@structured-world/gitlab-mcp 5.6.1 → 5.8.0

package/README.md

@@ -14,7 +14,7 @@ This fork is actively maintained and enhanced with strict TypeScript standards,
 
 ## Requirements
 
-- **Node.js**: >=18.0.0 (required for native fetch API support)
+- **Node.js**: >=24.0.0 (required for native fetch with Undici dispatcher pattern)
 - **GitLab**: Compatible with GitLab.com and self-hosted instances
 
 ## Usage
@@ -201,6 +201,236 @@ The GitLab MCP Server automatically selects the appropriate transport mode based
 - Optimal for command-line tools and direct MCP protocol usage
 - Lower resource usage
 
+## TLS/HTTPS Configuration
+
+GitLab MCP Server supports secure HTTPS connections via:
+
+| Approach | Best For | HTTP/2 | Auto-Renewal |
+|----------|----------|--------|--------------|
+| **Direct TLS** | Development, simple deployments | No | Manual |
+| **Reverse Proxy** | Production (recommended) | Yes | Yes |
+
+**Quick Start - Direct TLS:**
+```bash
+docker run -d \
+  -e PORT=3000 \
+  -e SSL_CERT_PATH=/certs/server.crt \
+  -e SSL_KEY_PATH=/certs/server.key \
+  -e GITLAB_TOKEN=your_token \
+  -v $(pwd)/certs:/certs:ro \
+  -p 3000:3000 \
+  ghcr.io/structured-world/gitlab-mcp:latest
+```
+
+**Quick Start - Reverse Proxy (Caddy):**
+```
+gitlab-mcp.example.com {
+    reverse_proxy gitlab-mcp:3002 {
+        flush_interval -1
+    }
+}
+```
+
+For complete setup guides including **nginx**, **Envoy**, **Caddy**, and **Traefik** configurations with HTTP/2 support, see **[SSL.md](SSL.md)**.
+
+## OAuth Authentication (Claude Custom Connector)
+
+GitLab MCP Server supports OAuth 2.1 authentication for use as a **Claude Custom Connector**. This enables secure per-user authentication without sharing GitLab tokens.
+
+### When to Use OAuth Mode
+
+| Scenario | Recommended Mode |
+|----------|------------------|
+| Personal/local use | Static Token (`GITLAB_TOKEN`) |
+| Team access via Claude Web/Desktop | **OAuth Mode** |
+| Private LAN GitLab with public MCP server | **OAuth Mode** |
+| CI/CD or automated pipelines | Static Token |
+
+### Prerequisites
+
+1. **GitLab 17.1+** (Device Authorization Grant support)
+2. **HTTPS endpoint** for gitlab-mcp (required for OAuth)
+3. **GitLab OAuth Application** configured
+
+### Setup Guide
+
+#### Step 1: Create GitLab OAuth Application
+
+1. In GitLab, navigate to **User Settings > Applications** (or **Admin > Applications** for instance-wide)
+2. Create a new application:
+   - **Name**: `GitLab MCP Server`
+   - **Redirect URI**: `https://your-mcp-server.com/oauth/callback`
+   - **Confidential**: `No` (required for device flow)
+   - **Scopes**: Select `api` and `read_user`
+3. Save and copy the **Application ID**
+
+#### Step 2: Configure gitlab-mcp Server
+
+```bash
+# Required for OAuth mode
+OAUTH_ENABLED=true
+OAUTH_SESSION_SECRET=your-minimum-32-character-secret-key
+GITLAB_OAUTH_CLIENT_ID=your-gitlab-application-id
+GITLAB_API_URL=https://your-gitlab-instance.com
+
+# Server configuration
+PORT=3000
+HOST=0.0.0.0
+
+# Optional OAuth settings
+GITLAB_OAUTH_CLIENT_SECRET=your-secret    # Required only if GitLab app is confidential
+GITLAB_OAUTH_SCOPES=api,read_user          # Default scopes
+OAUTH_TOKEN_TTL=3600                       # Token lifetime (seconds)
+OAUTH_REFRESH_TOKEN_TTL=604800             # Refresh token lifetime (seconds)
+OAUTH_DEVICE_POLL_INTERVAL=5               # Device flow poll interval (seconds)
+OAUTH_DEVICE_TIMEOUT=300                   # Auth timeout (seconds)
+```
+
+#### Step 3: Deploy with HTTPS
+
+OAuth requires HTTPS. Example with Docker:
+
+```bash
+docker run -d \
+  --name gitlab-mcp \
+  -e OAUTH_ENABLED=true \
+  -e OAUTH_SESSION_SECRET="$(openssl rand -base64 32)" \
+  -e GITLAB_OAUTH_CLIENT_ID=your-app-id \
+  -e GITLAB_API_URL=https://gitlab.example.com \
+  -e PORT=3000 \
+  -p 3000:3000 \
+  ghcr.io/structured-world/gitlab-mcp:latest
+```
+
+Use a reverse proxy (nginx, Caddy, Traefik) to add HTTPS.
