MCP Bridge by Appfactor

Connect any API to any AI agent

API

Developer Tools

Artificial Intelligence

Visit WebsiteSee on Product HuntTwitter ⧉LinkedIn ⧉

Finally, a product to help you create a MCP server, fast and reliable. It's about time! If you don't use @MCP Bridge by Appfactor, you're ngmi.

S/O for the launch, ?makers

Auto-generating typed MCP schemas from SOAP and gRPC alongside REST is the hard part others skip. We've spent cycles manually wrapping customer-side APIs with inconsistent auth patterns just to get an agent to call them reliably. How does schema inference hold up for APIs without an OpenAPI spec, or ones where the response shape varies by query?

How does auth work when the target API needs OAuth? that's the part that always kills these tools for me

Using MCP as the standard transport is a smart call. Agents get structured tool definitions without any custom adapter code. We've hit the N+1 connector problem repeatedly building AI agents that need to talk to CRMs and ticketing systems. How do you handle auth token lifecycle when agents discover and invoke new endpoints dynamically?

the security breakdown in the comments is the most honest thing I've read on a PH launch. most tools in this space skip the 'what happens when your agent gets prompt injected' conversation entirely. the 3-level sensitivity guardrails and credential encryption is how this should be built

Congrats on your launch @keith_neilson @ehw_appfactor @knarik !

You provide any way to test the MCP tool definitions created as well?

the auto-generated schema approach is smart. biggest pain point with MCP right now is writing tool definitions by hand for every API you want to connect. curious how it handles APIs with inconsistent response formats across endpoints?

Most "connect any API" tools mean "connect any API that already has an OpenAPI spec and clean auth." What does MCP Bridge actually do when you're dealing with something messier, like a legacy REST endpoint with inconsistent error codes or an API that requires a multi-step auth handshake before you can do anything useful?

Congrats for the launch!

What kind of security risks and bad actors threats do you anticipate with a tool like that? And how should users monitor and prepare for that?

Hi builders!

Keith here, CEO and co-founder of AppFactor. Really excited to ship this one.

The story
We built MCP Bridge for our own need, not an idea.
At AppFactor we've spent years building deterministic tools for an orchestration system of agents that deliver autonomous software maintenance. Infra and software discovery, scanning orchestration, build engines, deployment automation. As we layered our upcoming agentic platform (ForgeCatalyst) on top to harness these tools, we hit the wall every team building production agents eventually hits. Security, governance, cost/token usage, observability...
The AppFactor system requires meaningful validations, in environments where governance, security and controls are paramount when acting on customer code. With large complex API's with many tools, comes the next challenge - context constraints and efficiencies and multiple protocols to support.
The standard fix is to hand-build a dedicated MCP server for every API. This doesn't scale. We know we are not alone with our requirements and given the domain we operate in which is all about software maintenance, legacy transformation and the eternal battle of trying to bridge the past to the future. We recognised that not all systems have clean, well presented OpenAPI spec API's. There are many API protocols, and almost all API's were indeed built before agents and LLM's became an exciting real world proposition. That poses challenges in how these tools are invoked and consumed. So we built MCP Bridge to address all of these challenges.
You know the rest of the story.

What it does
Point it at any REST, GraphQL, SOAP, or gRPC API. It auto-generates fully-typed MCP tools with behavioral annotations and smart response processing. Self-hosted. Open source. Credentials never leave your environment.

What's shipped

• 4 API types, end-to-end

• 6 auth methods (Bearer, Basic, API key, OAuth2, Cognito SRP)

• Human-in-the-loop approval for destructive ops

• Code Mode: 3 meta-tools replace 100+ definitions, ~98% less context

• Analytics: latency, token cost, errors per tool

• Built in Rust (Dioxus + Axum), PostgreSQL, in a container

We're in the comments all day. What APIs would you connect first? And how should we improve?

Happy building!

Keith
→ MCP Bridge: https://mcp-bridge.ai/
→ Docs: https://docs.mcp-bridge.ai/

Thanks @fmerian for hunting us!