npm - @zereight/mcp-gitlab - Versions diffs - 2.0.11 → 2.0.18 - Mend

@zereight/mcp-gitlab 2.0.11 → 2.0.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/README.md +2 -0
package/build/gitlab-client-pool.js +113 -0
package/build/index.js +450 -356
package/build/test/client-pool-test.js +109 -0
package/build/test/dynamic-api-url-test.js +304 -0
package/build/test/dynamic-routing-tests.js +442 -0
package/build/test/multi-server-test.js +182 -0
package/build/test/remote-auth-simple-test.js +2 -0
package/build/test/utils/mock-gitlab-server.js +73 -4
package/build/test/utils/server-launcher.js +25 -9
package/package.json +9 -5

package/build/test/dynamic-routing-tests.js ADDED Viewed

@@ -0,0 +1,442 @@
+import { describe, test, after, before } from 'node:test';
+import assert from 'node:assert';
+import { launchServer, findAvailablePort, TransportMode, HOST } from './utils/server-launcher.js';
+import { MockGitLabServer, findMockServerPort } from './utils/mock-gitlab-server.js';
+import { CustomHeaderClient } from './clients/custom-header-client.js';
+const MOCK_TOKEN_DEFAULT = 'glpat-mock-token-default';
+const MOCK_TOKEN_HEADER = 'glpat-mock-token-header';
+describe('Dynamic Routing and Authentication Scenarios', () => {
+    const originalToken = process.env.GITLAB_TOKEN_TEST;
+    before(() => {
+        process.env.GITLAB_TOKEN_TEST = 'mock-token-for-launcher';
+    });
+    after(() => {
+        if (originalToken) {
+            process.env.GITLAB_TOKEN_TEST = originalToken;
+        }
+        else {
+            delete process.env.GITLAB_TOKEN_TEST;
+        }
+    });
+    // Scenario 1: remote=off, dynamic=off
+    describe('Scenario 1: Remote Auth OFF, Dynamic URL OFF', () => {
+        let mcpServer;
+        let mcpUrl;
+        let mockServer;
+        const originalProjectId = process.env.TEST_PROJECT_ID;
+        before(async () => {
+            // Ensure GITLAB_TOKEN_TEST matches what we expect for this scenario
+            // to avoid launchServer overwriting GITLAB_PERSONAL_ACCESS_TOKEN with a different value
+            process.env.GITLAB_TOKEN_TEST = MOCK_TOKEN_DEFAULT;
+            process.env.TEST_PROJECT_ID = '1';
+            const mockPort = await findMockServerPort(9021);
+            mockServer = new MockGitLabServer({ port: mockPort, validTokens: [MOCK_TOKEN_DEFAULT] });
+            await mockServer.start();
+            const mcpPort = await findAvailablePort(3021);
+            mcpServer = await launchServer({
+                mode: TransportMode.STREAMABLE_HTTP,
+                port: mcpPort,
+                env: {
+                    GITLAB_API_URL: `${mockServer.getUrl()}/api/v4`,
+                    GITLAB_PERSONAL_ACCESS_TOKEN: MOCK_TOKEN_DEFAULT,
+                    REMOTE_AUTHORIZATION: "false",
+                    ENABLE_DYNAMIC_API_URL: "false",
+                    GITLAB_TOKEN_TEST: MOCK_TOKEN_DEFAULT,
+                },
+            });
+            mcpUrl = `http://${HOST}:${mcpPort}/mcp`;
+        });
+        after(async () => {
+            if (originalProjectId) {
+                process.env.TEST_PROJECT_ID = originalProjectId;
+            }
+            else {
+                delete process.env.TEST_PROJECT_ID;
+            }
+            if (mcpServer)
+                mcpServer.kill();
+            if (mockServer)
+                await mockServer.stop();
+        });
+        test('should ignore headers and use startup config', async () => {
+            mockServer.addMockHandler('get', '/projects/1', (req, res) => {
+                // index.ts uses Authorization header by default unless GITLAB_IS_OLD is set