+
+### Claude Web Setup
+
+1. Go to [claude.ai](https://claude.ai) and sign in
+2. Navigate to **Settings > Connectors**
+3. Click **Add custom connector**
+4. Enter your gitlab-mcp server URL: `https://your-mcp-server.com`
+5. Click **Add**
+6. When prompted, complete authentication:
+   - You'll see a device code (e.g., `ABCD-1234`)
+   - Open your GitLab instance and enter the code
+   - Approve the authorization request
+7. The connector is now active
+
+### Claude Desktop Setup
+
+#### macOS / Linux
+
+Edit `~/.config/claude/claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "gitlab": {
+      "type": "streamable-http",
+      "url": "https://your-mcp-server.com/mcp"
+    }
+  }
+}
+```
+
+#### Windows
+
+Edit `%APPDATA%\Claude\claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "gitlab": {
+      "type": "streamable-http",
+      "url": "https://your-mcp-server.com/mcp"
+    }
+  }
+}
+```
+
+After adding the server:
+1. Restart Claude Desktop
+2. Claude will prompt you to authenticate
+3. Complete the device flow authorization in GitLab
+4. Start using GitLab tools with your personal identity
+
+### Private LAN GitLab Architecture
+
+For GitLab instances on private networks (not internet-accessible):
+
+```
++-------------------+         +-------------------+         +-------------------+
+|   Claude Cloud    |  HTTPS  |    gitlab-mcp     |  HTTP   |   GitLab Server   |
+|   or Desktop      |-------->|   (Public IP)     |-------->|   (Private LAN)   |
++-------------------+         +-------------------+         +-------------------+
+                                       |
+                                       | Device code displayed
+                                       v
+                              +-------------------+
+                              |   User (on VPN)   |
+                              |   visits GitLab   |
+                              |   enters code     |
+                              +-------------------+
+```
+
+**How it works:**
+1. gitlab-mcp server has network access to GitLab (same network or VPN)
+2. User connects to gitlab-mcp via Claude (public internet)
+3. gitlab-mcp initiates device authorization with GitLab
+4. User receives a code and visits GitLab directly (requires VPN/internal access)
+5. User authenticates in GitLab and enters the code
+6. gitlab-mcp receives the token and issues an MCP session token
+7. All subsequent requests use the user's GitLab identity
+
+**Requirements:**
+- gitlab-mcp must reach GitLab API (deploy on same network or use VPN)
+- Users must be able to access GitLab web UI (typically via VPN)
+- gitlab-mcp must be accessible from internet (for Claude to connect)
+
+### OAuth vs Static Token Comparison
+
+| Feature | Static Token | OAuth Mode |
+|---------|--------------|------------|
+| Setup complexity | Simple | Moderate |
+| Per-user identity | No (shared token) | Yes |
+| Token management | Manual | Automatic |
+| Audit trail | Single identity | Per-user actions |
+| Security | Token in config | No tokens in config |
+| Best for | Personal use, CI/CD | Teams, shared access |
+
+### OAuth Endpoints
+
+When OAuth is enabled, the following endpoints are available:
+
+| Endpoint | Method | Description |
+|----------|--------|-------------|
+| `/.well-known/oauth-authorization-server` | GET | OAuth metadata discovery |
+| `/authorize` | GET | Start authorization (device flow) |
+| `/oauth/poll` | GET | Poll for authorization completion |
+| `/token` | POST | Exchange code for tokens |
+| `/health` | GET | Health check endpoint |
+
+### Troubleshooting
+
+**"OAuth not configured" error**
+- Ensure `OAUTH_ENABLED=true` is set
+- Verify `OAUTH_SESSION_SECRET` is at least 32 characters
+- Check `GITLAB_OAUTH_CLIENT_ID` is correct
+
+**Device code not accepted**
+- Verify GitLab version is 17.1 or later
+- Check OAuth application scopes include `api`
+- Ensure the application is not set as "Confidential"
+
+**"Failed to refresh token" error**
+- GitLab refresh token may have expired
+- Re-authenticate through Claude connector settings
+
+**Cannot reach GitLab for authentication**
+- For private LAN GitLab, connect to VPN first
+- Verify you can access GitLab web UI in your browser
+
 ### Environment Variables
 
 - `GITLAB_TOKEN`: Your GitLab personal access token.
