sapmcp
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| SAP_LANG | No | SAP logon language. | ES |
| SAP_PASS | No | SAP RFC password. | |
| SAP_USER | No | SAP RFC user. | |
| SAP_GROUP | No | SAP logon group. | |
| SAP_SYSNR | No | SAP system number (e.g., 00). | |
| SAP_ASHOST | No | SAP application server hostname. | |
| SAP_CLIENT | No | SAP client number. | |
| SAP_MSHOST | No | SAP message server hostname. | |
| SAP_R3NAME | No | SAP system ID (e.g., S4D). | |
| SAP_SNC_LIB | No | Path to SNC library. | |
| SAP_SNC_QOP | No | SNC quality of protection. | |
| SAP_SNC_MODE | No | SNC mode (0 or 1). | |
| SAP_SAPROUTER | No | SAProuter string (optional). | |
| SAP_SNC_MYNAME | No | SNC client name. | |
| SAPMCP_MAX_ROWS | No | Maximum rows for RFC_READ_TABLE. | 200 |
| SAPMCP_READ_ONLY | No | Enable read-only mode. | true |
| SAP_NWRFC_LIB_DIR | No | Path to the SAP NetWeaver RFC SDK library directory. | |
| SAPMCP_ALLOWED_RFC | No | Comma-separated allowed RFCs. | |
| SAPMCP_RFC_TIMEOUT | No | RFC call timeout in seconds. | 60 |
| SAPMCP_USE_KEYRING | No | Use keyring for passwords. | false |
| SAPMCP_DESTINATIONS | No | Comma-separated list of named destinations. | |
| SAP_SNC_PARTNERNAME | No | SNC partner name. | |
| SAPMCP_ALLOW_DANGEROUS | No | Allow dangerous RFCs. | false |
| SAPMCP_DEFAULT_DESTINATION | No | Default destination name. |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| sap_config_statusB | Show SAP MCP runtime configuration without exposing secrets. |
| sap_safety_checkB | Classify whether an RFC function is known read-only, dangerous, or allowlisted. |
| sap_resources_invalidateA | Invalidate the in-memory MCP resources cache, optionally by key prefix. |
| sap_search_rfcC | Search RFC function modules in TFDIR by prefix using the same cache as sap://catalog/rfc. |
| sap_audit_tailA | Return the last N JSON audit records from today's audit log. |
| sap_catalog_searchA | Search RFCs or tables in the offline snapshot without touching SAP. |
| sap_pingC | Open a SAP RFC connection and call RFC_PING. |
| sap_rfc_callB | Call any RFC-enabled function module with explicit parameters and expected outputs. The host LLM should first inspect/choose a function, then call this tool. Safety policy is enforced by environment variables, especially SAPMCP_READ_ONLY and SAPMCP_ALLOWED_RFC. |
| sap_describe_rfcA | Try to describe a function module interface using RFC_GET_FUNCTION_INTERFACE. Requires the RFC user to be authorized for RFC_GET_FUNCTION_INTERFACE. If unavailable, ask BASIS to allow it or provide the function interface manually. |
| sap_read_tableA | Read a SAP transparent table/view via RFC_READ_TABLE with a row limit.
|
| sap_prompt_protocolA | Return an execution protocol for a human SAP prompt. The MCP server does not contain its own LLM. The host LLM should use this protocol plus the RFC tools to translate human intent into safe SAP actions. |
| sap_get_short_dumpsC | Return ABAP short dumps via RFC_GET_SHORT_DUMP_LIST or SNAP fallback. |
| sap_get_syslogB | Read SAP syslog using RSLG_READ_SYSLOG, falling back to BAPI_SYSLOG_READ. |
| sap_get_locksC | Read SAP enqueue locks via ENQUEUE_READ. |
| sap_get_workprocessesC | Read SAP work processes via TH_WPINFO, aggregating TH_SERVER_LIST when server is omitted. |
| sap_get_update_requestsC | Read update requests via BAPI_UPDREQUEST_GETLIST. |
| sap_get_rfc_queueB | Read pending/error tRFC or qRFC queue entries from standard queue tables. |
| sap_get_jobsA | Read SAP background jobs via BAPI_XBP_JOB_SELECT, with TBTCO fallback. In strict allowlist mode the fallback is intentional: if BAPI_XBP_JOB_SELECT is not allowed but RFC_READ_TABLE is allowed, sapmcp reads TBTCO instead of failing before the fallback path. If neither RFC is allowed, the original policy error is preserved. |
| sap_get_user_auditC | Combine standard BAPIs and USR02 reads for a read-only user audit. |
| sap_health_checkC | Run a SAP Basis health check dashboard with configurable thresholds. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| basis_triage_sistema | Playbook conservador para validar conexión, mandantes e información básica del sistema SAP. |
| inspeccionar_pedido_venta | Playbook read-only para consultar cabecera, posiciones, entregas y estado de un pedido SD. |
| seguimiento_idoc | Playbook read-only para leer un IDoc y su histórico de estados EDIDS. |
| revisar_jobs_largos | Playbook read-only para seleccionar y ordenar jobs largos vía BAPI_XBP_JOB_SELECT. |
| informe_sociedad | Playbook read-only para conteo BKPF por BLART y top proveedores/clientes. |
| pre_change_check | Checklist humano obligatorio antes de cualquier llamada confirm_dangerous=true. |
| health_check_response | Guía para convertir el JSON de sap_health_check en un resumen operativo en español. |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
| SAP system info | Cached STFC_CONNECTION ping plus sanitized SAP connection info. |
| SAP safety policy | Cached read-only/dangerous RFC patterns and active allowlist. |
| SAP configured destinations | Configured logical SAP destinations with sanitized parameters. |
| SAP offline catalog snapshot | Serves the local gzip JSON snapshot from ~/.sapmcp if present. |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/eduardoddddddd/sapmcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server