IIT Roorkee Academics MCP
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@IIT Roorkee Academics MCPCheck my current semester fee status"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
IIT Roorkee Academics MCP
A local, role-aware Model Context Protocol server for the official IIT Roorkee Academics/AIS portal at https://academics.iitr.ac.in.
The server was built from a production-bundle audit rather than a short student-only menu scrape. Its checked-in catalog contains:
577 backend operations across 23 API domains
192 dashboard screens across student, faculty, advisor, DAPC, AAO, DoSW, department, HOD, library, and shared roles
Login, email/SMS OTP, in-memory session setup, forgot-password, reset-token verification, and password-reset support
Explicit fee, profile, semester-record, gradesheet, and transcript helpers
A safe generic caller covering every recovered endpoint, including operations added to the portal later
Catalog, route, coverage, and session resources plus reusable workflow prompts
Portal authorization is not bypassed. The signed-in IITR account can only use the roles and operations allowed by the portal backend.
Install and build
Requirements: Node.js 20 or newer.
npm install
npm run buildThe stdio server entry point is:
node /absolute/path/to/iitr-academics-mcp/dist/index.jsFor Codex CLI, register that command:
codex mcp add iitr-academics -- node /absolute/path/to/iitr-academics-mcp/dist/index.jsThe server is also compatible with MCP hosts that accept a stdio command. Use node as the command and the absolute dist/index.js path as its argument.
Related MCP server: Nettskjema MCP Server
Authentication
The safest setup is to inject an existing portal session through the launch environment:
export IITR_AIS_USERNAME='your-enrollment-or-employee-id'
export IITR_AIS_ACCESS_TOKEN='your-current-AIS-AccessToken'
node dist/index.jsDo not commit these values or place them in a shared MCP configuration. They are intentionally absent from this repository.
Alternatively, call ais_auth_login, then ais_auth_verify_otp when the portal requires the 5-digit email/SMS OTP. The password and OTP are used only for their individual requests; the resulting token is held only in process memory.
Use ais_auth_status to check the session. It returns authentication source and token-expiry metadata, but never returns the token or decoded account claims.
MCP surface
Tool | Purpose |
| Show redacted session status |
| Set username and AccessToken in memory |
| Login with username/password |
| Finish email/SMS OTP login |
| Request the login OTP by SMS with confirmation |
| Clear the in-memory session |
| Send reset email, behind a feature flag and confirmation |
| Verify a reset token |
| Complete reset, behind a feature flag and confirmation |
| Change the authenticated account password using the portal cipher |
| Encrypt/decrypt AES, DES, TripleDES, or Rabbit portal payloads |
| Search endpoints/screens by query, domain, role, or risk |
| Inspect one endpoint or route |
| Return a shareable dashboard screen URL |
| Return the academic services linked by AIS |
| Invoke any cataloged or API-relative operation |
| Execute up to 20 non-mutating operations |
| Multipart upload with confirmation, path boundary, and size limit |
| Read and decrypt student profile data |
| Read current-semester fee status |
| Read and decrypt fee details and total |
| Read and decrypt semester history |
| Prepare the portal request and decrypt gradesheet data |
| Read and decrypt the authenticated student's transcript |
Resources:
iitr://catalog/endpointsiitr://catalog/routesiitr://catalog/coverageiitr://session/statusiitr://catalog/external-portals
Prompts:
ais-safe-operationais-fee-workflow
Calling an operation safely
Call
ais_list_featureswith a focused query.Inspect the selected operation with
ais_get_feature.For a read, call
ais_callwith the required query or JSON body.For a mutation, review the exact endpoint and payload, obtain user confirmation, then set
confirmWrite: true.
AIS often uses POST even for reads. The catalog records methods observed in the production client and separately classifies whether an operation mutates state. Seven unused environment constants have an explicit assumed-post method-evidence marker instead of being presented as observed calls.
Example read:
{
"identifier": "DIRECT_FEE_BASE_URL_GETSTUDENTCURRENTSEMFEES",
"body": {
"EnrollmentNo": "YOUR_ENROLLMENT",
"StSession": "2026-27",
"Semester": "Autumn"
}
}Example route lookup:
{
"route": "student-acad-fees-page"
}Security controls
Requests are restricted to the configured Academics API origin and
/api/prefix by default.Authentication follows the portal client exactly:
usernameplusauthorization: Bearer <AccessToken>.Passwords, OTPs, tokens, cookies, authorization headers, and JWT-looking strings are recursively redacted from tool output.
Token storage is memory-only.
Mutating and uncataloged non-GET calls require
confirmWrite: true.Password mutation tools are disabled unless
IITR_AIS_ENABLE_PASSWORD_TOOLS=1.Response size and timeout limits are enforced.
Multipart files must stay under
IITR_AIS_UPLOAD_ROOTand the total size limit.Multipart symlinks are resolved before the upload-root check.
Authenticated requests and uploads reject redirects so credentials and files cannot be forwarded to another origin.
Custom headers are allowlisted; callers cannot replace authorization or cookie headers.
See SECURITY.md for the trust model and configuration controls.
Configuration
Copy .env.example only as a reference; this project does not automatically read .env files.
Variable | Default | Meaning |
| unset | Enrollment/employee/portal username |
| unset | Existing AIS AccessToken |
| official | API base |
| official portal URL | Dashboard URL base |
|
| Request timeout |
|
| Maximum response size |
| process working directory | Only local tree allowed for multipart files |
|
| Maximum total bytes per multipart call |
|
| Permit calls outside the official API boundary |
|
| Enable password-reset mutations |
|
| Write startup diagnostics to stderr |
Verification
npm run typecheck
npm test
npm run build
npm auditThe completion audit asserts that every recovered endpoint resolves through ais_call, every recovered screen resolves through ais_get_portal_route, all URLs remain under the official API origin, method evidence is explicit (observed or assumed-post), and all catalog identifiers are unique.
For the domain-by-domain breakdown, see COVERAGE.md.
Scope and portal changes
The catalog is a snapshot of the production Angular client audited on 10 July 2026. ais_call accepts a safe API-relative path as an escape hatch for new backend operations before the catalog is refreshed. The production portal remains the source of truth for accepted payload fields and account permissions.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/goyalayus/iitr-academics-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server