chi311-mcp-server
by changju784
Overview
Automate the submission of Chicago 311 service requests via web browser automation, exposed as an API for LLM agents.
Installation
uvicorn app.main:app --reload --host 0.0.0.0 --port 8000Environment Variables
- PORT
- ENABLE_PLAYWRIGHT_SUBMIT
- PLAYWRIGHT_HEADLESS
- CHI311_DRY_RUN
- CHI311_FULL_SUBMIT
- CHI311_FORM_URL
- MCP_API_KEY
Security Notes
The server uses `allow_origins=["*"]` for CORS, which is a significant security risk for public deployment. Critical endpoints like `/mcp/submit_311_request`, `/mcp/tools/fetch`, and `/sse/broadcast` are unauthenticated by default. The `/mcp/tools/fetch` endpoint can expose module source code and JSON schemas publicly. The `submit_311_request` endpoint, if `CHI311_FULL_SUBMIT` is enabled, can trigger actual form submissions without default authentication or rate-limiting, posing a risk of abuse. The README explicitly warns about these risks but the default configuration does not mitigate them.
Similar Servers
playwright-mcp
Provides a Model Context Protocol (MCP) server for LLMs to automate browser interactions using Playwright's accessibility tree, avoiding pixel-based vision models.
fetcher-mcp
This MCP server is designed for fetching web page content using a Playwright headless browser, enabling intelligent content extraction, JavaScript execution, and flexible output formats.
concierge
A framework for building and serving agentic workflows, enabling autonomous agents to interact with application services through structured stages and tasks.
mcp-accessibility-scanner
Automated web accessibility scanning and browser automation using Playwright and Axe-core, enabling LLMs to perform WCAG compliance checks and generate reports.