@nogoo9/no-crd
<p align="center"> <img src="docs/public/logo.png" alt="nogoo9 logo" width="200" height="200" /> </p> <p align="center"> <img src="docs/public/dashboard_screenshot.png" alt="no-crd Dashboard" width="800" /> </p>Agent-Driven, On-Demand Pod Orchestration in Kubernetes — Without Custom Resource Definitions.
@nogoo9/no-crd is a lightweight, cross-runtime Model Context Protocol (MCP) server that empowers AI agents and APIs to dynamically spawn, route to, and manage ephemeral containerized sandboxes on standard Kubernetes (k8s/k3s) clusters — without requiring Custom Resource Definitions (CRDs), cluster-level operators, or elevated RBAC permissions.
It provides JupyterHub-like dynamic pod lifecycle management but is completely agnostic to actual workloads and supports multi-runtime execution under Bun, Deno, and Node.js.
📚 For detailed guides, API reference, and configuration options, visit the public Documentation Website or access the built-in documentation served directly at /docs/ (e.g. http://localhost:3000/docs/) when running the server.
🗺️ Choose Your Path
To get started with @nogoo9/no-crd, select the track that matches your goals:
- Track A: AI Agent & MCP Users $\rightarrow$ MCP Client Setup Guide
- Best for: Connecting
no-crdto Cursor, Claude Desktop, Cline, or Roo Code to let your agent manage pods.
- Best for: Connecting
- Track B: Platform & Service Deployers $\rightarrow$ SSO & Routing Deployment Guide
- Best for: Deploying a multi-tenant sandbox service in your Kubernetes cluster with Keycloak OIDC, stateless cookies, and reverse proxy routing.
- Track C: SDK & Code Contributors $\rightarrow$ SDK & Contributor Guide
- Best for: Programmatically controlling pods via the TypeScript SDK or contributing to the core runtime codebase.
🚀 Key Features
- No CRDs Required: Runs directly against core Kubernetes resources (Pods, ConfigMaps, ServiceAccounts). Highly portable, secure, and compatible with restricted/managed environments (EKS, GKE, K3s).
- Agent Sandbox Spawner: Specialized spawner tools that automate workspace provisioning with context validation, init containers, IAM roles, pre-stop hooks, and lifecycle sync.
- ConfigMap-Based Templates: Store, version, and load reusable pod templates stored as standard Kubernetes ConfigMaps.
- Local Filesystem Templates: Bake YAML/JSON pod templates into Docker images or mount them from host paths — with built-in defaults shipped in the package.
- Isomorphic Multi-Runtime SDK: Imports seamlessly as a composable programmatic SDK or MCP server running under Node.js, Bun, or Deno.
- Workspace Routing Proxy (Experimental): Built-in reverse proxy routing that dynamically pipes traffic to running container IPs with secure user token ownership verification, path-scoped session cookies (
nocr_tokenandnocr_sess), and automatic HMAC-signed session management for short-lived token resilience. - Experimental JWT Authentication: Built-in OAuth token validation engine supporting HS256, RS256, ES256, JWKS endpoints, and OAuth 2.0 Token Introspection (RFC 7662).
- Embedded Web UI App: Exposes an interactive web-based Pod Manager interface featuring a light/dark theme toggle, client-side PKCE OIDC login with proactive silent token refresh, and workspace file preview rendering (supporting HTML sandboxed iframes and custom Markdown rendering).
⚡ Quick Start
Run Standalone via NPX (No Installation)
# Option 1: Start HTTP/SSE server on port 3000
npx @nogoo9/no-crd --transport http --port 3000
# Option 2: Run over standard input/output (stdio) for local IDE agents
npx @nogoo9/no-crd --transport stdio --mode cluster
Install Globally
npm install -g @nogoo9/no-crd
nocrd9 --transport stdio --mode cluster
Run via Docker
docker run -d -p 3000:3000 \
-v "$HOME/.kube/config:/app/.kube/config:ro" \
-e KUBECONFIG=/app/.kube/config \
ghcr.io/nogoo9/no-crd:latest
⚙️ Configuration & Environment Variables
The server and command-line utility are configurable using CLI options or environment variables. Below is the quick reference table of all settings:
<!-- CONFIG_TABLES_START -->🔌 Server Configuration
| CLI Option | Environment Variable | Default | Allowed Values | Description |
|---|---|---|---|---|
-t, --transport | TRANSPORT | http | http, stdio, both | Server transport mode. both fires up both transports simultaneously. |
-p, --port | PORT | 3000 | Number | HTTP server port for SSE transport. |
-H, --host | HOST | 0.0.0.0 | String | Host interface to bind the HTTP/SSE server to. |
--base-url | BASE_URL | "" | Path string | Base URL path prefix for hosting behind a reverse proxy (e.g. /gateway/no-crd). |
| - | STATELESS | false | true, false | Enable stateless request handling (no session affinity). |
-l, --log-level | LOG_LEVEL | info | debug, info, warning, error, fatal | Logging verbosity filter. |
| - | LOG_FILE | nogoo9-mcp.log | String | Output file path for file logging. |
| - | RATE_LIMIT_MAX | 100 | Number | Maximum requests allowed per window for rate limited routes. |
| - | RATE_LIMIT_WINDOW | 60000 | Number | Time window in milliseconds for rate limited routes. |
--proxy-timeout | PROXY_TIMEOUT | 120000 | Number | Timeout in milliseconds for the routing proxy upstream requests. |
--proxy-keep-alive | PROXY_KEEP_ALIVE | true | true, false | Enable TCP keep-alive for the routing proxy upstream requests. |
🔒 TLS Configuration
| CLI Option | Environment Variable | Default | Allowed Values | Description |
|---|---|---|---|---|
--tls-cert | TLS_CERT | - | Path string | Path to TLS certificate file to enable HTTPS. |
--tls-key | TLS_KEY | - | Path string | Path to TLS private key file to enable HTTPS. |
--tls-ca | TLS_CA | - | Path string | Path to TLS CA certificate file for HTTPS client/verification. |
| - | NODE_TLS_REJECT_UNAUTHORIZED | true | 0 (false), 1 (true) | Set to 0 to bypass TLS verification (for development/testing only). |
🌐 CORS Configuration
| CLI Option | Environment Variable | Default | Allowed Values | Description |
|---|---|---|---|---|
--cors-origin | CORS_ALLOWED_ORIGIN, CORS_ORIGIN | * | String | CORS Allowed Origin header. |
--cors-methods | CORS_ALLOWED_METHODS, CORS_METHODS | GET, POST, OPTIONS | String | CORS Allowed Methods header. |
--cors-headers | CORS_ALLOWED_HEADERS, CORS_HEADERS | Content-Type, Authorization, mcp-protocol-version, mcp-session-id | String | CORS Allowed Headers header. |
--cors-allow-credentials | CORS_ALLOW_CREDENTIALS, CORS_CREDENTIALS | false | true, false | Enable CORS Access-Control-Allow-Credentials header. |
--cors-expose-headers | CORS_EXPOSED_HEADERS, CORS_EXPOSED | mcp-session-id, x-refreshed-token | String | Custom CORS Access-Control-Expose-Headers header. |
--cors-max-age | CORS_MAX_AGE | - | Number | Custom CORS Access-Control-Max-Age header in seconds. |
☸️ Kubernetes Configuration
| CLI Option | Environment Variable | Default | Allowed Values | Description |
|---|---|---|---|---|
-m, --mode | MODE | cluster | cluster, namespaced | Kubernetes access scope. namespaced locks operations to a single namespace. |
-n, --namespace | NAMESPACE, DEFAULT_NAMESPACE | nogoo9 | String | Default Kubernetes namespace for operations. |
--disable-permission-checks | DISABLE_PERMISSION_CHECKS | false | true, false | Disable Kubernetes RBAC permission checks and assume all tools are enabled. |
--managed-only | MANAGED_ONLY | true | true, false | When true, pod tools only operate on pods managed by this server (nogoo9/managed-by label). No one bypasses this, not even admins. See ADR-008. |
--default-workspace-port | DEFAULT_WORKSPACE_PORT | - | Number | Default target port inside the workspace pods to proxy traffic to. |
