{"id":"guillaumegay13-fieldflow","name":"fieldflow","homepage":"https://fieldflow.dev","repo_url":"https://github.com/guillaumegay13/fieldflow","category":"devtools","subcategories":[],"tags":["api","openapi","fastapi","httpx","mcp","ai-agent","tooling","pydantic"],"what_it_does":"FieldFlow loads an OpenAPI 3.0 spec (JSON/YAML), generates FastAPI endpoints that act as a proxy to an upstream REST API, and supports field-slicing of responses via an optional `fields` selector. It can also expose the generated tools through an optional MCP server for LLM client tool use.","use_cases":["Expose existing REST APIs as LLM-friendly tools with response field filtering","Reduce token usage by returning only requested response fields (including nested selectors)","Rapidly create thin API gateways from OpenAPI specs without hand-writing client/tool code","Integrate OpenAPI-backed tools into MCP-capable clients (e.g., Claude Desktop)"],"not_for":["High-assurance API transformation where strict schema/contract guarantees are required","Use cases needing strongly opinionated business logic or data validation beyond field selection","Production systems that require well-documented, per-endpoint rate limiting policies and SDK support","Environments that cannot rely on outbound HTTP proxying to upstream services"],"best_when":"You have an OpenAPI-described REST API and want a quick, generic way to provide tool endpoints (HTTP and/or MCP) that only return specific response fields.","avoid_when":"You need stable, versioned SDKs and detailed operational guidance (rate limits, retries, idempotency semantics) documented for every endpoint.","alternatives":["Direct OpenAPI client generation (openapi-generator / swagger-codegen) plus custom response shaping","API gateways/BFF layers that implement response projection explicitly","MCP tool servers written specifically for your upstream API or using existing MCP wrappers","LLM tool frameworks that support structured output but require you to write API calls manually"],"af_score":60.0,"security_score":64.8,"reliability_score":26.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:46:09.489181+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["bearer (via environment variables)","apikey (via environment variables)","basic (via environment variables)","OpenAPI security scheme passthrough (from the spec)"],"oauth":false,"scopes":false,"notes":"Authentication is configured via environment variables (e.g., FIELDFLOW_AUTH_TYPE/VALUE and optional header name). The README claims headers are sanitized in errors and credentials are not logged/stored, but does not show formal scope semantics or audit details."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing model described (appears to be an open-source tool)."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":60.0,"security_score":64.8,"reliability_score":26.2,"mcp_server_quality":55.0,"documentation_accuracy":70.0,"error_message_quality":null,"error_message_notes":"The README mentions invalid field selectors return a 422 before calling the upstream API, but it does not provide a comprehensive error schema/codes list for agents to programmatically react to.","auth_complexity":85.0,"rate_limit_clarity":20.0,"tls_enforcement":90.0,"auth_strength":70.0,"scope_granularity":30.0,"dependency_hygiene":55.0,"secret_handling":75.0,"security_notes":"README claims credentials are handled via environment variables and are never logged/stored with sanitization in error messages. However, there is no visible discussion of TLS requirements enforcement, secret lifecycle implementation details, SSRF protections for upstream URL handling, or scope-based authorization granularity (credentials appear all-or-nothing at the proxy layer).","uptime_documented":0.0,"version_stability":40.0,"breaking_changes_history":30.0,"error_recovery":35.0,"idempotency_support":"false","idempotency_notes":"No explicit idempotency guidance is documented for generated proxy/tool endpoints.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Field selection uses a custom JSONPath-lite syntax; invalid selectors should be handled to avoid tool failures.","Missing branches in nested selectors are skipped, which may hide data an agent expects.","Generated endpoints are a proxy: upstream behavior and status codes (including pagination) are driven by the upstream API, not by FieldFlow."]}}