Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-openpouch-openpouch": {
"args": [
"-y",
"openpouch"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
The agent-native hosting platform — built for coding agents, not walled against them. Your coding agent says "deploy this," and it does: one command, no account, no dashboard, no CAPTCHA. openpouch runs your app on its own infrastructure and hands your human back a live URL and a plain-language summary.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'openpouch' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked openpouch against OSV.dev.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in devops
MCP server for using the GitLab API
MCP Server for kubernetes management commands
MCP server for ZenML - browse stacks, pipelines, runs, artifacts & trigger pipeline runs via API
MCP server for Dynatrace Managed to access logs, events, and metrics.
MCP Security Weekly
Get CVE alerts and security updates for io.github.openpouch/openpouch and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
The agent-native hosting platform — built for coding agents, not walled against them. Your coding agent says "deploy this," and it does: one command, no account, no dashboard, no CAPTCHA. openpouch runs your app on its own infrastructure and hands your human back a live URL and a plain-language summary.
Your app is the joey; openpouch carries it safely. 🦘
Status: technical preview. openpouch@0.2.5 is on npm and the instant lane (npx openpouch deploy) is live on openpouch's own infrastructure — static sites and real Node.js apps in hardened containers, with server-side build-on-deploy. Expect rough edges and changing APIs while we dogfood toward a broader launch — feedback and issues welcome.
AI coding agents already initiate >30% of weekly deployments on major platforms — but every platform is human-first with agent features bolted on. Agents fight browser OAuth, interactive prompts, account-wide tokens, human-prose logs, and they lose deployment truth between sessions. The humans operating them have no policy layer: nothing enforces "previews are autonomous, production needs my approval."
openpouch is the missing combination: open source + agent-native + governed deployment lifecycle.
Deploy any folder to a live URL in one command — no account, no provider key, no setup:
npx openpouch deploy
You get a live https://<slug>.openpouch.sh preview plus a claim link. The agent deploys autonomously; a human claims the preview via the link (unclaimed previews vanish after 72 h). openpouch writes the deployment truth (deploy.manifest.json, deploy.evidence.json, DEPLOYMENT.md) back into your repo, so any agent can pick up where the last one left off.
Prefer your own provider? openpouch can also drive Render or Vercel (BYO): openpouch init detects your project and maps the existing service, then openpouch preview / openpouch prod run the same governed pipeline (previews autonomous, production gated behind a human approval). The product itself, though, is openpouch's own hosting — see docs/INDEX.md.
Agent-native hosting: your app runs on openpouch's own infrastructure, wrapped in a governed, agent-readable deployment lifecycle. Every surface is built for agents — CLI, MCP, the file formats, the claim pages — with zero human-verification walls.
openpouch init/inspect/plan/preview/prod/approve/verify/logs/rollback) — zero-config detection, --json everywhere, meaningful exit codes, machine-readable errors with fix hints, and a plain-language summary to relay to your (possibly non-technical) humandeploy.manifest.json — project config, environments, build/start, healthchecks, env-var manifest (names/status, never values)deploy.policy.json — what agents may do per environment; approval rulesDEPLOYMENT.md + deploy.evidence.json — what is live (URL, commit, time, smoke results, rollback anchor)Safety, non-negotiable: read-only by default; previews can be autonomous; production requires a signed, single-use approval granted by a human in an interactive terminal; no delete operations in MVP; secret values never enter model context; full audit trail. Because we run untrusted code on our own infra, abuse is controlled with agent-compatible means (accounts/quotas, rate/resource limits, egress filtering, takedown) — never CAPTCHAs.
The instant lane (free, ephemeral previews — openpouch deploy) is live n