| - | REGISTRY_URL | - | URL string | Target container registry URL to query for images (e.g. http://localhost:5001). |
| - | TEMPLATES_DIR | - | Path string | Path to local directory containing pod template files (YAML/JSON). See ADR-001. |
| - | BUILTIN_TEMPLATES | true | true, false | Set to false to disable built-in templates shipped with the package. |
🔑 Authentication Configuration
| CLI Option | Environment Variable | Default | Allowed Values | Description |
|---|---|---|---|---|
--auth-enabled | AUTH_ENABLED | false | true, false | Enables JWT token authentication on MCP tools and route proxy. |
| - | JWT_VERIFICATION_REQUIRED | true | true, false | Enable/disable JWT signature verification (signature checks). |
| - | JWT_SECRET | - | String | Symmetric HMAC-SHA256 secret for token verification. |
| - | JWT_PUBLIC_KEY | - | String | PEM encoded RSA/ECDSA public key for asymmetric token verification. |
| - | JWKS_URI | - | URL string | Remote JWKS endpoint URL to dynamically retrieve verification keys. |
| - | INTROSPECTION_ENDPOINT, JWT_INTROSPECTION_ENDPOINT | - | URL string | Endpoint for token introspection/validation. |
| - | OAUTH_CLIENT_ID | - | String | OAuth client ID for auth configuration. |
| - | OAUTH_CLIENT_SECRET | - | String | OAuth client secret for auth configuration. |
| - | JWT_AUDIENCE | - | String | Expected token audience. Falls back to OAUTH_CLIENT_ID if set. |
| - | AUTH_ISSUER, JWT_ISSUER | "" | URL string | Identifier URL for the Authorization Server advertised in metadata discovery. |
| - | AUTH_SUB_JSONPATH | $.sub | JSONPath | Payload path to extract unique user identity from JWT payload. |
--auth-scope-jsonpath | AUTH_SCOPE_JSONPATH | $.scope | JSONPath | Payload path to extract scopes claim from JWT payload. |
--auth-roles-jsonpath | AUTH_ROLES_JSONPATH, AUTH_ADMIN_JSONPATH | $.realm_access.roles | JSONPath | Payload path to extract user roles from JWT payload. |
| - | AUTH_ADMIN_ROLE | admin | String | Role name signifying administrator access. |
--auth-required-read-scope | AUTH_REQUIRED_READ_SCOPE | nogoo9:read | String | OAuth scope required for read operations. If not set, read scope check is bypassed. |
--auth-required-write-scope | AUTH_REQUIRED_WRITE_SCOPE | nogoo9:write | String | OAuth scope required for write/mutation operations. If not set, write scope check is bypassed. |
--auth-required-admin-scope | AUTH_REQUIRED_ADMIN_SCOPE | nogoo9:admin | String | OAuth scope required for administrator operations. If not set, admin scope check is bypassed. |
--auth-required-read-role | AUTH_REQUIRED_READ_ROLE | viewer | String | User role required for read operations. If not set, read role check is bypassed. |
--auth-required-write-role | AUTH_REQUIRED_WRITE_ROLE | user | String | User role required for write/mutation operations. If not set, write role check is bypassed. |
| - | PROXY_SESSION_TTL | 1800 | Number | Session cookie expiration lifetime in seconds (sliding window duration). |
| - | PROXY_REFRESH_COOKIE_TTL | 604800 | Number | Default Max-Age for the encrypted refresh token cookie (nocr_refresh). Overridden by the IdP's refresh_expires_in when available. |
| - | PROXY_TOKEN_COOKIE_TTL | 86400 | Number | Default Max-Age for the access token cookie (nocr_token). Overridden by the JWT exp claim when available. |
| - | PROXY_SESSION_SECRET | "" | String | HMAC secret key used to sign stateless session cookies. Falls back to JWT_SECRET if not configured. |
| - | OAUTH_SCOPES | openid profile email offline_access | Space-separated scope string | OAuth scopes to request during authorization. Include 'offline_access' for refresh tokens. |
| - | OAUTH_AUTHORIZATION_URL | - | URL string | Direct OAuth authorization URL. |
| - | OAUTH_SERVER_DISCOVERY_URL, OAUTH_DISCOVERY_URL | - | URL string | Discovery URL for the OAuth server used by the backend gateway. Falls back to OAUTH_DISCOVERY_URL. |
| - | OAUTH_SERVER_TOKEN_URL, OAUTH_TOKEN_URL | - | URL string | Direct OAuth token exchange endpoint for the backend server. |
| - | OAUTH_END_SESSION_URL | - | URL string | Direct OAuth logout endpoint. |
--auth-inject-workspace-jwt | AUTH_INJECT_WORKSPACE_JWT | true | true, false | Determines if the custom 'x-workspace-jwt' header containing the raw token is injected into proxy requests. |
