abap-mcp-adt
This MCP server enables AI assistants and code editors to interact with SAP ABAP systems via the ABAP Developer Toolkit (ADT) API, providing comprehensive CRUD operations, runtime diagnostics, code analysis, and system management.
ABAP Object CRUD (30+ types): Read, create, update, and delete classes, interfaces, programs, includes, tables, structures, CDS views, domains, data elements, function groups/modules, packages, service definitions/bindings, behavior definitions/implementations, metadata extensions, screens, GUI statuses, and more.
Transport Management: List, create, and retrieve transport requests and their tasks/objects.
Unit Testing: Create and run ABAP Unit tests and CDS Unit tests; retrieve status and results.
Runtime Diagnostics & Profiling: Analyze runtime dumps, create/manage profiler traces, run classes with profiling, list system messages, and browse ADT feeds.
Data Querying: Preview table contents (SE16-style) and execute SQL SELECT queries, with an optional server-side blocklist to prevent extraction of sensitive data (PII, credentials, payroll, etc.).
Code Analysis: Parse ABAP source into ASTs, perform semantic analysis, resolve system symbols, and find where-used references.
Object Discovery: Search ABAP objects by name/type/package, retrieve object trees, list inactive objects, and explore enhancements.
Environment Support: ABAP Cloud (BTP), On-Premise (S/4HANA), and Legacy (ECC/BASIS < 7.50).
Flexible Integration: Multiple transport protocols (stdio, HTTP, SSE), authentication methods (Basic Auth, JWT/XSUAA, Service Key), stateful sessions for lock/unlock workflows, and embeddable into existing MCP servers.
In total, ~287 MCP tools are organized into read-only, high-level, low-level, compact, system, and search handler groups.
Enables AI assistants and code editors to interact with SAP systems via ABAP Developer Toolkit (ADT) APIs, supporting ABAP Cloud (BTP), On-Premise, and Legacy SAP environments for reading, creating, updating, and deleting ABAP objects such as classes, interfaces, CDS views, tables, RAP elements, and more.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@abap-mcp-adtshow me the contents of table MARA"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP ABAP ADT ( For sc4sap application )
π Language / θ¨θͺ: English Β· ζ₯ζ¬θͺ
Acknowledgments
This project was originally inspired by mario-andreschak/mcp-abap-adt and fr0ster/mcp-abap-adt. We started with the core concept and evolved it into an independent project with our own architecture and features. Huge thanks to the original authors and all contributors whose work made this possible.
Model Context Protocol (MCP) server for SAP ABAP development β enables AI assistants and code editors to interact with SAP systems via ABAP Developer Toolkit (ADT) APIs.
Read, create, update, and delete ABAP objects directly from Claude Code, Cline, Cursor, Windsurf, or any MCP-compatible client. Supports ABAP Cloud (BTP), On-Premise, and Legacy SAP systems.
Related MCP server: ABAP-ADT-API MCP-Server
Table of Contents
Features
287 MCP Tools for comprehensive SAP ABAP development
30+ ABAP object types supported (Classes, Interfaces, CDS Views, Tables, RAP, and more)
Multiple transport protocols: stdio, HTTP (StreamableHTTP), SSE
Flexible authentication: JWT/XSUAA (OAuth2), Basic Auth, Service Key
Multi-environment: ABAP Cloud (BTP), On-Premise, Legacy (BASIS < 7.50)
Runtime diagnostics: Profiling, dump analysis, SQL queries
Handler groups: Read-Only, High-Level, Low-Level, Compact, System, Search
Embeddable: Use as a standalone server or embed handlers into existing MCP servers
Auto-configurator:
@mcp-abap-adt/configuratorfor automated client setupHealth endpoint:
GET /mcp/healthfor HTTP/SSE transportsOptional data-fetch prevention: opt-in server-side blocklist (
SC4SAP_POLICY=on) that blocks row extraction from sensitive tables (PII, credentials, payroll, banking) regardless of caller β see Optional: Data Fetch Prevention
Supported SAP Environments
Environment | Auth Methods | Notes |
ABAP Cloud (BTP) | JWT/XSUAA, Service Key | Full RAP/CDS support |
On-Premise (S/4HANA) | Basic Auth, JWT | Full feature surface β Programs, Classes, CDS, Screens, GUI Statuses |
Legacy (ECC / BASIS < 7.50) | Basic Auth | Classic ABAP only β see matrix below |
Legacy detection (BASIS < 7.50 / pre-S/4HANA) applies when any of:
SAP_SYSTEM_TYPE=legacy(explicit opt-in, back-compat)SAP_VERSION=ECCABAP_RELEASEnumeric < 750 (e.g.,740,731)
Under legacy mode the client routes through AdtClientLegacy, which restricts endpoint probes to those actually present on BASIS 7.4x. Modern DDIC CRUD and RAP/Service endpoints deliberately refuse with a clear "not supported on this SAP system" message instead of a cryptic 404.
Legacy (ECC / BASIS < 7.50) Compatibility Matrix
Verified on ECC 7.40 (SAP_VERSION=ECC, ABAP_RELEASE=740, SAP_SYSTEM_TYPE=onprem).
Category | Tool | ECC 7.40 | Reason |
Session / Discovery |
| β | Basic ADT present on all releases |
Inactive objects |
| β | β |
Package read |
| β | ADT repository informationsystem |
Package metadata |
| β |
|
DDIC read |
| β |
|
DDIC write |
| β | Same endpoint gap β create from SAP GUI (SE11) instead |
CDS view (DDLS) |
| β | DDL endpoint ( |
Classic view (VIEW/DV) |
| β | Classic view endpoint falls in the same DDIC gap as Tables/Structures β use SE11 in SAP GUI |
ABAP source read |
| β |
|
ABAP source write |
| β |
|
AST / Semantic analysis |
| β | Client-side parse, no SAP call |
WhereUsed |
| β οΈ | Classic object types only β |
Enhancements |
| β |
|
Transport |
| β | CTS endpoints present |
Runtime |
| β |
|
Screen / GUI Status |
| βΉοΈ | RFC-dispatched via |
RAP / Behavior |
| β | S/4HANA only β RAP does not exist on ECC |
Service binding |
| β | S/4HANA / ABAP Cloud only |
Metadata extensions |
| β | S/4HANA / ABAP Cloud only |
Table contents |
| βΉοΈ | Works server-side but gated by the per-profile data-extraction policy β see Optional: Data Fetch Prevention |
Legend: β works fully Β· β οΈ works with caveats Β· β refuses with a clear "not supported on this SAP system" error (not a bug β SAP platform limit) Β· βΉοΈ works, but depends on prior setup / policy.
Quick Start
1. Install
npm install -g @mcp-abap-adt/core2. Configure environment
# Create .env file in your working directory
cat > .env << 'EOF'
SAP_URL=https://your-sap-system.com
SAP_CLIENT=100
SAP_AUTH_TYPE=basic
SAP_USERNAME=your_username
SAP_PASSWORD=your_password
EOF3. Run
# stdio (for MCP clients like Claude Code, Cline, Cursor)
mcp-abap-adt
# HTTP server
mcp-abap-adt --transport=http --port 3000
# SSE server
mcp-abap-adt --transport=sse --port 3000Installation
From npm (Recommended)
npm install -g @mcp-abap-adt/coreFrom source
git clone --recurse-submodules https://github.com/babamba2/abap-mcp-adt-powerup.git
cd abap-mcp-adt-powerup
npm install
npm run build
npm startPlatform-specific guides
Claude Code Plugin
This repository is also distributed as a Claude Code plugin via the marketplace.
Install via marketplace
# Add this marketplace (once)
/plugin marketplace add babamba2/abap-mcp-adt-powerup
# Install the plugin
/plugin install abap-mcp-adt-powerupAfter install, configure the SAP connection through environment variables (see Configuration) or use the auto-configurator:
npx @mcp-abap-adt/configuratorManual plugin directory
If you're editing this repo locally, it already resolves as a plugin from:
~/.claude/plugins/marketplaces/abap-mcp-adt-powerupReload Claude Code (/plugin β Reload) to pick up changes.
Configuration
Environment Variables (.env)
# SAP connection
SAP_URL=https://your-abap-system.com
SAP_CLIENT=100
SAP_LANGUAGE=en
# System type: cloud (default), onprem, or legacy
SAP_SYSTEM_TYPE=cloud
# TLS: set to 0 for self-signed certificates (dev only)
TLS_REJECT_UNAUTHORIZED=0
# Authentication
SAP_AUTH_TYPE=xsuaa # 'xsuaa' for JWT, 'basic' for username/password
SAP_JWT_TOKEN=your_jwt_token # For JWT auth
# SAP_USERNAME=your_username # For basic auth
# SAP_PASSWORD=your_password # For basic auth
# On-premise context (required for create/update on on-prem)
# SAP_MASTER_SYSTEM=DEV
# SAP_RESPONSIBLE=your_username
# Timeouts (milliseconds)
SAP_TIMEOUT_DEFAULT=45000 # General operations (default: 45s)
SAP_TIMEOUT_CSRF=15000 # CSRF token requests (default: 15s)
SAP_TIMEOUT_LONG=60000 # Long-running operations (default: 60s)CLI Options
mcp-abap-adt [options]
Options:
--transport=<type> Transport protocol: stdio (default), http, sse
--port <number> Server port for http/sse (default: 3000)
--host <address> Bind address for http/sse (default: localhost)
--env <destination> Destination name for multi-system setups
--env-path <path> Path to .env fileYAML Configuration
Alternative to CLI arguments. See YAML Config Guide.
Authentication
Basic Auth (On-Premise)
SAP_AUTH_TYPE=basic
SAP_USERNAME=developer
SAP_PASSWORD=secret123JWT / XSUAA (Cloud / On-Premise)
SAP_AUTH_TYPE=xsuaa
SAP_JWT_TOKEN=eyJhbGciOiJSUzI1NiIs...Service Key (BTP)
Place your service key JSON file and configure via the configurator (@mcp-abap-adt/configurator).
Header-based Auth (HTTP/SSE transports)
For multi-tenant or proxy setups, pass SAP connection details via HTTP headers (x-sap-*). See Authentication Guide.
Available Tools
The server provides 287 tools organized into handler groups:
Tool Categories
Category | Count | Description |
Read-Only | 52 | Query and retrieve objects without modification |
High-Level | 113 | User-friendly CRUD operations |
Low-Level | 122 | Direct ADT API operations with granular control |
Compact | 22 | Streamlined access to common operations |
System | - | Runtime analysis, profiling, dumps, SQL queries |
Search | - | Object discovery, where-used analysis |
Supported ABAP Object Types
Object Type | Read | Create | Update | Delete |
Classes (CLAS) | O | O | O | O |
Interfaces (INTF) | O | O | O | O |
Programs (PROG) | O | O | O | O |
Includes | O | O | O | O |
Tables (TABL) | O | O | O | O |
Structures | O | O | O | O |
CDS Views (DDLS) | O | O | O | O |
Domains | O | O | O | O |
Data Elements (DTEL) | O | O | O | O |
Function Groups (FUGR) | O | O | O | O |
Function Modules (FUNC) | O | O | O | O |
Packages (DEVC) | O | O | O | O |
Transports | O | O | - | - |
Service Definitions (SRVD) | O | O | O | O |
Service Bindings (SRVB) | O | O | O | O |
Behavior Definitions (BDEF) | O | O | O | O |
Behavior Implementations (BIMP) | O | O | O | O |
Metadata Extensions (DDLX) | O | O | O | O |
Screens (DYNP) | O | O | O | O |
GUI Statuses | O | O | O | O |
Text Elements | O | O | O | O |
Unit Tests | O | O | O | O |
CDS Unit Tests | O | O | O | O |
Enhancements | O | - | - | - |
Runtime & System Tools
Runtime Profiling - Profile class and program execution with trace analysis
Dump Analysis - List and analyze ABAP runtime dumps
SQL Queries - Execute SQL queries via ADT (
GetSqlQuery)Table Contents - Read table data (
GetTableContents)Object Search - Find objects by name, type, package (
SearchObject)Where-Used - Cross-reference analysis (
GetWhereUsed)Type Info - Retrieve type information (
GetTypeInfo)Inactive Objects - List objects pending activation (
GetInactiveObjects)AST / Semantic Analysis - Parse ABAP syntax tree and semantic info
For the complete tool reference, see AVAILABLE_TOOLS.md.
