io.github.NotHarshhaa/mainframe-mcp-server

MCP

by NotHarshhaa · v2.5.0

MCP server for IBM z/OS jobs, datasets, USS, and operational diagnostics via Zowe SDK.

mcplocal

MCP configuration

stdio

Command

npx -y @notharshhaa/mainframe-mcp-server@2.5.0

Environment

  • ZOSMF_HOSTrequired

    z/OSMF hostname or IP address

  • ZOSMF_PORT

    z/OSMF HTTPS port (default 443)

  • ZOSMF_BASE_PATH

    Optional API gateway or mediation layer prefix for z/OSMF

  • ZOSMF_USER

    z/OS user id (required with ZOSMF_PASSWORD unless ZOSMF_TOKEN is set)

  • ZOSMF_PASSWORDsecret

    Password for basic auth (required with ZOSMF_USER unless ZOSMF_TOKEN is set)

  • ZOSMF_TOKENsecret

    Auth token (alternative to user/password)

  • ZOSMF_TOKEN_TYPE

    Token type when using ZOSMF_TOKEN (e.g. LTPA2)

  • ZOSMF_REJECT_UNAUTHORIZED

    Verify TLS certificates (true in production)

  • LOG_LEVEL

    Log level: fatal, error, warn, info, debug, trace, silent

  • MCP_TRANSPORT

    Transport: stdio (IDE) or sse (container/network)

  • MCP_SSE_PORT

    Listen port when MCP_TRANSPORT=sse

  • MAX_JOB_OUTPUT_LINES

    Max lines returned from a single spool DD

  • MAX_DATASET_READ_LINES

    Max lines returned from dataset or USS reads

  • MAX_JES_SPOOL_FILES

    Max spool files fetched during diagnostics

  • MAX_AUDIT_LINES

    Max RACF audit log lines per query

  • CMCI_CONTEXT

    CICSplex name or region APPLID (required for CICS tools)

  • CMCI_HOST

    CMCI hostname (defaults to ZOSMF_HOST)

  • CMCI_PORT

    CMCI HTTPS port (default 1490)

  • CMCI_BASE_PATH

    CMCI REST base path

  • DB2_LOCATION

    Db2 subsystem location name (required for Db2 tools)

  • DB2_HOST

    Db2 REST hostname (defaults to ZOSMF_HOST)

  • DB2_PORT

    Db2 REST port (default 50400)

  • DB2_BASE_PATH

    Db2 REST base path

  • SMF_SUMMARY_DATASET

    Optional SMF summary dataset for offline metrics

  • RMF_METRICS_ENABLED

    Query z/OSMF RMF metrics when available

  • RACF_AUDIT_USS_PATH

    USS path to RACF audit log file

  • RACF_AUDIT_DATASET

    Sequential dataset containing RACF audit records

  • SECURITY_READ_ONLY

    When true, blocks write tools such as submit_jcl

  • SECURITY_ALLOWED_TOOLS

    Comma-separated allowlist of MCP tool names

  • SECURITY_BLOCKED_TOOLS

    Comma-separated blocklist of MCP tool names

  • SECURITY_ALLOWED_DATASET_PATTERNS

    Comma-separated dataset patterns (e.g. USERDEV.*,SYS1.*)

  • SECURITY_ALLOWED_USS_PATHS

    Comma-separated USS path prefixes

  • SECURITY_AUDIT_LOGGING

    Log every tool invocation to stderr (SIEM-friendly JSON)

  • SECURITY_MAX_JCL_BYTES

    Maximum inline JCL size for submit_jcl

Install in one click with Zurek

Browse here, install from the native macOS app — pick targets, fill env vars, and write configs safely.