[TT-16963] Add MCP swagger information

[lghiur]

Description

Related Issue

Motivation and Context

How This Has Been Tested

Screenshots (if appropriate)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Refactoring or add test (improvements in base code or adds test coverage to functionality)

Checklist

• I ensured that the documentation is up to date
• I explained why this PR updates go.mod in detail with reasoning why it's required
• I would like a code coverage CI quality gate exception and have explained why

[github-actions]

Swagger Changes

  
  
    
    
     _        __  __
    /tyk/mcps/{apiID}:
    /tyk/mcps:
   _| |_   _ / _|/ _|  between swagger-prev.yml
  + one list entry added:
  + two map entries added:
 / _' | | | | |_| |_       and swagger-current.yml
 \__,_|\__, |_| |_|   returned two differences
paths
tags
| (_| | |_| |  _|  _|

[probelabs]

This PR introduces OpenAPI documentation for the new MCP (Model Context Protocol) Proxies API. By adding the specification to swagger.yml, it makes the API for managing MCP configurations discoverable and provides a clear contract for its endpoints, including paths, request/response schemas, and descriptions.

Files Changed Analysis

• swagger.yml: Modified (+172 additions, 0 deletions)
  • The sole change is the addition of 172 lines to the gateway's main Swagger definition file.
  • A new tag, MCP Proxies, is introduced to group the new endpoints.
  • The change defines the full CRUD (Create, Read, Update, Delete) API specification for the /tyk/mcps and /tyk/mcps/{apiID} endpoints.

Architecture & Impact Assessment

• What this PR accomplishes
  This PR officially documents the RESTful API for managing MCP Proxies on a Tyk Gateway. By adding these definitions to swagger.yml, the API becomes part of the formal specification, enabling auto-generated documentation, client libraries, and easier integration for developers and administrators.

• Key technical changes introduced

  • New API Tag: Adds an MCP Proxies tag to group related endpoints.
  • New API Paths: Defines two new paths:
    • /tyk/mcps: For listing all MCP proxies (GET) and creating new ones (POST).
    • /tyk/mcps/{apiID}: For retrieving (GET), updating (PUT), and deleting (DELETE) a specific MCP proxy by its ID.
  • Schema Definitions: Specifies that MCP Proxies are defined as Tyk OAS documents that include an x-tyk-api-gateway vendor extension for MCP-specific configuration.

• Affected system components

  • Tyk Gateway Management API: This is the primary component affected. The change exposes new management capabilities through the existing API.
  • API Consumers: Developers, administrators, and automation tools that interact with the Tyk Gateway API will now have a formal specification for managing MCP Proxies.
  • The underlying MCP functionality is not changed; only the API that manages it is now documented.

• API Flow Diagram

  sequenceDiagram
      participant Client as Admin/CI/CD
      participant Gateway as Tyk Gateway API
  
      Client->>+Gateway: POST /tyk/mcps (Create MCP Proxy)
      Gateway-->>-Client: 200 OK (key)
  
      Client->>+Gateway: GET /tyk/mcps/{apiID} (Read MCP Proxy)
      Gateway-->>-Client: 200 OK (OAS Definition)
  
      Client->>+Gateway: PUT /tyk/mcps/{apiID} (Update MCP Proxy)
      Gateway-->>-Client: 200 OK (key)
  
      Client->>+Gateway: DELETE /tyk/mcps/{apiID} (Delete MCP Proxy)
      Gateway-->>-Client: 200 OK (key)
  
      Client->>+Gateway: POST /tyk/reload (Apply Changes)
      Gateway-->>-Client: 200 OK
  

  Loading

Scope Discovery & Context Expansion

This PR only modifies the API documentation, but it implies the existence of a corresponding implementation within the gateway. The documentation change itself has minimal risk, but a reviewer should confirm that it accurately reflects the behavior of the underlying code.

To understand the full scope, a reviewer should investigate the following areas in the codebase:

• API Handlers: Search for the implementation of the new operationId values (listMCPs, createMCP, getMCP, updateMCP, deleteMCP) to find the Go code that handles these API requests and verify its logic matches the documentation.
• MCP Schema Validation: The documentation states that payloads are validated against an MCP JSON schema. It would be important to locate this schema and the validation logic to understand the configuration constraints.
• Configuration Storage: Investigate how and where the MCP Proxy definitions are stored and loaded by the gateway after being submitted via the new API endpoints.

{
  "text": "This PR introduces OpenAPI documentation for the new MCP (Model Context Protocol) Proxies API. By adding the specification to `swagger.yml`, it makes the API for managing MCP configurations discoverable and provides a clear contract for its endpoints, including paths, request/response schemas, and descriptions.

## Files Changed Analysis
- **`swagger.yml`**: Modified (+172 additions, 0 deletions)
  - The sole change is the addition of 172 lines to the gateway's main Swagger definition file.
  - A new tag, `MCP Proxies`, is introduced to group the new endpoints.
  - The change defines the full CRUD (Create, Read, Update, Delete) API specification for the `/tyk/mcps` and `/tyk/mcps/{apiID}` endpoints.

## Architecture & Impact Assessment
- **What this PR accomplishes**
  This PR officially documents the RESTful API for managing MCP Proxies on a Tyk Gateway. By adding these definitions to `swagger.yml`, the API becomes part of the formal specification, enabling auto-generated documentation, client libraries, and easier integration for developers and administrators.

