A Model Context Protocol (MCP) server that converts Swagger/OpenAPI specifications into MCP tools. This project can be used both as a standalone CLI tool and as a Go library for integration into other projects.
Status: âś… Production Ready - The project is stable, well-tested, and ready for production use.
đź“– Documentation: ä¸ć–‡ć–‡ćˇŁ | English Documentation
- Dual Usage: Works as standalone CLI and Go library
- Multiple Transport: Supports stdio and HTTP transport with CORS support
- Complete Swagger Support: Loads Swagger 2.0 and OpenAPI specifications (JSON or YAML)
- Auto-conversion: Automatically converts API endpoints to MCP tools with proper schema generation
- Advanced API Filtering: Comprehensive filtering system to control which APIs become tools
- Path-based filtering with wildcard support
- HTTP method filtering (GET, POST, PUT, DELETE, PATCH)
- Operation ID filtering
- Tag-based filtering
- Include-only (whitelist) mode
- Full HTTP Support: Supports all HTTP methods (GET, POST, PUT, DELETE, PATCH)
- Parameter Handling: Intelligent handling of path parameters, query parameters, and request bodies
- Authentication: Automatic API key authentication support with multiple header formats
- Web Integration: Easy integration into existing Go web applications
- HTTP API Endpoints: Built-in HTTP endpoints for tools listing and health checks
- Error Handling: Comprehensive error handling with proper HTTP status codes
- JSON Formatting: Automatic JSON response formatting and validation
- Server Configuration: Flexible configuration system with fluent API
go install github.com/liliang-cn/mcp-swagger-server@latestThis will install the mcp-swagger-server binary in your $GOPATH/bin directory.
go get github.com/liliang-cn/mcp-swagger-servergit clone https://github.com/liliang-cn/mcp-swagger-server.git
cd mcp-swagger-server
go build -o mcp-swagger-server .go build -o mcp-swagger-server ../mcp-swagger-server -swagger examples/petstore.json./mcp-swagger-server -swagger-url https://petstore.swagger.io/v2/swagger.json./mcp-swagger-server -swagger examples/api.yaml -api-base https://api.example.com./mcp-swagger-server -swagger examples/api.json -api-key YOUR_API_KEY./mcp-swagger-server -swagger examples/api.json -http-port 8127./mcp-swagger-server -swagger examples/api.json -exclude-paths "/admin/*,/internal/*"./mcp-swagger-server -swagger examples/api.json \
-exclude-methods "DELETE,PATCH" \
-exclude-tags "admin,internal" \
-exclude-paths "/debug/*"./mcp-swagger-server -swagger examples/api.json \
-http-port 8127 \
-exclude-methods "DELETE,PATCH" \
-exclude-paths "/admin/*"package main
import (
"context"
"log"
"github.com/liliang-cn/mcp-swagger-server/mcp"
)
func main() {
// Create MCP server from local file
server, err := mcp.NewFromSwaggerFile("api.json", "https://api.example.com", "your-api-key")
if err != nil {
log.Fatal(err)
}
// Run with stdio transport (for CLI usage)
ctx := context.Background()
server.RunStdio(ctx)
}package main
import (
"context"
"net/http"
"github.com/liliang-cn/mcp-swagger-server/mcp"
)
func main() {
// Your existing web app setup
router := http.NewServeMux()
// Create MCP server from your API swagger
mcpServer, _ := mcp.NewFromSwaggerFile("your-api.json", "http://localhost:6724", "")
// Option 1: Run MCP server on separate HTTP port
go mcpServer.RunHTTP(context.Background(), 8127)
// Option 2: Integrate into existing server (custom implementation needed)
// Your existing routes
router.HandleFunc("/api/users", handleUsers)
http.ListenAndServe(":6724", router)
}config := mcp.DefaultConfig().
WithAPIConfig("https://api.example.com", "your-api-key").
WithServerInfo("my-api-server", "v1.0.0", "Custom API MCP Server").
WithHTTPTransport(8127, "localhost", "/mcp")
server, err := mcp.New(config)
if err != nil {
log.Fatal(err)
}
// Run with HTTP transport
server.Run(context.Background())// Example 1: Exclude specific paths and methods
config := mcp.DefaultConfig().
WithSwaggerData(swaggerData).
WithAPIConfig("https://api.example.com", "your-api-key").
WithExcludePaths("/admin/*", "/internal/*").
WithExcludeMethods("DELETE", "PATCH")
server, err := mcp.New(config)
if err != nil {
log.Fatal(err)
}
// Example 2: Include only specific endpoints
config := mcp.DefaultConfig().
WithSwaggerData(swaggerData).
WithAPIConfig("https://api.example.com", "your-api-key").
WithIncludeOnlyPaths("/users", "/users/{id}", "/posts")
server, err := mcp.New(config)
// Example 3: Complex filtering with custom filter
filter := &mcp.APIFilter{
ExcludePathPatterns: []string{"/admin/*", "/debug/*"},
ExcludeMethods: []string{"DELETE", "PATCH"},
ExcludeTags: []string{"internal", "admin"},
IncludeOnlyOperationIDs: []string{"getUsers", "createUser", "getUser"},
}
config := mcp.DefaultConfig().
WithSwaggerData(swaggerData).
WithAPIConfig("https://api.example.com", "your-api-key").
WithAPIFilter(filter)
server, err := mcp.New(config)-swagger- Path to local Swagger/OpenAPI spec file (JSON or YAML)-swagger-url- URL to fetch Swagger/OpenAPI spec from-api-base- Override the base URL for API calls (defaults to spec's host)-api-key- API key for authentication
-http-port- HTTP server port (default: 0 = use stdio transport)-http-host- HTTP server host (default: localhost)-http-path- HTTP server path for MCP endpoint (default: /mcp)
-exclude-paths- Comma-separated list of paths to exclude (supports wildcards like/admin/*)-exclude-operations- Comma-separated list of operation IDs to exclude-exclude-methods- Comma-separated list of HTTP methods to exclude (e.g.,DELETE,PATCH)-exclude-tags- Comma-separated list of Swagger tags to exclude-include-only-paths- Comma-separated list of paths to include exclusively (whitelist mode)-include-only-operations- Comma-separated list of operation IDs to include exclusively
When running with HTTP transport, the server exposes the following endpoints:
GET /health- Health check endpoint with status informationGET /tools- List available tools with detailed informationPOST /mcp- Execute MCP requests (supports tools/list and tools/call)OPTIONS /mcp- CORS preflight support
All HTTP endpoints include CORS headers for cross-origin requests.
# Get available tools
curl http://localhost:8127/tools
# Execute a tool
curl -X POST http://localhost:8127/mcp \
-H "Content-Type: application/json" \
-d '{
"method": "tools/call",
"params": {
"name": "get_users",
"arguments": {
"limit": 10
}
}
}'The examples/petstore.json file contains a sample Swagger specification for testing.
Run the API filtering example to see how different filtering options work:
go run examples/api_filtering/main.goThis example demonstrates:
- Path-based exclusion
- HTTP method filtering
- Include-only (whitelist) mode
- Wildcard pattern matching
- Complex filtering combinations
- Direct filter testing
The MCP Swagger Server supports comprehensive API filtering to control which endpoints are exposed as MCP tools. This is essential for security and to prevent unwanted API access.
# Exclude specific paths
-exclude-paths "/admin,/internal,/debug"
# Exclude paths with wildcards
-exclude-paths "/admin/*,/internal/*,/v1/debug/*"
# Include only specific paths (whitelist mode)
-include-only-paths "/users,/users/{id},/posts"# Exclude dangerous methods
-exclude-methods "DELETE,PATCH"
# Only allow read operations
-include-only-methods "GET"# Exclude specific operations
-exclude-operations "deleteUser,deleteAllData,resetSystem"
# Include only specific operations
-include-only-operations "getUsers,getUser,createUser"# Exclude operations with specific tags
-exclude-tags "admin,internal,debug"- Include-only filters are applied first (if specified)
- Exclude filters are applied second
- If both include-only and exclude filters are specified, an endpoint must pass both
The filtering system supports wildcard patterns for paths:
*matches any characters within a path segment/admin/*matches/admin/users,/admin/settings, etc./api/v*/adminmatches/api/v1/admin,/api/v2/admin, etc.
- Always exclude administrative endpoints: Use
-exclude-paths "/admin/*" - Limit dangerous HTTP methods: Use
-exclude-methods "DELETE,PATCH" - Use whitelist mode for sensitive APIs: Use
-include-only-pathsfor maximum control - Exclude internal/debug endpoints: Use
-exclude-tags "internal,debug"
# Security-focused filtering
./mcp-swagger-server -swagger api.json \
-exclude-paths "/admin/*,/internal/*,/debug/*" \
-exclude-methods "DELETE,PATCH" \
-exclude-tags "admin,internal"
# Whitelist mode - only allow user operations
./mcp-swagger-server -swagger api.json \
-include-only-paths "/users,/users/{id}" \
-include-only-operations "getUsers,getUser,createUser"- The server loads a Swagger/OpenAPI specification
- API filtering rules are applied to determine which endpoints to expose
- Each allowed API endpoint is converted to an MCP tool
- Tool names are derived from the operation ID or the path
- Parameters are converted to MCP tool input schemas
- When a tool is called, the server makes the corresponding HTTP request
- Response data is returned to the MCP client
To use this server with an MCP client, configure it to run:
{
"servers": {
"swagger-api": {
"command": "./mcp-swagger-server",
"args": ["-swagger", "path/to/your/api.json"]
}
}
}Run the test suite:
go test ./mcp -vRun tests with race condition detection:
go test ./mcp -v -raceThe project includes comprehensive unit tests covering:
- Configuration management and fluent API
- Swagger specification parsing and validation
- Base URL inference and parameter handling
- Transport layer functionality
- Core library creation and validation logic
- API filtering and exclusion rules
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
liliang-cn
- Model Context Protocol for the MCP SDK
- OpenAPI Initiative for the OpenAPI Specification