| - | AUTH_DEFAULT_ROLE | viewer | String | Fallback role if the token does not provide scopes/roles. |
🖥️ UI & Themes Configuration
| CLI Option | Environment Variable | Default | Allowed Values | Description |
|---|---|---|---|---|
| - | UI_ENABLED | true | true, false | Enables the embedded HTML Pod Manager UI resource. |
| - | THEMES_DIR | themes | Path string | Local directory path containing custom CSS UI themes. |
| - | THEMES_CONFIGMAP | - | String | Name of Kubernetes ConfigMap containing custom UI theme configurations. |
| - | DOCS_DIR | /app/docs (Docker) or docs/.vitepress/dist (Local) | Path string | Base directory from which static documentation files are served. |
| - | OAUTH_DISCOVERY_URL | "" | URL string | Discovery URL for the OAuth authorization server used by the UI client. |
| - | OAUTH_CLIENT_ID | "" | String | OAuth client ID for UI authorization. |
| - | OAUTH_LOGIN_METHOD | redirect | redirect, popup | Login interaction mode for UI OAuth client. |
| - | UI_TITLE | nogoo9 Pod Manager | String | Custom title shown in the dashboard header. |
| - | UI_SUBTITLE | On-demand Kubernetes pod orchestration and agent-sandbox management without CRDs. | String | Custom subtitle shown below the dashboard title. |
☸️ Kubernetes Setup & RBAC Permissions
For the @nogoo9/no-crd MCP server to interact with Kubernetes, it must run with appropriate RBAC permissions. Depending on your configuration, you can deploy it with Cluster-Wide (ClusterRole) access or Namespace-Scoped (Role) access.
Tool-to-Permission Mapping
Below is the mapping showing which Kubernetes API resources and verbs each MCP tool requires. The server dynamically checks these permissions at startup (via SelfSubjectAccessReview) and only registers tools that the active identity is authorized to use.
Resource: configmaps
| Required Verb | Associated MCP Tools | Description / Purpose |
|---|---|---|
create | create_template | Save a new pod template definition as a ConfigMap. |
delete | delete_template | Delete a stored pod template ConfigMap. |
get | create_pod_from_template | Read template pod specifications stored in ConfigMaps. |
update | update_template | Modify metadata, annotations, or specifications of an existing template. |
Resource: events
| Required Verb | Associated MCP Tools | Description / Purpose |
|---|---|---|
list | get_workspace_events |
Resource: namespaces
| Required Verb | Associated MCP Tools | Description / Purpose |
|---|---|---|
list | list_namespaces | Discover namespaces in the cluster (only required in cluster access mode). |
Resource: pods
| Required Verb | Associated MCP Tools | Description / Purpose |
|---|---|---|
create | create_pod, create_pod_from_template, spawn_workspace, upgrade_all_workspaces, upgrade_workspace | Provision and deploy new pods or workspace sandboxes. |
delete | delete_pod, stop_workspace, upgrade_all_workspaces, upgrade_workspace | Terminate and clean up pods or workspace sandboxes. |
get | get_pod, get_workspace, upgrade_workspace | Retrieve detailed JSON spec for a specific pod. |
list | list_pods, list_workspaces, upgrade_all_workspaces | Retrieve lists of pods or agent workspace pods. |
patch | patch_pod | Strategic merge patch labels, annotations, or resource requests/limits. |
Resource: pods/log
| Required Verb | Associated MCP Tools | Description / Purpose |
|---|---|---|
get | get_pod_logs | Retrieve standard output/error logs from pod containers. |
1. Cluster-Wide Mode (MODE=cluster)
Use this mode if you want the MCP server to manage sandboxes across any namespace in the cluster.
Create a ClusterRole and ClusterRoleBinding:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: nogoo-mcp
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch", "create", "delete", "patch", "update"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "list", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get", "list", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: nogoo-mcp
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nogoo-mcp
subjects:
- kind: ServiceAccount
name: nogoo-mcp
namespace: nogoo9 # Change to the namespace where your MCP server runs
2. Namespace-Scoped Mode (MODE=namespaced)
Use this mode if the MCP server should be restricted to a single namespace (e.g. nogoo9). In this mode, no cluster-level or administrative permissions are needed.
Create a Role and RoleBinding in the target namespace:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: nogoo-mcp
namespace: nogoo9
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch", "create", "delete", "patch", "update"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "list", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get", "list", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: nogoo-mcp
namespace: nogoo9
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nogoo-mcp
subjects:
- kind: ServiceAccount
name: nogoo-mcp
namespace: nogoo9
(Note: In namespace-scoped mode, the list_namespaces tool will only return the target namespace, and namespace parameter inputs to all tools will default to the target namespace.)
📑 Workspace Templates & Spawner Annotations
Templates in @nogoo9/no-crd can be loaded from three sources (highest to lowest priority):
- Kubernetes ConfigMaps — labeled with
nogoo9/pod-template: "true"(original mechanism) - Custom local directory — set via
TEMPLATES_DIRenv var (YAML or JSON files) - Built-in templates — shipped with the npm package (disable with
BUILTIN_TEMPLATES=false)
See ADR-001 for format details.
1. How to Define a Template
To register a template with the spawner, create a ConfigMap meeting the following requirements:
- Discovery Label: Must be labeled with
nogoo9/pod-template: "true". - Spec Key: The
datablock must contain a key namedspecwhose value is a JSON string conforming to thePodSpecSchema(e.g.containers,volumes,restartPolicy). - Behavior Customization: Set
annotationson theConfigMapmetadata to configure advanced spawner integrations (like IAM role binding, init containers, and pre-stop lifecycle hooks).
Example Template Definition:
apiVersion: v1
kind: ConfigMap
metadata:
name: node-workspace-template
namespace: nogoo9
labels:
nogoo9/pod-template: "true"
annotations:
nogoo9/description: "A standard Node.js development sandbox with S3 storage sync"
nogoo9/tag: "node-20"
nogoo9/required-context: "PROJECT_NAME,REPO_URL"
nogoo9/iam-role-arn: "arn:aws:iam::123456789012:role/workspace-s3-access"
nogoo9/init-image: "alpine/git"
nogoo9/init-command: "git clone $REPO_URL /workspace/$PROJECT_NAME"
nogoo9/pre-stop-command: "aws s3 sync /workspace s3://my-workspace-backups/$PROJECT_NAME"
nogoo9/default-grace-period: "120"
data:
spec: |
{
"containers": [
{
"name": "workspace",
"image": "node:20-alpine",
"command": ["sleep", "infinity"],
"volumeMounts": [
{
"name": "workspace-storage",
"mountPath": "/workspace"
}
]
}
],
"volumes": [
{
"name": "workspace-storage",
"emptyDir": {}
}
]
}
2. Supported Spawner Annotations
The spawner inspects ConfigMap metadata annotations (and custom inline annotations passed during spawn_workspace) to customize the workspace lifecycle:
| Annotation / Label Key | Type | Description |
|---|---|---|
nogoo9/workspace-auth-mode | Annotation (Comma-separated) | Configures authorization modes for the workspace proxy. Comma-separated list of: token-api (exposes token retrieval endpoints at _auth/token & _auth/authorize for SPAs), inject-headers (rewrites headers to forward user identity like x-user-sub and JWTs to container; enabled by default if AUTH_ENABLED=true), no-auth (bypasses all auth/owner checks for public workspaces). (Available from v0.6.0, no-auth from v0.8.0) |
nogoo9/auth-require-token | Annotation ("true" | "false") |
nogoo9/template-version | Annotation (String) | Specifies the version of the pod template. Used to track if workspaces are outdated. (Available from v0.8.0) |
nogoo9/workspace-name | Annotation (String) | Stores the user-defined display name of the workspace. (Available from v0.4.0) |
nogoo9/template-ref | Annotation (String) | The reference to the pod template used to spawn the workspace (e.g. default/workspace-terminal). (Available from v0.4.0) |
nogoo9/managed-by | Label (String) | Used to label workspace pods created by this MCP server to restrict operational scope. (Available from v0.5.0) |
nogoo9/pod-template | Label ("true") | Identifies a Kubernetes ConfigMap as a reusable pod template. |
nogoo9/type | Label ("workspace") | Applied automatically by the spawner to identify running agent workspace pods. |