- **Key technical changes introduced**
  - **New API Tag**: Adds an `MCP Proxies` tag to group related endpoints.
  - **New API Paths**: Defines two new paths:
    - `/tyk/mcps`: For listing all MCP proxies (`GET`) and creating new ones (`POST`).
    - `/tyk/mcps/{apiID}`: For retrieving (`GET`), updating (`PUT`), and deleting (`DELETE`) a specific MCP proxy by its ID.
  - **Schema Definitions**: Specifies that MCP Proxies are defined as Tyk OAS documents that include an `x-tyk-api-gateway` vendor extension for MCP-specific configuration.

- **Affected system components**
  - **Tyk Gateway Management API**: This is the primary component affected. The change exposes new management capabilities through the existing API.
  - **API Consumers**: Developers, administrators, and automation tools that interact with the Tyk Gateway API will now have a formal specification for managing MCP Proxies.
  - The underlying MCP functionality is not changed; only the API that manages it is now documented.

- **API Flow Diagram**
  ```mermaid
  sequenceDiagram
      participant Client as Admin/CI/CD
      participant Gateway as Tyk Gateway API

      Client->>+Gateway: POST /tyk/mcps (Create MCP Proxy)
      Gateway-->>-Client: 200 OK (key)

      Client->>+Gateway: GET /tyk/mcps/{apiID} (Read MCP Proxy)
      Gateway-->>-Client: 200 OK (OAS Definition)

      Client->>+Gateway: PUT /tyk/mcps/{apiID} (Update MCP Proxy)
      Gateway-->>-Client: 200 OK (key)

      Client->>+Gateway: DELETE /tyk/mcps/{apiID} (Delete MCP Proxy)
      Gateway-->>-Client: 200 OK (key)

      Client->>+Gateway: POST /tyk/reload (Apply Changes)
      Gateway-->>-Client: 200 OK

Scope Discovery & Context Expansion

This PR only modifies the API documentation, but it implies the existence of a corresponding implementation within the gateway. The documentation change itself has minimal risk, but a reviewer should confirm that it accurately reflects the behavior of the underlying code.

To understand the full scope, a reviewer should investigate the following areas in the codebase:

• API Handlers: Search for the implementation of the new operationId values (listMCPs, createMCP, getMCP, updateMCP, deleteMCP) to find the Go code that handles these API requests and verify its logic matches the documentation.
• MCP Schema Validation: The documentation states that payloads are validated against an MCP JSON schema. It would be important to locate this schema and the validation logic to understand the configuration constraints.
• Configuration Storage: Investigate how and where the MCP Proxy definitions are stored and loaded by the gateway after being submitted via the new API endpoints.",
  "tags": {
  "review-effort": 1,
  "label": "documentation"
  }
  }

<!-- visor:section-end id="overview" -->

<!-- visor:thread-end key="TykTechnologies/tyk#8001@3c6efeb" -->

---

*Powered by [Visor](https://probelabs.com/visor) from [Probelabs](https://probelabs.com)*

*Last updated: 2026-04-15T15:32:32.349Z | Triggered by: pr_updated | Commit: 3c6efeb*

💡 **TIP:** You can chat with Visor using `/visor ask <your question>`
<!-- /visor-comment-id:visor-thread-overview-TykTechnologies/tyk#8001 -->

[probelabs]

Performance Issues (1)

Severity	Location	Issue
🟡 Warning	swagger.yml:1568-1585	The `GET /tyk/mcps` endpoint is designed to list all MCP Proxy definitions without pagination. If the number of MCP proxies becomes large, this endpoint could return a very large response payload, leading to high memory consumption on the server during serialization and increased network latency for the client. 💡 Suggestion Consider adding pagination support to the `GET /tyk/mcps` endpoint. Common approaches include using query parameters like `limit` and `offset`, or a cursor-based system, to allow consumers of the API to retrieve the list in smaller, more manageable chunks.

\n\n \n\n

Performance Issues (1)

Severity	Location	Issue
🟡 Warning	swagger.yml:1568-1585	The `GET /tyk/mcps` endpoint is designed to list all MCP Proxy definitions without pagination. If the number of MCP proxies becomes large, this endpoint could return a very large response payload, leading to high memory consumption on the server during serialization and increased network latency for the client. 💡 Suggestion Consider adding pagination support to the `GET /tyk/mcps` endpoint. Common approaches include using query parameters like `limit` and `offset`, or a cursor-based system, to allow consumers of the API to retrieve the list in smaller, more manageable chunks.

\n\n

---

Powered by Visor from Probelabs

Last updated: 2026-04-15T15:32:12.478Z | Triggered by: pr_updated | Commit: 3c6efeb

💡 TIP: You can chat with Visor using /visor ask <your question>

[github-actions]

API Changes

no api changes detected

[github-actions]

🚨 Jira Linter Failed

Commit: 3c6efeb
Failed at: 2026-04-15 15:31:10 UTC

The Jira linter failed to validate your PR. Please check the error details below:

🔍 Click to view error details

failed to get Jira issue: failed to fetch Jira issue TT-16963: Issue does not exist or you do not have permission to see it.: request failed. Please analyze the request body for more details. Status code: 404

Next Steps

• Ensure your branch name contains a valid Jira ticket ID (e.g., ABC-123)
• Verify your PR title matches the branch's Jira ticket ID
• Check that the Jira ticket exists and is accessible

---

This comment will be automatically deleted once the linter passes.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud