npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

mcpfoundry

v0.2.2

Published

Create production-ready MCP (Model Context Protocol) servers from databases or OpenAPI specs, with an optional ZTAI zero-trust security shield.

Downloads

1,964

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jamesmobjamesmob

Keywords

mcpmodel-context-protocolscaffoldgeneratoropenapipostgresaisecurity

Readme

Create secure, production-ready MCP servers from your database or API — in under 5 minutes. ⚒️

npm version npm downloads license node PRs welcome

Quick Start · Features · Security · Examples · Contributing

Stop hand-writing MCP servers. Point mcpfoundry at a database or an OpenAPI spec and get a clean, runnable, secure-by-option MCP server whose tools actually run — real parameterised SQL or real HTTP calls, not TODO stubs. Node.js or Python. Zero boilerplate.

⚡ Quick Start (60 seconds)

npx mcpfoundry create \
  --type openapi \
  --input https://petstore3.swagger.io/api/v3/openapi.json \
  --output ./petstore-mcp

cd petstore-mcp && npm install && npm start
# 🎉  MCP server live on http://localhost:3000/mcp

That's a full MCP server — every endpoint turned into a validated tool — running. No SDK wrangling, no transport plumbing, no boilerplate.

Connect it to Claude in one step: every generated project includes a ready-to-use .mcp.json. Open the folder in Claude Code (it auto-detects the file), or paste the block into Claude Desktop's config. The generated README.md has the exact snippet.

✨ Why mcpfoundry?

| | | |---|---| | ⏱️ Ship in 5 minutes | One command turns a DB or API into a working MCP server. | | 🔒 Secure by option | Add --secure for a zero-trust JWT guard + deception canary. Off by default, never forced. | | 🛡️ Hardened by default | Every tool gets strict Zod / Pydantic parameter validation — no opt-in needed. | | 🏭 Production quality | Self-contained, lint-clean, type-safe output that builds and boots out of the box. | | 🧩 Maintainable & extensible | Clean Template-Compiler architecture — add a language with a folder, no core changes. | | 🌐 HTTP or stdio | Streamable HTTP by default; --no-http for stdio (Claude Desktop / Claude Code style). | | 🐍 Node.js & Python | First-class @modelcontextprotocol/sdk (TS) and FastMCP (Python) output. | | ⚙️ Working out of the box | Tools run real code — parameterised SQL (SQLite) or HTTP calls to your API — not placeholders. | | 🔌 DB & OpenAPI | Introspect SQLite/Postgres into CRUD tools, or convert any OpenAPI/Swagger spec (file or URL, JSON/YAML) into tools that call the upstream API. | | 📎 One-click Claude connection | Every project ships a .mcp.json — auto-detected by Claude Code, paste-ready for Claude Desktop. |

🛠️ Two ways to create

1. From an OpenAPI / Swagger spec

Every endpoint becomes a typed, validated MCP tool.

mcpfoundry create --type openapi --input ./openapi.yaml --output ./my-server

2. From a database

Tables are introspected into CRUD tools. SQLite tools run real, parameterised SQL out of the box — just point DATABASE_PATH at your file:

mcpfoundry create --type database --provider sqlite --uri ./app.db --output ./db-server
cd db-server && npm install && DATABASE_PATH=../app.db npm start

Postgres is also introspected (its handlers are scaffolded stubs for now):

mcpfoundry create --type database \
  --provider postgres \
  --uri "postgresql://user:pass@localhost:5432/mydb" \
  --output ./pg-server --lang python

💡 Preview first with --dry-run to see exactly which tools you'll get — no files written:

✔ Dry run — 4 tool(s) would be generated:
  • list_pets(limit?: integer)
  • create_pet(name: string, tag?: string)
  • get_pet_by_id(pet_id: integer)
  • delete_pet(pet_id: integer)

🔐 The ZTAI Security Shield (optional)

Pass --secure and every generated server enforces zero-trust access — recommended, never required:

  1. 🔑 JWT Guard — verifies a short-lived HS256 token (an Authorization: Bearer header per request over HTTP, or ZTAI_AUTH_TOKEN at startup over stdio) against JWT_SECRET. Invalid or missing → rejected before any tool runs.
  2. 🧱 Parameter hardening — strict Zod / Pydantic schemas (this is always on, even without --secure — it's just good hygiene).
  3. 🪤 Deception canary — set ZTAI_CANARY_ID and tool output carries a subtle, traceable marker to help detect adversarial data exfiltration.

Without --secure you still get a perfectly good, vendor-neutral MCP server.

🎛️ All options

| Flag | Description | | --- | --- | | --type | database or openapi (required) | | --provider | sqlite | postgres | mysql | mongodb (database mode) | | --uri | DB connection string (database mode) | | --input | OpenAPI spec — file path or URL, JSON or YAML (openapi mode) | | --output | Output directory (required) | | --lang | nodejs (default) or python | | --transport | http (default) or stdio | | --no-http | Shortcut for --transport stdio | | --port | Port for the HTTP transport (default 3000) | | --secure | Embed the optional ZTAI Security Shield | | --force | Overwrite a non-empty output directory | | --dry-run | Preview the generated tools, then exit |

SQLite & Postgres are introspected today; SQLite emits working SQL. MySQL & MongoDB are stubbed and open for contributions.

🧩 How it works

mcpfoundry follows a clean Template-Compiler pattern:

  source (DB / OpenAPI)  ──▶  parser  ──▶  normalized IR (ToolSpec[])
                                                   │
                                       Handlebars compiler
                                                   │
                                                   ▼
                       templates/<lang>/  ──▶  your generated server

Parsers and templates are decoupled by a normalized intermediate representation, so adding a new language is just a new templates/<lang>/ folder — no engine changes. See CONTRIBUTING.md.

🤝 Contributing

Two of the most common contributions — a new language template or a new database provider — need zero changes to the core engine. See CONTRIBUTING.md.

📄 License

MIT — build freely.

⭐ Star on GitHub if mcpfoundry saved you an afternoon.