io.github.g-digital-by-Garrigues/ead-factory
MCP server for EAD Factory: qualified evidence, signature, notifications and chat via AI agents.
Using io.github.g-digital-by-Garrigues/ead-factory in Claude, Cursor, Gemini CLI, Cline, or Zed?
MCP tool contracts can change remotely with no version bump. The mcpindex gate pins each contract and HOLDs the call when it drifts—before your agent acts. Zero credentials. This is not the package install for this server itself (use Install this server for that).
Rewrites your MCP host config so each server launches behind the gate. Inspect first: curl -fsSL https://mcpindex.ai/install.sh | less
curl -fsSL https://mcpindex.ai/install.sh | shSemantic screen found no manipulation pattern in the description. Conformance probe not yet run.
mcpindex.integrity.descriptionpassINFOevidence“No malicious instructions found”via static_description
- - Semantic screen only - the deterministic conformance probe has not run on this server
- - Confidence is reported but not yet calibrated (v1)
- - Screen reads the tool description, not the live behavior
- - advisory
- - registry description only no input schema
- - screen model 8b
Semantic screen: an LLM judge reads the tool description for hidden instructions (status PARTIAL). A pass means the description is not lying, not that the tool is safe: a high-capability tool with an honest description still warrants caution. The deterministic conformance probe has not been run on this server yet, so the screen here is semantic-only. Posture: advisory. Confidences are reported but not yet calibrated (calibrated=false at v1). Full verdict history is not shown on this page.
Own this server? Screen its description →
A live verdict badge for your README or listing. It reflects the current screen, links back here, and updates when the verdict does.
[](https://mcpindex.ai/server/io-github-g-digital-by-garrigues-ead-factory)<a href="https://mcpindex.ai/server/io-github-g-digital-by-garrigues-ead-factory"><img src="https://mcpindex.ai/api/v1/badge/io-github-g-digital-by-garrigues-ead-factory" alt="mcpindex verdict" height="20" /></a>MCP_ALLOW_INSECURE_FILE_URLSet to "true" to allow plain http:// fileUrl downloads in evidence_create (default https-only). Private/internal addresses are rejected regardless (resolution-time check; see the documented DNS TOCTOU limitation in the hosted-deployment runbook).
MCP_ALLOW_UNVERIFIED_BEAREREscape hatch for MCP_HTTP_PUBLIC=true WITHOUT inbound-token introspection: set to "true" ONLY when an upstream gateway already verifies Bearer tokens. The server logs a prominent warning and forwards tokens upstream unverified.
MCP_ALLOWED_HOSTSComma-separated allowed Host headers. Empty = Host validation disabled (default). When set, requests with a Host outside the list are rejected.
MCP_ALLOWED_ORIGINSComma-separated allowed browser Origins (DNS-rebinding defense). Empty = reject any request carrying an Origin header; non-browser clients (CLI/SDK) send no Origin and are always allowed. Use '*' to allow all.
MCP_API_BASE_URLGateway ROOT URL (e.g. https://api.int.gcloudfactory.com) — each manager's path prefix is appended automatically; do NOT include a manager path here
MCP_API_BASE_URL_CHATFull base URL override for the chat manager, used as-is (default: https://api.gcloudfactory.com/chat-bot-manager)
MCP_API_BASE_URL_EVIDENCEFull base URL override for the evidence manager, used as-is (default: https://api.gcloudfactory.com/digital-trust)
MCP_API_BASE_URL_NOTIFICATIONFull base URL override for the notification manager, used as-is (default: https://api.gcloudfactory.com/notifications)
MCP_API_BASE_URL_SIGNATUREFull base URL override for the signature manager, used as-is (default: https://api.gcloudfactory.com/signature-manager)
MCP_HTTP_HOSTInterface the HTTP transport binds to. Default 127.0.0.1 (localhost only). Set 0.0.0.0 to expose on all interfaces (containers do this automatically).
MCP_HTTP_MAX_BODY_BYTESMaximum accepted POST /mcp request-body size in bytes (default 16777216 = 16 MiB — sized so base64 file uploads within the documented tool limits fit). Oversized requests get a 413 JSON-RPC error before/while reading — closes a memory-exhaustion DoS vector in public deployments. Note: base64 file sources are capped by this limit BEFORE MCP_FILE_MAX_BYTES applies.
MCP_HTTP_PUBLICSet to "true" for public/multi-tenant deployments. Activates Host validation and refuses to start unless (1) MCP_ALLOWED_ORIGINS or MCP_ALLOWED_HOSTS is set AND (2) inbound Bearer introspection is configured (MCP_SVC_INTROSPECT_URL + MCP_SVC_CLIENT_ID/SECRET) or MCP_ALLOW_UNVERIFIED_BEARER=true is set explicitly (fail-closed).
MCP_SVC_CLIENT_IDOAuth2 client_credentials client ID
MCP_SVC_CLIENT_SECRETOAuth2 client_credentials client secret (See https://digitaltrust.gcloudfactory.com for credential acquisition.)
MCP_SVC_INTROSPECT_URLRFC 7662 token introspection URL for inbound Bearer verification in HTTP mode. Opt-in — reuses the service-account client id/secret above as the resource-server credentials.
MCP_SVC_SCOPEOptional OAuth2 scope for the service-account token request
MCP_SVC_TOKEN_URLToken endpoint URL for the OAuth2 client_credentials flow
PORTHTTP port when running in hosted (HTTP) mode; ignored in stdio mode
Resolve .hood names on Robinhood Chain — forward/reverse, text records, availability & pricing.
AI-powered trading strategy development: backtesting, market data, and portfolio analysis
Feature flagging and A/B testing platform with AI-first experimentation workflows.