+                assert.strictEqual(req.headers['authorization'], `Bearer ${MOCK_TOKEN_DEFAULT}`);
+                res.json({ id: 1, default_branch: 'main' });
+            });
+            const client = new CustomHeaderClient({
+                headers: {
+                    'authorization': `Bearer ${MOCK_TOKEN_HEADER}`, // This should be ignored
+                    'X-GitLab-API-URL': 'http://localhost:9999/api/v4', // This should be ignored
+                }
+            });
+            await client.connect(mcpUrl);
+            const result = await client.callTool('get_project', { project_id: "1" });
+            assert.ok(result, 'Should get a result from the tool call');
+            await client.disconnect();
+        });
+    });
+    // Scenario 2: remote=on, dynamic=off
+    describe('Scenario 2: Remote Auth ON, Dynamic URL OFF', () => {
+        let mcpServer;
+        let mcpUrl;
+        let mockServer;
+        before(async () => {
+            const mockPort = await findMockServerPort(9022);
+            mockServer = new MockGitLabServer({ port: mockPort, validTokens: [MOCK_TOKEN_HEADER] });
+            await mockServer.start();
+            const mcpPort = await findAvailablePort(3022);
+            mcpServer = await launchServer({
+                mode: TransportMode.STREAMABLE_HTTP,
+                port: mcpPort,
+                env: {
+                    GITLAB_API_URL: `${mockServer.getUrl()}/api/v4`,
+                    REMOTE_AUTHORIZATION: "true",
+                    ENABLE_DYNAMIC_API_URL: "false",
+                },
+            });
+            mcpUrl = `http://${HOST}:${mcpPort}/mcp`;
+        });
+        after(async () => {
+            if (mcpServer)
+                mcpServer.kill();
+            if (mockServer)
+                await mockServer.stop();
+        });
+        test('should use token from header and ignore dynamic URL', async () => {
+            mockServer.addMockHandler('get', '/projects/1', (req, res) => {
+                assert.strictEqual(req.headers['authorization'], `Bearer ${MOCK_TOKEN_HEADER}`);
+                res.json({ id: 1, default_branch: 'main' });
+            });
+            const client = new CustomHeaderClient({
+                headers: {
+                    'authorization': `Bearer ${MOCK_TOKEN_HEADER}`,
+                    'X-GitLab-API-URL': 'http://localhost:9999/api/v4', // This should be ignored
+                }
+            });
+            await client.connect(mcpUrl);
+            const result = await client.callTool('get_project', { project_id: "1" });
+            assert.ok(result, 'Should get a result from the tool call');
+            await client.disconnect();
+        });
+    });
+    // Scenario 3: remote=off, dynamic=on - should be an error
+    describe('Scenario 3: Remote Auth OFF, Dynamic URL ON (Error Case)', () => {
+        test('should fail to start with an error', async () => {
+            await assert.rejects(launchServer({
+                mode: TransportMode.STREAMABLE_HTTP,
+                port: await findAvailablePort(3023),
+                env: {
+                    REMOTE_AUTHORIZATION: "false",
+                    ENABLE_DYNAMIC_API_URL: "true",
+                    GITLAB_TOKEN_TEST: "mock-token", // Required to bypass launcher check
+                },
+            }), (err) => {
+                // The server process exits with code 1, which launchServer catches and throws as a generic error
+                // We can't easily see the stderr output here without modifying launchServer,
+                // so we accept the exit code 1 error as success for this negative test.
+                return err.message.includes('Server process exited with code 1');
+            });
+        });
+    });
+    // Scenario 4: remote=on, dynamic=on
+    describe('Scenario 4: Remote Auth ON, Dynamic URL ON', () => {
+        let mcpServer;
+        let mcpUrl;
+        let defaultMockServer;
+        let headerMockServer;
+        before(async () => {
+            const defaultPort = await findMockServerPort(9024);
+            defaultMockServer = new MockGitLabServer({ port: defaultPort, validTokens: [MOCK_TOKEN_DEFAULT, MOCK_TOKEN_HEADER] });
+            await defaultMockServer.start();
+            const headerPort = await findMockServerPort(9025);
+            headerMockServer = new MockGitLabServer({ port: headerPort, validTokens: [MOCK_TOKEN_DEFAULT, MOCK_TOKEN_HEADER] });
+            await headerMockServer.start();
+            const mcpPort = await findAvailablePort(3024);
+            mcpServer = await launchServer({
+                mode: TransportMode.STREAMABLE_HTTP,
+                port: mcpPort,
+                env: {
+                    GITLAB_API_URL: `${defaultMockServer.getUrl()}/api/v4`,
+                    GITLAB_PERSONAL_ACCESS_TOKEN: MOCK_TOKEN_DEFAULT,
+                    REMOTE_AUTHORIZATION: "true",
+                    ENABLE_DYNAMIC_API_URL: "true",
+                },
+            });
+            mcpUrl = `http://${HOST}:${mcpPort}/mcp`;
+        });
+        after(async () => {
+            if (mcpServer)
+                mcpServer.kill();
+            if (defaultMockServer)
+                await defaultMockServer.stop();
+            if (headerMockServer)
+                await headerMockServer.stop();
+        });
+        test('should use default URL and token when no headers are provided', async () => {
+            defaultMockServer.addMockHandler('get', '/projects/1', (req, res) => {
+                assert.strictEqual(req.headers['private-token'], MOCK_TOKEN_DEFAULT);
+                res.json(createMockProject(1, 'default-server'));
+            });
+            const client = new CustomHeaderClient({ headers: { 'private-token': MOCK_TOKEN_DEFAULT } });
+            await client.connect(mcpUrl);
+            const result = await client.callTool('get_project', { project_id: "1" });
+            const resultContent = JSON.parse(result.content[0].text);
+            assert.strictEqual(resultContent.description, 'default-server');
+            await client.disconnect();
+        });
+        test('should use custom URL from header and default token', async () => {
+            headerMockServer.addMockHandler('get', '/projects/2', (req, res) => {
+                assert.strictEqual(req.headers['private-token'], MOCK_TOKEN_DEFAULT);
+                res.json(createMockProject(2, 'header-server'));
+            });
+            const client = new CustomHeaderClient({
+                headers: {
+                    'private-token': MOCK_TOKEN_DEFAULT,
+                    'X-GitLab-API-URL': `${headerMockServer.getUrl()}/api/v4`,
+                }
+            });
+            await client.connect(mcpUrl);
+            const result = await client.callTool('get_project', { project_id: "2" });
+            const resultContent = JSON.parse(result.content[0].text);
+            assert.strictEqual(resultContent.description, 'header-server');
+            await client.disconnect();
+        });
+        test('should use custom URL and token from headers', async () => {
+            headerMockServer.addMockHandler('get', '/projects/3', (req, res) => {
+                assert.strictEqual(req.headers['authorization'], `Bearer ${MOCK_TOKEN_HEADER}`);
+                res.json(createMockProject(3, 'header-server-with-header-token'));
+            });
+            const client = new CustomHeaderClient({
+                headers: {
+                    'authorization': `Bearer ${MOCK_TOKEN_HEADER}`,
+                    'X-GitLab-API-URL': `${headerMockServer.getUrl()}/api/v4`,
+                }
+            });
+            await client.connect(mcpUrl);
