OpenAPI lifecycle guard and MCP sidecar for policy-driven API orchestration.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-tiago-marques-x-openapi-flow-mcp": {
"args": [
"-y",
"x-openapi-flow"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
See your API lifecycle come alive from your OpenAPI spec, with one simple command
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'x-openapi-flow' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked x-openapi-flow against OSV.dev.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in other
Pi Coding Agent extension (CLI-first) — routes bash/read/grep/find/ls through lean-ctx CLI for strong token savings. Optional MCP bridge can register advanced tools.
Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.
97% token reduction for AI coding sessions — zero deps, 21 languages, MCP server
Autonomous spec-to-product coding-agent CLI with an MCP server exposing 34 tools over stdio.
MCP Security Weekly
Get CVE alerts and security updates for io.github.tiago-marques/x-openapi-flow-mcp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
🚀 2,100+ downloads in the first 3 weeks!
npx x-openapi-flow init --suggest-transitions
See your API lifecycle come alive from your OpenAPI spec, with one simple command
Validate, document, and generate flow-aware SDKs automatically.

openapi.json → describes your API
openapi.x.json → describes how to use it (flows)
x-openapi-flow adds a declarative state machine to your OpenAPI spec.
Model resource lifecycles, enforce valid transitions, and generate flow-aware artifacts for documentation, SDKs, and automation.
Define stateful workflows and lifecycle transitions directly inside your OpenAPI operations:
{
"operationId": "createOrder",
"x-openapi-flow": {
"version": "1.0",
"id": "create-order",
"current_state": "created",
"description": "Creates an order and starts the lifecycle",
"transitions": [
{
"transition_id": "order-created-to-paid",
"trigger_type": "synchronous",
"condition": "Payment is confirmed",
"decision_rule": "payOrder:response.200.body.payment_status == 'approved'",
"target_state": "paid",
"next_operation_id": "payOrder",
"operation_role": "mutate",
"prerequisite_operation_ids": ["createOrder"],
"evidence_refs": [
"payOrder:response.200.body.payment_status"
],
"propagated_field_refs": [
"createOrder:response.201.body.order_id"
],
"failure_paths": [
{
"reason": "Payment denied",
"target_state": "payment_failed",
"next_operation_id": "getOrder"
}
]
}
]
}
}
This flow defines an order lifecycle directly inside your OpenAPI:
created statepaid when payment is confirmedInstead of man