@ivotoby/openapi-mcp-server 1.12.4 → 1.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +64 -20
- package/dist/bundle.js +734 -438
- package/dist/cli.js +734 -438
- package/package.json +20 -7
package/README.md
CHANGED
|
@@ -36,7 +36,6 @@ The server supports two transport methods:
|
|
|
36
36
|
No need to clone this repository. Simply configure Claude Desktop to use this MCP server:
|
|
37
37
|
|
|
38
38
|
1. Locate or create your Claude Desktop configuration file:
|
|
39
|
-
|
|
40
39
|
- On macOS: `~/Library/Application Support/Claude/claude_desktop_config.json`
|
|
41
40
|
|
|
42
41
|
2. Add the following configuration:
|
|
@@ -120,6 +119,11 @@ The server can be configured through environment variables or command line argum
|
|
|
120
119
|
- `OPENAPI_SPEC_FROM_STDIN` - Set to "true" to read OpenAPI spec from standard input
|
|
121
120
|
- `OPENAPI_SPEC_INLINE` - Provide OpenAPI spec content directly as a string
|
|
122
121
|
- `API_HEADERS` - Comma-separated key:value pairs for API headers
|
|
122
|
+
- `CLIENT_CERT_PATH` - Path to client certificate PEM file for mutual TLS
|
|
123
|
+
- `CLIENT_KEY_PATH` - Path to client private key PEM file for mutual TLS
|
|
124
|
+
- `CA_CERT_PATH` - Path to custom CA certificate PEM file for private/internal CAs
|
|
125
|
+
- `CLIENT_KEY_PASSPHRASE` - Passphrase for an encrypted client private key
|
|
126
|
+
- `REJECT_UNAUTHORIZED` - Whether to reject untrusted server certificates (default: `true`)
|
|
123
127
|
- `SERVER_NAME` - Name for the MCP server (default: "mcp-openapi-server")
|
|
124
128
|
- `SERVER_VERSION` - Version of the server (default: "1.0.0")
|
|
125
129
|
- `TRANSPORT_TYPE` - Transport type to use: "stdio" or "http" (default: "stdio")
|
|
@@ -140,6 +144,8 @@ npx @ivotoby/openapi-mcp-server \
|
|
|
140
144
|
--api-base-url https://api.example.com \
|
|
141
145
|
--openapi-spec https://api.example.com/openapi.json \
|
|
142
146
|
--headers "Authorization:Bearer token123,X-API-Key:your-api-key" \
|
|
147
|
+
--client-cert ./certs/client.pem \
|
|
148
|
+
--client-key ./certs/client-key.pem \
|
|
143
149
|
--name "my-mcp-server" \
|
|
144
150
|
--server-version "1.0.0" \
|
|
145
151
|
--transport http \
|
|
@@ -149,6 +155,42 @@ npx @ivotoby/openapi-mcp-server \
|
|
|
149
155
|
--disable-abbreviation true
|
|
150
156
|
```
|
|
151
157
|
|
|
158
|
+
## Mutual TLS (mTLS)
|
|
159
|
+
|
|
160
|
+
If your upstream API requires client certificate authentication, you can attach TLS credentials directly to outbound requests.
|
|
161
|
+
|
|
162
|
+
```bash
|
|
163
|
+
npx @ivotoby/openapi-mcp-server \
|
|
164
|
+
--api-base-url https://secure-api.example.com \
|
|
165
|
+
--openapi-spec https://secure-api.example.com/openapi.json \
|
|
166
|
+
--client-cert ./certs/client.pem \
|
|
167
|
+
--client-key ./certs/client-key.pem \
|
|
168
|
+
--headers "Authorization:Bearer token123"
|
|
169
|
+
```
|
|
170
|
+
|
|
171
|
+
This is orthogonal to HTTP-level auth, so mTLS can be combined with static headers or an `AuthProvider`.
|
|
172
|
+
|
|
173
|
+
TLS-related options only apply when `--api-base-url` uses `https://`.
|
|
174
|
+
|
|
175
|
+
For private CAs or encrypted keys:
|
|
176
|
+
|
|
177
|
+
```bash
|
|
178
|
+
npx @ivotoby/openapi-mcp-server \
|
|
179
|
+
--api-base-url https://internal-api.example.com \
|
|
180
|
+
--openapi-spec ./openapi.yaml \
|
|
181
|
+
--client-cert ./certs/client.pem \
|
|
182
|
+
--client-key ./certs/client-key.pem \
|
|
183
|
+
--client-key-passphrase "$CLIENT_KEY_PASSPHRASE" \
|
|
184
|
+
--ca-cert ./certs/internal-ca.pem \
|
|
185
|
+
--reject-unauthorized false
|
|
186
|
+
```
|
|
187
|
+
|
|
188
|
+
- `--client-cert` / `CLIENT_CERT_PATH`: client certificate PEM file
|
|
189
|
+
- `--client-key` / `CLIENT_KEY_PATH`: client private key PEM file
|
|
190
|
+
- `--client-key-passphrase` / `CLIENT_KEY_PASSPHRASE`: passphrase for encrypted private keys
|
|
191
|
+
- `--ca-cert` / `CA_CERT_PATH`: custom CA bundle for private/internal certificate authorities
|
|
192
|
+
- `--reject-unauthorized` / `REJECT_UNAUTHORIZED`: set to `false` only when you intentionally want to allow self-signed or otherwise untrusted server certificates
|
|
193
|
+
|
|
152
194
|
## OpenAPI Specification Loading
|
|
153
195
|
|
|
154
196
|
The MCP server supports multiple methods for loading OpenAPI specifications, providing flexibility for different deployment scenarios:
|
|
@@ -286,11 +328,11 @@ In addition to exposing OpenAPI endpoints as **tools**, this server can expose *
