Skillget

mcp-swagger-server

mcp
Guvenlik Denetimi
Basarisiz
Health Gecti
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 63 GitHub stars
Code Basarisiz
  • rimraf — Recursive directory removal in package.json
  • network request — Outbound network request in packages/mcp-swagger-api/package.json
Permissions Gecti
  • Permissions — No dangerous permissions requested
Purpose
This tool converts any OpenAPI/Swagger REST API specification into the Model Context Protocol (MCP) format. It enables AI assistants to understand and directly interact with your existing REST APIs as callable tools.

Security Assessment
Overall Risk: Medium. The tool makes outbound network requests, which is expected given its core function of fetching and relaying API specifications. No hardcoded secrets were detected, and the repository does not request inherently dangerous system permissions. It supports secure authentication methods like Bearer Tokens and custom headers. However, the automated scan flagged the use of `rimraf` (recursive directory removal) in its package build scripts. While standard in Node.js development, this could pose a risk if maliciously altered to delete unexpected directories. Security reviewers should be aware that since this server acts as a proxy to execute external API calls, improper configuration or prompt injection could potentially expose internal network services or sensitive data to the AI.

Quality Assessment
The project is in active development, with its most recent push occurring today. It utilizes modern standards (TypeScript 5+, Node.js 20+) and is properly licensed under the permissive MIT license. Community trust is currently modest but positive, sitting at 63 GitHub stars. The codebase is well-organized into logical packages (parser, server, API), and the documentation is thorough, offering clear setup guides and multiple transport protocols (SSE, Streamable, Stdio).

Verdict
Use with caution. The tool is safe for local development, but because it dynamically bridges external web requests to AI assistants, carefully review your configuration and permissions to avoid inadvertently exposing sensitive endpoints.
SUMMARY

MCP Swagger Server 将任何符合 OpenAPI/Swagger 规范的 REST API 转换为 Model Context Protocol (MCP) 格式,让 AI 助手能够理解和调用您的 API。

README.md

MCP Swagger Server(mss)

TypeScript
Node.js
License
Trust Score

将 OpenAPI/Swagger 规范转换为 Model Context Protocol (MCP) 格式的工具

零配置将您的 REST API 转换为 AI 可调用的工具

🚀 快速开始📖 使用指南🛠️ 开发

Languages: English | 中文

🎬 快速演示

Demo GIF

🎯 项目截图

项目截图

🎯 项目简介

MCP Swagger Server 是一个将 OpenAPI/Swagger 规范转换为 Model Context Protocol (MCP) 格式的工具。

📦 项目结构

mcp-swagger-server/
├── packages/
│   ├── mcp-swagger-server/     # 🔧 核心 MCP 服务器 (可用)
│   ├── mcp-swagger-parser/     # 📝 OpenAPI 解析器 (可用)
│   └── mcp-swagger-api/        # 🔗 REST API 后端 (可用)
└── scripts/                    # 🔨 构建脚本

✨ 核心特性

  • 🔄 零配置转换: 输入 OpenAPI 规范,立即获得 MCP 工具
  • 🎯 渐进式命令行: 提供逐步引导的命令行界面,方便用户配置
  • 🖥️ 终端优先体验: 以 CLI / 交互式终端作为主要使用方式
  • 🔌 多传输协议: 支持 SSE、Streamable 和 Stdio 传输
  • 🔐 安全认证: 支持 Bearer Token 认证保护 API 访问

🚀 快速开始

环境要求

  • Node.js ≥ 20.0.0
  • pnpm ≥ 8.0.0 (推荐)

安装

npm i mcp-swagger-server -g

命令说明

  • mss:交互式终端界面(默认)
  • mcp-swagger-server / mcp-swagger:标准命令行(适合脚本和 AI 客户端集成)
  • mss --openapi ...:直接启动模式(跳过交互界面)

说明:交互式会话模式下不支持 STDIO 启动;如需 STDIO,请使用 mss --openapi ... --transport stdio(兼容别名:mcp-swagger-server --transport stdio ...)。

