Create mcpcat.md

Upgrade package to version 3.2.0 and address code quality improvements based on review feedback

.eslintrc.json

@@ -1,9 +1,6 @@
 {
   "parser": "@typescript-eslint/parser",
-    "extends": [
+  "extends": ["eslint:recommended", "plugin:@typescript-eslint/recommended"],
-      "eslint:recommended",
-      "plugin:@typescript-eslint/recommended"
-    ],
   "plugins": ["@typescript-eslint"],
   "env": {
     "node": true,

.github/ISSUE_TEMPLATE/bug_report.md

@@ -4,7 +4,6 @@ about: Create a report to help us improve
 title: ''
 labels: ''
 assignees: ''
-
 ---
 
 **Describe the bug**
@@ -12,6 +11,7 @@ A clear and concise description of what the bug is.
 
 **To Reproduce**
 Steps to reproduce the behavior:
+
 1. Go to '...'
 2. Click on '....'
 3. Scroll down to '....'
@@ -24,11 +24,13 @@ A clear and concise description of what you expected to happen.
 If applicable, add screenshots to help explain your problem.
 
 **Desktop (please complete the following information):**
+
 - OS: [e.g. iOS]
 - Browser [e.g. chrome, safari]
 - Version [e.g. 22]
 
 **Smartphone (please complete the following information):**
+
 - Device: [e.g. iPhone6]
 - OS: [e.g. iOS8.1]
 - Browser [e.g. stock browser, safari]

.github/ISSUE_TEMPLATE/custom.md

@@ -4,7 +4,4 @@ about: Describe this issue template's purpose here.
 title: ''
 labels: ''
 assignees: ''
-
 ---
-
-

.github/ISSUE_TEMPLATE/feature_request.md

@@ -4,7 +4,6 @@ about: Suggest an idea for this project
 title: ''
 labels: ''
 assignees: ''
-
 ---
 
 **Is your feature request related to a problem? Please describe.**

.github/PULL_REQUEST_TEMPLATE/mcpcat.md

@@ -0,0 +1,44 @@
+# Add optional MCPcat analytics scaffolding (`--with-mcpcat`) to generated MCP servers
+
+> **TL;DR**: This PR adds an **opt-in** flag to scaffold privacy-safe analytics wiring for MCPcat in projects generated by `openapi-mcp-generator`.
+
+## Summary
+This PR introduces a `--with-mcpcat` CLI flag that scaffolds:
+- A tiny analytics shim to emit initialize/tool-call events.
+- A default **local redaction** helper to scrub sensitive data before export.
+- Minimal config via environment variables.
+No behavior changes unless the flag and env vars are set.
+
+## Motivation
+- Make freshly generated MCP servers **observable in minutes**.
+- Encourage **privacy-by-default** analytics patterns.
+- Reduce copy/paste wiring; standardize event shape (operationId, path, duration, status).
+
+## Changes
+### CLI
+- `generate` accepts `--with-mcpcat` (default: off).
+
+### Template files (added conditionally)
+- `src/analytics/mcpcat.ts` – lazy import + safe no-op if SDK absent.
+- `src/analytics/redact.ts` – OpenAPI-aware heuristics (e.g., `*token*`, `password`, `apiKey`, `authorization`, `email`).
+- `src/analytics/config.ts` – reads env:
+  - `MCPCAT_ENABLED=true|false` (default `false`)
+  - `MCPCAT_PROJECT_ID=<id>`
+  - `MCPCAT_ENDPOINT=<optional override>`
+  - `MCPCAT_SAMPLE_RATE=1.0` (0–1)
+
+### Server wiring
+- Hooks server `.initialize` and each tool invocation to record:
+  - `operationId`, HTTP `method`, `path`
+  - redacted `args`
+  - `outcome` (`ok`/`error`) + truncated error message
+  - `duration_ms`
+
+### Docs
+- Adds a “Enable analytics (MCPcat)” section to generated README with privacy notes and quickstart.
+
+## Implementation Notes
+- **Compile-time optional**: no imports unless flag is used.
+- **Runtime safe**: try/catch around SDK import → graceful no-op if not installed.
+- **Transport-agnostic**: compatible with stdio, SSE/web, and StreamableHTTP templates.
+- **Edge-friendly**: avoids Node-only APIs in scaffolding to support edge runtimes (e.g., Workers).

.github/workflows/check.yml

@@ -0,0 +1,30 @@
+name: check
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  format-and-build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Format check
+        run: npm run format.check
+
+      - name: Build
+        run: npm run build

CHANGELOG.md

@@ -5,26 +5,64 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.2.0] - 2025-08-24
+
+### Added
+
+- Endpoint filtering using `x-mcp` OpenAPI extension to control which operations are exposed as MCP tools
+- CLI option `--default-include` to change default behavior for endpoint inclusion
+- Precedence rules for `x-mcp` extension (operation > path > root level)
+- Enhanced programmatic API with `defaultInclude` option in `getToolsFromOpenApi`
+
+### Changed
+
+- Improved documentation with examples for endpoint filtering and OpenAPI extensions.
+- Version bump to next minor release
+- Updated package version to reflect accumulated features and improvements
+
+## [3.1.4] - 2025-06-18
+
+### Chores
+
+- Updated the application version to 3.1.4 and ensured the CLI displays the version dynamically.
+
+### Style
+
+- Improved code formatting for better readability.
+
+### Bug Fixes
+
+- Tool names now retain their original casing during extraction.
+
+## [3.1.3] - 2025-06-12
+
+### Fixed
+
+- Cannot find the package after building and the problem during the building.
+
 ## [3.1.2] - 2025-06-08
 
 ### Fixed
+
 - Prevent stack overflow (RangeError: Maximum call stack size exceeded) when processing recursive or cyclic OpenAPI schemas (e.g., self-referencing objects).
 - Added cycle detection to schema mapping, ensuring robust handling of recursive structures.
 
 ## [3.1.1] - 2025-05-26
 
 ### Added
+
 - Introduced a new executable command-line script for easier usage in Unix-like environments.
 
 ### Changed
+
 - Use new CLI entry point to use the new `bin/openapi-mcp-generator.js` file.
 - Updated build script to ensure the new CLI file has the correct permissions.
 - Refactored `index.ts` to streamline argument parsing and error handling.
 
-
 ## [3.1.0] - 2025-05-18
 
 ### Added
+
 - Programmatic API to extract MCP tool definitions from OpenAPI specs
 - New exportable `getToolsFromOpenApi` function for direct integration in code
 - Advanced filtering capabilities for programmatic tool extraction
@@ -32,20 +70,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Updated README with programmatic API usage examples
 
 ### Changed
+
 - Improved module structure with better exports
 - Enhanced detection of module execution context
 
 ## [3.0.0] - 2025-04-26
 
 ### Added
+
 - Streamable HTTP support for OpenAPI MCP generator, enabling efficient handling of large payloads and real-time data transfer.
 - Major architectural refactor to support streaming responses and requests.
 
