dassian-adt
MCP server that connects AI assistants to an SAP system via the ADT API for ABAP development tasks (read/write/activate objects, manage transports, run syntax/ATC checks, query tables, execute ABAP “run”, and handle sessions/health). Provides both stdio (local) and HTTP (team) MCP transports.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
TLS is implied via SAP_URL=https://...:44300, but README also documents NODE_TLS_REJECT_UNAUTHORIZED=0 for self-signed certs (weakens security if used). Authentication is username/password supplied via environment variables; no OAuth and no explicit scope granularity beyond what the SAP user can do. README mentions centralized validation and 'no stack traces', which can reduce accidental leakage, but does not explicitly state logging/PII handling for credentials or full request/response payloads. Dependency hygiene and vulnerability posture cannot be confirmed from provided manifest/README alone.
⚡ Reliability
Best When
Teams want an MCP-compatible, tool-based interface to SAP ABAP development with iterative error correction and session recovery.
Avoid When
You cannot safely store/use SAP credentials for a long-running server, or you need strict audit separation per user without compensating controls.
Use Cases
- • AI-assisted ABAP coding and refactoring (source read/write, activation)
- • Automated transport workflows (create/assign/release/list/inspect contents)
- • Code quality automation (syntax checks, ATC runs)
- • Data lookup for ABAP development (table/CDS reads and freestyle queries)
- • Executing short ABAP runs via temporary class and capturing output
- • Troubleshooting SAP issues (health checks, dump retrieval)
Not For
- • Production deployment of an SAP development backend without proper network hardening and operational controls
- • Unattended automated release/transport operations without human approval gates
- • Use without SAP ADT enablement/appropriate ABAP development authorizations
Interface
Authentication
Auth to SAP is performed using SAP_USER/SAP_PASSWORD provided via .env or MCP server env. No OAuth/SaaS scopes are described; authorization granularity depends on the SAP user used.
Pricing
No pricing information in provided content (open source MIT repo).
Agent Metadata
Known Gotchas
- ⚠ Running/releasing operations can be irreversible; ensure the agent/host requires confirmation steps for transport release.
- ⚠ Using NODE_TLS_REJECT_UNAUTHORIZED=0 disables TLS verification (for self-signed certs) and may create security risk.
- ⚠ Execution via abap_run may leave artifacts if cleanup fails; README mentions prompting when leftover temp classes exist.
- ⚠ HTTP transport mode is multi-client and implies concurrent SAP sessions; ensure isolation/auditing on the MCP server side.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for dassian-adt.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.