local-llm-client-for-sap-consultants-librechat
Verified Safeby marianfoo
Overview
This is a Middleman Control Plane (MCP) server for SAP consultants, designed to integrate various SAP-related functionalities (e.g., SAP Notes, ABAP ADT, S4/HANA OData) as conversational agents or tools within the LibreChat platform, including authentication via OpenID Connect and managing permissions.
Installation
sh -c "\n echo '🚀 SAP Notes MCP Server - Self-Contained Setup' &&\n \n if ! command -v git >/dev/null 2>&1 || ! command -v node >/dev/null 2>&1 || ! command -v curl >/dev/null 2>&1; then\n echo '📦 Installing git, curl, and build dependencies...' &&\n apt-get update && apt-get install -y git build-essential curl\n else\n echo '✅ System dependencies already installed'\n fi &&\n \n echo '📂 Creating mcp-servers directory...' &&\n mkdir -p /app/mcp-servers && cd /app/mcp-servers &&\n \n if [ ! -d 'mcp-sap-notes' ]; then\n echo '🔄 Cloning mcp-sap-notes repository...' &&\n git clone --depth 1 https://github.com/marianfoo/mcp-sap-notes\n else\n echo '✅ Repository already cloned'\n fi &&\n \n cd mcp-sap-notes &&\n \n if [ ! -d 'node_modules' ] || [ ! -f 'node_modules/.package-lock.json' ]; then\n echo '📦 Installing npm dependencies...' &&\n npm install --no-audit --no-fund\n else\n echo '✅ NPM dependencies already installed'\n fi &&\n \n if [ ! -d 'dist' ] || [ ! -f 'dist/index.js' ]; then\n echo '🔧 Building TypeScript to JavaScript...' &&\n npm run build\n else\n echo '✅ TypeScript build already completed'\n fi &&\n \n if [ ! -f '/ms-playwright/chromium-1181/chrome-linux/chrome' ]; then\n echo '🎠Installing Playwright chromium...' &&\n npx playwright install chromium\n else\n echo '✅ Playwright chromium already installed'\n fi &&\n \n echo '✅ Setup complete! Starting SAP Notes MCP Server...' &&\n HTTP_PORT=3123 AUTO_START=true npm run serve:http:debug\n "Environment Variables
- PFX_PATH
- PFX_PASSPHRASE
- ACCESS_TOKEN
- SAP_URL
- SAP_USERNAME
- SAP_PASSWORD
- SAP_CLIENT
- SAP_LANGUAGE
- SAP_DESTINATION_NAME
- destinations
- DISABLE_READ_ENTITY_TOOL
- ODATA_ALLOW_ALL
- ODATA_SERVICE_PATTERNS
- ODATA_EXCLUSION_PATTERNS
- OPENID_CLIENT_ID
- OPENID_CLIENT_SECRET
- OPENID_ISSUER
- MONGO_URI
- MEILI_HOST
- MEILI_MASTER_KEY
- RAG_API_URL
- JWT_SECRET
- JWT_REFRESH_SECRET
- MAILGUN_API_KEY
- MAILGUN_DOMAIN
- EMAIL_FROM
- OPENAI_API_KEY
- AZURE_OPENAI_API_KEY
- GOOGLE_API_KEY
Security Notes
The server employs robust security measures including JWT-based authentication, OpenID Connect for federated logins, comprehensive middleware for input validation, moderation, rate limiting, and access control (ACLs based on roles and resource types). Sensitive configurations like PFX passphrases and API keys are expected to be environment variables, not hardcoded. Image handling, including avatars and content, includes validation and JWT-protected access paths to prevent traversal. The overall architecture demonstrates a strong focus on secure practices for an open-source project. Potential risks typically stem from misconfiguration or reliance on external dependencies (e.g., Playwright container setup, external OAuth providers), rather than inherent code vulnerabilities.
Similar Servers
mcp-server
A Model Context Protocol (MCP) server designed to assist AI models in the development of SAP Cloud Application Programming Model (CAP) applications by providing tools for model analysis and documentation search.
cap-mcp-plugin
Integrate SAP CAP services with the Model Context Protocol (MCP) to expose them as AI-accessible resources, tools, and prompts for natural language interaction and automation.
cpi-mcp-server
The MCP server provides AI-powered applications with access to integration packages and artifacts within an SAP Cloud Integration tenant.
sap-datasphere-mcp
AI-powered data exploration, integration, and management for SAP Datasphere environments, enabling natural language interaction for data discovery, metadata exploration, analytics, ETL, and database user management.