 ### Fixed
+
 - Multiple bugs related to HTTP/HTTPS connection handling, stream closure, and error propagation in streaming scenarios.
 - Fixed resource leak issues on server aborts and client disconnects during streaming.
 
 ### Changed
+
 - Major version bump due to breaking changes in API and internal structures to support streaming.
 - Updated documentation to reflect new streaming capabilities and usage instructions.
 - Enhanced performance and robustness of HTTP/HTTPS transport layers.
@@ -53,6 +95,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [2.0.0] - 2025-04-12
 
 ### Added
+
 - Runtime argument validation using Zod
 - JSON Schema to Zod schema conversion
 - Improved error handling and formatting
@@ -63,6 +106,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Support for multiple content types
 
 ### Changed
+
 - Simplified transport layer to only support stdio transport
 - Removed support for WebSocket and HTTP transports
 - Updated to use @modelcontextprotocol/sdk v1.9.0
@@ -72,6 +116,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - More robust OpenAPI schema processing
 
 ### Fixed
+
 - Path parameter resolution in URLs
 - Content-Type header handling
 - Response processing for different content types
@@ -81,6 +126,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [1.0.0] - Initial Release
 
 ### Added
+
 - Basic OpenAPI to MCP server generation
 - Support for GET, POST, PUT, DELETE methods
 - Basic error handling

PROGRAMMATIC_API.md

@@ -21,16 +21,19 @@ import { getToolsFromOpenApi } from 'openapi-mcp-generator';
 This function extracts an array of tools from an OpenAPI specification.
 
 **Parameters:**
+
 - `specPathOrUrl`: Path to a local OpenAPI spec file or URL to a remote spec
 - `options`: (Optional) Configuration options
 
 **Options:**
+
 - `baseUrl`: Override the base URL in the OpenAPI spec
 - `dereference`: Whether to resolve $refs (default: false)
 - `excludeOperationIds`: Array of operation IDs to exclude from the results
 - `filterFn`: Custom function to filter tools (receives tool, returns boolean)
 
 **Returns:**
+
 - Promise that resolves to an array of McpToolDefinition objects
 
 **Example:**
@@ -42,12 +45,15 @@ import { getToolsFromOpenApi } from 'openapi-mcp-generator';
 const tools = await getToolsFromOpenApi('./petstore.json');
 
 // With options
-const filteredTools = await getToolsFromOpenApi('https://petstore3.swagger.io/api/v3/openapi.json', {
+const filteredTools = await getToolsFromOpenApi(
+  'https://petstore3.swagger.io/api/v3/openapi.json',
+  {
     baseUrl: 'https://petstore3.swagger.io/api/v3',
     dereference: true,
     excludeOperationIds: ['addPet', 'updatePet'],
-  filterFn: (tool) => tool.method.toLowerCase() === 'get'
+    filterFn: (tool) => tool.method.toLowerCase() === 'get',
-});
+  }
+);
 
 // Process the results
 for (const tool of filteredTools) {
@@ -58,6 +64,20 @@ for (const tool of filteredTools) {
 }
 ```
 
+you can also provide a `OpenAPIV3.Document` to the parser:
+
+```typescript
+import { parser } from '@readme/openapi-parser';
+
+const api = await parser('https://petstore3.swagger.io/api/v3/openapi.json', {
+  dereference: {
+    circular: true,
+  },
+});
+
+const tools = await getToolsFromOpenApi(api);
+```
+
 ## Tool Definition Structure
 
 Each tool definition (`McpToolDefinition`) has the following properties:
@@ -105,7 +125,7 @@ interface McpToolDefinition {
 
 ```typescript
 const getTools = await getToolsFromOpenApi(specUrl, {
-  filterFn: (tool) => tool.method.toLowerCase() === 'get'
+  filterFn: (tool) => tool.method.toLowerCase() === 'get',
 });
 ```
 
@@ -113,7 +133,7 @@ const getTools = await getToolsFromOpenApi(specUrl, {
 
 ```typescript
 const secureTools = await getToolsFromOpenApi(specUrl, {
-  filterFn: (tool) => tool.securityRequirements.length > 0
+  filterFn: (tool) => tool.securityRequirements.length > 0,
 });
 ```
 
@@ -121,7 +141,7 @@ const secureTools = await getToolsFromOpenApi(specUrl, {
 
 ```typescript
 const userTools = await getToolsFromOpenApi(specUrl, {
-  filterFn: (tool) => tool.pathTemplate.includes('/user')
+  filterFn: (tool) => tool.pathTemplate.includes('/user'),
 });
 ```
 
@@ -130,8 +150,6 @@ const userTools = await getToolsFromOpenApi(specUrl, {
 ```typescript
 const safeUserTools = await getToolsFromOpenApi(specUrl, {
   excludeOperationIds: ['deleteUser', 'updateUser'],
-  filterFn: (tool) => 
+  filterFn: (tool) => tool.pathTemplate.includes('/user') && tool.method.toLowerCase() === 'get',
-    tool.pathTemplate.includes('/user') &&
-    tool.method.toLowerCase() === 'get'
 });
 ```

README.md

@@ -49,7 +49,7 @@ openapi-mcp-generator --input path/to/openapi.json --output path/to/output/dir -
 ### CLI Options
 
 | Option              | Alias | Description                                                                                                                                    | Default                           |
-|--------------------|-------|-----------------------------------------------------------------------------------------------------|---------------------------------|
+| ------------------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
 | `--input`           | `-i`  | Path or URL to OpenAPI specification (YAML or JSON)                                                                                            | **Required**                      |
 | `--output`          | `-o`  | Directory to output the generated MCP project                                                                                                  | **Required**                      |
 | `--server-name`     | `-n`  | Name of the MCP server (`package.json:name`)                                                                                                   | OpenAPI title or `mcp-api-server` |
@@ -57,6 +57,7 @@ openapi-mcp-generator --input path/to/openapi.json --output path/to/output/dir -
 | `--base-url`        | `-b`  | Base URL for API requests. Required if OpenAPI `servers` missing or ambiguous.                                                                 | Auto-detected if possible         |
 | `--transport`       | `-t`  | Transport mode: `"stdio"` (default), `"web"`, or `"streamable-http"`                                                                           | `"stdio"`                         |
 | `--port`            | `-p`  | Port for web-based transports                                                                                                                  | `3000`                            |
+| `--default-include` |       | Default behavior for x-mcp filtering. Accepts `true` or `false` (case-insensitive). `true` = include by default, `false` = exclude by default. | `true`                            |
 | `--force`           |       | Overwrite existing files in the output directory without confirmation                                                                          | `false`                           |
 
 ## 📦 Programmatic API
@@ -74,7 +75,7 @@ const filteredTools = await getToolsFromOpenApi('https://example.com/api-spec.js
   baseUrl: 'https://api.example.com',
   dereference: true,
   excludeOperationIds: ['deletePet'],
-  filterFn: (tool) => tool.method.toLowerCase() === 'get'
+  filterFn: (tool) => tool.method.toLowerCase() === 'get',
 });
 ```
 