Transport Protocols
stdio (Default)
Standard input/output transport for MCP clients. Used by Claude Code, Cline, Cursor, and other MCP-compatible tools.
mcp-abap-adt
# or explicitly:
mcp-abap-adt --transport=stdioHTTP (StreamableHTTP)
REST API with JSON streaming responses. Ideal for web clients and multi-user deployments.
mcp-abap-adt --transport=http --port 3000 --host 0.0.0.0Health check: GET /mcp/health
SSE (Server-Sent Events)
Long-polling transport with session management.
mcp-abap-adt --transport=sse --port 3000Client Configuration
Claude Code
{
"mcpServers": {
"mcp-abap-adt": {
"command": "npx",
"args": ["-y", "@mcp-abap-adt/core"],
"env": {
"SAP_URL": "https://your-sap-system.com",
"SAP_CLIENT": "100",
"SAP_AUTH_TYPE": "basic",
"SAP_USERNAME": "developer",
"SAP_PASSWORD": "secret"
}
}
}
}Cline / Cursor / VS Code
{
"mcpServers": {
"mcp-abap-adt": {
"command": "npx",
"args": ["-y", "@mcp-abap-adt/core"],
"env": {
"SAP_URL": "https://your-sap-system.com",
"SAP_CLIENT": "100",
"SAP_AUTH_TYPE": "xsuaa",
"SAP_JWT_TOKEN": "eyJhbGciOiJSUzI1NiIs..."
}
}
}
}Auto-Configuration
Use the configurator for automated setup:
npx @mcp-abap-adt/configuratorSee Client Configuration Guide for more examples.
Handler Architecture
The server organizes tools into composable handler groups:
handlers/
βββ behavior_definition/ # BDEF CRUD
βββ behavior_implementation/# BIMP CRUD
βββ class/ # CLAS CRUD
βββ compact/ # Shorthand tools
βββ common/ # Shared handlers
βββ data_element/ # DTEL CRUD
βββ ddlx/ # Metadata Extension CRUD
βββ domain/ # Domain CRUD
βββ enhancement/ # Enhancement read-only
βββ function/ # Function-related
βββ function_group/ # FUGR CRUD
βββ function_module/ # FUNC CRUD
βββ gui_status/ # GUI Status CRUD
βββ include/ # Include CRUD
βββ interface/ # INTF CRUD
βββ metadata_extension/ # DDLX CRUD
βββ package/ # DEVC CRUD
βββ program/ # PROG CRUD
βββ screen/ # Screen/Dynpro CRUD
βββ search/ # Object search & where-used
βββ service_binding/ # SRVB CRUD
βββ service_definition/ # SRVD CRUD
βββ structure/ # Structure CRUD
βββ system/ # Runtime diagnostics
βββ table/ # TABL CRUD
βββ text_element/ # Text Element CRUD
βββ transport/ # Transport management
βββ unit_test/ # Unit test CRUD & run
βββ view/ # CDS View CRUDEach handler category contains subdirectories:
high/- High-level, user-friendly operationslow/- Low-level, direct ADT API operationsreadonly/- Safe read-only queries
Embedding Handlers
For integrating into existing MCP servers (e.g., CAP/CDS applications):
import { HandlerExporter } from '@mcp-abap-adt/core/handlers';
const exporter = new HandlerExporter({
includeReadOnly: true,
includeHighLevel: true,
includeLowLevel: false,
includeSystem: true,
includeSearch: true,
});
exporter.registerOnServer(mcpServer, () => connection);Docker Deployment
Using Docker Compose
# Build and run
npm run docker:build
npm run docker:up
# Or with pre-built package
npm run docker:build:package
npm run docker:up:packageManual Docker Build
cd docker
docker-compose build
docker-compose up -dSee Docker Deployment Guide for full details.
Development
Prerequisites
Node.js >= 20.0.0
npm >= 9.0.0
TypeScript 5.9+
Setup
git clone --recurse-submodules https://github.com/babamba2/abap-mcp-adt-powerup.git
cd abap-mcp-adt-powerup
npm install
npm run buildScripts
Command | Description |
| Lint + compile TypeScript |
| Compile only (skip lint) |
| Build + launch MCP Inspector (stdio) |
| Build + launch HTTP dev server |
| Build + launch SSE dev server |
| Run Biome linter with auto-fix |
| Format code with Biome |
| Run MCP server (stdio) |
| Run MCP server (HTTP) |
| Run MCP server (SSE) |
| Regenerate tool documentation |
Project Structure
mcp-abap-adt/
βββ bin/ # CLI entry points
β βββ mcp-abap-adt.js # Main CLI
β βββ mcp-abap-adt-v2.js # V2 server variant
βββ src/
β βββ handlers/ # 30 handler categories (287 tools)
β βββ lib/
β β βββ auth/ # Auth broker, JWT/XSUAA
β β βββ config/ # Configuration management
β β βββ handlers/ # Handler registry & utilities
β β βββ stores/ # Session/token storage
β β βββ types/ # TypeScript interfaces
β β βββ utils.ts # Core utilities
β βββ server/
β β βββ BaseMcpServer.ts # MCP server extension
β β βββ StdioServer.ts # stdio transport
β β βββ SseServer.ts # SSE transport
β β βββ StreamableHttpServer.ts # HTTP transport
β β βββ launcher.ts # Server startup
β βββ utils/ # Utility modules
βββ docker/ # Docker deployment
βββ docs/ # Documentation
βββ tests/ # Test configuration
βββ tools/ # Dev tools & scripts
βββ package.jsonKey Dependencies
Package | Purpose |
| ADT REST API clients |
| SAP connection management |
| Authentication token management |
| Auth strategy implementations |
| MCP protocol SDK |
| XML parsing for ADT responses |
Testing
Integration Tests
Integration tests run against a real SAP system in two modes:
Soft mode (default): Calls handlers directly, no MCP subprocess
Hard mode: Spawns full MCP server via stdio, calls tools through MCP protocol
Setup
# Create test config from template
npm run test:init
# Edit only the lines marked "# <- CHANGE"
# - environment.env (session .env file)
# - environment.system_type (onprem/cloud/legacy)
# - environment.default_package
# - environment.default_transportRunning Tests
# Unit tests
npm test
# All integration tests (soft mode)
npm run test:integration
# High-level handler tests only
npm run test:high
# Low-level handler tests only
npm run test:low
# Type check test files
npm run test:checkSee Testing Guide for full details.
Troubleshooting
self-signed certificate in certificate chain
Your SAP system uses a self-signed TLS certificate. For development only:
TLS_REJECT_UNAUTHORIZED=0For production, install the SAP CA certificate into the Node.js trust store.
401 Unauthorized / 403 Forbidden
Basic Auth: confirm
SAP_USERNAME/SAP_PASSWORDand that the user has ADT authorization (S_DEVELOP,S_RFC,S_TCODE).JWT/XSUAA: the token may be expired β refresh via the configurator or service key.
Client mismatch: verify
SAP_CLIENTmatches the logon client.
CSRF token validation failed on Update/Create
The session lost its CSRF token. Most handlers refresh automatically; if it persists:
Increase
SAP_TIMEOUT_CSRF(default 15s).Confirm cookies are not being stripped by a proxy.
transport required on On-Premise
Create or update on on-prem systems requires a transport request. Set:
SAP_MASTER_SYSTEM=DEV
SAP_RESPONSIBLE=your_usernameβ¦and pass transport=<TRKORR> to the handler, or use a local package ($TMP).
Claude Code doesn't see the MCP server
Restart Claude Code after editing config.
Check logs:
~/.claude/logs/(stderr from the MCP process).Run
mcp-abap-adtdirectly in a shell β it must start without errors before Claude can connect.
Programs not available on Cloud
Programs (PROG) are on-premise / legacy only. Use Classes or CDS on ABAP Cloud.