|
|
|
286
328
|
|
|
287
329
|
### What Are Prompts and Resources?
|
|
288
330
|
|
|
289
|
-
| Feature
|
|
290
|
-
|
|
291
|
-
| **Tools**
|
|
292
|
-
| **Prompts**
|
|
293
|
-
| **Resources** | Read-only content for context
|
|
331
|
+
| Feature | Purpose | Use Case |
|
|
332
|
+
| ------------- | --------------------------------------------- | --------------------------- |
|
|
333
|
+
| **Tools** | API endpoints for the AI to execute | Making API calls |
|
|
334
|
+
| **Prompts** | Templated messages with argument substitution | Reusable workflow templates |
|
|
335
|
+
| **Resources** | Read-only content for context | API documentation, schemas |
|
|
294
336
|
|
|
295
337
|
### Loading Prompts
|
|
296
338
|
|
|
@@ -434,11 +476,13 @@ curl http://localhost:3000/health
|
|
|
434
476
|
```
|
|
435
477
|
|
|
436
478
|
**Health Response Fields:**
|
|
479
|
+
|
|
437
480
|
- `status`: Always returns "healthy" when server is running
|
|
438
481
|
- `activeSessions`: Number of active MCP sessions
|
|
439
482
|
- `uptime`: Server uptime in seconds
|
|
440
483
|
|
|
441
484
|
**Key Features:**
|
|
485
|
+
|
|
442
486
|
- No authentication required
|
|
443
487
|
- Works with any HTTP method (GET, POST, etc.)
|
|
444
488
|
- Ideal for load balancers, Kubernetes probes, and monitoring systems
|
|
@@ -470,7 +514,6 @@ HEALTHCHECK --interval=30s --timeout=3s \
|
|
|
470
514
|
To see debug logs:
|
|
471
515
|
|
|
472
516
|
1. When using stdio transport with Claude Desktop:
|
|
473
|
-
|
|
474
517
|
- Logs appear in the Claude Desktop logs
|
|
475
518
|
|
|
476
519
|
2. When using HTTP transport:
|
|
@@ -630,15 +673,16 @@ if (resourcesManager) {
|
|
|
630
673
|
|
|
631
674
|
```typescript
|
|
632
675
|
interface PromptDefinition {
|
|
633
|
-
name: string
|
|
634
|
-
title?: string
|
|
635
|
-
description?: string
|
|
636
|
-
arguments?: {
|
|
676
|
+
name: string // Unique identifier
|
|
677
|
+
title?: string // Human-readable display title
|
|
678
|
+
description?: string // Description of the prompt
|
|
679
|
+
arguments?: {
|
|
680
|
+
// Template arguments
|
|
637
681
|
name: string
|
|
638
682
|
description?: string
|
|
639
683
|
required?: boolean
|
|
640
684
|
}[]
|
|
641
|
-
template: string
|
|
685
|
+
template: string // Template with {{argName}} placeholders
|
|
642
686
|
}
|
|
643
687
|
```
|
|
644
688
|
|
|
@@ -646,14 +690,14 @@ interface PromptDefinition {
|
|
|
646
690
|
|
|
647
691
|
```typescript
|
|
648
692
|
interface ResourceDefinition {
|
|
649
|
-
uri: string
|
|
650
|
-
name: string
|
|
651
|
-
title?: string
|
|
652
|
-
description?: string
|
|
653
|
-
mimeType?: string
|
|
654
|
-
text?: string
|
|
655
|
-
blob?: string
|
|
656
|
-
contentProvider?: () => Promise<string | { blob: string }>
|
|
693
|
+
uri: string // Unique URI identifier
|
|
694
|
+
name: string // Resource name
|
|
695
|
+
title?: string // Human-readable display title
|
|
696
|
+
description?: string // Description of the resource
|
|
697
|
+
mimeType?: string // Content MIME type
|
|
698
|
+
text?: string // Static text content
|
|
699
|
+
blob?: string // Static binary content (base64)
|
|
700
|
+
contentProvider?: () => Promise<string | { blob: string }> // Dynamic content
|
|
657
701
|
}
|
|
658
702
|
```
|
|
659
703
|
|