+            const result = await client.callTool('get_project', { project_id: "3" });
+            const resultContent = JSON.parse(result.content[0].text);
+            assert.strictEqual(resultContent.description, 'header-server-with-header-token');
+            await client.disconnect();
+        });
+        test('should work with multiple tool calls', async () => {
+            const client = new CustomHeaderClient({
+                headers: {
+                    'authorization': `Bearer ${MOCK_TOKEN_HEADER}`,
+                    'X-GitLab-API-URL': `${headerMockServer.getUrl()}/api/v4`,
+                }
+            });
+            await client.connect(mcpUrl);
+            await validateToolCalls(client, headerMockServer, MOCK_TOKEN_HEADER);
+            await client.disconnect();
+        });
+    });
+});
+// Helper functions to create schema-compliant mock objects
+function createMockUser() {
+    return {
+        id: 1,
+        username: 'mock_user',
+        name: 'Mock User',
+        state: 'active',
+        avatar_url: 'https://example.com/avatar.png',
+        web_url: 'https://example.com/mock_user'
+    };
+}
+function createMockProject(id, description = 'Mock Project') {
+    return {
+        id,
+        name: `Project ${id}`,
+        path_with_namespace: `group/project-${id}`,
+        description,
+        visibility: 'private',
+        web_url: `https://gitlab.example.com/group/project-${id}`,
+        created_at: '2024-01-01T00:00:00Z',
+        last_activity_at: '2024-01-01T00:00:00Z',
+        default_branch: 'main',
+        namespace: {
+            id: 1,
+            name: 'Group',
+            path: 'group',
+            kind: 'group',
+            full_path: 'group',
+            web_url: 'https://gitlab.example.com/group'
+        }
+    };
+}
+function createMockIssue(id, projectId) {
+    return {
+        id,
+        iid: id,
+        project_id: projectId,
+        title: `Issue ${id}`,
+        description: 'Description',
+        state: 'opened',
+        created_at: '2024-01-01T00:00:00Z',
+        updated_at: '2024-01-01T00:00:00Z',
+        closed_at: null,
+        web_url: `https://gitlab.example.com/group/project-${projectId}/issues/${id}`,
+        author: createMockUser(),
+        assignees: [],
+        labels: [],
+        milestone: null,
+        user_notes_count: 0,
+        upvotes: 0,
+        downvotes: 0,
+        confidential: false
+    };
+}
+function createMockMergeRequest(id, projectId) {
+    return {
+        id,
+        iid: id,
+        project_id: projectId,
+        title: `MR ${id}`,
+        description: 'Description',
+        state: 'opened',
+        created_at: '2024-01-01T00:00:00Z',
+        updated_at: '2024-01-01T00:00:00Z',
+        merged_at: null,
+        closed_at: null,
+        merge_commit_sha: null,
+        web_url: `https://gitlab.example.com/group/project-${projectId}/merge_requests/${id}`,
+        author: createMockUser(),
+        source_branch: 'feature',
+        target_branch: 'main',
+        draft: false,
+        work_in_progress: false,
+        merge_status: 'can_be_merged'
+    };
+}
+function createMockPipeline(id, projectId) {
+    return {
+        id,
+        project_id: projectId,
+        sha: 'sha123',
+        ref: 'main',
+        status: 'success',
+        created_at: '2024-01-01T00:00:00Z',
+        updated_at: '2024-01-01T00:00:00Z',
+        web_url: `https://gitlab.example.com/group/project-${projectId}/pipelines/${id}`,
+        user: createMockUser()
+    };
+}
+function createMockCommit(id) {
+    return {
+        id,
+        short_id: id.substring(0, 8),
+        title: 'Commit message',
+        author_name: 'Mock User',
+        author_email: 'mock@example.com',
+        authored_date: '2024-01-01T00:00:00Z',
+        committer_name: 'Mock User',
+        committer_email: 'mock@example.com',
+        committed_date: '2024-01-01T00:00:00Z',
+        message: 'Commit message',
+        parent_ids: [],
+        web_url: `https://gitlab.example.com/commit/${id}`
