@rokrokss/mcp-gitlab
v2.0.11
MCP server for using the GitLab API
0/weekUpdated 2 months agoMITUnpacked: 461.5 KB
Published by zereight
npm install @rokrokss/mcp-gitlabGitLab MCP Server
@zereight/mcp-gitlab
GitLab MCP(Model Context Protocol) Server. Includes bug fixes and improvements over the original GitLab MCP server.
Usage
$3
When using with the Claude App, you need to set up your API key and URLs directly.
#### Authentication Methods
The server supports two authentication methods:
1. Personal Access Token (traditional method)
2. OAuth2 (recommended for better security)
#### Using OAuth2 Authentication
OAuth2 provides a more secure authentication flow using browser-based authentication. When enabled, the server will:
1. Open your browser to GitLab's authorization page
2. Wait for you to approve the access
3. Store the token securely for future use
4. Automatically refresh the token when it expires
For detailed OAuth2 setup instructions, see OAuth Setup Guide.
Quick setup - first create a GitLab OAuth application:
1. Go to your GitLab instance: Settings โ Applications
2. Create a new application with:
- Name: GitLab MCP Server (or any name you prefer)
- Redirect URI: http://127.0.0.1:8888/callback
- Scopes: Select api (provides complete read/write access to the API)
3. Copy the Application ID (this is your Client ID)
Then configure the MCP server with OAuth:
``json`
{
"mcpServers": {
"gitlab": {
"command": "npx",
"args": ["-y", "@zereight/mcp-gitlab"],
"env": {
"GITLAB_USE_OAUTH": "true",
"GITLAB_OAUTH_CLIENT_ID": "your_oauth_client_id",
"GITLAB_OAUTH_REDIRECT_URI": "http://127.0.0.1:8888/callback",
"GITLAB_API_URL": "your_gitlab_api_url",
"GITLAB_PROJECT_ID": "your_project_id", // Optional: default project
"GITLAB_ALLOWED_PROJECT_IDS": "", // Optional: comma-separated list of allowed project IDs
"GITLAB_READ_ONLY_MODE": "false",
"USE_GITLAB_WIKI": "false", // use wiki api?
"USE_MILESTONE": "false", // use milestone api?
"USE_PIPELINE": "false" // use pipeline api?
}
}
}
}
#### Using Personal Access Token (traditional)
`json`
{
"mcpServers": {
"gitlab": {
"command": "npx",
"args": ["-y", "@zereight/mcp-gitlab"],
"env": {
"GITLAB_PERSONAL_ACCESS_TOKEN": "your_gitlab_token",
"GITLAB_API_URL": "your_gitlab_api_url",
"GITLAB_PROJECT_ID": "your_project_id", // Optional: default project
"GITLAB_ALLOWED_PROJECT_IDS": "", // Optional: comma-separated list of allowed project IDs
"GITLAB_READ_ONLY_MODE": "false",
"USE_GITLAB_WIKI": "false", // use wiki api?
"USE_MILESTONE": "false", // use milestone api?
"USE_PIPELINE": "false" // use pipeline api?
}
}
}
}
#### vscode .vscode/mcp.json
`json`
{
"inputs": [
{
"type": "promptString",
"id": "gitlab-token",
"description": "Gitlab Token to read API",
"password": true
}
],
"servers": {
"GitLab-MCP": {
"type": "stdio",
"command": "npx",
"args": ["-y", "@zereight/mcp-gitlab"],
"env": {
"GITLAB_PERSONAL_ACCESS_TOKEN": "${input:gitlab-token}",
"GITLAB_API_URL": "your-fancy-gitlab-url",
"GITLAB_READ_ONLY_MODE": "true",
...