@@ -100,6 +101,7 @@ The generated project includes:
 ```
 
 Core dependencies:
+
 - `@modelcontextprotocol/sdk` - MCP protocol implementation
 - `axios` - HTTP client for API requests
 - `zod` - Runtime validation
@@ -139,7 +141,7 @@ Implements the MCP StreamableHTTP transport which offers:
 ### Transport Comparison
 
 | Feature            | stdio               | web (SSE)         | streamable-http    |
-|---------|-------|-----------|----------------|
+| ------------------ | ------------------- | ----------------- | ------------------ |
 | Protocol           | JSON-RPC over stdio | JSON-RPC over SSE | JSON-RPC over HTTP |
 | Connection         | Persistent          | Persistent        | Request/response   |
 | Bidirectional      | Yes                 | Yes               | Yes (stateful)     |
@@ -158,7 +160,7 @@ Implements the MCP StreamableHTTP transport which offers:
 Configure auth credentials in your environment:
 
 | Auth Type  | Variable Format                                                                                    |
-|-------------|----------------------------------------------------------|
+| ---------- | -------------------------------------------------------------------------------------------------- |
 | API Key    | `API_KEY_<SCHEME_NAME>`                                                                            |
 | Bearer     | `BEARER_TOKEN_<SCHEME_NAME>`                                                                       |
 | Basic Auth | `BASIC_USERNAME_<SCHEME_NAME>`, `BASIC_PASSWORD_<SCHEME_NAME>`                                     |
@@ -166,6 +168,38 @@ Configure auth credentials in your environment:
 
 ---
 
+## 🔎 Filtering Endpoints with OpenAPI Extensions
+
+You can control which operations are exposed as MCP tools using a vendor extension flag `x-mcp`. This extension is supported at the root, path, and operation levels. By default, endpoints are included unless explicitly excluded.
+
+- Extension: `x-mcp: true | false`
+- Default: `true` (include by default)
+- Precedence: operation > path > root (first non-undefined wins)
+- CLI option: `--default-include false` to change default to exclude by default
+
+Examples:
+
+```yaml
+# Optional root-level default
+x-mcp: true
+
+paths:
+  /pets:
+    x-mcp: false # exclude all ops under /pets
+    get:
+      x-mcp: true # include this operation anyway
+
+  /users/{id}:
+    get:
+      # no x-mcp -> included by default
+```
+
+This uses standard OpenAPI extensions (x-… fields). See the [OpenAPI Extensions guide](https://swagger.io/docs/specification/v3_0/openapi-extensions/) for details.
+
+Note: `x-mcp` must be a boolean or the strings `"true"`/`"false"` (case-insensitive). Other values are ignored in favor of higher-precedence or default behavior.
+
+---
+
 ## ▶️ Running the Generated Server
 
 ```bash
@@ -214,8 +248,9 @@ Contributions are welcome!
 
 1. Fork the repo
 2. Create a feature branch: `git checkout -b feature/amazing-feature`
-3. Commit your changes: `git commit -m "Add amazing feature"`
+3. Run `npm run format.write` to format your code
-4. Push and open a PR
+4. Commit your changes: `git commit -m "Add amazing feature"`
+5. Push and open a PR
 
 📌 Repository: [github.com/harsha-iiiv/openapi-mcp-generator](https://github.com/harsha-iiiv/openapi-mcp-generator)
 

examples/pet-store-sse/.eslintrc.json

@@ -1,12 +1,7 @@
 {
   "parser": "@typescript-eslint/parser",
-  "extends": [
+  "extends": ["eslint:recommended", "plugin:@typescript-eslint/recommended"],
-    "eslint:recommended",
+  "plugins": ["@typescript-eslint"],
-    "plugin:@typescript-eslint/recommended"
-  ],
-  "plugins": [
-    "@typescript-eslint"
-  ],
   "env": {
     "node": true,
     "es2022": true
@@ -15,10 +10,7 @@
     "no-console": [
       "error",
       {
-        "allow": [
+        "allow": ["error", "warn"]
-          "error",
-          "warn"
-        ]
       }
     ],
     "@typescript-eslint/explicit-function-return-type": "off",

examples/pet-store-sse/docs/oauth2-configuration.md

@@ -13,11 +13,13 @@ This API uses OAuth2 for authentication. The MCP server can handle OAuth2 authen
 
 - `OAUTH_CLIENT_ID_PETSTORE_AUTH`: Your OAuth client ID
 - `OAUTH_CLIENT_SECRET_PETSTORE_AUTH`: Your OAuth client secret
+
 ## Token Caching
 
 The MCP server automatically caches OAuth tokens obtained via client credentials flow. Tokens are cached for their lifetime (as specified by the `expires_in` parameter in the token response) minus 60 seconds as a safety margin.
 
 When making API requests, the server will:
+
 1. Check for a cached token that's still valid
 2. Use the cached token if available
 3. Request a new token if no valid cached token exists

examples/pet-store-sse/public/index.html

@@ -1,18 +1,26 @@
-<!DOCTYPE html>
+<!doctype html>
 <html lang="en">
   <head>
-<meta charset="UTF-8">
+    <meta charset="UTF-8" />
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>swagger-petstore---openapi-3-0 MCP Test Client</title>
     <style>
       body {
-    font-family: system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+        font-family:
+          system-ui,
+          -apple-system,
+          BlinkMacSystemFont,
+          'Segoe UI',
+          Roboto,
+          sans-serif;
         max-width: 800px;
         margin: 0 auto;
         padding: 20px;
         line-height: 1.5;
       }
-  h1 { margin-bottom: 10px; }
+      h1 {
+        margin-bottom: 10px;
+      }
       .container {
         display: flex;
         flex-direction: column;
@@ -39,13 +47,15 @@
       }
       #sendButton {
         padding: 8px 16px;
-    background-color: #4CAF50;
+        background-color: #4caf50;
         color: white;
         border: none;
         cursor: pointer;
         border-radius: 0 5px 5px 0;
       }
-  #sendButton:hover { background-color: #45a049; }
+      #sendButton:hover {
+        background-color: #45a049;
+      }
       .message {
         margin-bottom: 10px;
         padding: 8px 12px;
@@ -124,7 +134,7 @@
       <div id="conversation"></div>
 
