tanzu-mcp-server
Provides a Model Context Protocol (MCP) server that exposes Cloud Foundry operations as 38/associated tools (apps, orgs/spaces, services, routes, network policies, cloning, and target/validation). Intended to be deployed on Cloud Foundry and accessed by an MCP client via the streamable HTTP transport.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
README indicates HTTPS usage and environment-variable-based credentials (and warns against committing manifests). Auth is via Cloud Foundry UAA/roles, but the MCP server layer’s authorization boundaries and tool-level permissioning are not documented. TLS appears intended for endpoints, but the server’s transport security and header-level controls are not detailed. Dependency hygiene/CVE posture cannot be confirmed from provided content.
⚡ Reliability
Best When
When you want an AI agent to call constrained, named Cloud Foundry operations (including operational validation) from an MCP client, and you can manage CF credentials/roles safely.
Avoid When
When you cannot restrict who/what can access the MCP server or cannot enforce network/authZ controls for destructive actions (delete/unbind/deleteOrphanedRoutes, etc.).
Use Cases
- • Automate Cloud Foundry administration tasks from an MCP-capable AI agent (e.g., list apps, inspect details, scale/start/stop/restart, push/delete apps).
- • Create and manage CF resources via agent workflows (e.g., spaces, service instances, route mappings, network policies).
- • Perform safer operational automation with a “tool” interface rather than free-form CF CLI commands.
- • Validate CF connection/credentials at startup to fail fast before tools are used.
Not For
- • Running without valid CF credentials/connection settings.
- • Workloads requiring a public, internet-facing API without compensating controls (the toolset includes destructive operations).
- • Environments that cannot use HTTP Streamable MCP transports or do not support Spring AI MCP server bootstrapping.
Interface
Authentication
README indicates UAA integration and “CF role-based access control,” but does not specify MCP-server-specific auth (e.g., no per-user API keys at the MCP layer). Authentication complexity depends on CF/UAA setup plus Spring AI MCP server configuration.
Pricing
No pricing information provided.
Agent Metadata
Known Gotchas
- ⚠ Destructive tools exist (delete apps, delete spaces/service instances/routes, unbind/bind, cleanup orphaned routes). An agent should implement an allowlist/guardrails and confirmations.
- ⚠ No explicit rate-limit documentation is provided; agents may need their own pacing/backoff.
- ⚠ Idempotency and retry safety are not documented per tool; retries could cause repeated side effects for non-idempotent operations.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for tanzu-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.