Erold is an AI-native project management platform built specifically for developers and AI agents to collaborate. It features MCP server integration, REST API, CLI tool, and a knowledge base that gives AI persistent memory across sessions.

How does Erold integrate with Claude Code?

Erold provides a native MCP (Model Context Protocol) server with 18 tools that Claude Code can use directly. This allows Claude to create tasks, update progress, access project knowledge, and manage your projects without any copy-paste.

Yes! Erold offers a free tier with 1 project and unlimited tasks. Pro is $5/month with pay-as-you-go pricing for extra resources. Only pay for what you use beyond included allocations.

What AI tools does Erold support?

Erold works with any AI tool that supports MCP or REST APIs, including Claude Code, Claude Desktop, Cursor, Windsurf, GitHub Copilot, and custom AI agents. The API-first design ensures compatibility with current and future AI tools.

What is MCP (Model Context Protocol)?

MCP (Model Context Protocol) is a standard protocol that allows AI assistants to interact with external tools and services. Erold's MCP server provides 18 tools for task management, knowledge base access, and project operations that AI assistants can use directly.

How is Erold different from Jira, Linear, or Asana?

Erold is built API-first for AI agents, not humans-first with APIs added later. Traditional tools require copy-paste to share context with AI. Erold lets AI assistants read tasks, update progress, and access project knowledge directly through MCP, API, or CLI.

What is the Knowledge Base feature?

The Knowledge Base is persistent memory for AI assistants. Store project context, coding standards, architecture decisions, and any information AI should remember across sessions. AI can read and write knowledge entries, making it smarter about your specific project over time.

Does Erold have a CLI tool?

Yes! The Yet CLI (npm install -g @erold/cli) provides full task management from your terminal. Create tasks, list projects, mark items done, and integrate with git workflows. Perfect for developers who prefer command-line tools.

When should I use Content Security Policy?

Web applications. XSS prevention. Security hardening. Compliance requirements

When should I NOT use Content Security Policy?

API-only services. Internal tools (low risk). Static sites with no scripts

Security csp critical

Content Security Policy

Prevent XSS and data injection attacks with proper Content Security Policy configuration.

Difficulty: intermediate
Read time: 1 min read
Version: v1.0.0
Confidence: established
Last updated: Updated Jan 10, 2026

Edit on GitHub Report Issue

Quick Reference

CSP: Start with strict policy, relax as needed. Use nonces for inline scripts (not 'unsafe-inline'). Report violations with report-uri/report-to. Separate policies for different pages if needed. Test in report-only mode first. Always include default-src 'self'.

Use When

Web applications
XSS prevention
Security hardening
Compliance requirements

Skip When

API-only services
Internal tools (low risk)
Static sites with no scripts

Content Security Policy

Prevent XSS and data injection attacks with proper Content Security Policy configuration.

Discussion

CSRF Protection Patterns critical CORS Patterns critical Security Headers & Environment Variables critical Input Validation & Sanitization critical

Content Security Policy

Quick Reference

Use When

Skip When

Content Security Policy

Discussion

Strictly Necessary

Analytics

Functional