+    };
+}
+function createMockLabel(id) {
+    return {
+        id,
+        name: `Label ${id}`,
+        color: '#FF0000',
+        text_color: '#FFFFFF',
+        description: 'Label description',
+        open_issues_count: 0,
+        closed_issues_count: 0,
+        open_merge_requests_count: 0,
+        subscribed: false,
+        priority: null,
+        is_project_label: true
+    };
+}
+function createMockTreeItem(id) {
+    return {
+        id,
+        name: 'file.txt',
+        type: 'blob',
+        path: 'file.txt',
+        mode: '100644'
+    };
+}
+async function validateToolCalls(client, mockServer, expectedToken) {
+    const toolsToTest = [
+        { name: 'get_project', params: { project_id: '1' } },
+        { name: 'list_issues', params: { project_id: '1' } },
+        { name: 'get_merge_request', params: { project_id: '1', merge_request_iid: '1' } },
+        { name: 'list_merge_requests', params: { project_id: '1' } },
+        { name: 'get_repository_tree', params: { project_id: '1' } },
+        { name: 'list_labels', params: { project_id: '1' } },
+        { name: 'list_pipelines', params: { project_id: '1' } },
+        { name: 'list_commits', params: { project_id: '1' } },
+    ];
+    for (const tool of toolsToTest) {
+        mockServer.clearCustomHandlers();
+        let mockPath = '';
+        let mockResponse;
+        switch (tool.name) {
+            case 'get_project':
+                mockPath = '/projects/1';
+                mockResponse = createMockProject(1, 'mock-response');
+                break;
+            case 'list_issues':
+                mockPath = '/projects/1/issues';
+                mockResponse = [createMockIssue(1, 1)];
+                break;
+            case 'get_merge_request':
+                mockPath = '/projects/1/merge_requests/1';
+                mockResponse = createMockMergeRequest(1, 1);
+                break;
+            case 'list_merge_requests':
+                mockPath = '/projects/1/merge_requests';
+                mockResponse = [createMockMergeRequest(1, 1)];
+                break;
+            case 'get_repository_tree':
+                mockPath = '/projects/1/repository/tree';
+                mockResponse = [createMockTreeItem('blob1')];
+                break;
+            case 'list_labels':
+                mockPath = '/projects/1/labels';
+                mockResponse = [createMockLabel(1)];
+                break;
+            case 'list_pipelines':
+                mockPath = '/projects/1/pipelines';
+                mockResponse = [createMockPipeline(1, 1)];
+                break;
+            case 'list_commits':
+                mockPath = '/projects/1/repository/commits';
+                mockResponse = [createMockCommit('sha1')];
+                break;
+            default:
+                throw new Error(`Unknown tool: ${tool.name}`);
+        }
+        mockServer.addMockHandler('get', mockPath, (req, res) => {
+            if (req.headers['authorization']) {
+                assert.strictEqual(req.headers['authorization'], `Bearer ${expectedToken}`);
+            }
+            else {
+                assert.strictEqual(req.headers['private-token'], expectedToken);
+            }
+            res.json(mockResponse);
+        });
+        const result = await client.callTool(tool.name, tool.params);
+        const resultContent = JSON.parse(result.content[0].text);
+        // Basic validation that we got the expected object back
+        if (Array.isArray(mockResponse)) {
+            assert.ok(Array.isArray(resultContent));
+            assert.strictEqual(resultContent.length, mockResponse.length);
+            // Check ID of first item
+            if (resultContent[0].id) {
+                assert.strictEqual(String(resultContent[0].id), String(mockResponse[0].id));
+            }
+        }
+        else {
+            assert.strictEqual(String(resultContent.id), String(mockResponse.id));
+            if (tool.name === 'get_project') {
