mcpfoundry
A CLI tool that generates production-ready MCP servers from databases or OpenAPI specifications, with optional security shields.
README
mcpfoundry
Forge production-ready MCP (Model Context Protocol) servers from your existing data — a database or an OpenAPI spec — in seconds.
mcpfoundry is a zero-friction CLI that introspects a data source and scaffolds a
clean, self-contained, runnable MCP server. Generated servers always ship with
parameter validation (Zod / Pydantic). An optional zero-trust
ZTAI Security Shield (JWT guard + deception canary) can be layered in with a
single --secure flag — recommended, never forced.
Install
npm install -g mcpfoundry
# or run ad-hoc:
npx mcpfoundry create --help
Usage
From an OpenAPI / Swagger spec
Every endpoint becomes a typed MCP tool:
mcpfoundry create \
--type openapi \
--input ./openapi.json \
--output ./my-mcp-server \
--lang nodejs
From a database
Tables are introspected and turned into CRUD tools:
mcpfoundry create \
--type database \
--provider postgres \
--uri "postgresql://user:pass@localhost:5432/mydb" \
--output ./my-mcp-server \
--lang python
Postgres is fully supported today. MySQL and MongoDB are stubbed and open for contributions.
Flags
| Flag | Description |
|---|---|
--type |
database or openapi (required) |
--provider |
postgres | mysql | mongodb (database mode) |
--uri |
DB connection string (database mode) |
--input |
Path to an OpenAPI spec, JSON or YAML (openapi mode) |
--output |
Output directory (required) |
--lang |
nodejs (default) or python |
--transport |
http (default) or stdio |
--no-http |
Shortcut for --transport stdio |
--port |
Port for the http transport (default 3000) |
--secure |
Embed the optional ZTAI Security Shield |
--force |
Overwrite a non-empty output directory |
--dry-run |
Preview the tools that would be generated, then exit (no files written) |
Transports
By default the server runs over HTTP (Streamable HTTP — Express for Node,
FastMCP for Python), listening on http://localhost:<port>/mcp:
mcpfoundry create --type openapi --input ./openapi.yaml --output ./srv --port 3000
To generate a stdio server instead — the transport clients like Claude Desktop / Claude Code use to launch a local MCP server — disable HTTP:
mcpfoundry create --type openapi --input ./openapi.yaml --output ./srv --no-http
With --secure + --transport http, the JWT guard verifies an
Authorization: Bearer <token> header on every request (returns 401 on
failure); with stdio it verifies ZTAI_AUTH_TOKEN once at startup.
--input accepts a local path or a URL, in JSON or YAML.
Preview before generating
mcpfoundry create --type openapi --input ./openapi.yaml --dry-run
✔ Dry run — 4 tool(s) would be generated:
• list_pets(limit?: integer)
• create_pet(name: string, tag?: string)
• get_pet_by_id(pet_id: integer)
• delete_pet(pet_id: integer)
The optional ZTAI Security Shield (--secure)
When you pass --secure, every generated server additionally enforces:
- JWT Guard — verifies a short-lived HS256 token (
ZTAI_AUTH_TOKENat startup over stdio, or anAuthorization: Bearerheader per request over HTTP) againstJWT_SECRET. Invalid or missing tokens are rejected before any tool runs. - Parameter hardening — strict Zod/Pydantic schemas (this is on even
without
--secure, because it's just good hygiene). - Deception Canary — when
ZTAI_CANARY_IDis set, tool output carries a subtle, traceable marker to help detect adversarial exfiltration.
Without --secure you still get a perfectly good, vendor-neutral MCP server.
Architecture — the Template-Compiler pattern
src/
cli.ts # arg parsing + orchestration
parsers/ # data source -> normalized IR (ToolSpec[])
compiler.ts # IR + Handlebars templates -> generated project
types.ts # the shared IR
templates/
nodejs/ # @modelcontextprotocol/sdk + Zod
python/ # FastMCP + Pydantic
Parsers and templates are decoupled by a normalized intermediate representation,
so adding a new language is just a new templates/<lang>/ folder — no engine
changes. See CONTRIBUTING.md.
Develop
npm install
npm run build
node dist/cli.js create --type openapi --input examples/petstore.openapi.json --output /tmp/petstore-mcp
License
MIT
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.