FAQ
Q. Does this work with S/4HANA Cloud, public edition? Yes β via ABAP Cloud (BTP) with JWT/XSUAA or a service key. RAP/CDS objects are fully supported; classic objects (Programs, Screens, GUI Statuses) are not available on cloud.
Q. Can I use this without Claude Code?
Yes. Any MCP-compatible client works: Cline, Cursor, Windsurf, VS Code MCP extension, or a custom client built with @modelcontextprotocol/sdk.
Q. How do I limit which tools are exposed?
Use the HandlerExporter to select handler groups when embedding, or set environment flags to disable groups. See Handler Management.
Q. Is it safe to use against a productive SAP system? The server respects SAP authorization β whatever your user cannot do in SE80/ADT, it cannot do here either. Still, we recommend a dedicated development user and running against non-prod first.
Q. How do I run against multiple SAP systems?
Use --env <destination> with per-destination .env files, or the YAML config. For HTTP/SSE deployments, pass x-sap-* headers per request.
Q. Does it support RFC?
Yes, for legacy systems where ADT HTTP APIs are unavailable. Set connection_type: rfc in the test config (or equivalent env) β requires the SAP NW RFC SDK installed locally.
Documentation
Guide | Description |
Platform-specific installation | |
MCP client setup | |
Auth methods & destinations | |
Complete tool reference (287 tools) | |
Command-line reference | |
YAML configuration guide | |
System architecture overview | |
Lock/update/unlock flow | |
Tool & handler structure | |
Container deployment | |
Test setup & execution | |
Enable/disable handler groups |
Optional: Data Fetch Prevention
Row-returning tools (GetTableContents, GetSqlQuery) can expose sensitive business data β PII, credentials, payroll, banking, transactional finance. This server ships with an opt-in server-side blocklist that stops such calls before they ever reach SAP, regardless of the caller (Claude, other LLMs, direct JSON-RPC, external scripts).
The feature is disabled by default β nothing is blocked unless you explicitly turn it on.
Enable
export SC4SAP_POLICY=on # or: strict | standard | minimal | custom
export SC4SAP_POLICY_PROFILE=strict # optional, default when SC4SAP_POLICY=on
export SC4SAP_BLOCKLIST_PATH=/path/to/table_exception.md # optional extra list
export SC4SAP_ALLOW_TABLE=TAB1,TAB2 # session-scoped emergency exemption (logged)Profiles
Profile | Blocks |
| PII + credentials + HR + transactional finance + audit logs + workflow |
| PII + credentials + HR + transactional finance |
| PII + credentials + HR + Tax (business tables allowed) |
| User-supplied list only ( |
Behavior
When a blocked table is accessed, the server responds with isError: true and a categorized reason β no SAP round-trip occurs. Schema/DDIC metadata calls (GetTable, GetStructure, GetView, GetDataElement, GetDomain), existence checks (SearchObject), and aggregate-only GetSqlQuery remain allowed.
Built-in blocklist covers 100+ tables / patterns across Banking (BNKA, KNBK, LFBK, REGUH), Customer/Vendor PII (KNA1, LFA1, BUT000, BUT0ID), Addresses (ADRC, ADR6, ADRP), Authentication (USR02, RFCDES, AGR_1251), HR/Payroll (PA* / HRP* / PCL*), Tax IDs, Protected Business Data (VBAK/BKPF/ACDOCA), Audit logs, and customer Z* PII patterns.
This feature is designed for but not coupled to the sc4sap plugin β any MCP client can benefit from it.
Contributing
We welcome contributions! Please see the development documentation for setup instructions.
Contributors
Paek Seunghyun (@babamba2) - Enhanced features addition
Oleksii Kyslytsia (@fr0ster) - Main maintainer (539+ commits)
mario-andreschak (@mario-andreschak) - Original project maintainer
Henry Mao (@calclavia) - Contributor
Aleksandr Razinkin (@raaleksandr-epam) - Contributor
Frank Fiegel (@punkpeye) - Contributor
License
MIT β Copyright (c) 2026 λ°±μΉν (Paek Seunghyun) & Oleksii Kyslytsia
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/ChinhHN-DEV/abap-mcp-adt'
If you have feedback or need assistance with the MCP directory API, please join our Discord server