io.github.nogoo9/no-crd
Dynamic pod spawner & proxy for ephemeral AI agent workspaces on Kubernetes without CRDs
Using io.github.nogoo9/no-crd in Claude, Cursor, Gemini CLI, Cline, or Zed?
MCP tool contracts can change remotely with no version bump. The mcpindex gate pins each contract and HOLDs the call when it drifts—before your agent acts. Zero credentials. This is not the package install for this server itself (use Install this server for that).
Rewrites your MCP host config so each server launches behind the gate. Inspect first: curl -fsSL https://mcpindex.ai/install.sh | less
curl -fsSL https://mcpindex.ai/install.sh | shSemantic screen found no manipulation pattern in the description. Conformance probe not yet run.
mcpindex.integrity.descriptionpassINFOevidence“No malicious instructions found”via static_description
- - Semantic screen only - the deterministic conformance probe has not run on this server
- - Confidence is reported but not yet calibrated (v1)
- - Screen reads the tool description, not the live behavior
- - advisory
- - registry description only no input schema
- - screen model 8b
Semantic screen: an LLM judge reads the tool description for hidden instructions (status PARTIAL). A pass means the description is not lying, not that the tool is safe: a high-capability tool with an honest description still warrants caution. The deterministic conformance probe has not been run on this server yet, so the screen here is semantic-only. Posture: advisory. Confidences are reported but not yet calibrated (calibrated=false at v1). Full verdict history is not shown on this page.
Own this server? Screen its description →
A live verdict badge for your README or listing. It reflects the current screen, links back here, and updates when the verdict does.
[](https://mcpindex.ai/server/io-github-nogoo9-no-crd)<a href="https://mcpindex.ai/server/io-github-nogoo9-no-crd"><img src="https://mcpindex.ai/api/v1/badge/io-github-nogoo9-no-crd" alt="mcpindex verdict" height="20" /></a>KUBECONFIGPath to the Kubernetes API credentials configuration file
BASE_URLHosting URL subpath prefix for gateways and reverse proxies
STATELESSDisable in-memory session tracking for stateless execution
TLS_CERTLocal file path containing TLS public certificate (HTTPS)
TLS_KEYLocal file path containing TLS private key (HTTPS)
TLS_CALocal file path containing trusted client Certificate Authority
NODE_TLS_REJECT_UNAUTHORIZEDSet to '0' to allow connection to unverified TLS endpoints
REGISTRY_URLDefault container registry for workspace image resolution
TEMPLATES_DIRLocal filesystem directory containing custom YAML/JSON templates
BUILTIN_TEMPLATESEnable loading of standard pre-configured templates (default: true)
AUTH_ENABLEDEnforce JWT verification and user tenant isolation (default: false)
JWT_VERIFICATION_REQUIREDSet to 'false' to skip OIDC cryptographic signature checks
JWT_SECRETHMAC-SHA symmetric secret key to sign/verify JWT tokens
JWT_PUBLIC_KEYPEM public key to verify asymmetric OIDC signatures
JWKS_URIDiscovery URI to fetch keys from OIDC provider dynamically
INTROSPECTION_ENDPOINTRFC 7662 compliant token introspection validation endpoint
OAUTH_CLIENT_IDClient identifier for OAuth2 authentication flows
OAUTH_CLIENT_SECRETClient secret credentials used for token introspection
JWT_AUDIENCETarget audience check value for incoming OIDC tokens
AUTH_ISSUERExpected token issuer authority check value (e.g. Keycloak)
AUTH_SUB_JSONPATHJSONPath pattern to extract user identity subject from token
AUTH_ADMIN_ROLEBypass role name that grants admin access (default: nogoo9-admin)
PROXY_SESSION_TTLActive lifetime in seconds for signed proxy session cookies
PROXY_SESSION_SECRETSecret key for session cookie signing
UI_ENABLEDServe the built-in HTML dashboard (default: true)
THEMES_DIRFilesystem directory to scan for custom CSS themes
THEMES_CONFIGMAPConfigMap name storing dynamic CSS theme overrides
DOCS_DIRDirectory containing static documentation web files to serve
OAUTH_DISCOVERY_URLStandard OIDC .well-known configuration discovery endpoint
OAUTH_LOGIN_METHODUI SSO flow login method: 'redirect' or silent 'iframe'
UI_TITLECustom dashboard header title for white-label branding
UI_SUBTITLECustom dashboard subtitle text below the header title
Turn described changes into reviewed pull requests: propose, triage, review, dependency audits.
Site & competitor monitoring: snapshots, evidence-backed diffs, briefs, price checks, mentions.
Deploy containers on Kubernetes with x402 billing. 9 workload types and source builds.