       <div class="input-area">
-    <input type="text" id="userInput" placeholder="Type a message..." disabled>
+        <input type="text" id="userInput" placeholder="Type a message..." disabled />
         <button id="sendButton" disabled>Send</button>
       </div>
     </div>
@@ -294,8 +304,8 @@
             method: 'callTool',
             params: {
               name: toolName,
-          arguments: parseArguments(text)
+              arguments: parseArguments(text),
-        }
+            },
           };
 
           log('REQUEST', JSON.stringify(requestBody));
@@ -307,15 +317,18 @@
           const response = await fetch(fullEndpoint, {
             method: 'POST',
             headers: {
-          'Content-Type': 'application/json'
+              'Content-Type': 'application/json',
             },
-        body: JSON.stringify(requestBody)
+            body: JSON.stringify(requestBody),
           });
 
           if (!response.ok) {
             const errorText = await response.text();
             log('ERROR', `Error response: ${response.status} ${response.statusText} ${errorText}`);
-        appendMessage('system', `Error: ${response.status} ${response.statusText}\n${errorText}`);
+            appendMessage(
+              'system',
+              `Error: ${response.status} ${response.statusText}\n${errorText}`
+            );
           } else {
             log('INFO', `Request sent successfully`);
             // Note: We don't handle the response content here because the response

examples/pet-store-sse/src/web-server.ts

@@ -1,4 +1,3 @@
-
 /**
  * Web server setup for HTTP-based MCP communication using Hono
  */
@@ -7,11 +6,11 @@ import { cors } from 'hono/cors';
 import { serve } from '@hono/node-server';
 import { streamSSE } from 'hono/streaming';
 import { v4 as uuid } from 'uuid';
-import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
-import { JSONRPCMessage, JSONRPCMessageSchema } from "@modelcontextprotocol/sdk/types.js";
+import { JSONRPCMessage, JSONRPCMessageSchema } from '@modelcontextprotocol/sdk/types.js';
 import type { Context } from 'hono';
 import type { SSEStreamingApi } from 'hono/streaming';
-import type { Transport } from "@modelcontextprotocol/sdk/shared/transport.js";
+import type { Transport } from '@modelcontextprotocol/sdk/shared/transport.js';
 
 // Import server configuration constants
 import { SERVER_NAME, SERVER_VERSION } from './index.js';
@@ -52,7 +51,7 @@ async start(): Promise<void> {
     // Send the endpoint information
     await this.stream.writeSSE({
       event: 'endpoint',
-    data: `${this.messageUrl}?sessionId=${this._sessionId}`
+      data: `${this.messageUrl}?sessionId=${this._sessionId}`,
     });
 
     // Send session ID and connection info in a format the client can understand
@@ -60,22 +59,22 @@ async start(): Promise<void> {
       event: 'session',
       data: JSON.stringify({
         type: 'session_id',
-      session_id: this._sessionId 
+        session_id: this._sessionId,
-    })
+      }),
     });
 
     // Send a welcome notification
     await this.send({
-    jsonrpc: "2.0",
+      jsonrpc: '2.0',
-    method: "notification",
+      method: 'notification',
       params: {
-      type: "welcome",
+        type: 'welcome',
         clientInfo: {
           sessionId: this._sessionId,
           serverName: SERVER_NAME,
-        serverVersion: SERVER_VERSION
+          serverVersion: SERVER_VERSION,
-      }
+        },
-    }
+      },
     });
   }
 
@@ -132,7 +131,7 @@ async send(message: JSONRPCMessage): Promise<void> {
 
     await this.stream.writeSSE({
       event: 'message',
-    data: JSON.stringify(message)
+      data: JSON.stringify(message),
     });
   }
 }
@@ -160,7 +159,7 @@ app.get('/health', (c) => {
   });
 
   // SSE endpoint for clients to connect to
-app.get("/sse", (c) => {
+  app.get('/sse', (c) => {
     return streamSSE(c, async (stream) => {
       // Create SSE transport
       const transport = new SSETransport('/api/messages', stream);
@@ -202,7 +201,7 @@ app.get("/sse", (c) => {
   });
 
   // API endpoint for clients to send messages
-app.post("/api/messages", async (c) => {
+  app.post('/api/messages', async (c) => {
     const sessionId = c.req.query('sessionId');
 
     if (!sessionId) {
@@ -246,17 +245,31 @@ app.get('/*', async (c) => {
           let contentType = 'text/plain';
 
           switch (ext) {
-          case '.html': contentType = 'text/html'; break;
+            case '.html':
-          case '.css': contentType = 'text/css'; break;
+              contentType = 'text/html';
-          case '.js': contentType = 'text/javascript'; break;
+              break;
-          case '.json': contentType = 'application/json'; break;
+            case '.css':
-          case '.png': contentType = 'image/png'; break;
+              contentType = 'text/css';
-          case '.jpg': contentType = 'image/jpeg'; break;
+              break;
-          case '.svg': contentType = 'image/svg+xml'; break;
+            case '.js':
+              contentType = 'text/javascript';
+              break;
+            case '.json':
+              contentType = 'application/json';
+              break;
+            case '.png':
+              contentType = 'image/png';
+              break;
+            case '.jpg':
+              contentType = 'image/jpeg';
+              break;
+            case '.svg':
+              contentType = 'image/svg+xml';
+              break;
           }
 
           return new Response(content, {
-          headers: { 'Content-Type': contentType }
+            headers: { 'Content-Type': contentType },
           });
         }
       } catch (err) {
@@ -272,15 +285,20 @@ app.get('/*', async (c) => {
   });
 
   // Start the server
-serve({
+  serve(
+    {
       fetch: app.fetch,
-  port
+      port,
-}, (info) => {
+    },
+    (info) => {
       console.error(`MCP Web Server running at http://localhost:${info.port}`);
       console.error(`- SSE Endpoint: http://localhost:${info.port}/sse`);
-  console.error(`- Messages Endpoint: http://localhost:${info.port}/api/messages?sessionId=YOUR_SESSION_ID`);
+      console.error(
+        `- Messages Endpoint: http://localhost:${info.port}/api/messages?sessionId=YOUR_SESSION_ID`
+      );
       console.error(`- Health Check: http://localhost:${info.port}/health`);
-});
+    }
+  );
 
   return app;
 }

examples/pet-store-sse/tsconfig.json

@@ -17,12 +17,6 @@
     "sourceMap": true,
     "forceConsistentCasingInFileNames": true
   },
-  "include": [
+  "include": ["src/**/*"],
-    "src/**/*"
+  "exclude": ["node_modules", "build", "**/*.test.ts"]
-  ],
-  "exclude": [
-    "node_modules",
-    "build",
-    "**/*.test.ts"
-  ]
 }

examples/pet-store-streamable-http/.eslintrc.json

@@ -1,12 +1,7 @@
 {
   "parser": "@typescript-eslint/parser",
-  "extends": [
+  "extends": ["eslint:recommended", "plugin:@typescript-eslint/recommended"],
-    "eslint:recommended",
+  "plugins": ["@typescript-eslint"],
-    "plugin:@typescript-eslint/recommended"
-  ],
-  "plugins": [
-    "@typescript-eslint"
-  ],
   "env": {
     "node": true,
     "es2022": true
@@ -15,10 +10,7 @@
     "no-console": [
       "error",
       {
-        "allow": [
+        "allow": ["error", "warn"]
-          "error",
-          "warn"
-        ]
       }
     ],
     "@typescript-eslint/explicit-function-return-type": "off",

examples/pet-store-streamable-http/docs/oauth2-configuration.md

@@ -13,11 +13,13 @@ This API uses OAuth2 for authentication. The MCP server can handle OAuth2 authen
 
