{"id":"0pens0-tanzu-mcp-server","name":"tanzu-mcp-server","homepage":null,"repo_url":"https://github.com/0pens0/tanzu-mcp-server","category":"infrastructure","subcategories":[],"tags":["mcp","cloud-foundry","platform-automation","spring-boot","spring-ai","devtools","infrastructure","operations"],"what_it_does":"Provides a Model Context Protocol (MCP) server that exposes Cloud Foundry operations as 38/associated tools (apps, orgs/spaces, services, routes, network policies, cloning, and target/validation). Intended to be deployed on Cloud Foundry and accessed by an MCP client via the streamable HTTP transport.","use_cases":["Automate Cloud Foundry administration tasks from an MCP-capable AI agent (e.g., list apps, inspect details, scale/start/stop/restart, push/delete apps).","Create and manage CF resources via agent workflows (e.g., spaces, service instances, route mappings, network policies).","Perform safer operational automation with a “tool” interface rather than free-form CF CLI commands.","Validate CF connection/credentials at startup to fail fast before tools are used."],"not_for":["Running without valid CF credentials/connection settings.","Workloads requiring a public, internet-facing API without compensating controls (the toolset includes destructive operations).","Environments that cannot use HTTP Streamable MCP transports or do not support Spring AI MCP server bootstrapping."],"best_when":"When you want an AI agent to call constrained, named Cloud Foundry operations (including operational validation) from an MCP client, and you can manage CF credentials/roles safely.","avoid_when":"When you cannot restrict who/what can access the MCP server or cannot enforce network/authZ controls for destructive actions (delete/unbind/deleteOrphanedRoutes, etc.).","alternatives":["Use Cloud Foundry CLI or direct CF REST API with a custom application gateway/broker and strict allowlists.","Adopt another prebuilt MCP server for platform operations (if available) that provides clearer authz boundaries for destructive actions.","Build a small REST/GraphQL gateway in front of CF APIs with policy checks, then expose that gateway to an MCP client."],"af_score":56.5,"security_score":57.2,"reliability_score":36.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T19:50:23.041158+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"https://tanzu-mcp-server.apps.tp.penso.io/mcp (example shown as deployed URL without confirming exact path; README indicates /mcp in client config)","has_sdk":true,"sdk_languages":["Java"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Cloud Foundry UAA integration (password grant described via UAA token handling/PasswordGrantTokenProvider)"],"oauth":false,"scopes":false,"notes":"README indicates UAA integration and “CF role-based access control,” but does not specify MCP-server-specific auth (e.g., no per-user API keys at the MCP layer). Authentication complexity depends on CF/UAA setup plus Spring AI MCP server configuration."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information provided."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":56.5,"security_score":57.2,"reliability_score":36.2,"mcp_server_quality":78.0,"documentation_accuracy":70.0,"error_message_quality":null,"error_message_notes":"README claims “fails fast with clear error messages” for invalid config and mentions better validation/parameter processing and improved error handling, but does not show concrete error payload examples or codes.","auth_complexity":55.0,"rate_limit_clarity":10.0,"tls_enforcement":90.0,"auth_strength":55.0,"scope_granularity":35.0,"dependency_hygiene":30.0,"secret_handling":70.0,"security_notes":"README indicates HTTPS usage and environment-variable-based credentials (and warns against committing manifests). Auth is via Cloud Foundry UAA/roles, but the MCP server layer’s authorization boundaries and tool-level permissioning are not documented. TLS appears intended for endpoints, but the server’s transport security and header-level controls are not detailed. Dependency hygiene/CVE posture cannot be confirmed from provided content.","uptime_documented":20.0,"version_stability":40.0,"breaking_changes_history":20.0,"error_recovery":65.0,"idempotency_support":"false","idempotency_notes":"README lists many mutating operations (push, delete, create/bind/unbind, scale) but does not document which are idempotent or how retries interact with side effects.","pagination_style":"none","retry_guidance_documented":true,"known_agent_gotchas":["Destructive tools exist (delete apps, delete spaces/service instances/routes, unbind/bind, cleanup orphaned routes). An agent should implement an allowlist/guardrails and confirmations.","No explicit rate-limit documentation is provided; agents may need their own pacing/backoff.","Idempotency and retry safety are not documented per tool; retries could cause repeated side effects for non-idempotent operations."]}}