@@ -221,6 +451,11 @@ The GitLab MCP Server automatically selects the appropriate transport mode based
 - `USE_VARIABLES`: When set to 'true', enables the CI/CD variables-related tools (list_variables, get_variable, create_variable, update_variable, delete_variable). Supports both project-level and group-level variables. By default, variables features are enabled.
 - `GITLAB_AUTH_COOKIE_PATH`: Path to an authentication cookie file for GitLab instances that require cookie-based authentication. When provided, the cookie will be included in all GitLab API requests.
 - `SKIP_TLS_VERIFY`: When set to 'true', skips TLS certificate verification for all GitLab API requests (both REST and GraphQL). **WARNING**: This bypasses SSL certificate validation and should only be used for testing with self-signed certificates or trusted internal GitLab instances. Never use this in production environments.
+- `SSL_CERT_PATH`: Path to PEM certificate file for direct HTTPS/TLS termination. Requires `SSL_KEY_PATH` to also be set.
+- `SSL_KEY_PATH`: Path to PEM private key file for direct HTTPS/TLS termination. Requires `SSL_CERT_PATH` to also be set.
+- `SSL_CA_PATH`: Optional path to CA certificate chain for client certificate validation.
+- `SSL_PASSPHRASE`: Optional passphrase for encrypted private keys.
+- `TRUST_PROXY`: Enable Express trust proxy for reverse proxy deployments. Values: `true`, `false`, `loopback`, `linklocal`, `uniquelocal`, hop count, or specific IP addresses.
 
 ### Dynamic Tool Description Customization
 

package/dist/config.d.ts

@@ -13,6 +13,11 @@ export declare const USE_FILES: boolean;
 export declare const USE_VARIABLES: boolean;
 export declare const HOST: string;
 export declare const PORT: string | number;
+export declare const SSL_CERT_PATH: string | undefined;
+export declare const SSL_KEY_PATH: string | undefined;
+export declare const SSL_CA_PATH: string | undefined;
+export declare const SSL_PASSPHRASE: string | undefined;
+export declare const TRUST_PROXY: string | undefined;
 export declare const API_TIMEOUT_MS: number;
 export declare const SKIP_TLS_VERIFY: boolean;
 export declare const HTTP_PROXY: string | undefined;

package/dist/config.js

@@ -33,7 +33,7 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.packageVersion = exports.packageName = exports.GITLAB_ALLOWED_PROJECT_IDS = exports.GITLAB_PROJECT_ID = exports.GITLAB_API_URL = exports.GITLAB_BASE_URL = exports.GITLAB_CA_CERT_PATH = exports.NODE_TLS_REJECT_UNAUTHORIZED = exports.HTTPS_PROXY = exports.HTTP_PROXY = exports.SKIP_TLS_VERIFY = exports.API_TIMEOUT_MS = exports.PORT = exports.HOST = exports.USE_VARIABLES = exports.USE_FILES = exports.USE_MRS = exports.USE_LABELS = exports.USE_WORKITEMS = exports.USE_PIPELINE = exports.USE_MILESTONE = exports.USE_GITLAB_WIKI = exports.GITLAB_DENIED_TOOLS_REGEX = exports.GITLAB_READ_ONLY_MODE = exports.IS_OLD = exports.GITLAB_AUTH_COOKIE_PATH = exports.GITLAB_TOKEN = void 0;
+exports.packageVersion = exports.packageName = exports.GITLAB_ALLOWED_PROJECT_IDS = exports.GITLAB_PROJECT_ID = exports.GITLAB_API_URL = exports.GITLAB_BASE_URL = exports.GITLAB_CA_CERT_PATH = exports.NODE_TLS_REJECT_UNAUTHORIZED = exports.HTTPS_PROXY = exports.HTTP_PROXY = exports.SKIP_TLS_VERIFY = exports.API_TIMEOUT_MS = exports.TRUST_PROXY = exports.SSL_PASSPHRASE = exports.SSL_CA_PATH = exports.SSL_KEY_PATH = exports.SSL_CERT_PATH = exports.PORT = exports.HOST = exports.USE_VARIABLES = exports.USE_FILES = exports.USE_MRS = exports.USE_LABELS = exports.USE_WORKITEMS = exports.USE_PIPELINE = exports.USE_MILESTONE = exports.USE_GITLAB_WIKI = exports.GITLAB_DENIED_TOOLS_REGEX = exports.GITLAB_READ_ONLY_MODE = exports.IS_OLD = exports.GITLAB_AUTH_COOKIE_PATH = exports.GITLAB_TOKEN = void 0;
 exports.getEffectiveProjectId = getEffectiveProjectId;
 exports.getToolDescriptionOverrides = getToolDescriptionOverrides;
 const path = __importStar(require("path"));
@@ -56,6 +56,11 @@ exports.USE_FILES = process.env.USE_FILES !== "false";
 exports.USE_VARIABLES = process.env.USE_VARIABLES !== "false";
 exports.HOST = process.env.HOST ?? "0.0.0.0";
 exports.PORT = process.env.PORT ?? 3002;
+exports.SSL_CERT_PATH = process.env.SSL_CERT_PATH;
+exports.SSL_KEY_PATH = process.env.SSL_KEY_PATH;
+exports.SSL_CA_PATH = process.env.SSL_CA_PATH;
+exports.SSL_PASSPHRASE = process.env.SSL_PASSPHRASE;
+exports.TRUST_PROXY = process.env.TRUST_PROXY;
 exports.API_TIMEOUT_MS = parseInt(process.env.GITLAB_API_TIMEOUT_MS ?? "20000", 10);