}
}
}
}
#### Strands Agents SDK (MCP Tools)
`python
env_vars = {
"GITLAB_PERSONAL_ACCESS_TOKEN": gitlab_access_token,
"GITLAB_API_URL": gitlab_api_url,
"USE_GITLAB_WIKI": use_gitlab_wiki
# ......the rest of the optional parameters
}
stdio_gitlab_mcp_client = MCPClient(
lambda: stdio_client(
StdioServerParameters(
command="npx",
args=["-y", "@zereight/mcp-gitlab"],
env=env_vars,
)
)
)
`
#### Docker
- stdio mcp.json
`json`
{
"mcpServers": {
"gitlab": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"GITLAB_PERSONAL_ACCESS_TOKEN",
"-e",
"GITLAB_API_URL",
"-e",
"GITLAB_READ_ONLY_MODE",
"-e",
"USE_GITLAB_WIKI",
"-e",
"USE_MILESTONE",
"-e",
"USE_PIPELINE",
"iwakitakuma/gitlab-mcp"
],
"env": {
"GITLAB_PERSONAL_ACCESS_TOKEN": "your_gitlab_token",
"GITLAB_API_URL": "https://gitlab.com/api/v4", // Optional, for self-hosted GitLab
"GITLAB_READ_ONLY_MODE": "false",
"USE_GITLAB_WIKI": "true",
"USE_MILESTONE": "true",
"USE_PIPELINE": "true"
}
}
}
}
- sse
`shell`
docker run -i --rm \
-e GITLAB_PERSONAL_ACCESS_TOKEN=your_gitlab_token \
-e GITLAB_API_URL="https://gitlab.com/api/v4" \
-e GITLAB_READ_ONLY_MODE=true \
-e USE_GITLAB_WIKI=true \
-e USE_MILESTONE=true \
-e USE_PIPELINE=true \
-e SSE=true \
-p 3333:3002 \
iwakitakuma/gitlab-mcp
`json`
{
"mcpServers": {
"gitlab": {
"type": "sse",
"url": "http://localhost:3333/sse"
}
}
}
- streamable-http
`shell`
docker run -i --rm \
-e GITLAB_PERSONAL_ACCESS_TOKEN=your_gitlab_token \
-e GITLAB_API_URL="https://gitlab.com/api/v4" \
-e GITLAB_READ_ONLY_MODE=true \
-e USE_GITLAB_WIKI=true \
-e USE_MILESTONE=true \
-e USE_PIPELINE=true \
-e STREAMABLE_HTTP=true \
-p 3333:3002 \
iwakitakuma/gitlab-mcp
`json`
{
"mcpServers": {
"gitlab": {
"type": "streamable-http",
"url": "http://localhost:3333/mcp"
}
}
}
$3
#### Authentication Configuration
- GITLAB_PERSONAL_ACCESS_TOKEN: Your GitLab personal access token. Required in standard mode; not used when REMOTE_AUTHORIZATION=true or when using OAuth.GITLAB_USE_OAUTH
- : Set to true to enable OAuth2 authentication instead of personal access token.GITLAB_OAUTH_CLIENT_ID
- : The Client ID from your GitLab OAuth application. Required when using OAuth.GITLAB_OAUTH_REDIRECT_URI
- : The OAuth callback URL. Default: http://127.0.0.1:8888/callback
- : Custom path to store the OAuth token. Default: ~/.gitlab-mcp-token.json
- : When set to 'true', enables remote per-session authorization via HTTP headers. In this mode:Authorization: Bearer
- The server accepts GitLab PAT tokens from HTTP headers ( or Private-Token: ) on a per-session basisGITLAB_PERSONAL_ACCESS_TOKEN
- environment variable is not required and ignoredSTREAMABLE_HTTP=true
- Only works with Streamable HTTP transport () because session management was already handled by the transport layerSESSION_TIMEOUT_SECONDS
- SSE transport is disabled - attempting to use SSE with remote authorization will cause the server to exit with an error
- Each client session can use a different token, enabling multi-user support with secure session isolation
- Tokens are stored per session and automatically cleaned up when sessions close or timeout
- : Session auth token timeout in seconds. Default: 3600 (1 hour). Valid range: 1-86400 seconds (recommended: 60+). After this period of inactivity, the auth token is removed but the transport session remains active. The client must provide auth headers again on the next request. Only applies when REMOTE_AUTHORIZATION=true.
