AI-Generated

A small CLI tool that lints OpenAPI specs and tells you whether they would make a clean MCP server. Worth shipping?

MCPoliceman 3000

ACTUALLY NOT BAD
5/10
You're basically building a TSA scanner for APIs, except the APIs actually have to follow rules.

A CLI linter that ingests an OpenAPI spec and scores/flags it for MCP server compatibility — checking tool naming conventions, parameter types, auth patterns, response schemas, and operationId quality.

The MCP spec is new enough that nobody has built the definitive linter yet, but established enough that developers are actively trying to wrap existing APIs. There's a real 'last mile' pain point between 'I have a REST API' and 'I have a working MCP server' and right now people are solving it manually. This is a small, shippable tool with a clear upgrade path to a SaaS dashboard.

whycantwehaveanagentforthis.com
Try Your Own ProblemSteal this idea →

Viability Analysis

Market Demand62
Tech Feasibility88
Competition35
Monetization42
AI Disruption Risk78
Fun Factor82

Pros & Cons

What's going for it

MCP tooling ecosystem is genuinely immature — first good linter owns the mindshare for years
Tiny, shippable scope: a CLI with 20 opinionated rules is a complete v1 you can ship in a weekend
Clear upgrade path: free CLI → paid VS Code extension → SaaS dashboard with team rules
Developer tools have insane word-of-mouth velocity on HN and Twitter — one good post and you have 500 GitHub stars
You can build on top of Spectral's ruleset engine and not reinvent the AST parsing wheel

What's against it

Speakeasy or Redocly will add MCP linting as a checkbox feature the moment it trends on HN — your moat evaporates fast
MCP spec is still evolving — your rules will break every time Anthropic ships a spec update
CLI tools are notoriously hard to monetize — 'just write a Spectral ruleset' is a valid free alternative
The addressable market is 'developers wrapping APIs as MCP servers' which is currently a few thousand people globally
Anthropic could ship an official validator in their SDK and nuke your entire value prop with a PR

Who You're Up Against

Spectral (Stoplight)saas

The gold standard OpenAPI linter with custom ruleset support — has no MCP rules out of the box

high
Redocly CLIsaas

OpenAPI linting and bundling with plugin system — no MCP awareness but extensible

medium
vacuumsaas

Blazing fast OpenAPI linter written in Go, Spectral-compatible rules — again, zero MCP

medium
openapi-generator MCP templatessaas

The community is actively hacking MCP server templates into openapi-generator — adjacent threat

medium
Speakeasysaas

SDK generation from OpenAPI with quality scoring — they will absolutely add MCP output soon

high

Open Source Alternatives

stoplightio/spectralopen source

The linting engine you should probably build on top of rather than reinventing — write MCP rulesets for it

high
modelcontextprotocol/typescript-sdkopen source

Anthropic's official MCP SDK — the spec source of truth your linting rules should be derived from

low
APIDevTools/swagger-parseropen source

Battle-tested OpenAPI parsing library — saves you weeks of spec edge-case handling

low

When Will Big AI Kill This?

Most Likely Killer

Anthropic

Timeline: 12-18 months

Now3mo6mo1yr2yrNever

How They'll Do It

They ship an official `mcp validate` subcommand in the TypeScript SDK that runs spec compliance checks, operationId validation, and schema compatibility — rendered free, official, and zero-install

Your Survival Strategy

Go beyond spec compliance into opinionated UX quality scoring — rate whether tool descriptions are LLM-friendly, flag parameter names that confuse models, suggest better tool decomposition. That's judgment Anthropic won't automate.

Confidence

68%

If You're Crazy Enough to Build It

Solo Dev Time

1 focused weekend for v1 CLI, 2-3 weeks for something you'd actually be proud to post on HN

Team Size

One developer who has personally rage-quit trying to wrap a bad API as an MCP server

Estimated Cost

$0 in infra for a CLI tool, maybe $50/month if you add a web playground

Tech Stack

TypeScriptSpectral Core (@stoplight/spectral-core)zodcommander.jsvitest
How this was generated
16%UPHILL

Production-readiness odds

Real readiness gaps. Build a thin first, harden second; budget runway for both.

ANCHORED TO OUR OWN READINESS RUBRIC — NO EXTERNAL STAT CITED

🛡 Safety considerations

What these mean →

Heuristic, not exhaustive. Surfaces the 3 biggest categories an operator should think about for this idea. Hover any chip for the mitigation pointer.

⚖ Governance checklist

5 controls apply

Things to have in place before you ship. Pairs with the OWASP-style risk chips above — that catalog answers “what could go wrong?”, this one answers “what should you have ready?”

  • Audit trail of every tool call

    critical

    Persist a structured per-call log of inputs, outputs, and decisions for at least the legal retention window. Without this, post-incident review is impossible.

  • Secrets management

    high

    Tokens and API keys live in a vault, not in env vars on a CI runner. Rotate on a documented schedule, not "when something happens."

  • Eval coverage on every release

    high

    A frozen eval suite that runs on every model / prompt change. "It worked when I demoed it" is not a release gate.

  • Per-user / per-tenant rate limits

    medium

    Agent loops are pathologically expensive when wrong. Cap tokens-per-session, tool-calls-per-session, and dollars-per-day before launch.

  • Pin model versions; track the changelog

    medium

    A silent provider-side model upgrade can shift behavior overnight. Pin to a versioned model ID; subscribe to the provider changelog.

OUR INTERNAL TWELVE-CONTROL SYNTHESIS — STANDARD SOC 2 / ISO 27001 / GDPR FAMILIES APPLIED TO LLM AGENTS

Agent-Readiness Score

Worth building, but plan for the long-tail. MCPoliceman 3000 needs runway, not just speed.

62BAND C
  • Memory22/25

    Stateless or single-session — minimal memory layer.

  • Tools11/25

    Crowded market: at least 8 integrations to compete.

  • Policy11/25

    Mid-size policy surface — define refusal categories before launch.

  • Evals18/25

    Established eval pattern — golden datasets and public benchmarks already exist.

↓ Download policy YAMLOpen in Managed Agents →Clone in Cursor

DETERMINISTIC SCORE — DERIVED FROM EXISTING ANALYSIS, NO SECOND LLM CALL

🛠 Build this with Claude Code

Skip the boilerplate. Start from a working spec.

We've packaged this idea into a CLAUDE.md + scaffold.sh starter — the problem statement, agent-readiness sub-scores, suggested tools, and smoke evals, all deterministic and ready to drop into a fresh repo. Open it in Claude Code, or copy the markdown into any IDE.

↓ Download CLAUDE.mdOpen in Claude Code →

Don't have Claude Code yet? View the bootstrap preview · grab the JSON bundle · or embed the readiness badge.

🛠 Steal this idea

Going to build MCPoliceman 3000? Claim it.

Post a public 2-paragraph plan. Add the repo URL when you ship. No rights granted; no permission required — credit goes to whoever ships first. See all claims at /steal-this-idea.

0/1200

Want to actually build this?

Work with me to ship it.

Survived the verdict? Good. Let's build the damn thing.

Book a 30-min call
Report this content

Got another problem that needs an agent?

Roast My Problem

whycantwehaveanagentforthis.com