rmcp-openapi
A Rust workspace providing OpenAPI to MCP (Model Context Protocol) conversion tools.
Overview
This workspace contains two crates that work together to bridge OpenAPI specifications and the Model Context Protocol (MCP):
- rmcp-openapi(library): Core functionality for converting OpenAPI specifications to MCP tools
- rmcp-openapi-server(binary): MCP server executable that exposes OpenAPI endpoints as tools
This enables AI assistants to interact with REST APIs through a standardized interface.
Features
- Automatic Tool Generation: Parse OpenAPI specifications and automatically generate MCP tools for all operations
- Flexible Spec Loading: Support for both URL-based and local file OpenAPI specifications
- HTTP Client Integration: Built-in HTTP client with configurable base URLs and request handling
- Parameter Mapping: Intelligent mapping of OpenAPI parameters (path, query, body) to MCP tool parameters
- Output Schema Support: Automatic generation of output schemas from OpenAPI response definitions
- Structured Content: Returns parsed JSON responses as structured content when output schemas are defined
- Dual Usage Modes: Use as a standalone MCP server or integrate as a Rust library
- Transport Support: SSE (Server-Sent Events) transport for MCP communication
- Comprehensive Testing: Includes integration tests with JavaScript and Python MCP clients
- Built with Official SDK: Uses the official Rust MCP SDK for reliable protocol compliance
- Authorization Header Handling: Configurable authorization modes to balance MCP compliance with proxy requirements
Security
rmcp-openapi acts as a proxy between MCP clients and OpenAPI services, which creates unique security considerations regarding authorization header handling.
Important: Please read the SECURITY.md file for detailed information about:
- MCP specification compliance
- Authorization modes (compliant, passthrough-warn, passthrough-silent)
- Security implications and recommendations
- Compile-time feature flags for authorization passthrough
By default, the server operates in MCP-compliant mode and does not forward authorization headers. Non-compliant modes require explicit opt-in via compile-time features and runtime configuration.
Contributing
We welcome contributions to rmcp-openapi! Please follow these guidelines:
How to Contribute
- Fork the repository on GitLab
- Create a feature branch from main:git checkout -b feature/my-new-feature
- Make your changes and ensure they follow the project's coding standards
- Add tests for your changes if applicable
- Run the test suite to ensure nothing is broken: cargo test
- Commit your changes with clear, descriptive commit messages
- Push to your fork and create a merge request
Development Setup
# Clone your fork
# Build the project
# Run tests
Code Standards
- Follow Rust conventions and use cargo fmtto format code
- Run cargo clippy --all-targetsto catch common mistakes
- Add documentation for public APIs
- Include tests for new functionality
Reporting Issues
Found a bug or have a feature request? Please report it on our GitLab issue tracker.
Installation
Install Server Binary
Build from Source
# Build entire workspace
# Build specific crates
Using as a Library
Add to your Cargo.toml:
[]
 = "0.8.2"
Usage as a Library
Basic Example
use Server;
use Value;
use Url;
Advanced Example with Custom Configuration
use Server;
use HeaderMap;
use Value;
use Url;
async 
Usage as an MCP Server
Basic Usage
# Basic usage with Petstore API
# See all available options
MCP Client Connection
The server exposes an SSE endpoint for MCP clients:
http://localhost:8080/sse
Example with Claude Desktop
Add to your Claude Desktop MCP configuration:
Example with JavaScript MCP Client
import  from '@modelcontextprotocol/sdk/client/index.js';
import  from '@modelcontextprotocol/sdk/client/sse.js';
const client = ;
const transport = ;
await client.;
// List available tools
const tools = await client.;
console.log;
// Call a tool
const result = await client.;
Generated Tools
The server automatically generates MCP tools for each OpenAPI operation:
- Tool Names: Uses operationIdor generates from HTTP method + path
- Parameters: Maps OpenAPI parameters (path, query, body) to tool parameters
- Descriptions: Combines OpenAPI summaryanddescriptionfields
- Validation: Includes parameter schemas for validation
- Output Schemas: Automatically generated from OpenAPI response definitions
Example generated tools for Petstore API:
- addPet: Add a new pet to the store
- findPetsByStatus: Find pets by status
- getPetById: Find pet by ID
- updatePet: Update an existing pet
- deletePet: Delete a pet
Output Schema Support
The server now generates output schemas for all tools based on OpenAPI response definitions. This enables:
- Type-Safe Responses: MCP clients can validate response data against the schema
- Structured Content: When an output schema is defined, the server returns parsed JSON as structured_content
- Consistent Format: All responses are wrapped in a standard structure:
This wrapper ensures:
- All output schemas are objects (required by MCP)
- HTTP status codes are preserved
- Both success and error responses follow the same structure
- Clients can uniformly handle all responses
Example output schema for getPetById:
Error Handling
The library distinguishes between two types of errors:
Validation Errors (MCP Protocol Errors)
These occur before tool execution and are returned as MCP protocol errors:
- ToolNotFound: Requested tool doesn't exist (includes suggestions for similar tool names)
- InvalidParameters: Parameter validation failed (unknown names, missing required, constraint violations)
- RequestConstructionError: Failed to construct the HTTP request
Execution Errors (Tool Output Errors)
These occur during tool execution and are returned as structured content in the tool response:
- HttpError: HTTP error response from the API (4xx, 5xx status codes)
- NetworkError: Network/connection failures (timeout, DNS, connection refused)
- ResponseParsingError: Failed to parse the response
Error Response Format
For tools with output schemas, execution errors are wrapped in the standard response structure:
Validation errors are returned as MCP protocol errors:
Logging Configuration
The server uses structured logging with the tracing crate for comprehensive observability and debugging.
Log Levels
Set the log level using the RMCP_OPENAPI_LOG environment variable:
# Info level (default for normal operation)
RMCP_OPENAPI_LOG=info 
# Debug level (detailed operation info)
RMCP_OPENAPI_LOG=debug 
# Trace level (very detailed debugging)
RMCP_OPENAPI_LOG=trace 
# Or use the --verbose flag for debug level
Log Level Details
- error: Critical errors that need attention
- warn: Potential issues or warnings
- info: Important operational events (server startup, tool registration, HTTP request completion)
- debug: General debugging information (parameter extraction, tool lookup)
- trace: Very detailed debugging (detailed parameter parsing)
Note: Request and response bodies are never logged for security reasons.
Structured Logging Format
Logs include structured fields for easy parsing and filtering:
2025-08-19T10:30:45.123Z INFO rmcp_openapi_server::main: OpenAPI MCP Server starting bind_address="127.0.0.1:8080"
2025-08-19T10:30:45.125Z INFO rmcp_openapi::server: Loaded tools from OpenAPI spec tool_count=12
2025-08-19T10:30:45.130Z INFO http_request{tool_name="getPetById" method="GET" path="/pet/{petId}"}: rmcp_openapi::http_client: HTTP request completed status=200 elapsed_ms=45
Module-Specific Logging
You can control logging for specific modules:
# Only HTTP client debug logs
RMCP_OPENAPI_LOG=rmcp_openapi::http_client=debug 
# Only server info logs, everything else warn
RMCP_OPENAPI_LOG=warn,rmcp_openapi::server=info 
# Debug parameter extraction and tool generation
RMCP_OPENAPI_LOG=info,rmcp_openapi::tool_generator=debug 
Examples
See the examples/ directory for usage examples:
- petstore.sh: Demonstrates server usage with the Swagger Petstore API
Testing
# Run all tests
# Run with live API testing
RMCP_TEST_LIVE_API=true 
# Run specific integration tests
License
MIT License - see LICENSE file for details.