#### General Configuration
- GITLAB_API_URL: Your GitLab API URL. (Default: https://gitlab.com/api/v4)GITLAB_PROJECT_ID
- : Default project ID. If set, Overwrite this value when making an API request.GITLAB_ALLOWED_PROJECT_IDS
- : Optional comma-separated list of allowed project IDs. When set with a single value, acts as a default project (like the old "lock" mode). When set with multiple values, restricts access to only those projects. Examples:123
- Single value : MCP server can only access project 123 and uses it as default123,456,789
- Multiple values : MCP server can access projects 123, 456, and 789 but requires explicit project ID in requestsGITLAB_READ_ONLY_MODE
- : When set to 'true', restricts the server to only expose read-only operations. Useful for enhanced security or when write access is not needed. Also useful for using with Cursor and it's 40 tool limit.GITLAB_DENIED_TOOLS_REGEX
- : When set as a regular expression, it excludes the matching tools.USE_GITLAB_WIKI
- : When set to 'true', enables the wiki-related tools (list_wiki_pages, get_wiki_page, create_wiki_page, update_wiki_page, delete_wiki_page). By default, wiki features are disabled.USE_MILESTONE
- : When set to 'true', enables the milestone-related tools (list_milestones, get_milestone, create_milestone, edit_milestone, delete_milestone, get_milestone_issue, get_milestone_merge_requests, promote_milestone, get_milestone_burndown_events). By default, milestone features are disabled.USE_PIPELINE
- : When set to 'true', enables the pipeline-related tools (list_pipelines, get_pipeline, list_pipeline_jobs, list_pipeline_trigger_jobs, get_pipeline_job, get_pipeline_job_output, create_pipeline, retry_pipeline, cancel_pipeline, play_pipeline_job, retry_pipeline_job, cancel_pipeline_job). By default, pipeline features are disabled.GITLAB_AUTH_COOKIE_PATH
- : Path to an authentication cookie file for GitLab instances that require cookie-based authentication. When provided, the cookie will be included in all GitLab API requests.SSE
- : When set to 'true', enables the Server-Sent Events transport.STREAMABLE_HTTP
- : When set to 'true', enables the Streamable HTTP transport. If both SSE and STREAMABLE_HTTP are set to 'true', the server will prioritize Streamable HTTP over SSE transport.GITLAB_COMMIT_FILES_PER_PAGE
- : The number of files per page that GitLab returns for commit diffs. This value should match the server-side GitLab setting. Adjust this if your GitLab instance uses a custom per-page value for commit diffs.
#### Performance & Security Configuration
- MAX_SESSIONS: Maximum number of concurrent sessions allowed. Default: 1000. Valid range: 1-10000. When limit is reached, new connections are rejected with HTTP 503.MAX_REQUESTS_PER_MINUTE
- : Rate limit per session in requests per minute. Default: 60. Valid range: 1-1000. Exceeded requests return HTTP 429.PORT
- : Server port. Default: 3002. Valid range: 1-65535.
#### Monitoring Endpoints
When using Streamable HTTP transport, the following endpoints are available:
- /health: Health check endpoint returning server status, active sessions count, and uptime./metrics
- : Detailed metrics including:
- Active and total session counts
- Authentication metrics (failures, expirations)
- Rate limiting statistics
- Resource usage (memory, uptime)
- Configuration summary
$3
When using REMOTE_AUTHORIZATION=true, the MCP server can support multiple users, each with their own GitLab token passed via HTTP headers. This is useful for:
- Shared MCP server instances where each user needs their own GitLab access
- IDE integrations that can inject user-specific tokens into MCP requests
Setup Example:
`bash`Start server with remote authorization
docker run -d \
-e STREAMABLE_HTTP=true \
-e REMOTE_AUTHORIZATION=true \
-e GITLAB_API_URL="https://gitlab.com/api/v4" \
-e GITLAB_READ_ONLY_MODE=true \
-e SESSION_TIMEOUT_SECONDS=3600 \
-p 3333:3002 \
iwakitakuma/gitlab-mcp
Client Configuration:
Your IDE or MCP client must send one of these headers with each request:
`
Authorization: Bearer glpat-xxxxxxxxxxxxxxxxxxxx
or
`
Private-Token: glpat-xxxxxxxxxxxxxxxxxxxx
The token is stored per session (identified by mcp-session-id header) and reused for subsequent requests in the same session.
