SpecShield MCP Server
The SpecShield MCP Server acts as an API-change deploy gate, letting you analyze API specification changes to determine if they are safe to ship before they reach consumers. All tools are read-only, accept specs as inline content or file paths, and support OpenAPI and Pact formats.
is_change_safe: The primary tool — returns asafeToMergeverdict, risk level, blocking reasons, and recommended action to determine if an API change will break existing consumers.explain_breaking_changes: Details what breaks and why, including developer/consumer impact and suggested migration steps.generate_migration_guide: Produces a markdown migration guide with safe rollout steps, optionally tailored to a specific language (Java, Node, Python, Go, cURL, or generic).generate_release_notes: Creates markdown release notes grouped by breaking changes, additions, and other changes, customized for developer, customer, or internal audiences.compare_specs: Performs a raw diff between two specs, listing breaking changes, additions, modifications, and warnings along with a risk score and compatibility summary.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@SpecShield MCP ServerIs it safe to deploy this API change?"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
SpecShield MCP Server
The API-change deploy gate for AI coding agents. Ask "is it safe to ship this API change to my consumers?" right inside Claude, Cursor, and other MCP clients — and catch breaking changes before they reach your consumers.
It's a thin adapter over the SpecShield backend. Every tool is read-only / analyze-only — it never modifies your code.
Why not just diff specs? Plenty of tools (including free ones) list breaking changes. SpecShield's job is the decision: can I deploy this? — the deploy gate is the hero tool here.
⚙️ In CI/CD instead of an agent? The
specshieldCLI runs the same breaking-change andcan-i-deploychecks in your pipeline (GitHub Action, exit codes). Same job, two entry points: this server for AI agents, the CLI for CI/CD.
Tools
# | Tool | What it answers |
1 |
| Is this change safe to merge/deploy? Will it break consumers? ( |
2 |
| What breaks, developer & consumer impact, suggested migration |
3 |
| Migration guide (markdown) + safe rollout steps |
4 |
| Release notes for developer / customer / internal |
5 |
| The raw diff (breaking / additions / modifications / warnings) + risk score |
Each tool accepts specs inline (baseSpecContent / targetSpecContent) or by path
(baseSpecPath / targetSpecPath).
run_governance_review is planned — it ships once the backend governance endpoint
lands.
Full setup, verification & troubleshooting: docs/mcp-server-setup.md.
Related MCP server: Janus MCP
Install
Requires Node.js ≥ 20 and a SpecShield API key (from specshield.io/account).
npx -y specshield-mcp-serverClaude Desktop
claude_desktop_config.json:
{
"mcpServers": {
"specshield": {
"command": "npx",
"args": ["-y", "specshield-mcp-server"],
"env": { "SPECSHIELD_API_KEY": "ss_your_key_here" }
}
}
}Claude Code
claude mcp add specshield --env SPECSHIELD_API_KEY=ss_your_key_here -- npx -y specshield-mcp-serverCursor
~/.cursor/mcp.json (or the project .cursor/mcp.json):
{
"mcpServers": {
"specshield": {
"command": "npx",
"args": ["-y", "specshield-mcp-server"],
"env": { "SPECSHIELD_API_KEY": "ss_your_key_here" }
}
}
}Configuration
Env var | Required | Default | Purpose |
| yes | — | Your SpecShield API key. Store it as a secret; never commit it. |
| no |
| Backend base URL (override for self-hosted/staging). |
| no |
| Per-request timeout. |
| no |
|
|
Example prompts (lead with the deploy gate)
*"Here are my old and new
openapi.yaml— is it safe to ship this API change to my consumers?"*"Compare
v1.yamlandv2.yamland tell me if I can deploy, and why not.""Explain the breaking changes between these two specs and how consumers should migrate."
"Generate customer-facing release notes for this API change."
Security & privacy
API key required. Sent only as the
X-Api-Keyheader to your configured backend.Read-only / analyze-only. No mutation tools, no shell execution, no arbitrary file access (a spec file is read only when you explicitly pass a path).
No secret or spec logging. The server never logs spec content, API keys, or request bodies; error messages are redacted and machine-readable.
Specs are sent to your configured SpecShield backend for analysis.
Local development
npm install
npm run build # tsc → dist/
npm test # vitest (no network)
npm run lint
npm run smoke # boots the server against a stubbed backend and lists tools
npm start # run the built server over stdioLicense
MIT © SpecShield Software Private Limited
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/specshield26/specshield-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server