@zereight/mcp-gitlab 2.0.23 → 2.0.25

package/README.md

@@ -10,7 +10,7 @@ GitLab MCP(Model Context Protocol) Server. **Includes bug fixes and improvements
 
 ## Usage
 
-### Using with Claude App, Cline, Roo Code, Cursor, Kilo Code
+### Using with Claude Code, Codex, Antigravity, OpenCode, Copilot, Cline, Roo Code, Cursor, Kilo Code, Amp Code
 
 When using with the Claude App, you need to set up your API key and URLs directly.
 
@@ -545,6 +545,9 @@ The token is stored per session (identified by `mcp-session-id` header) and reus
 93. `delete_release` - Delete a release from a GitLab project (does not delete the associated tag)
 94. `create_release_evidence` - Create release evidence for an existing release (GitLab Premium/Ultimate only)
 95. `download_release_asset` - Download a release asset file by direct asset path
+96. `approve_merge_request` - Approve a merge request (requires appropriate permissions)
+97. `unapprove_merge_request` - Unapprove a previously approved merge request
+98. `get_merge_request_approval_state` - Get the approval state of a merge request including approval rules and who has approved
 <!-- TOOLS-END -->
 
 </details>

package/build/index.js

@@ -26,6 +26,7 @@ import { AsyncLocalStorage } from "node:async_hooks";
 import express from "express";
 import fetchCookie from "fetch-cookie";
 import fs from "node:fs";
+import os from "node:os";
 import { HttpProxyAgent } from "http-proxy-agent";
 import { HttpsProxyAgent } from "https-proxy-agent";
 import nodeFetch from "node-fetch";
@@ -49,7 +50,7 @@ GitLabDiscussionNoteSchema, // Added
 GitLabDiscussionSchema, 
 // Draft Notes Schemas
 GitLabDraftNoteSchema, GitLabForkSchema, GitLabIssueLinkSchema, GitLabIssueSchema, GitLabIssueWithLinkDetailsSchema, GitLabMarkdownUploadSchema, GitLabMergeRequestSchema, GitLabMilestonesSchema, GitLabNamespaceExistsResponseSchema, GitLabNamespaceSchema, GitLabPipelineJobSchema, GitLabPipelineSchema, GitLabPipelineTriggerJobSchema, GitLabProjectMemberSchema, GitLabProjectSchema, GitLabReferenceSchema, GitLabRepositorySchema, GitLabSearchResponseSchema, GitLabTreeItemSchema, GitLabTreeSchema, GitLabUserSchema, GitLabUsersResponseSchema, GitLabWikiPageSchema, GroupIteration, ListCommitsSchema, ListDraftNotesSchema, ListGroupIterationsSchema, ListGroupProjectsSchema, ListIssueDiscussionsSchema, ListIssueLinksSchema, ListIssuesSchema, ListLabelsSchema, ListMergeRequestDiffsSchema, // Added
-ListMergeRequestDiscussionsSchema, ListMergeRequestsSchema, ListMergeRequestVersionsSchema, GetMergeRequestVersionSchema, GitLabMergeRequestVersionSchema, GitLabMergeRequestVersionDetailSchema, ListNamespacesSchema, ListPipelineJobsSchema, ListPipelinesSchema, ListPipelineTriggerJobsSchema, ListProjectMembersSchema, ListProjectMilestonesSchema, ListProjectsSchema, ListWikiPagesSchema, MarkdownUploadSchema, DownloadAttachmentSchema, MergeMergeRequestSchema, MyIssuesSchema, PaginatedDiscussionsResponseSchema, PromoteProjectMilestoneSchema, PublishDraftNoteSchema, PlayPipelineJobSchema, PushFilesSchema, RetryPipelineJobSchema, RetryPipelineSchema, SearchRepositoriesSchema, UpdateDraftNoteSchema, UpdateIssueNoteSchema, UpdateIssueSchema, UpdateLabelSchema, UpdateMergeRequestNoteSchema, UpdateMergeRequestDiscussionNoteSchema, UpdateMergeRequestSchema, UpdateWikiPageSchema, VerifyNamespaceSchema, GitLabEventSchema, ListEventsSchema, GetProjectEventsSchema, ExecuteGraphQLSchema, GitLabReleaseSchema, ListReleasesSchema, GetReleaseSchema, CreateReleaseSchema, UpdateReleaseSchema, DeleteReleaseSchema, CreateReleaseEvidenceSchema, DownloadReleaseAssetSchema, GetMergeRequestNotesSchema, GetMergeRequestNoteSchema, DeleteMergeRequestDiscussionNoteSchema, ResolveMergeRequestThreadSchema, } from "./schemas.js";
