Stats
Actions
Tags
From sc4sap
Guides installation and configuration of the abap-mcp-adt-powerup MCP server for SAP ADT connectivity, enabling 150+ ABAP object CRUD and runtime tools.
How this skill is triggered — by the user, by Claude, or both
Slash command
/sc4sap:mcp-setuphaikuThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Guides you through installing and configuring the `abap-mcp-adt-powerup` MCP server, which provides Claude Code with direct connectivity to your SAP system via ABAP Development Tools (ADT) REST APIs. The server exposes 150+ tools covering CRUD for ABAP objects (class, program, CDS, FM, table, etc.) plus runtime, transport, and data-preview operations.
Guides you through installing and configuring the abap-mcp-adt-powerup MCP server, which provides Claude Code with direct connectivity to your SAP system via ABAP Development Tools (ADT) REST APIs. The server exposes 150+ tools covering CRUD for ABAP objects (class, program, CDS, FM, table, etc.) plus runtime, transport, and data-preview operations.
<Response_Prefix>
Every response triggered by this skill MUST begin with [Model: <main-model> · Dispatched: <sub-summary>] per ../../common/model-routing-rule.md § Response Prefix Convention.
</Response_Prefix>
<Installation_Steps>
Automatic installation (recommended)
The MCP server is automatically installed into the plugin's vendor/abap-mcp-adt/ directory during setup:
/sc4sap:setup # full setup wizard (includes MCP install)
/sc4sap:setup mcp # MCP install only
Or via npm:
npm run build # runs tsc + installs abap-mcp-adt into vendor/
This clones the repo, runs npm install, and builds it. The plugin's .mcp.json is pre-configured to launch bridge/mcp-server.cjs, which delegates to the vendor-installed server.
Configure SAP connection
Create .sc4sap/sap.env in the plugin directory with your SAP credentials:
SAP_URL=https://your-sap-host:44300
SAP_CLIENT=100
SAP_AUTH_TYPE=basic
SAP_USERNAME=your-user
SAP_PASSWORD=your-password
SAP_LANGUAGE=EN
SAP_SYSTEM_TYPE=onprem
TLS_REJECT_UNAUTHORIZED=0
# --- Blocklist policy (optional) ---
# Controls the row-extraction guard in mcp-abap-adt. Defaults to `standard`.
# minimal — block only PII/credentials/banking
# standard — minimal + Protected Business Data (ACDOCA, BKPF, VBAK, EKKO, ...) [default]
# strict — standard + Audit/Security + Communication/Workflow
# off — disable the guard entirely (NOT recommended)
# MCP_BLOCKLIST_PROFILE=standard
# MCP_BLOCKLIST_EXTEND=ZHR_SALARY,ZCUSTOMER_PII
# MCP_ALLOW_TABLE=ACDOCA
SAP_URL: SAP system URL with HTTPS and ICM port (typically 44300 for HTTPS)SAP_CLIENT: SAP client number (3 digits, e.g., "100")SAP_AUTH_TYPE: basic for username/password, xsuaa for JWT (OAuth2)SAP_USERNAME / SAP_PASSWORD: SAP credentials with developer accessSAP_LANGUAGE: Logon language (EN, DE, etc.)SAP_SYSTEM_TYPE: onprem for on-premise S/4HANA, cloud for BTPTLS_REJECT_UNAUTHORIZED: Set to 0 for self-signed certificates (dev only)MCP_BLOCKLIST_PROFILE (optional): minimal | standard | strict | off — risk tier for row-extraction guard. Leave unset for the safe default (standard).MCP_BLOCKLIST_EXTEND (optional): comma-separated extra names/patterns (always denied). Use for site-specific Z-tables containing sensitive data.MCP_ALLOW_TABLE (optional): comma-separated whitelist for an audited one-off bypass. Logged to stderr. Remove when not actively needed.The bridge reads this file automatically on startup. Environment variables take precedence over file values.
Verify the connection
After restarting Claude Code (or reconnecting MCP via /mcp), run:
/sc4sap:sap-doctor
Or manually test by calling GetSession — it should return your SAP system ID, client, and username.
