@zereight/mcp-gitlab 2.0.28 → 2.0.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/README.md +45 -5
  2. package/build/index.js +974 -65
  3. package/build/oauth.js +16 -4
  4. package/build/schemas.js +504 -101
  5. package/build/test/schema-tests.js +311 -0
  6. package/build/test/test-deployment-tools.js +366 -0
  7. package/build/test/test-download-attachment.js +144 -0
  8. package/build/test/test-job-artifacts.js +194 -0
  9. package/build/test/test-merge-request-approval-state-tools.js +171 -0
  10. package/build/test/test-toolset-filtering.js +452 -0
  11. package/package.json +3 -2
package/README.md CHANGED
@@ -353,9 +353,49 @@ docker run -i --rm \
353
353
  - Multiple values `123,456,789`: MCP server can access projects 123, 456, and 789 but requires explicit project ID in requests
354
354
  - `GITLAB_READ_ONLY_MODE`: When set to 'true', restricts the server to only expose read-only operations. Useful for enhanced security or when write access is not needed. Also useful for using with Cursor and it's 40 tool limit.
355
355
  - `GITLAB_DENIED_TOOLS_REGEX`: When set as a regular expression, it excludes the matching tools.
356
- - `USE_GITLAB_WIKI`: When set to 'true', enables the wiki-related tools (list_wiki_pages, get_wiki_page, create_wiki_page, update_wiki_page, delete_wiki_page). By default, wiki features are disabled.
357
- - `USE_MILESTONE`: When set to 'true', enables the milestone-related tools (list_milestones, get_milestone, create_milestone, edit_milestone, delete_milestone, get_milestone_issue, get_milestone_merge_requests, promote_milestone, get_milestone_burndown_events). By default, milestone features are disabled.
358
- - `USE_PIPELINE`: When set to 'true', enables the pipeline-related tools (list_pipelines, get_pipeline, list_pipeline_jobs, list_pipeline_trigger_jobs, get_pipeline_job, get_pipeline_job_output, create_pipeline, retry_pipeline, cancel_pipeline, play_pipeline_job, retry_pipeline_job, cancel_pipeline_job). By default, pipeline features are disabled.
356
+ - `USE_GITLAB_WIKI`: Legacy flag. Wiki features are now enabled by default. When set to 'true', ensures wiki-related tools are included even if the `wiki` toolset is not explicitly listed in `GITLAB_TOOLSETS`.
357
+ - `USE_MILESTONE`: Legacy flag. Milestone features are now enabled by default. When set to 'true', ensures milestone-related tools are included even if the `milestones` toolset is not explicitly listed in `GITLAB_TOOLSETS`.
358
+ - `USE_PIPELINE`: Legacy flag. Pipeline features are now enabled by default. When set to 'true', ensures pipeline-related tools are included even if the `pipelines` toolset is not explicitly listed in `GITLAB_TOOLSETS`.
359
+ - `GITLAB_TOOLSETS`: Comma-separated list of toolset IDs to enable. When empty or unset, default toolsets are used. Set to `"all"` to enable every toolset. Available toolsets (default toolsets marked with `*`):
360
+ - `merge_requests`\* — MR operations, notes, discussions, draft notes, threads (31 tools)
361
+ - `issues`\* — Issue CRUD, notes, links, discussions (14 tools)
362
+ - `repositories`\* — Search, create, file contents, push, fork, tree (7 tools)
363
+ - `branches`\* — Branch creation, commits, diffs (4 tools)
364
+ - `projects`\* — Project/namespace info, group projects, iterations (8 tools)
365
+ - `labels`\* — Label CRUD (5 tools)
366
+ - `pipelines`\* — Pipeline and job operations (19 tools)
367
+ - `milestones`\* — Milestone CRUD, issues, MRs, burndown (9 tools)
368
+ - `wiki`\* — Wiki page CRUD (5 tools)
369
+ - `releases`\* — Release CRUD, evidence, asset download (7 tools)
370
+ - `users`\* — User info, events, markdown upload, attachments (5 tools)
371
+
372
+ Note: `execute_graphql` is not in any toolset and must be added individually via `GITLAB_TOOLS` if needed.
