mcp-redmine
mcp-redmine is an MCP server that connects an AI client (e.g., Claude Desktop) to a Redmine instance, exposing tools to browse/search Redmine projects and issues, create/update issues, manage time entries, and upload/download attachment files, using Redmine’s OpenAPI coverage and httpx for HTTP requests.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security strengths: attachment access is gated by REDMINE_ALLOWED_DIRECTORIES with an explicit path traversal protection note (resolves ../ before validation) and uploads/downloads are disabled if not set. TLS: there is an option to disable certificate verification (REDMINE_DANGEROUSLY_ACCEPT_INVALID_CERTS), which reduces security if misused—default is disabled. Auth: API key usage is supported, but there is no documented fine-grained scope/permission model in the MCP server itself. Rate limiting, logging behavior, and secret-redaction guarantees are not described.
⚡ Reliability
Best When
You want an agent to operate Redmine workflows end-to-end (read/update) from a controlled environment with an allowlisted filesystem for attachment operations.
Avoid When
You cannot set REDMINE_ALLOWED_DIRECTORIES for any attachment upload/download or you plan to run with REDMINE_DANGEROUSLY_ACCEPT_INVALID_CERTS enabled.
Use Cases
- • AI-assisted triage of Redmine issues (search/filter by status/priority/assignee)
- • Creating and updating Redmine issues from natural language
- • Logging time entries and updating related issue fields
- • Uploading and downloading Redmine attachments with path allowlisting
- • Interactive exploration of Redmine API endpoints via MCP path listing/introspection
Not For
- • Publicly exposing the MCP server without network controls
- • Environments where you cannot safely handle an API key (no secure secret management)
- • Use cases requiring strict enterprise compliance guarantees not documented by the project
Interface
Authentication
Uses a Redmine API key provided via environment variable. The tool likely sends it with each request; no OAuth flow or fine-grained token scopes are described in the README.
Pricing
No pricing information; appears to be a self-hosted open-source MCP server.
Agent Metadata
Known Gotchas
- ⚠ File operations are disabled unless REDMINE_ALLOWED_DIRECTORIES is set.
- ⚠ Path safety relies on allowed directories; ensure save_path/file_path are within the allowlist to avoid failures.
- ⚠ When using Docker, REDMINE_REQUEST_INSTRUCTIONS must reference a path inside the container, not the host path.
- ⚠ Responses can be YAML or JSON depending on REDMINE_RESPONSE_FORMAT; agents should parse accordingly.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp-redmine.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.