Labsco
jztan logo

redmine-mcp-server

48

from jztan

Production-ready MCP server for Redmine with security, pagination, and enterprise features

🔥🔥🔥✓ VerifiedAccount requiredNeeds API keys

Redmine MCP Server

PyPI Version License Python Version GitHub Issues CI Coverage Downloads

A Model Context Protocol (MCP) server that integrates with Redmine project management systems. This server provides seamless access to Redmine data through MCP tools, enabling AI assistants to interact with your Redmine instance.

mcp-name: io.github.jztan/redmine-mcp-server

<p align="center"> <a href="https://redmine-mcp-server.jztan.com"> <img src="https://raw.githubusercontent.com/jztan/redmine-mcp-server/develop/assets/redmine-mcp-demo.gif" alt="An AI agent triaging a Redmine sprint backlog through redmine-mcp-server" width="820" /> </a> </p> <p align="center"><sub>An AI agent triaging a Redmine sprint through redmine-mcp-server. <a href="https://redmine-mcp-server.jztan.com">Try the live demo →</a></sub></p>

Features

  • 45 MCP Tools (plus 1 operator tool gated by REDMINE_MCP_EXPOSE_ADMIN_TOOLS=true): Issues, projects, time tracking, wiki, Gantt, file operations, membership management, products, contacts (CRM), DMSF documents, and more
  • Flexible Authentication: API key, username/password, or OAuth2 per-user tokens
  • Prompt Injection Protection: User-controlled content wrapped in boundary tags for safe LLM consumption
  • Read-Only Mode: Restrict to read-only operations via REDMINE_MCP_READ_ONLY environment variable
  • HTTP File Serving: Secure attachment access via UUID-based URLs with automatic expiry
  • Pagination Support: Efficiently handle large result sets with configurable limits
  • MCP Compliant: Full Model Context Protocol support with FastMCP and HTTP transport
  • Docker Ready: Complete containerization support

Authentication

The server supports four authentication modes, selected via REDMINE_AUTH_MODE. It defaults to legacy, so existing deployments keep working with no changes; OAuth2 support is purely additive.

Your situationModeRedmine
Single shared credential, simplest setuplegacy (default)any
Multi-user, you control the MCP clientoauth6.1+
Hosted server, clients self-register (DCR)oauth-proxy6.1+
Multi-user, Redmine too old for OAuthlegacy-per-user< 6.1

The advanced modes are collapsed below. For full setup, the OAuth2 Setup Guide covers oauth and oauth-proxy, and the legacy-per-user guide covers legacy-per-user.

Legacy mode (default)

A single shared credential (API key or username/password) configured once in .env. Every request to Redmine uses the same identity.

REDMINE_AUTH_MODE=legacy        # or omit entirely; this is the default
REDMINE_URL=https://redmine.example.com
REDMINE_API_KEY=your_api_key
# OR:
# REDMINE_USERNAME=your_username
# REDMINE_PASSWORD=your_password
<details> <summary><strong>OAuth2 mode</strong> (multi-user, Redmine 6.1+)</summary>

Each MCP request carries its own Authorization: Bearer <token>, so every user authenticates with their own Redmine account. The server validates each token against Doorkeeper's introspection endpoint before forwarding it, and exposes the OAuth2 discovery and /revoke endpoints clients need.

REDMINE_AUTH_MODE=oauth
REDMINE_URL=https://redmine.example.com
REDMINE_MCP_BASE_URL=https://redmine-mcp.example.com   # public URL of this server

# Confidential OAuth app registered in Redmine admin (see setup guide)
REDMINE_INTROSPECT_CLIENT_ID=...
REDMINE_INTROSPECT_CLIENT_SECRET=...

You register the OAuth app manually in Redmine admin → Applications (no Dynamic Client Registration). Full walkthrough, endpoint reference, and troubleshooting: OAuth2 Setup Guide.

</details> <details> <summary><strong>OAuthProxy mode</strong> (hosted deployments with client self-registration)</summary>

FastMCP acts as the MCP-facing authorization server: it handles DCR for MCP clients, then redirects users to Redmine as the upstream OAuth provider for consent. Use this when clients (e.g. Claude Desktop, VS Code) expect to register themselves.