 exports.SKIP_TLS_VERIFY = process.env.SKIP_TLS_VERIFY === "true";
 exports.HTTP_PROXY = process.env.HTTP_PROXY;

package/dist/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgEA,sDAcC;AAwBD,kEAgBC;AAtHD,2CAA6B;AAC7B,uCAAyB;AAEzB,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC;AAGvD,QAAA,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;AACxC,QAAA,uBAAuB,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;AAC9D,QAAA,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,MAAM,CAAC;AAC9C,QAAA,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,MAAM,CAAC;AACrE,QAAA,yBAAyB,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB;IAC5E,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;IACnD,CAAC,CAAC,SAAS,CAAC;AACD,QAAA,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,OAAO,CAAC;AAC1D,QAAA,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,OAAO,CAAC;AACtD,QAAA,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,OAAO,CAAC;AACpD,QAAA,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,OAAO,CAAC;AACtD,QAAA,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,KAAK,OAAO,CAAC;AAChD,QAAA,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,OAAO,CAAC;AAC1C,QAAA,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,KAAK,OAAO,CAAC;AAC9C,QAAA,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,OAAO,CAAC;AACtD,QAAA,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,SAAS,CAAC;AACrC,QAAA,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC;AAGhC,QAAA,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,OAAO,EAAE,EAAE,CAAC,CAAC;AAO5E,QAAA,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,MAAM,CAAC;AAGzD,QAAA,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;AACpC,QAAA,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;AACtC,QAAA,4BAA4B,GAAG,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;AACxE,QAAA,mBAAmB,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;AAGnE,SAAS,sBAAsB,CAAC,GAAY;IAC1C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,oBAAoB,CAAC;IAC9B,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACzB,CAAC;IAGD,IAAI,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5B,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACzB,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAEY,QAAA,eAAe,GAAG,sBAAsB,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC;AAC3E,QAAA,cAAc,GAAG,GAAG,uBAAe,SAAS,CAAC;AAC7C,QAAA,iBAAiB,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;AAClD,QAAA,0BAA0B,GACrC,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC;AAEhF,SAAgB,qBAAqB,CAAC,SAAiB;IACrD,IAAI,yBAAiB,EAAE,CAAC;QACtB,OAAO,yBAAiB,CAAC;IAC3B,CAAC;IAED,IAAI,kCAA0B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1C,IAAI,CAAC,kCAA0B,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACpD,MAAM,IAAI,KAAK,CACb,cAAc,SAAS,yCAAyC,kCAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACxG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAGD,IAAI,WAAW,GAAG,YAAY,CAAC;AActB,kCAAW;AAbpB,IAAI,cAAc,GAAG,SAAS,CAAC;AAaT,wCAAc;AAXpC,IAAI,CAAC;IACH,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAGtE,CAAC;IACF,sBAAA,WAAW,GAAG,WAAW,CAAC,IAAI,IAAI,WAAW,CAAC;IAC9C,yBAAA,cAAc,GAAG,WAAW,CAAC,OAAO,IAAI,cAAc,CAAC;AACzD,CAAC;AAAC,MAAM,CAAC;AAET,CAAC;AASD,SAAgB,2BAA2B;IACzC,MAAM,SAAS,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC5C,MAAM,MAAM,GAAG,cAAc,CAAC;IAG9B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvD,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YAGpC,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;YAE5D,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0EA,sDAcC;AAwBD,kEAgBC;AAhID,2CAA6B;AAC7B,uCAAyB;AAEzB,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC;AAGvD,QAAA,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;AACxC,QAAA,uBAAuB,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;AAC9D,QAAA,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,MAAM,CAAC;AAC9C,QAAA,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,MAAM,CAAC;AACrE,QAAA,yBAAyB,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB;IAC5E,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;IACnD,CAAC,CAAC,SAAS,CAAC;AACD,QAAA,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,OAAO,CAAC;AAC1D,QAAA,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,OAAO,CAAC;AACtD,QAAA,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,OAAO,CAAC;AACpD,QAAA,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,OAAO,CAAC;AACtD,QAAA,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,KAAK,OAAO,CAAC;AAChD,QAAA,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,OAAO,CAAC;AAC1C,QAAA,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,KAAK,OAAO,CAAC;AAC9C,QAAA,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,OAAO,CAAC;AACtD,QAAA,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,SAAS,CAAC;AACrC,QAAA,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC;AAGhC,QAAA,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;AAC1C,QAAA,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;AACxC,QAAA,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;AACtC,QAAA,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;AAI5C,QAAA,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;AAGtC,QAAA,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,OAAO,EAAE,EAAE,CAAC,CAAC;AAO5E,QAAA,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,MAAM,CAAC;AAGzD,QAAA,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;AACpC,QAAA,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;AACtC,QAAA,4BAA4B,GAAG,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;AACxE,QAAA,mBAAmB,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;AAGnE,SAAS,sBAAsB,CAAC,GAAY;IAC1C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,oBAAoB,CAAC;IAC9B,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACzB,CAAC;IAGD,IAAI,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5B,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACzB,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAEY,QAAA,eAAe,GAAG,sBAAsB,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC;AAC3E,QAAA,cAAc,GAAG,GAAG,uBAAe,SAAS,CAAC;AAC7C,QAAA,iBAAiB,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;AAClD,QAAA,0BAA0B,GACrC,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC;AAEhF,SAAgB,qBAAqB,CAAC,SAAiB;IACrD,IAAI,yBAAiB,EAAE,CAAC;QACtB,OAAO,yBAAiB,CAAC;IAC3B,CAAC;IAED,IAAI,kCAA0B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1C,IAAI,CAAC,kCAA0B,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACpD,MAAM,IAAI,KAAK,CACb,cAAc,SAAS,yCAAyC,kCAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACxG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAGD,IAAI,WAAW,GAAG,YAAY,CAAC;AActB,kCAAW;AAbpB,IAAI,cAAc,GAAG,SAAS,CAAC;AAaT,wCAAc;AAXpC,IAAI,CAAC;IACH,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAGtE,CAAC;IACF,sBAAA,WAAW,GAAG,WAAW,CAAC,IAAI,IAAI,WAAW,CAAC;IAC9C,yBAAA,cAAc,GAAG,WAAW,CAAC,OAAO,IAAI,cAAc,CAAC;AACzD,CAAC;AAAC,MAAM,CAAC;AAET,CAAC;AASD,SAAgB,2BAA2B;IACzC,MAAM,SAAS,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC5C,MAAM,MAAM,GAAG,cAAc,CAAC;IAG9B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvD,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YAGpC,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;YAE5D,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/entities/core/registry.js

@@ -1,10 +1,43 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.coreToolRegistry = void 0;
 exports.getCoreReadOnlyToolNames = getCoreReadOnlyToolNames;
 exports.getCoreToolDefinitions = getCoreToolDefinitions;
 exports.getFilteredCoreTools = getFilteredCoreTools;
-const zod_to_json_schema_1 = require("zod-to-json-schema");
+const z = __importStar(require("zod"));
 const schema_readonly_1 = require("./schema-readonly");
 const schema_1 = require("./schema");
 const fetch_1 = require("../../utils/fetch");
@@ -17,7 +50,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "search_repositories",
             description: "DISCOVER projects across ALL of GitLab using search criteria. Use when: You DON'T know the project name/path, Looking for ANY project (not just yours), Searching by language/keywords/topics. Use with_programming_language parameter for efficient language filtering. See also: Use list_projects for YOUR accessible projects only.",
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_readonly_1.SearchRepositoriesSchema),
+            inputSchema: z.toJSONSchema(schema_readonly_1.SearchRepositoriesSchema),
             handler: async (args) => {
                 const options = schema_readonly_1.SearchRepositoriesSchema.parse(args);
                 const { q, with_programming_language, ...otherOptions } = options;
@@ -83,7 +116,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "list_projects",
