Skip to content
Apache 2.0 CRA-ready Built for AI agents

The unified open-source CLI
for SAP.

One command for S/4HANA, BTP, Datasphere, Joule, Ariba, Concur, SuccessFactors, Integration Suite, SAC, Signavio, LeanIX, Cloud ALM. Agent-native output. Air-gapped capable. Signed binaries ready for the EU Cyber Resilience Act.

Get started View on GitHub ★ 2.4k
Install: $ go install github.com/sapctl/sapctl@latest
~/acme · sapctl

Same command works as a CLI, an MCP tool, and an A2A agent.

Used in production by teams running SAP at scale.

Northwind Meridian Halberg Kessler Veritas Rx Rheinland Sentinel + design partners under NDA
Why sapctl

Built for the moment every SAP migration becomes an AI migration.

By 2027 the Fortune 500 is off ECC. By Dec 2027 every binary in the EU needs CE marking and a CycloneDX SBOM. Every CTO is being asked to put AI agents on SAP data — and SAP just published an API policy that prohibits agents from orchestrating raw SAP API calls. sapctl is the on-policy, agent-native, audit-grade alternative.

One command, every SAP product

S/4HANA, BTP, Datasphere, AI Core, Joule, MCP, Ariba, Concur, SuccessFactors, Integration Suite, SAC, Signavio, LeanIX, Cloud ALM. One auth model. One audit log. One MCP server emitter.

Audit-grade by default

Every command emits a hash-chained, cosign-signed audit event. CycloneDX SBOMs and SLSA L3 provenance on every release. CRA-ready before the September 2026 cliff.

AI-agent native

Auto-emits an MCP server and an A2A Agent Card from any sub-command tree. Local SQLite mirror so agents read without hammering SAP APIs. On-policy under SAP API Policy v4/2026.

Use cases

50+ ready-made workflows across the SAP portfolio.

Architecture

One CLI. Three trust zones. Zero hand-rolled glue.

sapctl architecture: SAP systems → sapctl core → consumers SAP SYSTEMS SAPCTL CORE CONSUMERS
Trust zone 1: customer-controlled SAP
Trust zone 2: sapctl runtime (laptop or cluster)
Trust zone 3: agent / human / pipeline consumer
Flagships

Anchored on the SAP customers already running this pattern.

Illustrative composite profiles — real customer names withheld.

Why now

Seven new regulations land before December 2027.

    Pricing

    Free for individuals. Per-project for teams. Custom for enterprises.

    Trust portal · SBOM downloads · CVD policy · Annex IV statement → /trust

    Stop rebuilding SAP glue code.

    Install sapctl, log into your tenant, and ship the first audit-grade extraction before lunch.

    Get started Book a demo