Skillget

mcpfoundry

mcp
Security Audit
Warn
Health Warn
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 5 GitHub stars
Code Pass
  • Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
  • Permissions — No dangerous permissions requested

No AI report is available for this listing yet.

SUMMARY

Forge production-ready MCP servers from databases or OpenAPI specs.

README.md
mcpfoundry

Create secure, production-ready MCP servers from your database or API — in under 5 minutes. ⚒️

npm version
npm downloads
license
node
PRs welcome

Quick Start · Features · Security · Examples · Contributing

mcpfoundry in action — generate a secure MCP server from an OpenAPI spec

Stop hand-writing MCP servers. Point mcpfoundry at a Postgres database or an OpenAPI spec and get a clean, runnable, secure-by-option MCP server — with parameter validation, typed tools, and an HTTP endpoint — generated for you. Node.js or Python. Zero boilerplate.

⚡ Quick Start (60 seconds)

npx mcpfoundry create \
  --type openapi \
  --input https://petstore3.swagger.io/api/v3/openapi.json \
  --output ./petstore-mcp

cd petstore-mcp && npm install && npm start
# 🎉  MCP server live on http://localhost:3000/mcp

That's a full MCP server — every endpoint turned into a validated tool — running. No SDK wrangling, no transport plumbing, no boilerplate.

✨ Why mcpfoundry?
⏱️ Ship in 5 minutes One command turns a DB or API into a working MCP server.
🔒 Secure by option Add --secure for a zero-trust JWT guard + deception canary. Off by default, never forced.
🛡️ Hardened by default Every tool gets strict Zod / Pydantic parameter validation — no opt-in needed.
🏭 Production quality Self-contained, lint-clean, type-safe output that builds and boots out of the box.
🧩 Maintainable & extensible Clean Template-Compiler architecture — add a language with a folder, no core changes.
🌐 HTTP or stdio Streamable HTTP by default; --no-http for stdio (Claude Desktop / Claude Code style).
🐍 Node.js & Python First-class @modelcontextprotocol/sdk (TS) and FastMCP (Python) output.
🔌 DB & OpenAPI Introspect Postgres into CRUD tools, or convert any OpenAPI/Swagger spec (file or URL, JSON/YAML).

🛠️ Two ways to create

1. From an OpenAPI / Swagger spec

Every endpoint becomes a typed, validated MCP tool.

mcpfoundry create --type openapi --input ./openapi.yaml --output ./my-server

2. From a database

Tables are introspected into ready-to-wire CRUD tools.

mcpfoundry create --type database \
  --provider postgres \
  --uri "postgresql://user:pass@localhost:5432/mydb" \
  --output ./db-server --lang python

💡 Preview first with --dry-run to see exactly which tools you'll get — no files written:

✔ Dry run — 4 tool(s) would be generated:
  • list_pets(limit?: integer)
  • create_pet(name: string, tag?: string)
  • get_pet_by_id(pet_id: integer)
  • delete_pet(pet_id: integer)

🔐 The ZTAI Security Shield (optional)

Pass --secure and every generated server enforces zero-trust access — recommended, never required:

  1. 🔑 JWT Guard — verifies a short-lived HS256 token (an Authorization: Bearer header per request over HTTP, or ZTAI_AUTH_TOKEN at startup over stdio) against JWT_SECRET. Invalid or missing → rejected before any tool runs.
  2. 🧱 Parameter hardening — strict Zod / Pydantic schemas (this is always on, even without --secure — it's just good hygiene).
  3. 🪤 Deception canary — set ZTAI_CANARY_ID and tool output carries a subtle, traceable marker to help detect adversarial data exfiltration.

Without --secure you still get a perfectly good, vendor-neutral MCP server.

🎛️ All options

Flag Description
--type database or openapi (required)
--provider postgres | mysql | mongodb (database mode)
--uri DB connection string (database mode)
--input OpenAPI spec — file path or URL, JSON or YAML (openapi mode)
--output Output directory (required)
--lang nodejs (default) or python
--transport http (default) or stdio
--no-http Shortcut for --transport stdio
--port Port for the HTTP transport (default 3000)
--secure Embed the optional ZTAI Security Shield
--force Overwrite a non-empty output directory
--dry-run Preview the generated tools, then exit

Postgres is fully supported today. MySQL & MongoDB are scaffolded and open for contributions.

🧩 How it works

mcpfoundry follows a clean Template-Compiler pattern:

  source (DB / OpenAPI)  ──▶  parser  ──▶  normalized IR (ToolSpec[])
                                                   │
                                       Handlebars compiler
                                                   │
                                                   ▼
                       templates/<lang>/  ──▶  your generated server

Parsers and templates are decoupled by a normalized intermediate representation, so adding a new language is just a new templates/<lang>/ folder — no engine changes. See CONTRIBUTING.md.

🤝 Contributing

Two of the most common contributions — a new language template or a new database provider — need zero changes to the core engine. See CONTRIBUTING.md.

📄 License

MIT — build freely.

⭐ Star on GitHub if mcpfoundry saved you an afternoon.

Reviews (0)

No results found