nogoo9/workspace-id | Label | Identifies the unique agent session / workspace ID associated with the running pod. |
nogoo9/user-sub | Label / Annotation | Represents the authenticated user subject (owner) of the workspace pod, used for access control validation and ServiceAccount labeling. |
nogoo9/description | Annotation (String) | A friendly, human-readable summary of the template's purpose and contents. |
nogoo9/tag | Annotation (String) | A version or tag associated with the template environment (e.g. node-20). |
nogoo9/required-context | Annotation (Comma-separated) | Validates that target environment variables are provided in the tool call's context parameter (e.g. GITHUB_TOKEN,DATABASE_URL). |
nogoo9/iam-role-arn | Annotation (AWS Role ARN) | Instructs the spawner to provision a dedicated Kubernetes ServiceAccount annotated for EKS IAM Role mapping (IRSA). |
nogoo9/init-image | Annotation (Image string) | The container image to run in the dynamic spawner-init init-container. |
nogoo9/init-command | Annotation (Shell command) | The shell command to run in the init-container. It automatically shares the main container's volume mounts. |
nogoo9/init-share-volumes | Annotation ("true" | "false") |
nogoo9/pre-stop-command | Annotation (Shell command) | A shell command executed in a Kubernetes preStop lifecycle exec hook when the workspace is terminated (e.g. to save/push state). |
nogoo9/pre-stop-sidecar-image | Annotation (Image string) | If specified alongside pre-stop-command, runs the pre-stop command inside a dedicated sidecar container instead of the main container. |
nogoo9/default-grace-period | Annotation (Number in seconds) | Overrides the Pod's terminationGracePeriodSeconds (defaults to 60 if a pre-stop command is defined) to give cleanup commands time to finish. |
nogoo9/workspace-port | Annotation (Number) | The port inside the container to proxy traffic to. Defaults to DEFAULT_WORKSPACE_PORT or 3000. |
nogoo9/workspace-path | Annotation (String) | The default URL subpath mapping for the workspace web interface (defaults to /). |
nogoo9/workspace-type | Annotation (String) | The format specification of the main entry point (e.g. iframe, novnc). |
nogoo9/preview-path | Annotation (String) | The default folder or file subpath to render in the UI files preview tab. |
nogoo9/preview-type | Annotation (String) | Fallback preview rendering mode for the preview tab (e.g. markdown, html). |
nogoo9/api.<api-name>.port | Annotation (Number) | Defines an additional HTTP service port exposed by the workspace. |
nogoo9/api.<api-name>.visibility | Annotation (String) | Specifies access visibility for the custom API endpoint. Supported values: private (accessible only by the workspace owner), internal (accessible by any logged-in user), admin (accessible by the owner or users with the admin scope and role), scope:<scope_name> (accessible by users possessing the specified OIDC scope), role:<role_name> (accessible by users possessing the specified user role), or a comma-separated list of allowed user subjects. |
nogoo9/api.<api-name>.path | Annotation (String) | Defines the subpath routing prefix for this specific API (e.g. /terminal). |
nogoo9/api.<api-name>.desc | Annotation (String) | A short description of this additional API, shown in the UI interface. |
nogoo9/api.<api-name>.method | Annotation (String) | Comma-separated list of supported HTTP methods (e.g. GET,POST, *, defaults to any method). |
nogoo9/api.<api-name>.refresh | Annotation (Duration) | Sets the refresh frequency for custom stats/activity or other mini API views in the dashboard cards (e.g. 10s, 1m, or init to query only once on startup). |
nogoo9/api.stats.refresh | Annotation (Duration) | Explicitly configures the reload frequency for the reserved stats API metrics on the workspace dashboard card (e.g., 10s, 30s, init). |
nogoo9/api.last_activity.refresh | Annotation (Duration) | Explicitly configures the reload frequency for the reserved last_activity epoch timestamp API on the workspace dashboard card (e.g., 30s, 1m, init). |
📦 Programmatic SDK & API Proxy Services
@nogoo9/no-crd provides a complete programmatic SDK and dynamic cluster routing proxy to allow developers to build custom pod orchestrators and route workspace traffic natively.
