← Index

io.github.NotHarshhaa/mainframe-mcp-server

io.github.NotHarshhaa/mainframe-mcp-server·v2.5.0·Other

MCP server for IBM z/OS jobs, datasets, USS, and operational diagnostics via Zowe SDK.

In-path gate · all MCP tools

Using io.github.NotHarshhaa/mainframe-mcp-server in Claude, Cursor, Gemini CLI, Cline, or Zed?

MCP tool contracts can change remotely with no version bump. The mcpindex gate pins each contract and HOLDs the call when it drifts-before your agent acts. Zero credentials. This is not the package install for this server itself (use Install this server for that).

Install the mcpindex gate (one command)

Rewrites your MCP host config so each server launches behind the gate. Inspect first: curl -fsSL https://mcpindex.ai/install.sh | less

curl -fsSL https://mcpindex.ai/install.sh | sh
Trust verdict · v1 advisory · method
NOT YET SCREENEDno verdict on file

Verdict not yet evaluated for this tool. The semantic screen takes adversarial cases first; coverage rolls out as the corpus expands (15/150 labels to graduation). The deterministic conformance probe is built but has not yet run on the public corpus, so a recorded verdict here is REVIEW or UNVERIFIED, never a clearing ALLOW. Until a verdict is recorded, an agent should treat this tool as not-yet-cleared and fall back to its own checks. Method: the eval, four-state verdict, honest limits.

Own this server? Screen its description →

Environment variables
ZOSMF_HOST
required

z/OSMF hostname or IP address

ZOSMF_PORT

z/OSMF HTTPS port (default 443)

ZOSMF_BASE_PATH

Optional API gateway or mediation layer prefix for z/OSMF

ZOSMF_USER

z/OS user id (required with ZOSMF_PASSWORD unless ZOSMF_TOKEN is set)

ZOSMF_PASSWORD
secret

Password for basic auth (required with ZOSMF_USER unless ZOSMF_TOKEN is set)

ZOSMF_TOKEN
secret

Auth token (alternative to user/password)

ZOSMF_TOKEN_TYPE

Token type when using ZOSMF_TOKEN (e.g. LTPA2)

ZOSMF_REJECT_UNAUTHORIZED

Verify TLS certificates (true in production)

LOG_LEVEL

Log level: fatal, error, warn, info, debug, trace, silent

MCP_TRANSPORT

Transport: stdio (IDE) or sse (container/network)

MCP_SSE_PORT

Listen port when MCP_TRANSPORT=sse

MAX_JOB_OUTPUT_LINES

Max lines returned from a single spool DD

MAX_DATASET_READ_LINES

Max lines returned from dataset or USS reads

MAX_JES_SPOOL_FILES

Max spool files fetched during diagnostics

MAX_AUDIT_LINES

Max RACF audit log lines per query

CMCI_CONTEXT

CICSplex name or region APPLID (required for CICS tools)

CMCI_HOST

CMCI hostname (defaults to ZOSMF_HOST)

CMCI_PORT

CMCI HTTPS port (default 1490)

CMCI_BASE_PATH

CMCI REST base path

DB2_LOCATION

Db2 subsystem location name (required for Db2 tools)

DB2_HOST

Db2 REST hostname (defaults to ZOSMF_HOST)

DB2_PORT

Db2 REST port (default 50400)

DB2_BASE_PATH

Db2 REST base path

SMF_SUMMARY_DATASET

Optional SMF summary dataset for offline metrics

RMF_METRICS_ENABLED

Query z/OSMF RMF metrics when available

RACF_AUDIT_USS_PATH

USS path to RACF audit log file

RACF_AUDIT_DATASET

Sequential dataset containing RACF audit records

SECURITY_READ_ONLY

When true, blocks write tools such as submit_jcl

SECURITY_ALLOWED_TOOLS

Comma-separated allowlist of MCP tool names

SECURITY_BLOCKED_TOOLS

Comma-separated blocklist of MCP tool names

SECURITY_ALLOWED_DATASET_PATTERNS

Comma-separated dataset patterns (e.g. USERDEV.*,SYS1.*)

SECURITY_ALLOWED_USS_PATHS

Comma-separated USS path prefixes

SECURITY_AUDIT_LOGGING

Log every tool invocation to stderr (SIEM-friendly JSON)

SECURITY_MAX_JCL_BYTES

Maximum inline JCL size for submit_jcl

MCP quality score · maturity, not trust · methodology
freshness
24
completeness
10
installability
25
documentation
15
stability
10
Alternatives in Other