 - `OAUTH_CLIENT_ID_PETSTORE_AUTH`: Your OAuth client ID
 - `OAUTH_CLIENT_SECRET_PETSTORE_AUTH`: Your OAuth client secret
+
 ## Token Caching
 
 The MCP server automatically caches OAuth tokens obtained via client credentials flow. Tokens are cached for their lifetime (as specified by the `expires_in` parameter in the token response) minus 60 seconds as a safety margin.
 
 When making API requests, the server will:
+
 1. Check for a cached token that's still valid
 2. Use the cached token if available
 3. Request a new token if no valid cached token exists

examples/pet-store-streamable-http/package.json

@@ -12,6 +12,8 @@
   "scripts": {
     "start": "node build/index.js",
     "build": "tsc && chmod 755 build/index.js",
+    "format.check": "prettier --check .",
+    "format.write": "prettier --write .",
     "typecheck": "tsc --noEmit",
     "prestart": "npm run build",
     "start:http": "node build/index.js --transport=streamable-http"

examples/pet-store-streamable-http/public/index.html

@@ -1,18 +1,26 @@
-<!DOCTYPE html>
+<!doctype html>
 <html lang="en">
   <head>
-  <meta charset="UTF-8">
+    <meta charset="UTF-8" />
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>swagger-petstore---openapi-3-0 MCP StreamableHTTP Test Client</title>
     <style>
       body {
-      font-family: system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+        font-family:
+          system-ui,
+          -apple-system,
+          BlinkMacSystemFont,
+          'Segoe UI',
+          Roboto,
+          sans-serif;
         max-width: 800px;
         margin: 0 auto;
         padding: 20px;
         line-height: 1.5;
       }
-    h1 { margin-bottom: 10px; }
+      h1 {
+        margin-bottom: 10px;
+      }
       .container {
         display: flex;
         flex-direction: column;
@@ -39,13 +47,15 @@
       }
       #sendButton {
         padding: 8px 16px;
-      background-color: #4CAF50;
+        background-color: #4caf50;
         color: white;
         border: none;
         cursor: pointer;
         border-radius: 0 5px 5px 0;
       }
-    #sendButton:hover { background-color: #45a049; }
+      #sendButton:hover {
+        background-color: #45a049;
+      }
       .message {
         margin-bottom: 10px;
         padding: 8px 12px;
@@ -124,7 +134,7 @@
       <div id="conversation"></div>
 
       <div class="input-area">
-      <input type="text" id="userInput" placeholder="Type a message..." disabled>
+        <input type="text" id="userInput" placeholder="Type a message..." disabled />
         <button id="sendButton" disabled>Send</button>
       </div>
     </div>
@@ -191,8 +201,8 @@
             params: {
               clientName: 'MCP StreamableHTTP Test Client',
               clientVersion: '1.0.0',
-            capabilities: {}
+              capabilities: {},
-          }
+            },
           };
 
           log('REQUEST', JSON.stringify(requestBody));
@@ -200,15 +210,18 @@
           const response = await fetch('/mcp', {
             method: 'POST',
             headers: {
-            'Content-Type': 'application/json'
+              'Content-Type': 'application/json',
             },
-          body: JSON.stringify(requestBody)
+            body: JSON.stringify(requestBody),
           });
 
           if (!response.ok) {
             const errorText = await response.text();
             log('ERROR', `Error response: ${response.status} ${response.statusText} ${errorText}`);
-          appendMessage('system', `Error: ${response.status} ${response.statusText}\n${errorText}`);
+            appendMessage(
+              'system',
+              `Error: ${response.status} ${response.statusText}\n${errorText}`
+            );
             statusEl.textContent = 'Connection error. Try again.';
             return;
           }
@@ -254,7 +267,7 @@
             jsonrpc: '2.0',
             id: messageId++,
             method: 'listTools',
-          params: {}
+            params: {},
           };
 
           log('REQUEST', JSON.stringify(requestBody));
@@ -263,14 +276,17 @@
             method: 'POST',
             headers: {
               'Content-Type': 'application/json',
-            'mcp-session-id': sessionId
+              'mcp-session-id': sessionId,
             },
-          body: JSON.stringify(requestBody)
+            body: JSON.stringify(requestBody),
           });
 
           if (!response.ok) {
             const errorText = await response.text();
-          log('ERROR', `Error listing tools: ${response.status} ${response.statusText} ${errorText}`);
+            log(
+              'ERROR',
+              `Error listing tools: ${response.status} ${response.statusText} ${errorText}`
+            );
             return;
           }
 
@@ -278,7 +294,10 @@
           log('TOOLS', JSON.stringify(data));
 
           if (data.result?.tools && Array.isArray(data.result.tools)) {
-          appendMessage('system', `Available tools: ${data.result.tools.map(t => t.name).join(', ')}`);
+            appendMessage(
+              'system',
+              `Available tools: ${data.result.tools.map((t) => t.name).join(', ')}`
+            );
           }
         } catch (error) {
           log('ERROR', `Error listing tools: ${error.message}`);
@@ -305,8 +324,8 @@
             method: 'callTool',
             params: {
               name: toolName,
-            arguments: parseArguments(text)
+              arguments: parseArguments(text),
-          }
+            },
           };
 
           log('REQUEST', JSON.stringify(requestBody));
@@ -315,15 +334,18 @@
             method: 'POST',
             headers: {
               'Content-Type': 'application/json',
-            'mcp-session-id': sessionId
+              'mcp-session-id': sessionId,
             },
-          body: JSON.stringify(requestBody)
+            body: JSON.stringify(requestBody),
           });
 
           if (!response.ok) {
             const errorText = await response.text();
             log('ERROR', `Error response: ${response.status} ${response.statusText} ${errorText}`);
-          appendMessage('system', `Error: ${response.status} ${response.statusText}\n${errorText}`);
+            appendMessage(
+              'system',
+              `Error: ${response.status} ${response.statusText}\n${errorText}`
+            );
             return;
           }
 

examples/pet-store-streamable-http/src/streamable-http.ts

@@ -1,4 +1,3 @@
-
 /**
  * StreamableHTTP server setup for HTTP-based MCP communication using Hono
  */
@@ -6,17 +5,17 @@ import { Hono } from 'hono';
 import { cors } from 'hono/cors';
 import { serve } from '@hono/node-server';
 import { v4 as uuid } from 'uuid';
-import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
-import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
-import { InitializeRequestSchema, JSONRPCError } from "@modelcontextprotocol/sdk/types.js";
+import { InitializeRequestSchema, JSONRPCError } from '@modelcontextprotocol/sdk/types.js';
 import { toReqRes, toFetchResponse } from 'fetch-to-node';
 
