Back to Home
DevSkillsIT icon

Skills-MCP-GLPI

Verified Safe

by DevSkillsIT

View Source

Overview

An AI-powered system designed to automate IT incident management in GLPI by generating pre-analysis reports, possible solutions, and streamlining repetitive tasks for support agents.

Installation

Run Command
uvicorn src.main:app --host 0.0.0.0 --port 8824 --reload

Environment Variables

  • GLPI_URL
  • GLPI_API_URL
  • GLPI_APP_TOKEN
  • GLPI_USER_TOKEN
  • GLPI_VERIFY_SSL
  • MCP_HOST
  • MCP_PORT
  • OLLAMA_HOST
  • CEREBRAS_API_KEY
  • GROQ_API_KEY
  • WIKIJS_URL
  • WIKIJS_API_TOKEN
  • LOG_LEVEL
  • LOG_FILE
  • LOG_MAX_BYTES
  • LOG_BACKUP_COUNT
  • CONNECTION_TIMEOUT
  • REQUEST_TIMEOUT
  • MAX_CONNECTIONS
  • MAX_KEEPALIVE_CONNECTIONS
  • CACHE_TTL_SECONDS
  • CACHE_MAX_SIZE
  • ENABLE_CACHE
  • RATE_LIMIT_REQUESTS_PER_MINUTE
  • RATE_LIMIT_BURST_SIZE
  • ENABLE_RATE_LIMITING
  • RESPONSE_MAX_SIZE_BYTES
  • ENABLE_RESPONSE_TRUNCATION
  • SIMILARITY_ALGORITHM
  • SIMILARITY_THRESHOLD
  • SIMILARITY_MAX_RESULTS
  • POOL_WORKERS
  • ENABLE_INPUT_SANIM_TION
  • MAX_QUERY_LENGTH
  • ALLOWED_HTML_TAGS
  • DEFAULT_LIMIT
  • MAX_LIMIT
  • DEFAULT_OFFSET
  • WEBHOOK_TIMEOUT
  • WEBHOOK_RETRY_ATTEMPTS
  • WEBHOOK_RETRY_DELAY
  • ENABLE_WEBHOOKS
  • WEBHOOK_SECRET
  • SESSION_TIMEOUT
  • SESSION_CACHE_TTL
  • ENABLE_SESSION_MANAGEMENT

Security Notes

The project demonstrates a strong focus on security, implementing HMAC-SHA256 for webhook authentication with timestamp validation (BUG-CRIT-02), robust input sanitization (`InputSanitizer`), and a `SafetyGuard` for destructive operations. Sensitive information like GLPI API tokens are loaded from environment variables, preventing hardcoding. Rate limiting is implemented per user, mitigating abuse. Session management for user tokens ensures least privilege. However, the `_calculate_single_similarity` function in `src/services/similarity_service.py` is executed via `ProcessPoolExecutor` which is generally safe, but should always be watched for deserialization attacks if inputs could be controlled by an attacker. The fallback to local `.env` user tokens in `session_manager` is noted as a development convenience and should be disabled in production.

Similar Servers

Rootly-MCP-server

38

This server integrates the Rootly API as an MCP server, enabling AI agents to manage production incidents, analyze historical data for insights, and suggest solutions directly within MCP-compatible editors.

Other
8
$Medium

git-netai

9

Provides a unified, asynchronous Model Context Protocol (MCP) server for managing multi-platform network infrastructure (routers, firewalls, WiFi, monitoring, data centers) via a single AI-accessible API.

Other
8
$Medium

flashduty-mcp-server

3

The Flashduty MCP Server provides seamless integration with Flashduty APIs, enabling advanced incident management, automation of workflows, data extraction, and building AI-powered tools and applications.

Other
8
$Medium

photons

3

A comprehensive demonstration MCP server showcasing various functionalities of the Photon runtime, including basic data handling, streaming responses, progress reporting, in-memory state management, and interactive UI elements. It serves as a reference for developers building new photons.

Other
9
$Low

Stats

Interest Score0
Security Score8
Cost ClassMedium
Avg Tokens750
Stars0
Forks0
Last Update2025-12-20

Tags

GLPIITSMAICrewAIIncident ManagementAutomationWebhooksMCP