             description: "List GitLab projects with flexible scoping. DEFAULT (no group_id): Lists YOUR accessible projects across GitLab (owned/member/starred). Use for: browsing your projects, finding your work, managing personal project lists. GROUP SCOPE (with group_id): Lists all projects within a specific group/organization. Use for: exploring team structure, finding organizational projects, auditing group resources. Parameters automatically validate based on scope.",
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_readonly_1.ListProjectsSchema),
+            inputSchema: z.toJSONSchema(schema_readonly_1.ListProjectsSchema),
             handler: async (args) => {
                 const options = schema_readonly_1.ListProjectsSchema.parse(args);
                 const { group_id, ...otherOptions } = options;
@@ -179,7 +212,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "list_namespaces",
             description: "BROWSE: List GitLab namespaces (groups and user namespaces) accessible to you. Use when: Discovering available groups for project creation, Browsing organizational structure, Finding where to create/fork projects. Returns both user and group namespaces. See also: get_namespace for specific namespace details.",
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_readonly_1.ListNamespacesSchema),
+            inputSchema: z.toJSONSchema(schema_readonly_1.ListNamespacesSchema),
             handler: async (args) => {
                 const options = schema_readonly_1.ListNamespacesSchema.parse(args);
                 const queryParams = new URLSearchParams();
@@ -207,7 +240,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "get_users",
             description: 'FIND USERS: Search and retrieve GitLab users with intelligent pattern detection. RECOMMENDED: Use "search" parameter for most queries - automatically detects emails, usernames, or names with automatic transliteration and multi-phase fallback search. ADVANCED: Use "username" or "public_email" for exact matches when you need precise control. Supports filtering by active status, creation date, and user type (human/bot).',
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_readonly_1.GetUsersSchema),
+            inputSchema: z.toJSONSchema(schema_readonly_1.GetUsersSchema),
             handler: async (args) => {
                 const options = schema_readonly_1.GetUsersSchema.parse(args);
                 const { smart_search, search, username, public_email, ...otherParams } = options;
@@ -252,7 +285,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "get_project",
             description: "GET DETAILS: Retrieve comprehensive project information including settings and metadata. Use when: Need complete project details, Checking project configuration, Getting project statistics. Accepts either project_id (numeric ID or URL-encoded path) or namespace (group/project format). See also: list_projects to find projects first.",
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_readonly_1.GetProjectSchema),
+            inputSchema: z.toJSONSchema(schema_readonly_1.GetProjectSchema),
             handler: async (args) => {
                 const options = schema_readonly_1.GetProjectSchema.parse(args);
                 const { project_id, namespace } = options;
@@ -285,7 +318,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "get_namespace",
             description: "GET DETAILS: Retrieve comprehensive namespace information (group or user). Use when: Need complete namespace metadata, Checking namespace settings, Getting storage statistics. Requires namespace ID or URL-encoded path. See also: list_namespaces to browse all namespaces.",
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_readonly_1.GetNamespaceSchema),
+            inputSchema: z.toJSONSchema(schema_readonly_1.GetNamespaceSchema),
             handler: async (args) => {
                 const options = schema_readonly_1.GetNamespaceSchema.parse(args);
                 const { namespace_id } = options;
@@ -308,7 +341,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "verify_namespace",
             description: "CHECK EXISTS: Verify if a namespace (group or user) exists and is accessible. ONLY works with namespaces - NOT project paths. Use when: Checking group/user namespace availability, Validating group references before creation, Testing namespace access permissions. For projects use get_project instead. Returns exists=true/false with namespace details if found.",
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_readonly_1.VerifyNamespaceSchema),
+            inputSchema: z.toJSONSchema(schema_readonly_1.VerifyNamespaceSchema),
