agent’s context.

Stop reverse-engineering IAM docs. Start shipping agents.

Free during private beta. No credit card.

Start free
Vaubaan — MCP gateway for coding agents