373
+ Exposing arbitrary GraphQL would allow bypassing toolset boundaries (e.g. querying data that the user intentionally disabled via toolsets like wiki or pipelines), which is a security and permission-containment concern. Keeping `execute_graphql` out of all toolsets and requiring explicit opt-in via `GITLAB_TOOLS=execute_graphql` is intentional, to align with that principle rather than for backward compatibility.
374
+ CLI arg: `--toolsets`
375
+ - `GITLAB_TOOLS`: Comma-separated list of individual tool names to add on top of the enabled toolsets (additive). Useful for cherry-picking specific tools without enabling an entire toolset. Example: `GITLAB_TOOLS="list_pipelines,execute_graphql"`. CLI arg: `--tools`
376
+
377
+ Combined logic: `final tools = (tools from enabled toolsets) ∪ (GITLAB_TOOLS) ∪ (legacy flag overrides)`
378
+
379
+ Examples:
380
+ ```bash
381
+ # Default behavior (unchanged)
382
+ GITLAB_PERSONAL_ACCESS_TOKEN=xxx npx @zereight/mcp-gitlab
383
+
384
+ # Only issues and repositories
385
+ GITLAB_TOOLSETS="issues,repositories" npx @zereight/mcp-gitlab
386
+
387
+ # All toolsets
388
+ GITLAB_TOOLSETS="all" npx @zereight/mcp-gitlab
389
+
390
+ # Default toolsets + one extra pipeline tool
391
+ GITLAB_TOOLS="list_pipelines" npx @zereight/mcp-gitlab
392
+
393
+ # Specific toolsets + individual tools
394
+ GITLAB_TOOLSETS="issues,merge_requests" GITLAB_TOOLS="list_pipelines,get_pipeline" npx @zereight/mcp-gitlab
395
+
396
+ # Legacy flags still work (backward compatible)
397
+ USE_PIPELINE=true npx @zereight/mcp-gitlab
398
+ ```
359
399
  - `GITLAB_AUTH_COOKIE_PATH`: Path to an authentication cookie file for GitLab instances that require cookie-based authentication. When provided, the cookie will be included in all GitLab API requests.
360
400
  - `SSE`: When set to 'true', enables the Server-Sent Events transport.
361
401
  - `STREAMABLE_HTTP`: When set to 'true', enables the Streamable HTTP transport. If both **SSE** and **STREAMABLE_HTTP** are set to 'true', the server will prioritize Streamable HTTP over SSE transport.
@@ -460,7 +500,7 @@ The token is stored per session (identified by `mcp-session-id` header) and reus
460
500
  8. `create_merge_request` - Create a new merge request in a GitLab project
461
501
  9. `fork_repository` - Fork a GitLab project to your account or specified namespace
462
502
  10. `create_branch` - Create a new branch in a GitLab project
463
- 11. `get_merge_request` - Get details of a merge request (Either mergeRequestIid or branchName must be provided)
503
+ 11. `get_merge_request` - Get details of a merge request with compact deployment summary, behind-count, commit addition summary, and approval summary (Either mergeRequestIid or branchName must be provided)
464
504
  12. `get_merge_request_diffs` - Get the changes/diffs of a merge request (Either mergeRequestIid or branchName must be provided)
465
505
  13. `list_merge_request_diffs` - List merge request diffs with pagination support (Either mergeRequestIid or branchName must be provided)
466
506
  14. `get_branch_diffs` - Get the changes/diffs between two branches or commits in a GitLab project
@@ -547,7 +587,7 @@ The token is stored per session (identified by `mcp-session-id` header) and reus
547
587
  95. `download_release_asset` - Download a release asset file by direct asset path
548
588
  96. `approve_merge_request` - Approve a merge request (requires appropriate permissions)
549
589
  97. `unapprove_merge_request` - Unapprove a previously approved merge request
550
- 98. `get_merge_request_approval_state` - Get the approval state of a merge request including approval rules and who has approved
590
+ 98. `get_merge_request_approval_state` - Get merge request approval details including approvers (uses `approval_state` when available, otherwise falls back to `approvals`)
551
591
  <!-- TOOLS-END -->
552
592
 
553
593
  </details>