             handler: async (args) => {
                 const options = schema_readonly_1.VerifyNamespaceSchema.parse(args);
                 const { namespace } = options;
@@ -332,7 +365,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "list_project_members",
             description: "TEAM MEMBERS: List all members of a project with their access levels. Use when: Auditing project access, Finding collaborators, Checking user permissions. Shows access levels: 10=Guest, 20=Reporter, 30=Developer, 40=Maintainer, 50=Owner. Supports username filtering.",
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_readonly_1.ListProjectMembersSchema),
+            inputSchema: z.toJSONSchema(schema_readonly_1.ListProjectMembersSchema),
             handler: async (args) => {
                 const options = schema_readonly_1.ListProjectMembersSchema.parse(args);
                 const { project_id } = options;
@@ -361,7 +394,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "list_commits",
             description: "HISTORY: List repository commit history with filtering. Use when: Analyzing project history, Finding commits by author/date, Tracking file changes. Supports date ranges (since/until), author filter, and specific file paths. See also: get_commit for specific commit details.",
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_readonly_1.ListCommitsSchema),
+            inputSchema: z.toJSONSchema(schema_readonly_1.ListCommitsSchema),
             handler: async (args) => {
                 const options = schema_readonly_1.ListCommitsSchema.parse(args);
                 const { project_id } = options;
@@ -390,7 +423,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "get_commit",
             description: "COMMIT DETAILS: Get comprehensive information about a specific commit. Use when: Inspecting commit metadata, Reviewing change statistics, Getting commit message/author. Shows additions/deletions per file with stats=true. See also: get_commit_diff for actual code changes.",
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_readonly_1.GetCommitSchema),
+            inputSchema: z.toJSONSchema(schema_readonly_1.GetCommitSchema),
             handler: async (args) => {
                 const options = schema_readonly_1.GetCommitSchema.parse(args);
                 const { project_id, commit_sha } = options;
@@ -419,7 +452,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "get_commit_diff",
             description: "COMMIT DIFF: Get actual code changes from a commit. Use when: Reviewing code modifications, Generating patches, Analyzing line-by-line changes. Returns unified diff format (git diff style). See also: get_commit for metadata without diff.",
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_readonly_1.GetCommitDiffSchema),
+            inputSchema: z.toJSONSchema(schema_readonly_1.GetCommitDiffSchema),
             handler: async (args) => {
                 const options = schema_readonly_1.GetCommitDiffSchema.parse(args);
                 const { project_id, commit_sha } = options;
@@ -448,7 +481,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "list_group_iterations",
             description: "SPRINTS: List iterations/sprints for agile planning (Premium feature). Use when: Viewing sprint schedules, Tracking iteration progress, Planning releases. Filter by state: current=active sprint, upcoming=future, closed=completed. Requires GitLab Premium or higher.",
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_readonly_1.ListGroupIterationsSchema),
+            inputSchema: z.toJSONSchema(schema_readonly_1.ListGroupIterationsSchema),
             handler: async (args) => {
                 const options = schema_readonly_1.ListGroupIterationsSchema.parse(args);
                 const { group_id } = options;
@@ -477,7 +510,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "download_attachment",
             description: "DOWNLOAD: Retrieve uploaded file attachments from issues/MRs/wikis. Use when: Downloading images from issues, Getting attached documents, Retrieving uploaded files. Requires secret token and filename from the attachment URL (/uploads/[secret]/[filename]).",
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_readonly_1.DownloadAttachmentSchema),
+            inputSchema: z.toJSONSchema(schema_readonly_1.DownloadAttachmentSchema),
             handler: async (args) => {
                 const options = schema_readonly_1.DownloadAttachmentSchema.parse(args);