Update the MCP server To update to the latest version:
node scripts/build-mcp-server.mjs --update
</Installation_Steps>
- **401 Unauthorized**: Check `SAP_USERNAME` / `SAP_PASSWORD` in `.sc4sap/sap.env`; confirm the user is not locked (SU01). - **Connection refused**: Verify `SAP_URL` host and ICM HTTPS port; check VPN if required. - **ADT service not found**: Activate `/sap/bc/adt` in transaction SICF and ensure ICF is running. - **SSL certificate errors**: Add the SAP system certificate to Node.js trust store (recommended), or temporarily set `TLS_REJECT_UNAUTHORIZED=0` in `sap.env` (dev only — never in prod). - **No tools visible in Claude Code**: Reconnect the MCP server via `/mcp` after editing `sap.env`. `sap.env` changes are NOT hot-reloaded. Check MCP server stderr logs under `%LOCALAPPDATA%\claude-cli-nodejs\Cache\\mcp-logs-plugin-sc4sap-sap\`. - **Blocklist refusal on a legitimate table**: Run `/sc4sap:sap-option` to adjust `MCP_BLOCKLIST_PROFILE` or add the table to `MCP_ALLOW_TABLE` (audited bypass). - **`vendor/abap-mcp-adt` not built**: Re-run `node scripts/build-mcp-server.mjs` (or `--update` to refresh).<Security_Notes>
.sc4sap/sap.env (the dotenv file with SAP credentials) to version control. It is git-ignored by default.sap.env values in CI/CD, so secrets never touch disk.TLS_REJECT_UNAUTHORIZED=0 is dev-only — never set in production. Install the SAP system certificate into Node.js trust store instead.SAP_URL. No outbound calls to third parties.MCP_BLOCKLIST_PROFILE, MCP_BLOCKLIST_EXTEND, MCP_ALLOW_TABLE). See common/data-extraction-policy.md.
</Security_Notes><Health_Check>
When ARGUMENTS is check / verify / status (case-insensitive), run the vendor pin health check inline and report — do not print the full installation guide.
Execution:
CLAUDE_PLUGIN_ROOT env; fallback to cache path ~/.claude/plugins/cache/sc4sap/sc4sap/<version>/).node "<plugin>/scripts/build-mcp-server.mjs" --check| Exit | Meaning | User message (follow conversation language) |
|---|---|---|
0 + pinned to <SHA> ✓ on stdout | OK — vendor matches expected pin | ✅ abap-mcp-adt vendor verified · pinned to <SHA> (truncate to first 12 chars) |
0 + pin cannot be verified on stderr | WARN — launcher OK, .git stripped (packaged cache install) | ⚠️ Vendor launcher present, but pin cannot be verified (packaged cache lacks .git). Expected pin: <SHA>. To force a verifiable reinstall: node scripts/build-mcp-server.mjs --update. |
| 1 | FAIL — vendor missing | ❌ abap-mcp-adt not installed. Run: node scripts/build-mcp-server.mjs (or /sc4sap:setup mcp). |
| 2 | FAIL — pin drift | ❌ abap-mcp-adt vendor drift detected (current HEAD ≠ pinned SHA). Run: node scripts/build-mcp-server.mjs --update. |
Output format (single block):
MCP Vendor Health Check
=======================
Status: <OK|WARN|FAIL>
Pin: <expected SHA>
Current: <current HEAD or "unverified" or "not installed">
Action: <user message from table above>
STOP after printing — do not fall through to the full installation guide. </Health_Check>
Task: {{ARGUMENTS}}
npx claudepluginhub babamba2/superclaude-for-sap --plugin sc4sapGuides setup and configuration of the SuperClaude for SAP plugin: migrates legacy profiles, creates SAP connection profiles, installs the abap-mcp-adt-powerup MCP server, optionally deploys Z ABAP handlers, and registers PreToolUse hooks with error escalation for Basis/triage.
Guides development of business apps on SAP BTP using CAP (Node.js/Java) or ABAP Cloud, for Cloud Foundry/Kyma deployments, HANA integration, Fiori UIs, CI/CD pipelines, and observability.
Guides MCP server integration in Claude Code plugins via .mcp.json or plugin.json configs for stdio, SSE, HTTP types, enabling external services as tools.