快速启动

交互式启动(推荐新手)

mss

一键启动(非交互)

mss --openapi https://api.example.com/openapi.json \
  --operation-filter-methods GET \
  --operation-filter-methods POST \
  --transport streamable \
  --auth-type bearer \
  --bearer-token "your-token-here"

# 使用配置文件
mss --config config.json

📖 使用指南

命令行选项

# 基本用法
mss [选项]

# 选项:
--openapi, -o       OpenAPI 规范的 URL 或文件路径
--transport, -t     传输协议 (stdio|sse|streamable)
--port, -p          端口号
--endpoint, -e      自定义端点路径 (默认 sse:/sse, streamable:/mcp)
--base-url          覆盖 API 基础 URL(优先级最高)
--watch, -w         监控文件变化
--env               环境变量文件路径 (.env)

# Bearer Token 认证选项:
--auth-type         认证类型 (bearer)
--bearer-token      直接指定 Bearer Token
--bearer-env        从环境变量读取 Token
--config, -c        配置文件路径
--custom-header     自定义请求头 "Key=Value" (可重复)
--custom-header-env 环境变量请求头 "Key=VAR_NAME" (可重复)
--custom-headers-config  自定义请求头配置文件 (JSON)
--debug-headers     请求头调试日志

# 操作过滤选项:
--operation-filter-methods <method>         HTTP方法过滤 (可重复) [示例: GET]
--operation-filter-paths <path>             路径过滤 (支持通配符, 可重复) [示例: /api/*]
--operation-filter-operation-ids <id>       操作ID过滤 (可重复) [示例: getUserById]
--operation-filter-status-codes <code>      状态码过滤 (可重复) [示例: 200]
--operation-filter-parameters <param>       参数过滤 (可重复) [示例: userId]

提示:如果要在 mss 中直接启动(跳过交互界面),请显式传入 --openapi 参数。若 OpenAPI 文档中的 servers.url 是相对路径(如 /v1),请优先使用远程 URL 加载文档,或显式传入 --base-url。Swagger 2.0 文档会在启动时自动转换为 OpenAPI 3.x(含 host/basePath 映射)。

🔐 Bearer Token 认证

mcp-swagger-server 支持 Bearer Token 认证,可以保护需要身份验证的 API 访问。

认证方式

1. 直接指定 Token

mss --auth-type bearer --bearer-token "your-token-here" --openapi https://api.example.com/openapi.json --transport streamable

环境变量配置

创建 .env 文件:

# 基础配置
MCP_PORT=3322
MCP_TRANSPORT=stdio
MCP_OPENAPI_URL=https://api.example.com/openapi.json
MCP_ENDPOINT=/mcp
MCP_BASE_URL=https://api.example.com/v1

# 认证配置
MCP_AUTH_TYPE=bearer
API_TOKEN=your-bearer-token-here

🤖 与 AI 助手集成

Claude Desktop 配置

{
  "mcpServers": {
    "swagger-converter": {
      "command": "mss",
      "args": [
        "--openapi", "https://petstore.swagger.io/v2/swagger.json",
        "--transport", "stdio"
      ]
    },
    "secured-api": {
      "command": "mss",
      "args": [
        "--openapi", "https://api.example.com/openapi.json",
        "--transport", "stdio",
        "--auth-type", "bearer",
        "--bearer-env", "API_TOKEN"
      ],
      "env": {
        "API_TOKEN": "your-bearer-token-here"
      }
    }
  }
}

🛠️ 开发

构建系统

# 构建所有包
pnpm build

# 构建核心工作区包
pnpm build:packages

# 终端开发模式(CLI / parser watch)
pnpm dev

# 清理构建产物
pnpm clean

🤝 贡献

欢迎贡献!请先阅读 贡献指南

📄 许可证

MIT License - 详见 LICENSE 文件。

Built with ❤️ by ZhaoYaNan(ZTE)

⭐ Star🐛 Issues💬 Discussions

Yorumlar (0)

Sonuc bulunamadi