+                assert.strictEqual(resultContent.description, 'mock-response');
+            }
+        }
+    }
+}

package/build/test/multi-server-test.js ADDED Viewed

@@ -0,0 +1,182 @@
+import { describe, test, after, before } from 'node:test';
+import assert from 'node:assert';
+import { launchServer, findAvailablePort, TransportMode, HOST } from './utils/server-launcher.js';
+import { MockGitLabServer, findMockServerPort } from './utils/mock-gitlab-server.js';
+import { CustomHeaderClient } from './clients/custom-header-client.js';
+const MOCK_TOKEN = 'glpat-mock-token-12345';
+const project1 = {
+    id: 1,
+    name: "ProjectFromServer1",
+    description: "Mock project from server 1",
+    path_with_namespace: "group1/project1",
+    web_url: "http://mock.gitlab/group1/project1",
+    default_branch: "main",
+    visibility: "private",
+    path: "project1",
+    created_at: new Date().toISOString(),
+    namespace: {
+        id: 1,
+        name: "group1",
+        path: "group1",
+        kind: "group",
+        full_path: "group1",
+    },
+};
+const project2 = {
+    id: 2,
+    name: "ProjectFromServer2",
+    description: "Mock project from server 2",
+    path_with_namespace: "group2/project2",
+    web_url: "http://mock.gitlab/group2/project2",
+    default_branch: "main",
+    visibility: "private",
+    path: "project2",
+    created_at: new Date().toISOString(),
+    namespace: {
+        id: 2,
+        name: "group2",
+        path: "group2",
+        kind: "group",
+        full_path: "group2",
+    },
+};
+describe("Single Client Mode (ENABLE_DYNAMIC_API_URL=false)", () => {
+    let mcpServer;
+    let mcpUrl;
+    let mockServer1;
+    before(async () => {
+        const mockPort = await findMockServerPort(9001);
+        mockServer1 = new MockGitLabServer({ port: mockPort, validTokens: [MOCK_TOKEN] });
+        mockServer1.addMockHandler('get', '/projects/1', (req, res) => { res.json(project1); });
+        await mockServer1.start();
+        const mcpPort = await findAvailablePort(3002);
+        mcpServer = await launchServer({
+            mode: TransportMode.STREAMABLE_HTTP,
+            port: mcpPort,
+            env: {
+                GITLAB_API_URL: `${mockServer1.getUrl()}/api/v4`,
+                ENABLE_DYNAMIC_API_URL: "false",
+                REMOTE_AUTHORIZATION: "true",
+            },
+        });
+        mcpUrl = `http://${HOST}:${mcpPort}/mcp`;
+    });
+    after(async () => {
+        if (mcpServer)
+            mcpServer.kill();
+        if (mockServer1)
+            await mockServer1.stop();
+    });
+    test("should use the default server when no header is provided", async () => {
+        const client = new CustomHeaderClient({ headers: { 'authorization': `Bearer ${MOCK_TOKEN}` } });
+        await client.connect(mcpUrl);
+        const result = await client.callTool('get_project', { project_id: "1" });
+        if (result.content[0].type === 'text') {
+            const textContent = JSON.parse(result.content[0].text);
+            assert.deepStrictEqual(textContent, project1);
+        }
+        else {
+            assert.fail('Expected text content from tool call');
+        }
+        await client.disconnect();
+    });
+    test("should IGNORE the custom header and still use the default server", async () => {
+        const client = new CustomHeaderClient({
+            headers: {
+                'authorization': `Bearer ${MOCK_TOKEN}`,
+                'X-GitLab-API-URL': `http://localhost:9999/api/v4`,
+            }
+        });
+        await client.connect(mcpUrl);
+        const result = await client.callTool('get_project', { project_id: "1" });
+        if (result.content[0].type === 'text') {
+            const textContent = JSON.parse(result.content[0].text);
+            assert.deepStrictEqual(textContent, project1);
+        }
+        else {
+            assert.fail('Expected text content from tool call');
+        }
+        await client.disconnect();
+    });
+});
+describe("Dynamic Client Mode (ENABLE_DYNAMIC_API_URL=true)", () => {
