swagger2mcp

Name: swagger2mcp
Author: tomer1983

Verified Safe

by tomer1983

View Source

Overview

Transforms OpenAPI/Swagger specifications into Model Context Protocol (MCP) servers, enabling secure and accurate LLM interaction with APIs.

Installation

Run Command

docker-compose up

Environment Variables

PORT
REDIS_HOST
REDIS_PORT
DATABASE_URL
JWT_SECRET
JWT_EXPIRES_IN
ALLOW_ANONYMOUS
ALLOWED_ORIGINS
FRONTEND_URL
ADMIN_EMAIL
ADMIN_USERNAME
ADMIN_PASSWORD
MICROSOFT_CLIENT_ID
MICROSOFT_CLIENT_SECRET
MICROSOFT_CALLBACK_URL
NODE_ENV
VITE_API_URL
POSTGRES_USER
POSTGRES_PASSWORD
POSTGRES_DB
API_BASE_URL
API_KEY
API_USERNAME
API_PASSWORD

Security Notes

The project extensively documents security considerations in `SECURITY.md` and `PRODUCTION_DEPLOYMENT_CHECKLIST.md`, including warnings about changing default credentials (`JWT_SECRET`, `ADMIN_PASSWORD`) and disabling anonymous access in production. However, default development secrets and credentials are hardcoded within `docker-compose.yml` and `backend/src/config/passport.ts` (with fallbacks if env vars are unset), posing a risk if development configurations are accidentally used in production without proper modification. The use of `execSync` for migrations in the main server startup (`backend/src/server.ts`) is also a potential, though low, risk if the executed command were not fixed and safe. Rate limiting and CORS configuration are present but require production hardening.

Similar Servers

mcpo

3742

Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.

Other

$Low

mcp-openapi-server

212

A Model Context Protocol (MCP) server that exposes OpenAPI endpoints as MCP tools, along with optional support for MCP prompts and resources, enabling Large Language Models to interact with REST APIs.

Other

$Medium