 // Import server configuration constants
 import { SERVER_NAME, SERVER_VERSION } from './index.js';
 
 // Constants
-const SESSION_ID_HEADER_NAME = "mcp-session-id";
+const SESSION_ID_HEADER_NAME = 'mcp-session-id';
-const JSON_RPC = "2.0";
+const JSON_RPC = '2.0';
 
 /**
  * StreamableHTTP MCP Server handler
@@ -34,9 +33,9 @@ class MCPStreamableHttpServer {
    * Handle GET requests (typically used for static files)
    */
   async handleGetRequest(c: any) {
-    console.error("GET request received - StreamableHTTP transport only supports POST");
+    console.error('GET request received - StreamableHTTP transport only supports POST');
     return c.text('Method Not Allowed', 405, {
-      'Allow': 'POST'
+      Allow: 'POST',
     });
   }
 
@@ -45,7 +44,9 @@ class MCPStreamableHttpServer {
    */
   async handlePostRequest(c: any) {
     const sessionId = c.req.header(SESSION_ID_HEADER_NAME);
-    console.error(`POST request received ${sessionId ? 'with session ID: ' + sessionId : 'without session ID'}`);
+    console.error(
+      `POST request received ${sessionId ? 'with session ID: ' + sessionId : 'without session ID'}`
+    );
 
     try {
       const body = await c.req.json();
@@ -71,7 +72,7 @@ class MCPStreamableHttpServer {
 
       // Create new transport for initialize requests
       if (!sessionId && this.isInitializeRequest(body)) {
-        console.error("Creating new StreamableHTTP transport for initialize request");
+        console.error('Creating new StreamableHTTP transport for initialize request');
 
         const transport = new StreamableHTTPServerTransport({
           sessionIdGenerator: () => uuid(),
@@ -111,16 +112,10 @@ class MCPStreamableHttpServer {
       }
 
       // Invalid request (no session ID and not initialize)
-      return c.json(
+      return c.json(this.createErrorResponse('Bad Request: invalid session ID or method.'), 400);
-        this.createErrorResponse("Bad Request: invalid session ID or method."),
-        400
-      );
     } catch (error) {
       console.error('Error handling MCP request:', error);
-      return c.json(
+      return c.json(this.createErrorResponse('Internal server error.'), 500);
-        this.createErrorResponse("Internal server error."),
-        500
-      );
     }
   }
 
@@ -148,7 +143,7 @@ class MCPStreamableHttpServer {
     };
 
     if (Array.isArray(body)) {
-      return body.some(request => isInitial(request));
+      return body.some((request) => isInitial(request));
     }
 
     return isInitial(body);
@@ -178,8 +173,8 @@ export async function setupStreamableHttpServer(server: Server, port = 3000) {
   });
 
   // Main MCP endpoint supporting both GET and POST
-  app.get("/mcp", (c) => mcpHandler.handleGetRequest(c));
+  app.get('/mcp', (c) => mcpHandler.handleGetRequest(c));
-  app.post("/mcp", (c) => mcpHandler.handlePostRequest(c));
+  app.post('/mcp', (c) => mcpHandler.handlePostRequest(c));
 
   // Static files for the web client (if any)
   app.get('/*', async (c) => {
@@ -209,17 +204,31 @@ export async function setupStreamableHttpServer(server: Server, port = 3000) {
           let contentType = 'text/plain';
 
           switch (ext) {
-            case '.html': contentType = 'text/html'; break;
+            case '.html':
-            case '.css': contentType = 'text/css'; break;
+              contentType = 'text/html';
-            case '.js': contentType = 'text/javascript'; break;
+              break;
-            case '.json': contentType = 'application/json'; break;
+            case '.css':
-            case '.png': contentType = 'image/png'; break;
+              contentType = 'text/css';
-            case '.jpg': contentType = 'image/jpeg'; break;
+              break;
-            case '.svg': contentType = 'image/svg+xml'; break;
+            case '.js':
+              contentType = 'text/javascript';
+              break;
+            case '.json':
+              contentType = 'application/json';
+              break;
+            case '.png':
+              contentType = 'image/png';
+              break;
+            case '.jpg':
+              contentType = 'image/jpeg';
+              break;
+            case '.svg':
+              contentType = 'image/svg+xml';
+              break;
           }
 
           return new Response(content, {
-            headers: { 'Content-Type': contentType }
+            headers: { 'Content-Type': contentType },
           });
         }
       } catch (err) {
@@ -235,14 +244,17 @@ export async function setupStreamableHttpServer(server: Server, port = 3000) {
   });
 
   // Start the server
-  serve({
+  serve(
+    {
       fetch: app.fetch,
-    port
+      port,
-  }, (info) => {
+    },
+    (info) => {
       console.error(`MCP StreamableHTTP Server running at http://localhost:${info.port}`);
       console.error(`- MCP Endpoint: http://localhost:${info.port}/mcp`);
       console.error(`- Health Check: http://localhost:${info.port}/health`);
-  });
+    }
+  );
 
   return app;
 }

examples/pet-store-streamable-http/tsconfig.json

@@ -17,12 +17,6 @@
     "sourceMap": true,
     "forceConsistentCasingInFileNames": true
   },
-  "include": [
+  "include": ["src/**/*"],
-    "src/**/*"
+  "exclude": ["node_modules", "build", "**/*.test.ts"]
-  ],
-  "exclude": [
-    "node_modules",
-    "build",
-    "**/*.test.ts"
-  ]
 }