1. Composable Programmatic SDK
You can import @nogoo9/no-crd in your Bun, Deno, or Node.js codebase to control pod sandboxes and templates programmatically, bypassing the MCP HTTP server.
import { KubeConfig } from "@kubernetes/client-node";
import {
initK8sContext,
spawnWorkspace,
stopWorkspace,
listWorkspaces
} from "@nogoo9/no-crd";
// 1. Initialize Kubernetes API Context (optionally pass custom configuration)
const kc = new KubeConfig();
kc.loadFromDefault();
const ctx = initK8sContext(kc);
// 2. Spawn a workspace sandbox from a template
const spawnResult = await spawnWorkspace(ctx, {
id: "agent-session-42",
templateRef: "nogoo9/default-agent-workspace",
context: {
"S3_BUCKET": "my-bucket",
"S3_FOLDER": "session-42"
}
});
console.log(`Spawned pod: ${spawnResult.podName}`);
// 3. List active workspaces running in the namespace
const list = await listWorkspaces(ctx, {
namespace: "nogoo9"
});
console.log(`Active workspaces count: ${list.workspaces.length}`);
// 4. Terminate the workspace sandbox
await stopWorkspace(ctx, {
id: "agent-session-42"
});
2. Workspace Routing Proxy (Experimental)
WARNING
The workspace routing proxy and JWT authentication engine are experimental and likely to change in the next version.
The server includes a built-in reverse proxy routing service. HTTP requests targeting:
http://<mcp-server-host>/route/<workspace-id>/<subpath>
are dynamically proxied directly to the running workspace pod's IP address inside the cluster.
If AUTH_ENABLED is true:
- Token Bootstrapping & Path-Scoped Cookies: Since standard browser navigations (links, iframes) cannot transmit custom HTTP headers, the client passes the active JWT via a
?token=query parameter on initial redirect. The proxy validates it and issues a secure, path-scoped cookie (nocr_token), allowing subsequent resource requests (JS, CSS, images, WebSockets) to authenticate seamlessly without URL parameters. - Direct Access Redirect (SSO): Accessing a workspace URL directly without active credentials redirects you to the main dashboard's login screen. Once logged in, the dashboard automatically routes you back to the target workspace URL with a fresh bootstrap token.
- Resource Ownership Verification: The workspace pod's
nogoo9/user-sublabel must match the JWT's subject claim, preventing unauthorized access to other users' workspaces. - Proxy target port: Inside the workspace pod defaults to
3000or can be overridden via pod annotationnogoo9/workspace-portor theDEFAULT_WORKSPACE_PORTenvironment variable. - Multi-Port / Custom API Routing: You can expose and route additional APIs inside the pod (e.g., a web terminal or secondary service) by defining custom annotations in the template (e.g.,
nogoo9/api.terminal.port: "7681",nogoo9/api.terminal.path: "/terminal"). The proxy will dynamically handle subpath routing and method checks. - A stateless signed session cookie (
nocr_sess) is minted on first successful JWT validation, enabling workspace traffic to survive short-lived token expiry. (Available from v0.4.0) See ADR-002 and ADR-003 for design details.
For a detailed breakdown of the redirection lifecycle, Keycloak configuration, and JWT claims, see the SSO & OIDC Integration Guide.
3. OAuth Resource Discovery (RFC 9728)
Exposes the standardized metadata endpoint GET /.well-known/oauth-protected-resource returning:
- Supported authorization servers.
- Token format specifications.
- Required scopes.
This allows client interfaces (and MCP clients) to automatically discover security requirements and handle dynamic OAuth authentication flows.
4. Embedded Web UI & Dashboard Themes
When the server runs in HTTP/SSE transport mode, the visual React Pod Manager UI Dashboard is served directly at root / (e.g. http://localhost:3000/).
- Dashboard Themes: The UI includes a system/light/dark toggle and supports custom visual themes.
- Three-Source Theme Merge Engine: CSS stylesheets are dynamically scanned and merged from:
- Kubernetes ConfigMap (
THEMES_CONFIGMAPenvironment variable). - Custom Local Directory (
THEMES_DIRenvironment variable, defaults tothemes/). - Built-In Catalog (pre-baked styles: Dracula, Nord, Stripe, Slack, Vercel, Apple, Superhuman, Notion, and Antigravity).
- Kubernetes ConfigMap (
Duplicate theme IDs are resolved according to priority: ConfigMap > Local Directory > Built-In Catalog. For detailed customization guidelines and CSS templates, see the Dashboard Themes & Branding Guide.
