Open Emirates Intelligence
The Open Emirates Intelligence server provides secured, source-cited access to official UAE open government data, with built-in PII redaction and SSRF protection.
List all sources (
uae_sources_list): Enumerate every registered official UAE open-data source and its metadata.Get source details (
uae_source_get): Retrieve full metadata for a specific source by ID.Check source health (
uae_source_health): Run a live, timeout-bounded health probe on a source to verify it is reachable.Fetch records (
uae_source_records): Retrieve live records with automatic PII (phone/email) redaction and source citations. Supports optional keyword querying and result limits.Market snapshot (
uae_market_snapshot): Generate aggregated counts by emirate, area, or product for a given topic (default: industry).Dashboard summary (
uae_dashboard_summary): Run concurrent, cached health checks across all registered sources for a fast ecosystem-wide overview.Add custom sources (
uae_source_add_metadata): Register a new metadata-only source into the local registry. Requires a write token; disabled by default if none is set.
Deployment & Access: Supports stdio and HTTP transports. Use the public hosted instance at https://uaemcp.zad.tools or self-host via npm, Docker, or from source. All tools are also mirrored as REST endpoints under /api/v1/ with interactive Swagger documentation.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Open Emirates Intelligenceshow me the latest real estate market snapshot"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
A standalone MCP server that gives any MCP client (Claude Desktop, Claude Code, Cursor) source-cited access to official UAE open data — with direct-contact PII redacted, every server-side fetch SSRF-guarded, and both stdio and HTTP transports in one package.
It is self-contained: no dependency on any private or sibling service. Ships in two
flavors: a Python implementation (this directory) and a TypeScript / npm
port (ts/) published as uaemcp.
Two ways to use it
Open source under the MIT license — use the instance we host, or run your own.
1. Use our hosted instance — zero setup
A public instance is live at https://uaemcp.zad.tools. Point any MCP client at its endpoint — nothing to install:
{
"mcpServers": {
"uae-intelligence": {
"type": "http",
"url": "https://uaemcp.zad.tools/mcp"
}
}
}Or just open the dashboard: https://uaemcp.zad.tools
2. Self-host it — run your own, anywhere
npm, no install:
npx uaemcp(stdio) ·npx uaemcp http(HTTP at/mcp)Docker:
docker build -t uaemcp . && docker run -p 8080:8080 uaemcp uaemcp httpFrom source: clone this repo (Python below, or the TypeScript port in
ts/)
Self-hosting gives you full control: add your own sources, set a write token, and keep every fetch on your own infrastructure.
Related MCP server: io.github.raheb77/saudi-open-data-mcp
Quickstart
Fastest — via npm (no install)
npx uaemcp # stdio MCP server
npx uaemcp http # Streamable-HTTP server at /mcpLocal (stdio) — for an MCP client
The published npm package is the easiest way to run it in a client:
{
"mcpServers": {
"uae-intelligence": { "command": "npx", "args": ["-y", "uaemcp"] }
}
}To run the Python implementation from source instead:
pip install -e .
uaemcp stdioRemote (HTTP) — landing page + REST + MCP endpoint
uaemcp http --host 0.0.0.0 --port 8080Landing page:
http://localhost:8080/REST API:
http://localhost:8080/api/v1/...MCP (Streamable):
http://localhost:8080/mcpLiveness/readiness:
/healthz,/readyz(cheap — no upstream calls)
Showcase
The hosted dashboard is bilingual (EN / العربية) and styled with the official Dubai Font:
Interactive API docs — Dubai-Font-themed Swagger UI at /docs:
Tools
Tool | Kind | Description |
| read | List every registered official source |
| read | Full metadata for one source |
| read | Live, timeout-bounded health probe |
| read | Live, redacted, cited records |
| read | Counts by emirate / area / product |
| read | Concurrent, cached health across all sources |
| write | Add a metadata source (token required) |
Every data-returning tool wraps results in { ok, data, error, meta } and attaches
source_id, license, and citation.
Usage examples
Ask your MCP client (natural language)
Once connected, just ask — the client picks the right tool:
"List UAE industrial factories licensed in Abu Dhabi." →
uae_source_records"Give me a market snapshot of UAE industry by emirate." →
uae_market_snapshot"Which official UAE open-data sources can you access?" →
uae_sources_list"Is the Dubai Land Department data source up right now?" →
uae_source_health
Call a tool over HTTP (Streamable-HTTP MCP)
# initialize → grab the mcp-session-id header, then call tools/list, tools/call
curl -s -X POST https://uaemcp.zad.tools/mcp/ \
-H 'Content-Type: application/json' \
-H 'Accept: application/json, text/event-stream' \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/call",
"params":{"name":"uae_market_snapshot","arguments":{"topic":"industry","limit":50}}}'Or hit the REST mirror directly
# 32 registered sources
curl -s https://uaemcp.zad.tools/api/v1/sources | jq '.meta.total'
# live, PII-redacted records from the MOIAT industrial-licenses API
curl -s 'https://uaemcp.zad.tools/api/v1/sources/moiat_industrial_licenses/records?limit=2'// sample record (contact fields are redacted by default)
{
"CompanyName": "…",
"EmirateNameEN": "Abu Dhabi",
"AreaNameEN": "Musaffah Industrial",
"ContactPhone": "[redacted-open-data-contact]",
"ContactEmail": "[redacted-open-data-contact]"
}Interactive API docs (Dubai-Font themed Swagger UI): https://uaemcp.zad.tools/docs
Security model
Writes gated. Reads are open; mutating tools require
UAEMCP_WRITE_TOKEN. No token set → writes are disabled entirely (safe default).SSRF guard. Every fetch resolves the host and rejects private, loopback, link-local, and cloud-metadata addresses. See
core/ssrf.py.PII redaction. Phone/email fields are redacted by name and by value pattern before any record leaves the server.
Bounded fetches. Browser-like User-Agent (so bot-mitigated portals don't hang), strict timeouts, capped redirects and response size.
Design notes — what this fixes vs. the prior version
No auth on writes → token-gated writes, disabled by default.
SSRF surface → mandatory
validate_urlon every egress.stdio-only → real remote MCP at
/mcp.dashboard-summarystall → checks run concurrently with a strict per-source timeout and a browser UA, served from cache. Worst case is the slowest single source, not the sum of all.Cold-start 502 →
/healthzand/readyzdo no upstream work.
Development
pip install -e ".[dev]"
pytest -m "not network" # offline unit tests (ssrf, redaction, dashboard)
pytest # include live-endpoint integration tests
ruff check . && mypy srcLicense
MIT. Data served is open government data — verify each source's terms before redistribution.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/ahmedvnabil/uaemcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server