                 const { project_id, secret, filename } = options;
@@ -504,7 +537,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "list_events",
             description: "USER ACTIVITY: List YOUR activity events across all projects. Use when: Tracking your contributions, Auditing your actions, Reviewing your history. Date format: YYYY-MM-DD only (not timestamps). Filters: action=created/updated/pushed, target_type=issue/merge_request.",
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_readonly_1.ListEventsSchema),
+            inputSchema: z.toJSONSchema(schema_readonly_1.ListEventsSchema),
             handler: async (args) => {
                 const options = schema_readonly_1.ListEventsSchema.parse(args);
                 const queryParams = new URLSearchParams();
@@ -532,7 +565,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "get_project_events",
             description: "PROJECT ACTIVITY: List all events within a specific project. Use when: Monitoring project activity, Tracking team contributions, Auditing project changes. Date format: YYYY-MM-DD only (not timestamps). Shows: commits, issues, MRs, member changes.",
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_readonly_1.GetProjectEventsSchema),
+            inputSchema: z.toJSONSchema(schema_readonly_1.GetProjectEventsSchema),
             handler: async (args) => {
                 const options = schema_readonly_1.GetProjectEventsSchema.parse(args);
                 const { project_id } = options;
@@ -561,7 +594,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "create_repository",
             description: "CREATE NEW: Initialize a new GitLab project/repository with automatic validation. Features: (1) Automatically checks if project already exists before creation, (2) Resolves namespace paths to IDs automatically, (3) Generates URL-safe project path from name, (4) Returns detailed validation information. Use when: Starting new projects, Setting up repository structure, Automating project creation. Creates in your namespace by default if no namespace specified.",
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_1.CreateRepositorySchema),
+            inputSchema: z.toJSONSchema(schema_1.CreateRepositorySchema),
             handler: async (args) => {
                 const options = schema_1.CreateRepositorySchema.parse(args);
                 const { namespace, name, ...otherOptions } = options;
@@ -649,7 +682,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "fork_repository",
             description: "FORK: Create your own copy of an existing project. Use when: Contributing to other projects, Creating experimental versions, Maintaining custom forks. Preserves fork relationship for MRs back to parent. Target namespace optional (defaults to your namespace).",
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_1.ForkRepositorySchema),
+            inputSchema: z.toJSONSchema(schema_1.ForkRepositorySchema),
             handler: async (args) => {
                 const options = schema_1.ForkRepositorySchema.parse(args);
                 const body = new URLSearchParams();
@@ -680,7 +713,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "create_branch",
             description: "NEW BRANCH: Create a Git branch from existing ref. Use when: Starting new features, Preparing bug fixes, Creating release branches. REQUIRED before creating MRs. Ref can be: branch name (main), tag (v1.0), or commit SHA. Branch names cannot contain spaces.",
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_1.CreateBranchSchema),
+            inputSchema: z.toJSONSchema(schema_1.CreateBranchSchema),
             handler: async (args) => {
                 const options = schema_1.CreateBranchSchema.parse(args);
                 const body = new URLSearchParams();
@@ -708,7 +741,7 @@ exports.coreToolRegistry = new Map([
         {
             name: "create_group",
             description: "CREATE GROUP: Create a new GitLab group/namespace for organizing projects and teams. Use when: Setting up team spaces, Creating organizational structure, Establishing project hierarchies. Groups can contain projects and subgroups.",
-            inputSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(schema_1.CreateGroupSchema),
+            inputSchema: z.toJSONSchema(schema_1.CreateGroupSchema),
             handler: async (args) => {
                 const options = schema_1.CreateGroupSchema.parse(args);
                 const body = new URLSearchParams();