🔌 API Reference (MCP Tools & Resources)
Pod Tools
list_pods: Retrieve a summary of pods in the namespace. Filters bylabelSelector,fieldSelector, andlimit.get_pod: Fetch full Kubernetes API JSON payload for a target pod name.create_pod: Create a custom pod with direct container/volume specifications.patch_pod: Apply a Strategic Merge Patch to modify labels, annotations, or container resource limits dynamically.delete_pod: Terminate a pod with optionalgracePeriodSeconds.get_pod_logs: Fetch logs for a container with options liketailLines,sinceSeconds,timestamps,limitBytes, andprevious.list_namespaces: List all namespaces accessible with current credentials.list_registry_images: List catalog images from the configuredREGISTRY_URL.
Pod Template Tools
Manage preconfigured pod specifications stored as standard Kubernetes ConfigMaps (labeled nogoo9/pod-template=true).
list_templates: Show available templates.get_template: Get the raw pod template spec.create_template: Store a new pod template spec.update_template: Update labels, annotations, or specs on an existing template.delete_template: Delete a template.create_pod_from_template: Spawn a pod using a template, applying container overrides (environment variables, commands, resources) and top-level overrides.
Agent Workspace (Spawner) Tools
Specially designed for AI agents to safely spawn and clean up their own workspace sandboxes.
list_workspaces: List active agent workspaces (with JWT/owner mapping support).spawn_workspace: Spawn a workspace sandbox pod. Features:- Context Validation (
nogoo9/required-context): Requires the caller to supply critical env variables (e.g. API keys) before spawning. - Init Containers (
nogoo9/init-image/nogoo9/init-command): Initialize workspace directories/files before main containers start. - Pre-Stop Hooks (
nogoo9/pre-stop-command): Run custom cleanup commands (e.g., commit/sync code to git or S3) upon termination. - IAM Role Mapping (
nogoo9/iam-role-arn): Dynamically provisions AWS EKS IAM Role service accounts.
- Context Validation (
stop_workspace: Clean up and terminate the workspace pod.
Utilities
current_namespace: Returns active namespace and access mode.
MCP Resources
pod-template://{namespace}/{name}: Exposes stored pod templates directly as read-only MCP resources.ui://nogoo9/app: Exposes the embedded React/web UI app (ifUI_ENABLED=trueand built). When the server runs in HTTP/SSE transport mode, the UI is also served directly at/or/ui(e.g.http://localhost:3000/) and automatically falls back to standard HTTP JSON-RPC calls when loaded outside a postMessage-compatible MCP host (such as in a standard browser tab or the MCP Inspector).
🏗️ Architecture
┌───────────────────────┐
│ AI Agent / Client │
└───────────┬───────────┘
│ (Stdio or SSE Transport)
▼
┌───────────────────────┐
│ MCP Server │ <── (Queries ConfigMaps for specs)
└───────────┬───────────┘
│ (Kubernetes API - CoreV1)
▼
┌──────────────────────────────────────────┐
│ Kubernetes Cluster │
│ ┌────────────────────────────────────┐ │
│ │ Target Namespace │ │
│ │ ┌──────────┐ ┌──────────┐ ┌────┐ │ │
│ │ │ Agent │ │ Custom │ │ │ │ │
│ │ │ Sandbox │ │ Workload │ │... │ │ │
│ │ │ Pod │ │ Pod │ │ │ │ │
│ │ └──────────┘ └──────────┘ └────┘ │ │
│ └────────────────────────────────────┘ │
└──────────────────────────────────────────┘
The server interacts directly with the Kubernetes API using @kubernetes/client-node. By using standard Pod and ConfigMap resources, the setup is highly scalable, requires no cluster operator installs, and easily adheres to strict enterprise namespace-level security policies.
🛠️ Development
We use Moon for toolchain management and task running, and Biome for formatting and linting.
Prerequisites
- Bun
1.3.11+ - Node.js
22.14.0+ - Moon
2.1.3+ - k3d (for local Kubernetes cluster)
Setup Environment
# Install dependencies
bun install
# Auto-fix code formatting and linting via Biome
bun run format
# Run TypeScript compilation checks
bun run typecheck
Running Tests
# Run unit tests
moon run mcp:test
# Run full spawner workspace lifecycle tests (requires local k3d)
bun run test:lifecycle
Local Cluster Testing (k3d)
Bootstrap a local k3d Kubernetes cluster complete with a local registry, built-in mock S3, and Traefik:
# Spin up development cluster
moon run k3d:bootstrap
# Rebuild, push, and deploy MCP server to the cluster
moon run mcp:deploy
# Tear down the cluster
moon run k3d:teardown
📄 License
This project is licensed under the Apache License 2.0. See LICENSE for details.