examples/petstore-mcp/tsconfig.json

@@ -17,11 +17,6 @@
     "sourceMap": true,
     "forceConsistentCasingInFileNames": true
   },
-  "include": [
+  "include": ["src/**/*"],
-    "src/**/*"
+  "exclude": ["node_modules", "build"]
-  ],
-  "exclude": [
-    "node_modules",
-    "build"
-  ]
 }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "openapi-mcp-generator",
-    "version": "3.1.2",
+  "version": "3.2.0",
   "description": "Generates MCP server code from OpenAPI specifications",
   "license": "MIT",
   "author": "Harsha",
@@ -11,17 +11,21 @@
   "bin": {
     "openapi-mcp-generator": "./bin/openapi-mcp-generator.js"
   },
+  "main": "dist/index.js",
   "files": [
     "dist",
     "bin",
     "README.md",
     "LICENSE"
   ],
+  "types": "./dist/index.d.ts",
   "scripts": {
     "start": "node dist/index.js",
     "clean": "rimraf dist",
+    "format.check": "prettier --check .",
+    "format.write": "prettier --write .",
     "typecheck": "tsc --noEmit",
-        "build": "tsc && chmod 755 dist/index.js && chmod 755 bin/openapi-mcp-generator.js",
+    "build": "tsc && chmod 755 dist/index.js bin/openapi-mcp-generator.js",
     "version:patch": "npm version patch",
     "version:minor": "npm version minor",
     "version:major": "npm version major"
@@ -49,16 +53,16 @@
     "openapi-types": "^12.1.3"
   },
   "devDependencies": {
-        "@types/node": "^22.15.2",
+    "@types/node": "^22.17.2",
-        "@typescript-eslint/eslint-plugin": "^8.31.0",
+    "@typescript-eslint/eslint-plugin": "^8.39.1",
-        "@typescript-eslint/parser": "^8.31.0",
+    "@typescript-eslint/parser": "^8.39.1",
-        "eslint": "^9.25.1",
+    "eslint": "^9.33.0",
-        "prettier": "^3.5.3",
+    "prettier": "^3.6.2",
     "rimraf": "^6.0.1",
-        "typescript": "^5.8.3"
+    "typescript": "^5.9.2"
   },
   "peerDependencies": {
-        "@modelcontextprotocol/sdk": "^1.10.0",
+    "@modelcontextprotocol/sdk": "^1.10.2",
     "json-schema-to-zod": "^2.6.1",
     "zod": "^3.24.3"
   }

src/api.ts

@@ -24,6 +24,13 @@ export interface GetToolsOptions {
 
   /** Optional filter function to exclude tools based on custom criteria */
   filterFn?: (tool: McpToolDefinition) => boolean;
+
+  /** Default behavior for x-mcp filtering (default: true = include by default) */
+  defaultInclude?: boolean;
+}
+
+function isOpenApiDocument(spec: string | OpenAPIV3.Document): spec is OpenAPIV3.Document {
+  return typeof spec === 'object' && spec !== null && 'openapi' in spec;
 }
 
 /**
@@ -34,17 +41,19 @@ export interface GetToolsOptions {
  * @returns Promise that resolves to an array of tool definitions
  */
 export async function getToolsFromOpenApi(
-  specPathOrUrl: string,
+  specPathOrUrl: string | OpenAPIV3.Document,
   options: GetToolsOptions = {}
 ): Promise<McpToolDefinition[]> {
   try {
     // Parse the OpenAPI spec
-    const api = options.dereference 
+    const api = isOpenApiDocument(specPathOrUrl)
-      ? (await SwaggerParser.dereference(specPathOrUrl)) as OpenAPIV3.Document
+      ? specPathOrUrl
-      : (await SwaggerParser.parse(specPathOrUrl)) as OpenAPIV3.Document;
+      : options.dereference
+        ? ((await SwaggerParser.dereference(specPathOrUrl)) as OpenAPIV3.Document)
+        : ((await SwaggerParser.parse(specPathOrUrl)) as OpenAPIV3.Document);
 
     // Extract tools from the API
-    const allTools = extractToolsFromApi(api);
+    const allTools = extractToolsFromApi(api, options.defaultInclude ?? true);
 
     // Add base URL to each tool
     const baseUrl = determineBaseUrl(api, options.baseUrl);
@@ -55,7 +64,7 @@ export async function getToolsFromOpenApi(
     // Filter by excluded operation IDs if provided
     if (options.excludeOperationIds && options.excludeOperationIds.length > 0) {
       const excludeSet = new Set(options.excludeOperationIds);
-      filteredTools = filteredTools.filter(tool => !excludeSet.has(tool.operationId));
+      filteredTools = filteredTools.filter((tool) => !excludeSet.has(tool.operationId));
     }
 
     // Apply custom filter function if provided
@@ -64,14 +73,15 @@ export async function getToolsFromOpenApi(
     }
 
     // Return the filtered tools with base URL added
-    return filteredTools.map(tool => ({
+    return filteredTools.map((tool) => ({
       ...tool,
       baseUrl: baseUrl || '',
     }));
   } catch (error) {
     // Provide more context for the error
     if (error instanceof Error) {
-      throw new Error(`Failed to extract tools from OpenAPI: ${error.message}`);
+      // Preserve original stack/context
+      throw new Error(`Failed to extract tools from OpenAPI: ${error.message}`, { cause: error });
     }
     throw error;
   }

src/generator/server-code.ts

@@ -25,7 +25,7 @@ export function generateMcpServerCode(
   serverVersion: string
 ): string {
   // Extract tools from API
-  const tools = extractToolsFromApi(api);
+  const tools = extractToolsFromApi(api, options.defaultInclude ?? true);
 
   // Determine base URL
   const determinedBaseUrl = determineBaseUrl(api, options.baseUrl);

src/generator/streamable-http.ts

@@ -1,4 +1,3 @@
-
 /**
  * Generator for StreamableHTTP server code for the MCP server using Hono
  */

src/index.ts

@@ -30,6 +30,8 @@ import {
 
 // Import types
 import { CliOptions, TransportType } from './types/index.js';
+import { normalizeBoolean } from './utils/helpers.js';
+import pkg from '../package.json' with { type: 'json' };
 
 // Export programmatic API
 export { getToolsFromOpenApi, McpToolDefinition, GetToolsOptions } from './api.js';
@@ -71,11 +73,23 @@ program
     'Port for web or streamable-http transport (default: 3000)',
     (val) => parseInt(val, 10)
   )
+  .option(
+    '--default-include <boolean>',
+    'Default behavior for x-mcp filtering (true|false, case-insensitive). Default: true (include by default), false = exclude by default',
+    (val) => {
+      const parsed = normalizeBoolean(val);
+      if (typeof parsed === 'boolean') return parsed;
+      console.warn(
+        `Invalid value for --default-include: "${val}". Expected true/false (case-insensitive). Using default: true.`
+      );
+      return true;
+    },
+    true
+  )
   .option('--force', 'Overwrite existing files without prompting')
-  .version('3.1.2') // Match package.json version
+  .version(pkg.version) // Match package.json version
-  .action(options => {
+  .action((options) => {
-    runGenerator(options)
+    runGenerator(options).catch((error) => {
-      .catch((error) => {
       console.error('Unhandled error:', error);
       process.exit(1);
     });

src/parser/extract-tools.ts

@@ -5,6 +5,7 @@ import { OpenAPIV3 } from 'openapi-types';
 import type { JSONSchema7, JSONSchema7TypeName } from 'json-schema';
 import { generateOperationId } from '../utils/code-gen.js';
 import { McpToolDefinition } from '../types/index.js';
+import { shouldIncludeOperationForMcp } from '../utils/helpers.js';
 