#### Remote Authorization Client Configuration Example with Cursor
`json`
{
"mcpServers": {
"GitLab": {
"url": "http(s)://
"headers": {
"Authorization": "Bearer glpat-..."
}
}
}
}
Important Notes:
- Remote authorization only works with Streamable HTTP transport
- Each session is isolated - tokens from one session cannot access another session's data
Tokens are automatically cleaned up when sessions close
- Session timeout: Auth tokens expire after SESSION_TIMEOUT_SECONDS (default 1 hour) of inactivity. After timeout, the client must send auth headers again. The transport session remains active.MAX_REQUESTS_PER_MINUTE
- Each request resets the timeout timer for that session
- Rate limiting: Each session is limited to requests per minute (default 60)MAX_SESSIONS
- Capacity limit: Server accepts up to concurrent sessions (default 1000)
Tools ๐ ๏ธ
Click to expand
1. merge_merge_request - Merge a merge request in a GitLab projectcreate_or_update_file
2. - Create or update a single file in a GitLab projectsearch_repositories
3. - Search for GitLab projectscreate_repository
4. - Create a new GitLab projectget_file_contents
5. - Get the contents of a file or directory from a GitLab projectpush_files
6. - Push multiple files to a GitLab project in a single commitcreate_issue
7. - Create a new issue in a GitLab projectcreate_merge_request
8. - Create a new merge request in a GitLab projectfork_repository
9. - Fork a GitLab project to your account or specified namespacecreate_branch
10. - Create a new branch in a GitLab projectget_merge_request
11. - Get details of a merge request (Either mergeRequestIid or branchName must be provided)get_merge_request_diffs
12. - Get the changes/diffs of a merge request (Either mergeRequestIid or branchName must be provided)list_merge_request_diffs
13. - List merge request diffs with pagination support (Either mergeRequestIid or branchName must be provided)get_branch_diffs
14. - Get the changes/diffs between two branches or commits in a GitLab projectupdate_merge_request
15. - Update a merge request (Either mergeRequestIid or branchName must be provided)create_note
16. - Create a new note (comment) to an issue or merge requestcreate_merge_request_thread
17. - Create a new thread on a merge requestmr_discussions
18. - List discussion items for a merge requestupdate_merge_request_note
19. - Modify an existing merge request thread notecreate_merge_request_note
20. - Add a new note to an existing merge request threadget_draft_note
21. - Get a single draft note from a merge requestlist_draft_notes
22. - List draft notes for a merge requestcreate_draft_note
23. - Create a draft note for a merge requestupdate_draft_note
24. - Update an existing draft notedelete_draft_note
25. - Delete a draft notepublish_draft_note
26. - Publish a single draft notebulk_publish_draft_notes
27. - Publish all draft notes for a merge requestupdate_issue_note
28. - Modify an existing issue thread notecreate_issue_note
29. - Add a new note to an existing issue threadlist_issues
30. - List issues (default: created by current user only; use scope='all' for all accessible issues)my_issues
31. - List issues assigned to the authenticated user (defaults to open issues)get_issue
32. - Get details of a specific issue in a GitLab projectupdate_issue
33. - Update an issue in a GitLab projectdelete_issue
34. - Delete an issue from a GitLab projectlist_issue_links
35. - List all issue links for a specific issuelist_issue_discussions
36. - List discussions for an issue in a GitLab projectget_issue_link
37. - Get a specific issue linkcreate_issue_link
38. - Create an issue link between two issuesdelete_issue_link
39. - Delete an issue linklist_namespaces
40. - List all namespaces available to the current userget_namespace
41. - Get details of a namespace by ID or pathverify_namespace
42. - Verify if a namespace path existsget_project
43. - Get details of a specific projectlist_projects
