← Index

io.github.nogoo9/no-crd

io.github.nogoo9/no-crd·v0.13.0·Kubernetes

Dynamic pod spawner & proxy for ephemeral AI agent workspaces on Kubernetes without CRDs

In-path gate · all MCP tools

Using io.github.nogoo9/no-crd in Claude, Cursor, Gemini CLI, Cline, or Zed?

MCP tool contracts can change remotely with no version bump. The mcpindex gate pins each contract and HOLDs the call when it drifts—before your agent acts. Zero credentials. This is not the package install for this server itself (use Install this server for that).

Install the mcpindex gate (one command)

Rewrites your MCP host config so each server launches behind the gate. Inspect first: curl -fsSL https://mcpindex.ai/install.sh | less

curl -fsSL https://mcpindex.ai/install.sh | sh
Trust verdict · v1 advisory · method
REVIEWstatus: PARTIALfresh until 2026-08-04 02:02 UTC
screened 2026-07-05tier: scannedgranularity: description-levelsource: registry

Semantic screen found no manipulation pattern in the description. Conformance probe not yet run.

mcpindex.integrity.descriptionpassINFO

evidenceNo malicious instructions foundvia static_description

Limits of this verdict
  • - Semantic screen only - the deterministic conformance probe has not run on this server
  • - Confidence is reported but not yet calibrated (v1)
  • - Screen reads the tool description, not the live behavior
  • - advisory
  • - registry description only no input schema
  • - screen model 8b

Semantic screen: an LLM judge reads the tool description for hidden instructions (status PARTIAL). A pass means the description is not lying, not that the tool is safe: a high-capability tool with an honest description still warrants caution. The deterministic conformance probe has not been run on this server yet, so the screen here is semantic-only. Posture: advisory. Confidences are reported but not yet calibrated (calibrated=false at v1). Full verdict history is not shown on this page.

Own this server? Screen its description →

Embed this badge

A live verdict badge for your README or listing. It reflects the current screen, links back here, and updates when the verdict does.

Markdown
[![mcpindex](https://mcpindex.ai/api/v1/badge/io-github-nogoo9-no-crd)](https://mcpindex.ai/server/io-github-nogoo9-no-crd)
HTML
<a href="https://mcpindex.ai/server/io-github-nogoo9-no-crd"><img src="https://mcpindex.ai/api/v1/badge/io-github-nogoo9-no-crd" alt="mcpindex verdict" height="20" /></a>
Environment variables
KUBECONFIG

Path to the Kubernetes API credentials configuration file

BASE_URL

Hosting URL subpath prefix for gateways and reverse proxies

STATELESS

Disable in-memory session tracking for stateless execution

TLS_CERT

Local file path containing TLS public certificate (HTTPS)

TLS_KEY
secret

Local file path containing TLS private key (HTTPS)

TLS_CA

Local file path containing trusted client Certificate Authority

NODE_TLS_REJECT_UNAUTHORIZED

Set to '0' to allow connection to unverified TLS endpoints

REGISTRY_URL

Default container registry for workspace image resolution

TEMPLATES_DIR

Local filesystem directory containing custom YAML/JSON templates

BUILTIN_TEMPLATES

Enable loading of standard pre-configured templates (default: true)

AUTH_ENABLED

Enforce JWT verification and user tenant isolation (default: false)

JWT_VERIFICATION_REQUIRED

Set to 'false' to skip OIDC cryptographic signature checks

JWT_SECRET
secret

HMAC-SHA symmetric secret key to sign/verify JWT tokens

JWT_PUBLIC_KEY
secret

PEM public key to verify asymmetric OIDC signatures

JWKS_URI

Discovery URI to fetch keys from OIDC provider dynamically

INTROSPECTION_ENDPOINT

RFC 7662 compliant token introspection validation endpoint

OAUTH_CLIENT_ID

Client identifier for OAuth2 authentication flows

OAUTH_CLIENT_SECRET
secret

Client secret credentials used for token introspection

JWT_AUDIENCE

Target audience check value for incoming OIDC tokens

AUTH_ISSUER

Expected token issuer authority check value (e.g. Keycloak)

AUTH_SUB_JSONPATH

JSONPath pattern to extract user identity subject from token

AUTH_ADMIN_ROLE

Bypass role name that grants admin access (default: nogoo9-admin)

PROXY_SESSION_TTL

Active lifetime in seconds for signed proxy session cookies

PROXY_SESSION_SECRET
secret

Secret key for session cookie signing

UI_ENABLED

Serve the built-in HTML dashboard (default: true)

THEMES_DIR

Filesystem directory to scan for custom CSS themes

THEMES_CONFIGMAP

ConfigMap name storing dynamic CSS theme overrides

DOCS_DIR

Directory containing static documentation web files to serve

OAUTH_DISCOVERY_URL

Standard OIDC .well-known configuration discovery endpoint

OAUTH_LOGIN_METHOD

UI SSO flow login method: 'redirect' or silent 'iframe'

UI_TITLE

Custom dashboard header title for white-label branding

UI_SUBTITLE

Custom dashboard subtitle text below the header title

MCP quality score · maturity, not trust · methodology
freshness
25
completeness
10
installability
25
documentation
15
stability
5
Alternatives in Kubernetes