openapi-mcp-generator

openapi-mcp-generator is a CLI (and programmatic Node.js API) that converts an OpenAPI 3.0+ specification into a generated MCP server project. The generated MCP server proxies requests to the underlying REST API, adds runtime validation via Zod, and supports multiple MCP transports (stdio, web/SSE, and StreamableHTTP).

Evaluated Mar 30, 2026 (21d ago)
Repo ↗ API Gateway api openapi mcp model-context-protocol generator typescript nodejs zod authentication proxy sse stdio streamablehttp
⚙ Agent Friendliness
54
/ 100
Can an agent use this?
🔒 Security
66
/ 100
Is it safe for agents?
⚡ Reliability
35
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
80
Documentation
70
Error Messages
0
Auth Simplicity
60
Rate Limits
5

🔒 Security

TLS Enforcement
85
Auth Strength
70
Scope Granularity
55
Dep. Hygiene
45
Secret Handling
70

The README indicates support for several auth schemes (API key/Bearer/Basic/OAuth2) via environment variables, and that the generated server proxies calls while validating request structure. However, it does not document TLS requirements, secure transport defaults beyond implied HTTPS usage for web/HTTP transports, nor does it describe how secrets are stored/logged or how request/response security (e.g., SSRF protections when using server base URLs, token refresh, audit logging) is handled. Dependency hygiene cannot be assessed from the provided content.

⚡ Reliability

Uptime/SLA
0
Version Stability
60
Breaking Changes
40
Error Recovery
40
AF Security Reliability

Best When

You already have an OpenAPI document and want to rapidly generate an MCP server that proxies to your REST API with basic authentication support and runtime input validation.

Avoid When

Your OpenAPI spec is incomplete/ambiguous about server base URLs and you can’t provide a correct --base-url (the tool notes it may be required). Also avoid if you require strict, documented rate limiting behavior or formal reliability guarantees.

Use Cases

  • Expose an existing REST API to MCP-capable AI agents/clients by generating an MCP server from an OpenAPI spec
  • Create typed, validated tool definitions for LLM agents (via generated TypeScript + Zod schemas)
  • Generate local/dev web-based test clients to manually verify tool behavior
  • Support different MCP transport needs (stdio for local, SSE/HTTP for broader access)

Not For

  • Production environments requiring first-class, maintained hosted MCP infrastructure (this is a generator of your own server code)
  • Use cases needing advanced OpenAPI features beyond what the generator supports (only OpenAPI 3.0+ is explicitly stated)
  • Teams that require guaranteed idempotency semantics across proxied endpoints without additional design

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
Yes
Webhooks
No

Authentication

Methods: API key Bearer token Basic auth OAuth2 (client id/secret + scopes)
OAuth: Yes Scopes: Yes

Authentication is configured via environment variables in the generated server; the README lists variable naming conventions per scheme. The documentation does not describe token refresh/rotation behavior in detail.

Pricing

Free tier: No
Requires CC: No

No hosted service pricing is indicated; this appears to be an open-source/npm package used to generate code.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • Generated MCP tools proxy to your REST API; any tool behavior (including side effects) is ultimately determined by the OpenAPI operation definitions and your REST API implementation.
  • Correct base URL resolution can be important; if OpenAPI servers are missing/ambiguous, --base-url is required.
  • Auth credentials are injected via environment variables; misconfiguration will likely cause request failures, but the README doesn’t specify detailed troubleshooting guidance.

Alternatives

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for openapi-mcp-generator.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

Scores are editorial opinions as of 2026-03-30.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered