Server data from the Official MCP Registry
Open-source, write-capable MCP server for Oracle Fusion HCM. Safe by default. Unofficial.
Open-source, write-capable MCP server for Oracle Fusion HCM. Safe by default. Unofficial.
This is a well-architected MCP server for Oracle Fusion HCM with strong security fundamentals. Authentication is properly delegated to environment variables, the codebase shows careful attention to safety (PII redaction, audit logging, write gating), and permissions align appropriately with the server's purpose. Minor code quality observations around exception handling and input validation do not materially impact the security posture. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.
6 files analyzed · 9 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: HCM_BASE_URL
Environment variable: HCM_USERNAME
Environment variable: HCM_PASSWORD
Environment variable: CONFIG_FILE
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-mohantyajitesh-fusion-hcm-mcp-server": {
"env": {
"CONFIG_FILE": "your-config-file-here",
"HCM_BASE_URL": "your-hcm-base-url-here",
"HCM_PASSWORD": "your-hcm-password-here",
"HCM_USERNAME": "your-hcm-username-here"
},
"args": [
"fusion-hcm-mcp-server"
],
"command": "uvx"
}
}
}From the project's GitHub README.
Not affiliated with or endorsed by Oracle. Oracle and Fusion are trademarks of Oracle Corporation.
An MCP server that lets AI models interact with Oracle Fusion Cloud HCM across its entire REST surface — workers, org structures, compensation, absence, payroll, recruiting, talent, learning and more — without hand-coding a tool per endpoint.
Built to be packaged once and reused across many Fusion HCM customers, regardless of which modules they license, how their flexfields are configured, or which Oracle release they run.
Status: Feature-complete. All 16 tools implemented — discovery, generic read, 7 curated HR workflows, ATOM change feeds, and gated writes — with an inescapable client-layer PII-redaction + audit floor. Built on ADF REST behavior verified against a live Fusion pod (DESIGN.md §13). 60 unit tests; Docker image and stdio server boot verified. After installing, run the smoke checklist in docs/TEST_CASES.md against your pod (every pod's licensing, roles, and flexfields differ).
Oracle Fusion HCM exposes ~600 REST resources built on Oracle's uniform ADF REST framework. A naive MCP server would create one tool per resource and blow up the model's context window — and would advertise tools that don't exist for customers who haven't licensed the matching module.
This server takes the opposite approach: a small set of generic, schema-aware tools that introspect any resource at runtime via Oracle's /describe endpoint, plus a handful of curated workflow tools for the most common HR tasks. It discovers each customer's licensed footprint automatically and only exposes what actually works on their pod.
describe_resource; no bundled schema files to maintain.auth/ Basic + OAuth2/JWT (OCI IAM / IDCS)
core/ ADF REST client · resource catalog · /describe cache · q= filter builder
tools/ discovery · query · workflows · mutate · atom · bip
safety/ PII redaction · audit log · dry-run gates (writes off by default, schema-validated, fail closed)
config.py base URL · pinned REST version · scopes · feature & module flags
| Group | Tools |
|---|---|
| Diagnostics | server_info |
| Discovery | list_resources · describe_resource · get_capabilities |
| Read | query_resource · get_record |
| Workflows | find_worker · get_worker_profile · list_direct_reports · get_reporting_chain · lookup_org · get_current_compensation · list_absences |
| Change feeds | list_changes (ATOM — gated by features.atom_enabled) |
| Writes | mutate_record · run_action (gated by features.writes_enabled, dry-run default, schema-validated) |
The generic query_resource / get_record / describe_resource work against any of the ~600 HCM resources; the workflows are curated shortcuts for common HR questions.
| Phase | Deliverable | Status |
|---|---|---|
| 1 | Generic read core + auth + discovery + safety floor | ✅ Built |
| 2 | Curated HR workflow tools | ✅ Built |
| 3 | Gated writes + custom actions + audit | ✅ Built |
| 4 | ATOM change feeds | ✅ Built |
| 5 | BI Publisher / HCM Extracts reporting | ◻ Future |
Python · FastMCP · httpx · pydantic
Packaged as a Docker/OCI image (primary) built from a hatchling wheel.
pipx install fusion-hcm-mcp-server # or: uvx fusion-hcm-mcp-server
pypi.org/project/fusion-hcm-mcp-server — published from this repo's CI via PyPI Trusted Publishing with attestations.
Want to use this from Claude Desktop? Follow the step-by-step guide: docs/INSTALL_CLAUDE_DESKTOP.md — covers both install modes (Python venv + OS credential store, or Docker), the Desktop config file, a test sequence, and the common traps.
cp config.example.toml config.toml # then edit; supply secrets via HCM_* env vars
Required: server.base_url (or HCM_BASE_URL). Credentials should come from environment
variables (HCM_USERNAME/HCM_PASSWORD, or HCM_CLIENT_ID/HCM_CLIENT_SECRET/HCM_TOKEN_URL),
never the committed file. See config.example.toml.
docker build -t fusion-hcm-mcp-server .
docker run --rm -i \
-e HCM_BASE_URL="https://your-pod.fa.ocs.oraclecloud.com" \
-e HCM_USERNAME="INTEGRATION_USER" -e HCM_PASSWORD="..." \
-v "$PWD/config.toml:/app/config.toml:ro" \
fusion-hcm-mcp-server
For hosted HTTP transport, set transport.type = "http" (or HCM_TRANSPORT=http) and publish -p 8000:8000.
Requires Python 3.11+.
python -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"
pytest
fusion-hcm-mcp-server # runs the MCP server over stdio
q= filter grammar, the safety model, ADF ground truth, and licensing/module alignment.This is an actively developing project — issues and PRs from people testing against their own pods are genuinely wanted. See CONTRIBUTING.md; for vulnerabilities, SECURITY.md. The design doc is the source of truth.
Apache-2.0. See also NOTICE.
Not affiliated with or endorsed by Oracle. Oracle and Fusion are trademarks of Oracle Corporation.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.