Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"fieldflow": {
"command": "<see-readme>",
"args": []
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
FieldFlow turns OpenAPI-described REST endpoints into selectively filtered tools. It generates Pydantic models and FastAPI routes that forward requests to the upstream API and return only the fields the caller asks for. An optional MCP layer exposes the same functionality to Model Context Protocol clients such as Claude Desktop.
No automated test available for this server. Check the GitHub README for setup instructions.
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
No package registry to scan.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in other
Pi Coding Agent extension (CLI-first) — routes bash/read/grep/find/ls through lean-ctx CLI for strong token savings. Optional MCP bridge can register advanced tools.
Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.
97% token reduction for AI coding sessions — zero deps, 21 languages, MCP server
Autonomous spec-to-product coding-agent CLI with an MCP server exposing 34 tools over stdio.
MCP Security Weekly
Get CVE alerts and security updates for Fieldflow and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
FieldFlow turns OpenAPI-described REST endpoints into selectively filtered tools. It generates Pydantic models and FastAPI routes that forward requests to the upstream API and return only the fields the caller asks for. An optional MCP layer exposes those generated OpenAPI tools to Model Context Protocol clients such as Claude Desktop.
fields
list to slice responses.httpx, automatically formatting URL paths and query
parameters.FieldFlow currently has two supported application modes:
fieldflow serve-http exposes generated HTTP tool endpoints from an OpenAPI spec.fieldflow-mcp exposes the same generated OpenAPI tools through MCP over stdio.FieldFlow does not yet wrap arbitrary third-party MCP servers. That direction is planned around MCP tools that expose structured outputSchema, but it is not part of the current release.
fieldflow/
config.py # Environment-based settings
http_app.py # FastAPI app factory
openapi_loader.py # JSON/YAML loader with PyYAML fallback
proxy.py # Async HTTP proxy that filters responses to requested fields
spec_parser.py # Schema parser and dynamic Pydantic model generator
tooling.py # FastAPI router builder for tool endpoints
fieldflow_mcp/
server.py # MCP server wrapper built on FastMCP
cli.py # CLI entry point for the MCP server
examples/
jsonplaceholder_openapi.yaml # Minimal sample spec
pokeapi_openapi.yaml # Larger spec for stress-testing
python -m venv .venv
source .venv/bin/activate
pip install --upgrade pip
pip install -e '.[mcp]' # zsh users: quote to avoid globbing
fieldflow serve-http --reload
OpenAPI specs are resolved from FIELD_FLOW_OPENAPI_SPEC_PATH. If the spec
includes a servers entry the first URL is used; otherwise set
FIELD_FLOW_TARGET_API_BASE_URL.
| Variable | Description | Default |
|---|---|---|
FIELD_FLOW_OPENAPI_SPEC_PATH | Path to the OpenAPI JSON/YAML file | examples/jsonplaceholder_openapi.yaml |
FIELD_FLOW_TARGET_API_BASE_URL | Upstream REST API base URL (overrides spec servers) | derived from spec |
FieldFlow supports secure API authentication through environment variables. All credentials are handled securely with automatic sanitization in logs and error messages.
# Bearer token (OAuth 2.0, JWT)
export FIELDFLOW_AUTH_TYPE=bearer
export FIELDFLOW_AUTH_VALUE=your-token-here
# API Key
export FIELDFLOW_AUTH_TYPE=apikey
export FIELDFLOW_AUTH_HEADER=X-API-Key # Optional, defaults to X-API-Key
export FIELDFLOW_AUTH_VALUE=your-api-key-here
# Basic authentication
export FIELDFLOW_AUTH_TYPE=basic
export FIELDFLOW_AUTH_VALUE=base64-encoded-credentials
When your OpenAPI spec defines security schemes, FieldFlow automatically uses them:
components:
securitySchemes:
BearerAuth:
type: http
scheme: bearer
ApiKeyAuth:
type: apiKey
in: header
name: X-API-Key
With security schemes, provide credentials using the scheme name:
export FIELDFLOW_AUTH_BEARERAUTH_VALUE=your-bearer-token
export FIELDFLOW_AUTH_APIKEYAUTH_VALUE=your-api-key
Security features: