{"id":"harsha-iiiv-openapi-mcp-generator","name":"openapi-mcp-generator","homepage":null,"repo_url":"https://github.com/harsha-iiiv/openapi-mcp-generator","category":"api-gateway","subcategories":[],"tags":["api","openapi","mcp","model-context-protocol","generator","typescript","nodejs","zod","authentication","proxy","sse","stdio","streamablehttp"],"what_it_does":"openapi-mcp-generator is a CLI (and programmatic Node.js API) that converts an OpenAPI 3.0+ specification into a generated MCP server project. The generated MCP server proxies requests to the underlying REST API, adds runtime validation via Zod, and supports multiple MCP transports (stdio, web/SSE, and StreamableHTTP).","use_cases":["Expose an existing REST API to MCP-capable AI agents/clients by generating an MCP server from an OpenAPI spec","Create typed, validated tool definitions for LLM agents (via generated TypeScript + Zod schemas)","Generate local/dev web-based test clients to manually verify tool behavior","Support different MCP transport needs (stdio for local, SSE/HTTP for broader access)"],"not_for":["Production environments requiring first-class, maintained hosted MCP infrastructure (this is a generator of your own server code)","Use cases needing advanced OpenAPI features beyond what the generator supports (only OpenAPI 3.0+ is explicitly stated)","Teams that require guaranteed idempotency semantics across proxied endpoints without additional design"],"best_when":"You already have an OpenAPI document and want to rapidly generate an MCP server that proxies to your REST API with basic authentication support and runtime input validation.","avoid_when":"Your OpenAPI spec is incomplete/ambiguous about server base URLs and you can’t provide a correct --base-url (the tool notes it may be required). Also avoid if you require strict, documented rate limiting behavior or formal reliability guarantees.","alternatives":["Manually implement an MCP server for your API","Generate an intermediate SDK from OpenAPI (e.g., OpenAPI Generator/Swagger Codegen) and then wrap it with a hand-written MCP server","Use other MCP/OpenAPI bridging tools if available in your ecosystem"],"af_score":54.2,"security_score":66.2,"reliability_score":35.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:27:06.734529+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":true,"sdk_languages":["TypeScript","JavaScript (Node.js)"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["API key","Bearer token","Basic auth","OAuth2 (client id/secret + scopes)"],"oauth":true,"scopes":true,"notes":"Authentication is configured via environment variables in the generated server; the README lists variable naming conventions per scheme. The documentation does not describe token refresh/rotation behavior in detail."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No hosted service pricing is indicated; this appears to be an open-source/npm package used to generate code."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":54.2,"security_score":66.2,"reliability_score":35.0,"mcp_server_quality":80.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":60.0,"rate_limit_clarity":5.0,"tls_enforcement":85.0,"auth_strength":70.0,"scope_granularity":55.0,"dependency_hygiene":45.0,"secret_handling":70.0,"security_notes":"The README indicates support for several auth schemes (API key/Bearer/Basic/OAuth2) via environment variables, and that the generated server proxies calls while validating request structure. However, it does not document TLS requirements, secure transport defaults beyond implied HTTPS usage for web/HTTP transports, nor does it describe how secrets are stored/logged or how request/response security (e.g., SSRF protections when using server base URLs, token refresh, audit logging) is handled. Dependency hygiene cannot be assessed from the provided content.","uptime_documented":0.0,"version_stability":60.0,"breaking_changes_history":40.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":"The README emphasizes proxying and validation, but does not discuss idempotency for generated operations; idempotency would depend on the underlying REST API semantics.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Generated MCP tools proxy to your REST API; any tool behavior (including side effects) is ultimately determined by the OpenAPI operation definitions and your REST API implementation.","Correct base URL resolution can be important; if OpenAPI servers are missing/ambiguous, --base-url is required.","Auth credentials are injected via environment variables; misconfiguration will likely cause request failures, but the README doesn’t specify detailed troubleshooting guidance."]}}