REDMINE_AUTH_MODE=oauth-proxy
REDMINE_URL=https://redmine.example.com
REDMINE_MCP_BASE_URL=https://redmine-mcp.example.com   # public URL of this server

# Confidential OAuth app registered in Redmine admin (see setup guide)
REDMINE_INTROSPECT_CLIENT_ID=...
REDMINE_INTROSPECT_CLIENT_SECRET=...
REDMINE_MCP_JWT_SIGNING_KEY=...

The upstream Redmine app must register ${REDMINE_MCP_BASE_URL}/auth/callback as its redirect URI. Storage, scaling, and credential-reuse notes are in the OAuth2 Setup Guide.

</details> <details> <summary><strong>legacy-per-user mode</strong> (Redmine older than 6.1)</summary>

For Redmine instances too old for OAuth, each user's MCP client sends its own Redmine API key in an X-Redmine-API-Key header. Each request runs as that user's identity with that user's permissions.

This is an advanced, opt-in mode. It requires TLS end-to-end and a correctly configured reverse proxy. Read docs/legacy-per-user-auth.md for the threat model, firewall guidance, and revocation runbook before enabling it.

mcp-remote (recommended):

{ "mcpServers": { "redmine": {
  "command": "npx",
  "args": ["mcp-remote", "https://your-host/mcp",
           "--header", "X-Redmine-API-Key:${RM_KEY}"],
  "env": { "RM_KEY": "<your redmine api key>" }
}}}

Note the colon with no surrounding spaces in X-Redmine-API-Key:${RM_KEY} -- this avoids an arg-escaping bug in Cursor and Claude Desktop on Windows.

VS Code (mcp.json):

Use .vscode/mcp.json (workspace file) or the user profile mcp.json. The workspace .mcp.json silently drops headers (see microsoft/vscode#319528), so do not use that file. Pin VS Code 1.102 or newer.

{
  "servers": {
    "redmine": {
      "type": "http",
      "url": "https://your-host/mcp",
      "headers": { "X-Redmine-API-Key": "${input:rmKey}" },
      "inputs": [{ "id": "rmKey", "type": "promptString",
                   "description": "Redmine API key", "password": true }]
    }
  }
}

Unsupported: any client that cannot set a custom request header, or that reserves the Authorization header for its own OAuth flow.

</details>

Available Tools

This MCP server provides 45 tools for interacting with Redmine (plus 1 operator tool exposed by REDMINE_MCP_EXPOSE_ADMIN_TOOLS=true, and 5 plugin-gated tools that opt in via env vars, for a maximum of 46 when all enabled). For full documentation of every tool, see the Tool Reference.

Core tools (40, always available): Project Management (9), Issue Operations (13), Time Tracking (4), Discovery / Enumeration (6), Search & Wiki (2), File Operations (4), Gantt (1), Meta (1).

Plugin-gated tools (5, opt in via env var): Checklists (2), Products (1), Contacts / CRM (1), Documents / DMSF (1). Each requires the matching Redmine plugin installed and its env flag set; they stay hidden from tools/list otherwise.

Operator tools (1, admin-gated): cleanup_attachment_files, registered only when REDMINE_MCP_EXPOSE_ADMIN_TOOLS=true.

<details> <summary><strong>Full tool list with descriptions</strong></summary>

Core tools (40, always available)

These tools require only a Redmine instance and credentials — no extra plugins or feature flags.

Plugin-gated tools (5, opt in via env var)

These tools require a corresponding Redmine plugin installed on the server and the matching environment variable set to true on the MCP server. They stay completely hidden from tools/list when their flag is unset.

Operator tools (1, admin-gated)

Hidden from tools/list by default. Set REDMINE_MCP_EXPOSE_ADMIN_TOOLS=true to register them on the MCP surface. The underlying background tasks run regardless of this flag — exposing them only adds the option to drive them through MCP.

  • cleanup_attachment_files - Manually trigger cleanup of expired attachment files (the background cleanup task runs automatically regardless)
</details>

Contributing

Contributions are welcome! Please see our contributing guide for details.

Contributors

Thank you to everyone who has helped improve this project through code, reviews, testing, and feature requests:

@sebastianelsner · @mihajlovicjj · @aadnehovda · @martindglaser · @Vitexus · @timcomport · @Bricklou

<a href="https://github.com/jztan/redmine-mcp-server/graphs/contributors"> <img src="https://contrib.rocks/image?repo=jztan/redmine-mcp-server" alt="Contributors" /> </a>

Per-release contributor credits are listed in the Changelog.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Additional Resources