{"id":"evilfreelancer-openapi-to-mcp","name":"openapi-to-mcp","homepage":null,"repo_url":"https://github.com/EvilFreelancer/openapi-to-mcp","category":"devtools","subcategories":[],"tags":["mcp","openapi","swagger","proxy","streamable-http","nodejs","typescript","api-proxy"],"what_it_does":"openapi-to-mcp is a standalone proxy that loads an OpenAPI/Swagger specification at startup and exposes it as an MCP (Model Context Protocol) server. It creates one MCP tool per API operation (filtered by include/exclude env vars) and executes tool calls as HTTP requests to the backend REST API. It supports Streamable HTTP transport via GET/POST /mcp and provides correlation-id logging and optional instruction text customization.","use_cases":["Expose an existing OpenAPI-defined REST API to MCP-capable AI clients without rewriting the API","Rapidly generate MCP tools from an OpenAPI spec for internal automation","Use a single source of truth (OpenAPI) for both REST documentation and MCP tool schemas","Bridge AI agents to legacy/back-end HTTP services by letting them call MCP tools"],"not_for":["APIs without an OpenAPI/Swagger spec (or where the spec is incomplete/incorrect)","High-security environments that require strong inbound authentication/authorization at the MCP server layer (not described)","Workloads that need advanced rate-limiting, pagination semantics, or complex streaming beyond basic Streamable HTTP proxying"],"best_when":"You already have a REST API with a valid OpenAPI 3.x JSON and you want to make those endpoints callable as MCP tools with minimal integration work.","avoid_when":"Avoid if you cannot trust or control the OpenAPI spec content (tool schemas/descriptions) or if you require strict transport security and auth/authorization at the MCP server boundary.","alternatives":["mcp-openapi-proxy (Python)","openapi-mcp-proxy (TypeScript)","openapi-mcp-generator (code generator for MCP servers)","FastMCP + OpenAPI (Python integration)","openapi-mcp-codegen (code generator)"],"af_score":59.5,"security_score":41.8,"reliability_score":27.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:38:47.190603+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"http://<host>:<MCP_PORT>/mcp (Streamable HTTP; POST/GET /mcp)","has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["HTTP Basic auth to backend API (optional) via MCP_API_BASIC_AUTH","Bearer token to backend API (optional) via MCP_API_BEARER_TOKEN"],"oauth":false,"scopes":false,"notes":"Authentication described applies to outbound requests to the backend API (Basic/Bearer). No inbound MCP-server authentication/authorization mechanism is documented in the provided content."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No hosted pricing information; repository describes a self-hosted MCP server."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":59.5,"security_score":41.8,"reliability_score":27.5,"mcp_server_quality":78.0,"documentation_accuracy":74.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":70.0,"rate_limit_clarity":20.0,"tls_enforcement":30.0,"auth_strength":45.0,"scope_granularity":10.0,"dependency_hygiene":70.0,"secret_handling":60.0,"security_notes":"TLS usage for the inbound MCP server is not specified (Streamable HTTP endpoints are described without HTTPS/TLS enforcement). Outbound backend authentication supports Basic or Bearer via env vars. No inbound auth/authorization or fine-grained access control is described. Correlation IDs are supported (could aid auditing) but secret-handling/log redaction behavior is not explicitly documented.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":35.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":"Not documented. Since requests are proxied to backend endpoints, idempotency depends on the backend and whether the underlying operation is safe/retryable.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Tool naming is derived from path/method and may change if the OpenAPI spec changes; ensure the spec is stable.","If include/exclude env vars are misconfigured, expected tools may not be registered.","Backend API errors are likely surfaced as MCP/tool call failures, but the specific error mapping and retry behavior are not described."]}}