+ListMergeRequestDiscussionsSchema, ListMergeRequestsSchema, ListMergeRequestVersionsSchema, GetMergeRequestVersionSchema, GitLabMergeRequestVersionSchema, GitLabMergeRequestVersionDetailSchema, ListNamespacesSchema, ListPipelineJobsSchema, ListPipelinesSchema, ListPipelineTriggerJobsSchema, ListProjectMembersSchema, ListProjectMilestonesSchema, ListProjectsSchema, ListWikiPagesSchema, MarkdownUploadSchema, DownloadAttachmentSchema, MergeMergeRequestSchema, ApproveMergeRequestSchema, UnapproveMergeRequestSchema, GetMergeRequestApprovalStateSchema, GitLabMergeRequestApprovalStateSchema, MyIssuesSchema, PaginatedDiscussionsResponseSchema, PromoteProjectMilestoneSchema, PublishDraftNoteSchema, PlayPipelineJobSchema, PushFilesSchema, RetryPipelineJobSchema, RetryPipelineSchema, SearchRepositoriesSchema, UpdateDraftNoteSchema, UpdateIssueNoteSchema, UpdateIssueSchema, UpdateLabelSchema, UpdateMergeRequestNoteSchema, UpdateMergeRequestDiscussionNoteSchema, UpdateMergeRequestSchema, UpdateWikiPageSchema, VerifyNamespaceSchema, GitLabEventSchema, ListEventsSchema, GetProjectEventsSchema, ExecuteGraphQLSchema, GitLabReleaseSchema, ListReleasesSchema, GetReleaseSchema, CreateReleaseSchema, UpdateReleaseSchema, DeleteReleaseSchema, CreateReleaseEvidenceSchema, DownloadReleaseAssetSchema, GetMergeRequestNotesSchema, GetMergeRequestNoteSchema, DeleteMergeRequestDiscussionNoteSchema, ResolveMergeRequestThreadSchema, } from "./schemas.js";
 import { randomUUID } from "node:crypto";
 import { pino } from "pino";
 const logger = pino({
@@ -236,77 +237,113 @@ const clientPool = new GitLabClientPool({
     poolMaxSize: GITLAB_POOL_MAX_SIZE,
 });
 // Create cookie jar with clean Netscape file parsing
-const createCookieJar = () => {
-    if (!GITLAB_AUTH_COOKIE_PATH)
+// Resolve cookie path once using os.homedir() for cross-platform support
+const resolvedCookiePath = GITLAB_AUTH_COOKIE_PATH
+    ? GITLAB_AUTH_COOKIE_PATH.startsWith("~/")
+        ? path.join(os.homedir(), GITLAB_AUTH_COOKIE_PATH.slice(2))
+        : GITLAB_AUTH_COOKIE_PATH
+    : null;
+const createCookieJar = async () => {
+    if (!resolvedCookiePath)
         return null;
+    let cookieContent;
     try {
-        const cookiePath = GITLAB_AUTH_COOKIE_PATH.startsWith("~/")
-            ? path.join(process.env.HOME || "", GITLAB_AUTH_COOKIE_PATH.slice(2))
-            : GITLAB_AUTH_COOKIE_PATH;
-        const jar = new CookieJar();
-        const cookieContent = fs.readFileSync(cookiePath, "utf8");
-        cookieContent.split("\n").forEach(line => {
-            // Handle #HttpOnly_ prefix
-            if (line.startsWith("#HttpOnly_")) {
-                line = line.slice(10);
-            }
-            // Skip comments and empty lines
-            if (line.startsWith("#") || !line.trim()) {
-                return;
-            }
-            // Parse Netscape format: domain, flag, path, secure, expires, name, value
-            const parts = line.split("\t");
-            if (parts.length >= 7) {
-                const [domain, , path, secure, expires, name, value] = parts;
-                // Build cookie string in standard format
-                const secureFlag = secure === "TRUE" ? "; Secure" : "";
-                const expiresFlag = expires === "0"
-                    ? ""
-                    : `; Expires=${new Date(Number.parseInt(expires, 10) * 1000).toUTCString()}`;
-                const cookieStr = `${name}=${value}; Domain=${domain}; Path=${path}${secureFlag}${expiresFlag}`;
-                // Use tough-cookie's parse function for robust parsing
-                const cookie = parseCookie(cookieStr);
-                if (cookie) {
-                    const url = `${secure === "TRUE" ? "https" : "http"}://${domain.startsWith(".") ? domain.slice(1) : domain}`;
-                    jar.setCookieSync(cookie, url);
-                }
-            }
-        });
-        return jar;
+        cookieContent = await fs.promises.readFile(resolvedCookiePath, "utf8");
     }
     catch (error) {
-        logger.error("Error loading cookie file:", error);
+        logger.error({ error, path: resolvedCookiePath }, "Failed to read cookie file");
         return null;
     }
+    const jar = new CookieJar();
+    for (let line of cookieContent.split("\n")) {
+        // Handle #HttpOnly_ prefix
+        if (line.startsWith("#HttpOnly_")) {
+            line = line.slice(10);
+        }
+        // Skip comments and empty lines
+        if (line.startsWith("#") || !line.trim()) {
+            continue;
+        }
+        // Parse Netscape format: domain, flag, path, secure, expires, name, value
+        const parts = line.split("\t");
+        if (parts.length >= 7) {
+            const [domain, , cookiePath, secure, expires, name, value] = parts;
+            // Build cookie string in standard format
+            const secureFlag = secure === "TRUE" ? "; Secure" : "";
+            const expiresFlag = expires === "0"
+                ? ""
+                : `; Expires=${new Date(Number.parseInt(expires, 10) * 1000).toUTCString()}`;
+            const cookieStr = `${name}=${value}; Domain=${domain}; Path=${cookiePath}${secureFlag}${expiresFlag}`;
+            // Use tough-cookie's parse function for robust parsing
+            const cookie = parseCookie(cookieStr);
+            if (cookie) {
+                const url = `${secure === "TRUE" ? "https" : "http"}://${domain.startsWith(".") ? domain.slice(1) : domain}`;
+                jar.setCookieSync(cookie, url);
+            }
+        }
+    }
+    return jar;
 };
-// Initialize cookie jar and fetch
-const cookieJar = createCookieJar();
-const fetch = cookieJar ? fetchCookie(nodeFetch, cookieJar) : nodeFetch;
-// Ensure session is established for the current request
-async function ensureSessionForRequest() {
-    if (!cookieJar || !GITLAB_AUTH_COOKIE_PATH)
+// Cookie jar and fetch - reloaded when cookie file changes
+let cookieJar = null;
+let fetch = nodeFetch;
+let lastCookieMtime = 0;
+let cookieReloadLock = null; // Mutex to prevent parallel reloads
+// Auth proxies may redirect and set cookies on the first request. We make a throwaway
+// request so subsequent requests have the correct cookies. Reset when cookies reload.
+let initialSessionRequestMade = false;
+// Cookie jar is loaded on first request via reloadCookiesIfChanged (lastCookieMtime=0 triggers load)
+async function reloadCookiesIfChanged() {
+    if (!resolvedCookiePath)
         return;
-    // Extract the base URL from GITLAB_API_URL
-    const apiUrl = new URL(GITLAB_API_URL);
-    const baseUrl = `${apiUrl.protocol}//${apiUrl.hostname}`;
-    // Check if we already have GitLab session cookies
-    const gitlabCookies = cookieJar.getCookiesSync(baseUrl);
-    const hasSessionCookie = gitlabCookies.some(cookie => cookie.key === "_gitlab_session" || cookie.key === "remember_user_token");
-    if (!hasSessionCookie) {
+    if (cookieReloadLock)
+        return cookieReloadLock;
+    cookieReloadLock = (async () => {
         try {
-            // Establish session with a lightweight request
-            await fetch(`${GITLAB_API_URL}/user`, {
-                ...getFetchConfig(),
-                redirect: "follow",
-            }).catch(() => {
-                // Ignore errors - the important thing is that cookies get set during redirects
-            });
-            // Small delay to ensure cookies are fully processed
-            await new Promise(resolve => setTimeout(resolve, 100));
+            const mtime = (await fs.promises.stat(resolvedCookiePath)).mtimeMs;
+            if (mtime !== lastCookieMtime) {
+                logger.info({ oldMtime: lastCookieMtime, newMtime: mtime }, lastCookieMtime === 0 ? "Loading cookie file" : "Cookie file changed, reloading");
+                lastCookieMtime = mtime;
+                const newJar = await createCookieJar();
+                cookieJar = newJar;
+                fetch = newJar ? fetchCookie(nodeFetch, newJar) : nodeFetch;
+                initialSessionRequestMade = false;
+            }
         }
         catch {
-            // Intentionally ignored: session establishment errors are non-critical
+            // File deleted or inaccessible - clear cached cookies
+            if (cookieJar) {
+                logger.info("Cookie file removed, clearing cached cookies");
+                cookieJar = null;
+                fetch = nodeFetch;
+                lastCookieMtime = 0;
+                initialSessionRequestMade = false;
+            }
         }
+    })();
+    try {
+        await cookieReloadLock;
+    }
+    finally {
+        cookieReloadLock = null;
+    }
+}
+async function ensureSessionForRequest() {
+    if (!resolvedCookiePath)
+        return;
+    await reloadCookiesIfChanged();
+    if (!cookieJar || initialSessionRequestMade)
+        return;
+    try {
+        const response = await fetch(`${getEffectiveApiUrl()}/user`, {
+            ...getFetchConfig(),
+            redirect: "follow",
+        });
+        // 401 means auth failed but the request completed - cookies were still exchanged
+        initialSessionRequestMade = response.ok || response.status === 401;
+    }
+    catch {
+        logger.debug("Session warmup request failed, will retry on next request");
     }
 }
 const sessionAuthStore = new AsyncLocalStorage();
@@ -424,6 +461,21 @@ const allTools = [
         description: "Merge a merge request in a GitLab project",
         inputSchema: toJSONSchema(MergeMergeRequestSchema),
     },
+    {
+        name: "approve_merge_request",
+        description: "Approve a merge request. Requires appropriate permissions.",
+        inputSchema: toJSONSchema(ApproveMergeRequestSchema),
+    },
+    {
+        name: "unapprove_merge_request",
+        description: "Unapprove a previously approved merge request. Requires appropriate permissions.",
+        inputSchema: toJSONSchema(UnapproveMergeRequestSchema),
+    },
+    {
+        name: "get_merge_request_approval_state",
+        description: "Get the approval state of a merge request including approval rules and who has approved",
+        inputSchema: toJSONSchema(GetMergeRequestApprovalStateSchema),
+    },
     {
         name: "execute_graphql",
         description: "Execute a GitLab GraphQL query",
@@ -998,6 +1050,7 @@ const readOnlyTools = new Set([
     "list_releases",
     "get_release",
     "download_release_asset",
+    "get_merge_request_approval_state",
 ]);
 // Define which tools are related to wiki and can be toggled by USE_GITLAB_WIKI
 const wikiToolNames = new Set([
@@ -1762,7 +1815,7 @@ async function getMergeRequestNote(projectId, mergeRequestIid, noteId) {
     const data = await response.json();
     return GitLabDiscussionNoteSchema.parse(data);
 }
-async function getMergeRequestNotes(projectId, mergeRequestIid, sort, order_by) {
+async function getMergeRequestNotes(projectId, mergeRequestIid, sort, order_by, per_page, page) {
     projectId = decodeURIComponent(projectId); // Decode project ID
     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/notes`);
     if (sort) {
@@ -1771,6 +1824,12 @@ async function getMergeRequestNotes(projectId, mergeRequestIid, sort, order_by)
     if (order_by) {
         url.searchParams.append("order_by", order_by);
     }
+    if (per_page) {
+        url.searchParams.append("per_page", per_page.toString());
+    }
+    if (page) {
+        url.searchParams.append("page", page.toString());
+    }
     const response = await fetch(url.toString(), {
         ...getFetchConfig(),
         method: "GET",
@@ -2177,6 +2236,68 @@ async function mergeMergeRequest(projectId, options, mergeRequestIid) {
     await handleGitLabError(response);
     return GitLabMergeRequestSchema.parse(await response.json());
 }
+/**
+ * Approve a merge request
+ *
+ * @param {string} projectId - The ID or URL-encoded path of the project
+ * @param {string | number} mergeRequestIid - The internal ID of the merge request
+ * @param {string} sha - Optional SHA to approve (for validation that MR hasn't changed)
+ * @param {string} approvalPassword - Optional password for approvals requiring re-authentication
+ * @returns {Promise<GitLabMergeRequestApprovalState>} The approval state after approving
+ */
+async function approveMergeRequest(projectId, mergeRequestIid, sha, approvalPassword) {
+    projectId = decodeURIComponent(projectId);
+    const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/approve`);
+    const body = {};
+    if (sha) {
+        body.sha = sha;
+    }
+    if (approvalPassword) {
+        body.approval_password = approvalPassword;
+    }
+    const response = await fetch(url.toString(), {
+        ...getFetchConfig(),
+        method: "POST",
+        body: JSON.stringify(body),
+    });
+    await handleGitLabError(response);
+    return GitLabMergeRequestApprovalStateSchema.parse(await response.json());
+}
+/**
+ * Unapprove a previously approved merge request
+ *
+ * @param {string} projectId - The ID or URL-encoded path of the project
+ * @param {string | number} mergeRequestIid - The internal ID of the merge request
+ * @returns {Promise<GitLabMergeRequestApprovalState>} The approval state after unapproving
+ */
+async function unapproveMergeRequest(projectId, mergeRequestIid) {
+    projectId = decodeURIComponent(projectId);
+    const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/unapprove`);
+    const response = await fetch(url.toString(), {
+        ...getFetchConfig(),
+        method: "POST",
+        body: JSON.stringify({}),
+    });
+    await handleGitLabError(response);
+    return GitLabMergeRequestApprovalStateSchema.parse(await response.json());
+}
+/**
+ * Get the approval state of a merge request
+ *
+ * @param {string} projectId - The ID or URL-encoded path of the project
+ * @param {string | number} mergeRequestIid - The internal ID of the merge request
+ * @returns {Promise<GitLabMergeRequestApprovalState>} The approval state
+ */
+async function getMergeRequestApprovalState(projectId, mergeRequestIid) {
+    projectId = decodeURIComponent(projectId);
+    const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/approval_state`);
+    const response = await fetch(url.toString(), {
+        ...getFetchConfig(),
+        method: "GET",
+    });
+    await handleGitLabError(response);
+    return GitLabMergeRequestApprovalStateSchema.parse(await response.json());
+}
 /**
  * Create a new note (comment) on an issue or merge request
  * 📦 새로운 함수: createNote - 이슈 또는 병합 요청에 노트(댓글)를 추가하는 함수
@@ -3572,7 +3693,8 @@ async function myIssues(options = {}) {
 async function listProjectMembers(projectId, options = {}) {
     projectId = decodeURIComponent(projectId);
     const effectiveProjectId = getEffectiveProjectId(projectId);
-    const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(effectiveProjectId)}/members`);
+    const membersPath = options.include_inheritance ? "members/all" : "members";
+    const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(effectiveProjectId)}/${membersPath}`);
     // Add query parameters
     if (options.query)
         url.searchParams.append("query", options.query);
@@ -3924,6 +4046,37 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
     // Fallback for non-remote-auth mode or if session is not found
     return handleToolCall(request.params);
 });
+/**
+ * Filter diffs by excluded file patterns
+ * Safely handles invalid regex patterns by logging and ignoring them
+ *
+ * @param diffs - Array of diff objects with new_path property
+ * @param excludedFilePatterns - Array of regex patterns to exclude
+ * @returns Filtered array of diffs
+ */
+function filterDiffsByPatterns(diffs, excludedFilePatterns) {
+    if (!excludedFilePatterns?.length)
+        return diffs;
+    const regexPatterns = excludedFilePatterns
+        .map((pattern) => {
+        try {
+            return new RegExp(pattern);
+        }
+        catch (e) {
+            console.warn(`Invalid regex pattern ignored: ${pattern}`);
+            return null;
+        }
+    })
+        .filter((regex) => regex !== null);
+    if (regexPatterns.length === 0)
+        return diffs;
+    const matchesAnyPattern = (path) => {
+        if (!path)
+            return false;
+        return regexPatterns.some((regex) => regex.test(path));
+    };
+    return diffs.filter((diff) => !matchesAnyPattern(diff.new_path));
+}
 async function handleToolCall(params) {
     try {
         if (!params.arguments) {
@@ -4026,17 +4179,7 @@ async function handleToolCall(params) {
             case "get_branch_diffs": {
                 const args = GetBranchDiffsSchema.parse(params.arguments);
                 const diffResp = await getBranchDiffs(args.project_id, args.from, args.to, args.straight);
-                if (args.excluded_file_patterns?.length) {
-                    const regexPatterns = args.excluded_file_patterns.map(pattern => new RegExp(pattern));
-                    // Helper function to check if a path matches any regex pattern
-                    const matchesAnyPattern = (path) => {
-                        if (!path)
-                            return false;
-                        return regexPatterns.some(regex => regex.test(path));
-                    };
-                    // Filter out files that match any of the regex patterns on new files
-                    diffResp.diffs = diffResp.diffs.filter(diff => !matchesAnyPattern(diff.new_path));
-                }
+                diffResp.diffs = filterDiffsByPatterns(diffResp.diffs, args.excluded_file_patterns);
                 return {
                     content: [{ type: "text", text: JSON.stringify(diffResp, null, 2) }],
                 };
@@ -4142,7 +4285,7 @@ async function handleToolCall(params) {
             }
             case "get_merge_request_notes": {
                 const args = GetMergeRequestNotesSchema.parse(params.arguments);
-                const notes = await getMergeRequestNotes(args.project_id, args.merge_request_iid, args.sort, args.order_by);
+                const notes = await getMergeRequestNotes(args.project_id, args.merge_request_iid, args.sort, args.order_by, args.per_page, args.page);
                 return {
                     content: [{ type: "text", text: JSON.stringify(notes, null, 2) }],
                 };
@@ -4178,8 +4321,9 @@ async function handleToolCall(params) {
             case "get_merge_request_diffs": {
                 const args = GetMergeRequestDiffsSchema.parse(params.arguments);
                 const diffs = await getMergeRequestDiffs(args.project_id, args.merge_request_iid, args.source_branch, args.view);
+                const filteredDiffs = filterDiffsByPatterns(diffs, args.excluded_file_patterns);
                 return {
-                    content: [{ type: "text", text: JSON.stringify(diffs, null, 2) }],
+                    content: [{ type: "text", text: JSON.stringify(filteredDiffs, null, 2) }],
                 };
             }
             case "list_merge_request_diffs": {
@@ -4219,6 +4363,27 @@ async function handleToolCall(params) {
                     content: [{ type: "text", text: JSON.stringify(mergeRequest, null, 2) }],
                 };
             }
+            case "approve_merge_request": {
+                const args = ApproveMergeRequestSchema.parse(params.arguments);
+                const approvalState = await approveMergeRequest(args.project_id, args.merge_request_iid, args.sha, args.approval_password);
+                return {
+                    content: [{ type: "text", text: JSON.stringify(approvalState, null, 2) }],
+                };
+            }
+            case "unapprove_merge_request": {
+                const args = UnapproveMergeRequestSchema.parse(params.arguments);
+                const approvalState = await unapproveMergeRequest(args.project_id, args.merge_request_iid);
+                return {
+                    content: [{ type: "text", text: JSON.stringify(approvalState, null, 2) }],
+                };
+            }
+            case "get_merge_request_approval_state": {
+                const args = GetMergeRequestApprovalStateSchema.parse(params.arguments);
+                const approvalState = await getMergeRequestApprovalState(args.project_id, args.merge_request_iid);
+                return {
+                    content: [{ type: "text", text: JSON.stringify(approvalState, null, 2) }],
+                };
+            }
             case "mr_discussions": {
                 const args = ListMergeRequestDiscussionsSchema.parse(params.arguments);
                 const { project_id, merge_request_iid, ...options } = args;

package/build/schemas.js

@@ -856,6 +856,8 @@ export const GetMergeRequestNotesSchema = ProjectParamsSchema.extend({
     merge_request_iid: z.coerce.string().describe("The IID of a merge request"),
     sort: z.enum(["asc", "desc"]).optional().describe("The sort order of the notes"),
     order_by: z.enum(["created_at", "updated_at"]).optional().describe("The field to sort the notes by"),
+    per_page: z.coerce.number().optional().describe("Number of items per page"),
+    page: z.coerce.number().optional().describe("Page number for pagination"),
 });
 export const GetMergeRequestNoteSchema = ProjectParamsSchema.extend({
     merge_request_iid: z.coerce.string().describe("The IID of a merge request"),
@@ -1003,7 +1005,7 @@ export const GetBranchDiffsSchema = ProjectParamsSchema.extend({
     excluded_file_patterns: z
         .array(z.string())
         .optional()
-        .describe('Array of regex patterns to exclude files from the diff results. Each pattern is a JavaScript-compatible regular expression that matches file paths to ignore. Examples: ["^test/mocks/", "\\.spec\\.ts$", "package-lock\\.json"]'),
+        .describe('Array of regex patterns to exclude files from the diff results. Each pattern is a JavaScript-compatible regular expression that matches file paths to ignore. Examples: ["^vendor/", "^test/mocks/", "\\.spec\\.ts$", "package-lock\\.json"]'),
 });
 export const GetMergeRequestSchema = ProjectParamsSchema.extend({
     merge_request_iid: z.coerce.string().optional().describe("The IID of a merge request"),
@@ -1039,8 +1041,61 @@ export const MergeMergeRequestSchema = ProjectParamsSchema.extend({
     squash_commit_message: z.string().optional().describe("Custom squash commit message"),
     squash: z.boolean().optional().default(false).describe("Squash commits into a single commit when merging"),
 });
+// Merge Request Approval schemas
+export const ApproveMergeRequestSchema = ProjectParamsSchema.extend({
+    merge_request_iid: z.coerce.string().describe("The IID of the merge request to approve"),
+    sha: z.string().optional().describe("The HEAD of the merge request. Optional, but used to ensure the merge request hasn't changed since you last reviewed it"),
+    approval_password: z.string().optional().describe("Current user's password. Required if 'Require user re-authentication to approve' is enabled in the project settings"),
+});
+export const UnapproveMergeRequestSchema = ProjectParamsSchema.extend({
+    merge_request_iid: z.coerce.string().describe("The IID of the merge request to unapprove"),
+});
+// Merge Request Approval State response schema
+export const GitLabApprovalUserSchema = z.object({
+    id: z.coerce.string(),
+    username: z.string(),
+    name: z.string(),
+    state: z.string(),
+    avatar_url: z.string().nullable().optional(),
+    web_url: z.string(),
+});
+export const GitLabApprovalRuleSchema = z.object({
+    id: z.coerce.string(),
+    name: z.string(),
+    rule_type: z.string(),
+    eligible_approvers: z.array(GitLabApprovalUserSchema).optional(),
+    approvals_required: z.number(),
+    users: z.array(GitLabApprovalUserSchema).optional(),
+    groups: z.array(z.object({
+        id: z.coerce.string(),
+        name: z.string(),
+        path: z.string(),
+        full_path: z.string(),
+        avatar_url: z.string().nullable().optional(),
+        web_url: z.string(),
+    })).optional(),
+    contains_hidden_groups: z.boolean().optional(),
+    approved_by: z.array(GitLabApprovalUserSchema).optional(),
+    source_rule: z.object({
+        id: z.coerce.string().optional(),
+        name: z.string().optional(),
+        rule_type: z.string().optional(),
+    }).nullable().optional(),
+    approved: z.boolean().optional(),
+});
+export const GitLabMergeRequestApprovalStateSchema = z.object({
+    approval_rules_overwritten: z.boolean().optional(),
+    rules: z.array(GitLabApprovalRuleSchema).optional(),
+});
+export const GetMergeRequestApprovalStateSchema = ProjectParamsSchema.extend({
+    merge_request_iid: z.coerce.string().describe("The IID of the merge request"),
+});
 export const GetMergeRequestDiffsSchema = GetMergeRequestSchema.extend({
     view: z.enum(["inline", "parallel"]).optional().describe("Diff view type"),
+    excluded_file_patterns: z
+        .array(z.string())
+        .optional()
+        .describe('Array of regex patterns to exclude files from the diff results. Each pattern is a JavaScript-compatible regular expression that matches file paths to ignore. Examples: ["^vendor/", "^test/mocks/", "\\.spec\\.ts$", "package-lock\\.json"]'),
 });
 export const ListMergeRequestDiffsSchema = GetMergeRequestSchema.extend({
     page: z.number().optional().describe("Page number for pagination (default: 1)"),
@@ -1674,6 +1729,10 @@ export const ListProjectMembersSchema = z.object({
     query: z.string().optional().describe("Search for members by name or username"),
     user_ids: z.array(z.number()).optional().describe("Filter by user IDs"),
     skip_users: z.array(z.number()).optional().describe("User IDs to exclude"),
+    include_inheritance: z
+        .boolean()
+        .optional()
+        .describe("Include inherited members. Defaults to false."),
     per_page: z.number().optional().describe("Number of items per page (default: 20, max: 100)"),
     page: z.number().optional().describe("Page number for pagination (default: 1)"),
 });

package/build/test/test-list-project-members.js

@@ -0,0 +1,132 @@
+import { describe, test, before, after, beforeEach } from 'node:test';
+import assert from 'node:assert';
+import { spawn } from 'child_process';
+import { MockGitLabServer, findMockServerPort } from './utils/mock-gitlab-server.js';
+const MOCK_TOKEN = 'glpat-mock-token-12345';
+const TEST_PROJECT_ID = '123';
+const directMembers = [
+    {
+        id: 1,
+        username: 'direct-user',
+        name: 'Direct User',
+        state: 'active',
+        avatar_url: null,
+        web_url: 'https://gitlab.mock/users/1',
+        access_level: 30,
+        created_at: '2024-01-01T00:00:00Z'
+    }
+];
+const inheritedMembers = [
+    {
+        id: 2,
+        username: 'inherited-user',
+        name: 'Inherited User',
+        state: 'active',
+        avatar_url: null,
+        web_url: 'https://gitlab.mock/users/2',
+        access_level: 20,
+        created_at: '2024-01-02T00:00:00Z'