 /**
  * Extracts tool definitions from an OpenAPI document
@@ -12,7 +13,10 @@ import { McpToolDefinition } from '../types/index.js';
  * @param api OpenAPI document
  * @returns Array of MCP tool definitions
  */
-export function extractToolsFromApi(api: OpenAPIV3.Document): McpToolDefinition[] {
+export function extractToolsFromApi(
+  api: OpenAPIV3.Document,
+  defaultInclude: boolean = true
+): McpToolDefinition[] {
   const tools: McpToolDefinition[] = [];
   const usedNames = new Set<string>();
   const globalSecurity = api.security || [];
@@ -26,15 +30,43 @@ export function extractToolsFromApi(api: OpenAPIV3.Document): McpToolDefinition[
       const operation = pathItem[method];
       if (!operation) continue;
 
+      // Apply x-mcp filtering, precedence: operation > path > root
+      try {
+        if (
+          !shouldIncludeOperationForMcp(
+            api,
+            pathItem as OpenAPIV3.PathItemObject,
+            operation,
+            defaultInclude
+          )
+        ) {
+          continue;
+        }
+      } catch (error) {
+        const loc = operation.operationId || `${method} ${path}`;
+        const extVal =
+          (operation as any)['x-mcp'] ?? (pathItem as any)['x-mcp'] ?? (api as any)['x-mcp'];
+        let extPreview: string;
+        try {
+          extPreview = JSON.stringify(extVal);
+        } catch {
+          extPreview = String(extVal);
+        }
+        console.warn(
+          `Error evaluating x-mcp extension for operation ${loc} (x-mcp=${extPreview}):`,
+          error
+        );
+        if (!defaultInclude) {
+          continue;
+        }
+      }
+
       // Generate a unique name for the tool
       let baseName = operation.operationId || generateOperationId(method, path);
       if (!baseName) continue;
 
       // Sanitize the name to be MCP-compatible (only a-z, 0-9, _, -)
-      baseName = baseName
+      baseName = baseName.replace(/\./g, '_').replace(/[^a-z0-9_-]/gi, '_');
-        .replace(/\./g, '_')
-        .replace(/[^a-z0-9_-]/gi, '_')
-        .toLowerCase();
 
       let finalToolName = baseName;
       let counter = 1;
@@ -174,7 +206,9 @@ export function mapOpenApiSchemaToJsonSchema(
 
   // Detect cycles
   if (seen.has(schema)) {
-    console.warn(`Cycle detected in schema${schema.title ? ` "${schema.title}"` : ''}, returning generic object to break recursion.`);
+    console.warn(
+      `Cycle detected in schema${schema.title ? ` "${schema.title}"` : ''}, returning generic object to break recursion.`
+    );
     return { type: 'object' };
   }
   seen.add(schema);
@@ -212,7 +246,10 @@ export function mapOpenApiSchemaToJsonSchema(
 
       for (const [key, propSchema] of Object.entries(jsonSchema.properties)) {
         if (typeof propSchema === 'object' && propSchema !== null) {
-          mappedProps[key] = mapOpenApiSchemaToJsonSchema(propSchema as OpenAPIV3.SchemaObject, seen);
+          mappedProps[key] = mapOpenApiSchemaToJsonSchema(
+            propSchema as OpenAPIV3.SchemaObject,
+            seen
+          );
         } else if (typeof propSchema === 'boolean') {
           mappedProps[key] = propSchema;
         }

src/types/index.ts

@@ -29,6 +29,12 @@ export interface CliOptions {
   transport?: TransportType;
   /** Server port (for web and streamable-http transports) */
   port?: number;
+  /**
+   * Default behavior for x-mcp filtering.
+   * true (default) = include by default when x-mcp is missing or invalid;
+   * false = exclude by default unless x-mcp explicitly enables.
+   */
+  defaultInclude?: boolean;
 }
 
 /**

src/utils/helpers.ts

@@ -1,6 +1,7 @@
 /**
  * General helper utilities for OpenAPI to MCP generator
  */
+import { OpenAPIV3 } from 'openapi-types';
 
 /**
  * Safely stringify a JSON object with proper error handling
@@ -110,3 +111,63 @@ export function formatComment(str: string, maxLineLength: number = 80): string {
 
   return lines.join('\n * ');
 }
+
+/**
+ * Normalize a value to boolean if it looks like a boolean; otherwise undefined.
+ */
+export function normalizeBoolean(value: unknown): boolean | undefined {
+  if (typeof value === 'boolean') return value;
+  if (typeof value === 'string') {
+    const normalized = value.trim().toLowerCase();
+    if (['true', '1', 'yes', 'on'].includes(normalized)) return true;
+    if (['false', '0', 'no', 'off'].includes(normalized)) return false;
+    return undefined;
+  }
+  return undefined;
+}
+
+/**
+ * Determine if an operation should be included in MCP generation based on x-mcp.
+ * Precedence: operation > path > root; uses provided default when all undefined.
+ */
+export function shouldIncludeOperationForMcp(
+  api: OpenAPIV3.Document,
+  pathItem: OpenAPIV3.PathItemObject,
+  operation: OpenAPIV3.OperationObject,
+  defaultInclude: boolean = true
+): boolean {
+  const opRaw = (operation as any)['x-mcp'];
+  const opVal = normalizeBoolean(opRaw);
+  if (typeof opVal !== 'undefined') return opVal;
+  if (typeof opRaw !== 'undefined') {
+    console.warn(
+      `Invalid x-mcp value on operation '${operation.operationId ?? '[no operationId]'}':`,
+      opRaw,
+      `-> expected boolean or 'true'/'false'. Falling back to path/root/default.`
+    );
+  }
+
+  const pathRaw = (pathItem as any)['x-mcp'];
+  const pathVal = normalizeBoolean(pathRaw);
+  if (typeof pathVal !== 'undefined') return pathVal;
+  if (typeof pathRaw !== 'undefined') {
+    console.warn(
+      `Invalid x-mcp value on path item:`,
+      pathRaw,
+      `-> expected boolean or 'true'/'false'. Falling back to root/default.`
+    );
+  }
+
+  const rootRaw = (api as any)['x-mcp'];
+  const rootVal = normalizeBoolean(rootRaw);
+  if (typeof rootVal !== 'undefined') return rootVal;
+  if (typeof rootRaw !== 'undefined') {
+    console.warn(
+      `Invalid x-mcp value at API root:`,
+      rootRaw,
+      `-> expected boolean or 'true'/'false'. Falling back to defaultInclude=${defaultInclude}.`
+    );
+  }
+
+  return defaultInclude;
+}