44. - List projects accessible by the current userlist_project_members
45. - List members of a GitLab projectlist_labels
46. - List labels for a projectget_label
47. - Get a single label from a projectcreate_label
48. - Create a new label in a projectupdate_label
49. - Update an existing label in a projectdelete_label
50. - Delete a label from a projectlist_group_projects
51. - List projects in a GitLab group with filtering optionslist_wiki_pages
52. - List wiki pages in a GitLab projectget_wiki_page
53. - Get details of a specific wiki pagecreate_wiki_page
54. - Create a new wiki page in a GitLab projectupdate_wiki_page
55. - Update an existing wiki page in a GitLab projectdelete_wiki_page
56. - Delete a wiki page from a GitLab projectget_repository_tree
57. - Get the repository tree for a GitLab project (list files and directories)list_pipelines
58. - List pipelines in a GitLab project with filtering optionsget_pipeline
59. - Get details of a specific pipeline in a GitLab projectlist_pipeline_jobs
60. - List all jobs in a specific pipelinelist_pipeline_trigger_jobs
61. - List all trigger jobs (bridges) in a specific pipeline that trigger downstream pipelinesget_pipeline_job
62. - Get details of a GitLab pipeline job numberget_pipeline_job_output
63. - Get the output/trace of a GitLab pipeline job with optional pagination to limit context window usagecreate_pipeline
64. - Create a new pipeline for a branch or tagretry_pipeline
65. - Retry a failed or canceled pipelinecancel_pipeline
66. - Cancel a running pipelineplay_pipeline_job
67. - Run a manual pipeline jobretry_pipeline_job
68. - Retry a failed or canceled pipeline jobcancel_pipeline_job
69. - Cancel a running pipeline joblist_merge_requests
70. - List merge requests in a GitLab project with filtering optionslist_milestones
71. - List milestones in a GitLab project with filtering optionsget_milestone
72. - Get details of a specific milestonecreate_milestone
73. - Create a new milestone in a GitLab projectedit_milestone
74. - Edit an existing milestone in a GitLab projectdelete_milestone
75. - Delete a milestone from a GitLab projectget_milestone_issue
76. - Get issues associated with a specific milestoneget_milestone_merge_requests
77. - Get merge requests associated with a specific milestonepromote_milestone
78. - Promote a milestone to the next stageget_milestone_burndown_events
79. - Get burndown events for a specific milestoneget_users
80. - Get GitLab user details by usernameslist_commits
81. - List repository commits with filtering optionsget_commit
82. - Get details of a specific commitget_commit_diff
83. - Get changes/diffs of a specific commitlist_group_iterations
84. - List group iterations with filtering optionsupload_markdown
85. - Upload a file to a GitLab project for use in markdown contentdownload_attachment
86. - Download an uploaded file from a GitLab project by secret and filenamelist_events
87. - List all events for the currently authenticated userget_project_events
88. - List all visible events for a specified projectlist_releases
89. - List all releases for a projectget_release
90. - Get a release by tag namecreate_release
91. - Create a new release in a GitLab projectupdate_release
92. - Update an existing release in a GitLab projectdelete_release
93. - Delete a release from a GitLab project (does not delete the associated tag)create_release_evidence
94. - Create release evidence for an existing release (GitLab Premium/Ultimate only)download_release_asset
95. - Download a release asset file by direct asset path
Testing ๐งช
The project includes comprehensive test coverage including remote authorization:
`bashRun all tests (API validation + remote auth)
npm test
Run only remote authorization tests
npm run test:remote-auth
Run all tests including readonly MCP tests
npm run test:all
Run only API validation
npm run test:integration
``
All remote authorization tests use a mock GitLab server and do not require actual GitLab credentials.