SAPF Dashboard
A packaged on-premise web application that gives SAP customers a self-serve analytics and automation layer on top of their existing SAP landscape. AI-powered chat, scheduled automations, and live dashboards — all running inside your network.
What's Inside
SAPF Dashboard packages six capabilities into a single self-hosted application. Everything runs inside your network — no data leaves your infrastructure.
Ask SAP
Chat with your SAP systems in plain language. The AI picks the right tool, runs the query, and returns a formatted answer — no ABAP or transaction knowledge required.
Ask Report
Ask follow-up questions directly on any report's results. The AI reads the live data and answers in context — spot trends, explain anomalies, or drill into specifics without leaving the report.
Reports & Automations
A catalog of prompt-driven SAP reports that anyone can run on demand. Power users can build and publish their own. Results render as tables, charts, or markdown.
Schedules & Notifications
Schedule any report on a cron expression. Results are delivered to the user's dashboard widget and optionally sent by email — keeping stakeholders informed automatically.
Self-Service Dashboard
Each user gets a personal home page. Pin report results as live widgets, resize and rearrange them freely, or embed the AI chat widget anywhere in your intranet.
Developer Console
An AI-assisted console for building, testing, and publishing new SAP tools and integrations. Developers iterate against DEV SAP systems without leaving the browser.
Role-Based Access Control
Four built-in roles — Admin, Developer User, Business Key User, and Business End User — enforced on every route and API. Optional SSO via SAML or OIDC for enterprise identity providers.
Deployment Options
Docker
RecommendedThe simplest path to production. Pull the image, mount a single volume for all persistent data, and pass environment variables. Includes built-in health checks and restart policies.
# Pull and run
docker pull sapfever/sapf-dashboard:latest
docker run -d \
--name sapf-dashboard \
--restart unless-stopped \
-p 3000:3000 \
-v /opt/sapf-data:/data \
-e JWT_SECRET=<secret> \
-e ENCRYPTION_KEY=<key> \
sapfever/sapf-dashboard:latestOnly /data needs to be mounted. The entrypoint seeds default toolsets and workdir files into the volume on first run.
Manual / PM2
AlternativeDownload the release archive, install dependencies, generate secrets, and manage the process with PM2 for auto-restart and log rotation.
# Install PM2 and start
npm install -g pm2
npm ci --production
pm2 start server.js --name sapf-dashboard
pm2 save
pm2 startupTLS / HTTPS
The dashboard server supports TLS natively. Set TLS_CERT and TLS_KEY to the absolute paths of your certificate and private key. When both are present the server starts in HTTPS mode automatically — no reverse proxy required.
Docker with TLS
docker run -d \
--name sapf-dashboard \
--restart unless-stopped \
-p 443:443 \
-v /opt/sapf-data:/data \
-v /opt/certs:/certs:ro \
-e PORT=443 \
-e TLS_CERT=/certs/server.cer \
-e TLS_KEY=/certs/server.key \
-e JWT_SECRET=<secret> \
-e ENCRYPTION_KEY=<key> \
sapfever/sapf-dashboard:latestManual / PM2 with TLS
# Add to .env
PORT=443
TLS_CERT=/opt/sapf-dashboard/certs/server.cer
TLS_KEY=/opt/sapf-dashboard/certs/server.keyOn Linux, binding to port 443 requires granting the capability to the Node binary: sudo setcap cap_net_bind_service=+ep $(which node)
Configuration
The dashboard requires two secrets before first start and exposes a handful of optional environment variables for tuning.
| Variable | Required | Default | Description |
|---|---|---|---|
| JWT_SECRET | Yes | — | 64-character hex string for signing session tokens |
| ENCRYPTION_KEY | Yes | — | 64-character hex string for encrypting data at rest |
| ORIGIN | No | — | Full origin URL (e.g. https://sapf.example.com). Required when running behind a reverse proxy or on a non-standard port to prevent CSRF errors. |
| PORT | No | 3000 | Port the server binds to |
| TLS_CERT | No | — | Absolute path to TLS certificate file. Enables HTTPS when set with TLS_KEY |
| TLS_KEY | No | — | Absolute path to TLS private key file |
Generate secrets with openssl rand -hex 32.
AI provider keys (Anthropic, Gemini), Ollama, and email settings are configured via Admin → Settings after first login — not environment variables.
MCP Client Integration
SAPF Dashboard exposes SAP tools as an MCP endpoint at /api/mcp. Any MCP-compatible AI client can connect — your tool permissions and SAP credentials are enforced server-side.
API Token
Claude Desktop & Claude Code
API TokenGenerate an API token in Profile → API Tokens, then add the @sapfever/dashboard-mcp-client connector.
{
"mcpServers": {
"sapfever": {
"command": "npx",
"args": ["-y",
"@sapfever/dashboard-mcp-client"],
"env": {
"SAPFEVER_URL": "https://your-dashboard",
"SAPFEVER_TOKEN": "<your-api-token>"
}
}
}
}For Claude Code: claude mcp add sapfever -e SAPFEVER_URL=... -e SAPFEVER_TOKEN=... -- npx -y @sapfever/dashboard-mcp-client
Microsoft Copilot Studio
Bearer TokenGenerate an API token in Profile → API Tokens, then configure a custom MCP action in Copilot Studio.
| Endpoint URL | /api/mcp |
| Auth | HTTP header |
| Header | Authorization |
| Value | Bearer <token> |
OAuth
Claude.ai Connector
OAuthClaude.ai supports OAuth-based custom connectors. Just enter your dashboard URL and log in.
- Open Claude.ai → Settings → Connectors → Add custom connector
- Enter the MCP endpoint URL:
https://your-dashboard.example.com/api/mcpClaude.ai will redirect to the dashboard to log in and select a SAP system automatically.
ChatGPT
OAuthChatGPT supports OAuth-based remote MCP connectors. Point it to your dashboard MCP endpoint and log in to authorize.
- Open ChatGPT → Settings → Connectors → Add connector
- Enter the MCP endpoint URL:
https://your-dashboard.example.com/api/mcpChatGPT will redirect to the dashboard to authenticate via OAuth and select a SAP system.
API tokens are generated per user in Profile → API Tokens. Each token inherits the user's tool permissions — what a user can do in the dashboard chat is exactly what they can do via any connected MCP client.