+    let mcpServer;
+    let mcpUrl;
+    let mockServer1;
+    let mockServer2;
+    before(async () => {
+        const port1 = await findMockServerPort(9011);
+        const port2 = await findMockServerPort(9012);
+        mockServer1 = new MockGitLabServer({ port: port1, validTokens: [MOCK_TOKEN] });
+        mockServer2 = new MockGitLabServer({ port: port2, validTokens: [MOCK_TOKEN] });
+        mockServer1.addMockHandler('get', '/projects/1', (req, res) => { res.json(project1); });
+        mockServer2.addMockHandler('get', '/projects/2', (req, res) => { res.json(project2); });
+        await mockServer1.start();
+        await mockServer2.start();
+        const mcpPort = await findAvailablePort(3012);
+        mcpServer = await launchServer({
+            mode: TransportMode.STREAMABLE_HTTP,
+            port: mcpPort,
+            env: {
+                GITLAB_API_URL: `${mockServer1.getUrl()}/api/v4,${mockServer2.getUrl()}/api/v4`,
+                ENABLE_DYNAMIC_API_URL: "true",
+                REMOTE_AUTHORIZATION: "true",
+            },
+        });
+        mcpUrl = `http://${HOST}:${mcpPort}/mcp`;
+    });
+    after(async () => {
+        if (mcpServer)
+            mcpServer.kill();
+        if (mockServer1)
+            await mockServer1.stop();
+        if (mockServer2)
+            await mockServer2.stop();
+    });
+    test("should use the default server (first in list) when no header is provided", async () => {
+        const client = new CustomHeaderClient({ headers: { 'authorization': `Bearer ${MOCK_TOKEN}` } });
+        await client.connect(mcpUrl);
+        const result = await client.callTool('get_project', { project_id: "1" });
+        if (result.content[0].type === 'text') {
+            const textContent = JSON.parse(result.content[0].text);
+            assert.deepStrictEqual(textContent, project1);
+        }
+        else {
+            assert.fail('Expected text content from tool call');
+        }
+        await client.disconnect();
+    });
+    test("should switch to the second server when the header is provided", async () => {
+        const client = new CustomHeaderClient({
+            headers: {
+                'authorization': `Bearer ${MOCK_TOKEN}`,
+                'X-GitLab-API-URL': `${mockServer2.getUrl()}/api/v4`,
+            }
+        });
+        await client.connect(mcpUrl);
+        const result = await client.callTool('get_project', { project_id: "2" });
+        if (result.content[0].type === 'text') {
+            const textContent = JSON.parse(result.content[0].text);
+            assert.deepStrictEqual(textContent, project2);
+        }
+        else {
+            assert.fail('Expected text content from tool call');
+        }
+        await client.disconnect();
+    });
+    test("should default to the first server if the header contains a non-whitelisted URL", async () => {
+        const client = new CustomHeaderClient({
+            headers: {
+                'authorization': `Bearer ${MOCK_TOKEN}`,
+                'X-GitLab-API-URL': 'http://localhost:9999/api/v4',
+            }
+        });
+        // This call should fail at the MCP client level because the server will reject the auth
+        await assert.rejects(async () => {
+            await client.connect(mcpUrl);
+        }, (err) => {
+            assert.match(err.message, /Failed to connect/);
+            return true;
+        });
+    });
+});

package/build/test/remote-auth-simple-test.js CHANGED Viewed

@@ -165,6 +165,8 @@ describe('Remote Authorization - Session Timeout', () => {
         console.log('  ✓ Session remained active with periodic requests');
     });
     test('session timeout expiration - inactivity expires auth', async () => {
+        // Add a small delay to ensure server is ready/clean from previous test
+        await new Promise(resolve => setTimeout(resolve, 1000));
         // Step 1: Connect WITH auth header to establish session
         const clientWithAuth = new CustomHeaderClient({
             'authorization': `Bearer ${MOCK_TOKEN}`