+    }
+];
+async function callListProjectMembers(args, env) {
+    return new Promise((resolve, reject) => {
+        const proc = spawn('node', ['build/index.js'], {
+            stdio: ['pipe', 'pipe', 'pipe'],
+            env: {
+                ...process.env,
+                ...env,
+                GITLAB_READ_ONLY_MODE: 'true'
+            }
+        });
+        let output = '';
+        let errorOutput = '';
+        proc.stdout?.on('data', d => output += d);
+        proc.stderr?.on('data', d => errorOutput += d);
+        proc.on('close', (code) => {
+            if (code !== 0)
+                return reject(new Error(`Process exited with code ${code}: ${errorOutput}`));
+            const line = output.split('\n').find(l => l.startsWith('{'));
+            if (!line)
+                return reject(new Error('No JSON output found'));
+            try {
+                const response = JSON.parse(line);
+                if (response.error) {
+                    reject(response.error);
+                }
+                else {
+                    const content = response.result?.content?.[0]?.text;
+                    if (content) {
+                        try {
+                            resolve(JSON.parse(content));
+                        }
+                        catch (e) {
+                            reject(new Error(`Failed to parse tool output JSON: ${content}`));
+                        }
+                    }
+                    else {
+                        resolve(response.result);
+                    }
+                }
+            }
+            catch (e) {
+                reject(e);
+            }
+        });
+        proc.stdin?.end(JSON.stringify({
+            jsonrpc: "2.0", id: 1, method: "tools/call",
+            params: { name: "list_project_members", arguments: args }
+        }) + '\n');
+    });
+}
+describe('list_project_members', () => {
+    let mockGitLab;
+    let mockGitLabUrl;
+    let directEndpointHit = false;
+    let inheritedEndpointHit = false;
+    before(async () => {
+        const mockPort = await findMockServerPort(9000);
+        mockGitLab = new MockGitLabServer({
+            port: mockPort,
+            validTokens: [MOCK_TOKEN]
+        });
+        await mockGitLab.start();
+        mockGitLabUrl = mockGitLab.getUrl();
+        mockGitLab.addMockHandler('get', `/projects/${TEST_PROJECT_ID}/members`, (req, res) => {
+            directEndpointHit = true;
+            res.json(directMembers);
+        });
+        mockGitLab.addMockHandler('get', `/projects/${TEST_PROJECT_ID}/members/all`, (req, res) => {
+            inheritedEndpointHit = true;
+            res.json([...directMembers, ...inheritedMembers]);
+        });
+    });
+    beforeEach(() => {
+        directEndpointHit = false;
+        inheritedEndpointHit = false;
+    });
+    after(async () => {
+        await mockGitLab.stop();
+    });
+    test('lists direct project members', async () => {
+        const members = await callListProjectMembers({ project_id: TEST_PROJECT_ID }, {
+            GITLAB_API_URL: `${mockGitLabUrl}/api/v4`,
+            GITLAB_PERSONAL_ACCESS_TOKEN: MOCK_TOKEN
+        });
+        assert.ok(Array.isArray(members), 'Response should be an array');
+        assert.strictEqual(members.length, 1, 'Should return direct members');
+        assert.strictEqual(members[0].username, 'direct-user');
+        assert.strictEqual(directEndpointHit, true, 'Direct members endpoint should be called');
+        assert.strictEqual(inheritedEndpointHit, false, 'Inherited members endpoint should not be called');
+    });
+    test('lists project members including inheritance', async () => {
+        const members = await callListProjectMembers({ project_id: TEST_PROJECT_ID, include_inheritance: true }, {
+            GITLAB_API_URL: `${mockGitLabUrl}/api/v4`,
+            GITLAB_PERSONAL_ACCESS_TOKEN: MOCK_TOKEN
+        });
+        assert.ok(Array.isArray(members), 'Response should be an array');
+        assert.strictEqual(members.length, 2, 'Should return inherited members');
+        assert.strictEqual(members[1].username, 'inherited-user');
+        assert.strictEqual(inheritedEndpointHit, true, 'Inherited members endpoint should be called');
+        assert.strictEqual(directEndpointHit, false, 'Direct members endpoint should not be called');
+    });
+});