zopen-mcp-server

A Go-based Model Context Protocol (MCP) server that exposes a set of `zopen` command-line operations (list/query/install/remove/upgrade/info/version) as MCP tools. It supports stdio-based local execution (run tools on the same machine) and an optional remote mode that uses SSH to run `zopen` against a target z/OS system.

Evaluated Apr 04, 2026 (17d ago)
Repo ↗ Infrastructure mcp zopen zos ssh cli-integration automation go
⚙ Agent Friendliness
42
/ 100
Can an agent use this?
🔒 Security
34
/ 100
Is it safe for agents?
⚡ Reliability
14
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
62
Documentation
70
Error Messages
0
Auth Simplicity
60
Rate Limits
5

🔒 Security

TLS Enforcement
20
Auth Strength
45
Scope Granularity
20
Dep. Hygiene
30
Secret Handling
50

Security model emphasizes isolation via stdio (no network port) for local mode and uses SSH for remote execution, inheriting the SSH user’s permissions. However, the README does not describe authentication/authorization for MCP access (stdio path), least-privilege guidance, host key verification settings, audit logging, or secret-handling practices for the provided SSH key.

⚡ Reliability

Uptime/SLA
0
Version Stability
20
Breaking Changes
20
Error Recovery
15
AF Security Reliability

Best When

You have an MCP-capable client and want AI/agent tooling to drive zopen package management on local or authorized remote z/OS systems.

Avoid When

You need an HTTP API (REST/GraphQL/gRPC), automated idempotent retries with explicit guidance, or documented rate-limit semantics for programmatic clients.

Use Cases

  • Integrate `zopen` package management capabilities into any MCP-compatible AI agent or tool runner
  • Automate z/OS zopen community package listing, querying, installation, removal, upgrades, and metadata lookup from an MCP client
  • Provide a controlled interface to zopen operations in local stdio deployments or via SSH to remote z/OS hosts

Not For

  • Public-facing network services (it is designed for stdio/MCP or outbound SSH, not as an internet-exposed API)
  • Unattended operations without appropriate SSH credentials and permission scoping
  • Use cases requiring REST/HTTP/Webhooks integration or fine-grained API authorization models

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: stdio/MCP (no auth described for local stdio) SSH key authentication for remote execution (flag `--key`)
OAuth: No Scopes: No

No explicit user/session auth is described for the MCP/stdio path; remote mode relies on the SSH user/key provided at launch.

Pricing

Free tier: No
Requires CC: No

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • Remote mode executes `zopen` as the permissions of the configured SSH user; the agent may unintentionally install/upgrade/remove packages if prompts are not constrained.
  • No pagination/rate-limit guidance is provided in the README; agents should avoid assuming stable pagination or throttling semantics.
  • The README lists available tools but does not document tool input/output schemas, required parameters, or structured error codes, so robust automation may require inspecting the MCP server/tool definitions at runtime.

Alternatives

Direct use of the `zopen` CLI A custom wrapper around `zopen` exposed via REST/gRPC with your own auth/rate limiting Any existing MCP server that already provides similar z/OS package management capabilities

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for zopen-mcp-server.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-04-04.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered