npm - @zereight/mcp-gitlab - Versions diffs - 2.0.32 → 2.0.34 - Mend

@zereight/mcp-gitlab 2.0.32 → 2.0.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md +12 -1
package/build/gitlab-client-pool.js +108 -6
package/build/index.js +274 -64
package/build/oauth.js +11 -6
package/build/schemas.js +69 -0
package/build/test/no-proxy-integration-test.js +183 -0
package/build/test/no-proxy-test.js +138 -0
package/build/test/remote-auth-simple-test.js +12 -1
package/build/test/test-geteffectiveprojectid.js +236 -0
package/build/test/test-upload-markdown.js +148 -0
package/build/test/utils/mock-gitlab-server.js +5 -1
package/package.json +1 -1

package/build/index.js CHANGED Viewed

@@ -50,7 +50,7 @@ GitLabDiscussionNoteSchema, // Added
 GitLabDiscussionSchema,
 // Draft Notes Schemas
 GitLabDraftNoteSchema, GitLabForkSchema, GitLabIssueLinkSchema, GitLabIssueSchema, GitLabIssueWithLinkDetailsSchema, GitLabMarkdownUploadSchema, GitLabMergeRequestSchema, GitLabMilestonesSchema, GitLabNamespaceExistsResponseSchema, GitLabNamespaceSchema, GitLabPipelineJobSchema, GitLabDeploymentSchema, GitLabEnvironmentSchema, GitLabPipelineSchema, GitLabPipelineTriggerJobSchema, GitLabProjectMemberSchema, GitLabProjectSchema, GitLabReferenceSchema, GitLabRepositorySchema, GitLabSearchResponseSchema, GitLabTreeItemSchema, GitLabTreeSchema, GitLabUserSchema, GitLabUsersResponseSchema, GitLabWikiPageSchema, GroupIteration, ListCommitsSchema, ListDraftNotesSchema, ListGroupIterationsSchema, ListGroupProjectsSchema, ListIssueDiscussionsSchema, ListIssueLinksSchema, ListIssuesSchema, ListLabelsSchema, ListMergeRequestDiffsSchema, // Added
-ListMergeRequestDiscussionsSchema, ListMergeRequestsSchema, ListMergeRequestVersionsSchema, GetMergeRequestVersionSchema, GitLabMergeRequestVersionSchema, GitLabMergeRequestVersionDetailSchema, ListNamespacesSchema, ListPipelineJobsSchema, ListPipelinesSchema, ListDeploymentsSchema, ListEnvironmentsSchema, ListPipelineTriggerJobsSchema, ListProjectMembersSchema, ListProjectMilestonesSchema, ListProjectsSchema, ListWikiPagesSchema, MarkdownUploadSchema, DownloadAttachmentSchema, DownloadJobArtifactsSchema, GetJobArtifactFileSchema, GitLabArtifactEntrySchema, ListJobArtifactsSchema, MergeMergeRequestSchema, ApproveMergeRequestSchema, UnapproveMergeRequestSchema, GetMergeRequestApprovalStateSchema, GitLabMergeRequestApprovalsResponseSchema, GitLabMergeRequestApprovalStateSchema, MyIssuesSchema, PaginatedDiscussionsResponseSchema, PromoteProjectMilestoneSchema, PublishDraftNoteSchema, PlayPipelineJobSchema, PushFilesSchema, RetryPipelineJobSchema, RetryPipelineSchema, SearchRepositoriesSchema, UpdateDraftNoteSchema, UpdateIssueNoteSchema, UpdateIssueSchema, UpdateLabelSchema, UpdateMergeRequestNoteSchema, UpdateMergeRequestDiscussionNoteSchema, UpdateMergeRequestSchema, UpdateWikiPageSchema, VerifyNamespaceSchema, GitLabEventSchema, ListEventsSchema, GetProjectEventsSchema, ExecuteGraphQLSchema, GitLabReleaseSchema, ListReleasesSchema, GetReleaseSchema, CreateReleaseSchema, UpdateReleaseSchema, DeleteReleaseSchema, CreateReleaseEvidenceSchema, DownloadReleaseAssetSchema, GetMergeRequestNotesSchema, GetMergeRequestNoteSchema, DeleteMergeRequestDiscussionNoteSchema, ResolveMergeRequestThreadSchema, } from "./schemas.js";
+ListMergeRequestDiscussionsSchema, ListMergeRequestsSchema, ListMergeRequestVersionsSchema, GetMergeRequestVersionSchema, GitLabMergeRequestVersionSchema, GitLabMergeRequestVersionDetailSchema, ListNamespacesSchema, ListPipelineJobsSchema, ListPipelinesSchema, ListDeploymentsSchema, ListEnvironmentsSchema, ListPipelineTriggerJobsSchema, ListProjectMembersSchema, ListProjectMilestonesSchema, ListProjectsSchema, ListWikiPagesSchema, MarkdownUploadSchema, DownloadAttachmentSchema, DownloadJobArtifactsSchema, GetJobArtifactFileSchema, GitLabArtifactEntrySchema, ListJobArtifactsSchema, MergeMergeRequestSchema, ApproveMergeRequestSchema, UnapproveMergeRequestSchema, GetMergeRequestApprovalStateSchema, GetMergeRequestConflictsSchema, GitLabMergeRequestApprovalsResponseSchema, GitLabMergeRequestApprovalStateSchema, MyIssuesSchema, PaginatedDiscussionsResponseSchema, PromoteProjectMilestoneSchema, PublishDraftNoteSchema, PlayPipelineJobSchema, PushFilesSchema, RetryPipelineJobSchema, RetryPipelineSchema, SearchRepositoriesSchema, UpdateDraftNoteSchema, UpdateIssueNoteSchema, UpdateIssueSchema, UpdateLabelSchema, UpdateMergeRequestNoteSchema, UpdateMergeRequestDiscussionNoteSchema, UpdateMergeRequestSchema, UpdateWikiPageSchema, VerifyNamespaceSchema, GitLabEventSchema, ListEventsSchema, GetProjectEventsSchema, ExecuteGraphQLSchema, GitLabReleaseSchema, ListReleasesSchema, GetReleaseSchema, CreateReleaseSchema, UpdateReleaseSchema, DeleteReleaseSchema, CreateReleaseEvidenceSchema, DownloadReleaseAssetSchema, GetMergeRequestNotesSchema, GetMergeRequestNoteSchema, DeleteMergeRequestDiscussionNoteSchema, ResolveMergeRequestThreadSchema, ListWebhooksSchema, ListWebhookEventsSchema, GetWebhookEventSchema, } from "./schemas.js";
 import { randomUUID } from "node:crypto";
 import { pino } from "pino";
 const logger = pino({
@@ -226,9 +226,10 @@ function validateConfiguration() {
     const remoteAuth = getConfig("remote-auth", "REMOTE_AUTHORIZATION") === "true";
     const useOAuth = getConfig("use-oauth", "GITLAB_USE_OAUTH") === "true";
     const hasToken = !!getConfig("token", "GITLAB_PERSONAL_ACCESS_TOKEN");
+    const hasJobToken = !!getConfig("job-token", "GITLAB_JOB_TOKEN");
     const hasCookie = !!getConfig("cookie-path", "GITLAB_AUTH_COOKIE_PATH");
-    if (!remoteAuth && !useOAuth && !hasToken && !hasCookie) {
-        errors.push("Either --token, --cookie-path, --use-oauth=true, or --remote-auth=true must be set (or use environment variables)");
+    if (!remoteAuth && !useOAuth && !hasToken && !hasJobToken && !hasCookie) {
+        errors.push("Either --token, --job-token, --cookie-path, --use-oauth=true, or --remote-auth=true must be set (or use environment variables)");
     }
     const enableDynamicApiUrl = getConfig("enable-dynamic-api-url", "ENABLE_DYNAMIC_API_URL") === "true";
     if (enableDynamicApiUrl && !remoteAuth) {
@@ -242,6 +243,7 @@ function validateConfiguration() {
     logger.info("Configuration validation passed");
 }
 const GITLAB_PERSONAL_ACCESS_TOKEN = getConfig("token", "GITLAB_PERSONAL_ACCESS_TOKEN");
+const GITLAB_JOB_TOKEN = getConfig("job-token", "GITLAB_JOB_TOKEN");
 let OAUTH_ACCESS_TOKEN = null;
 let oauthClient = null;
 /**
@@ -312,6 +314,7 @@ const PORT = Number.parseInt(getConfig("port", "PORT", "3002"), 10);
 // Add proxy configuration
 const HTTP_PROXY = getConfig("http-proxy", "HTTP_PROXY");
 const HTTPS_PROXY = getConfig("https-proxy", "HTTPS_PROXY");
+const NO_PROXY = getConfig("no-proxy", "NO_PROXY");
 const NODE_TLS_REJECT_UNAUTHORIZED = getConfig("tls-reject-unauthorized", "NODE_TLS_REJECT_UNAUTHORIZED");
 const GITLAB_CA_CERT_PATH = getConfig("ca-cert-path", "GITLAB_CA_CERT_PATH");
 const GITLAB_POOL_MAX_SIZE = getConfig("pool-max-size", "GITLAB_POOL_MAX_SIZE")
@@ -353,6 +356,7 @@ const clientPool = new GitLabClientPool({
         .map(normalizeGitLabApiUrl),
     httpProxy: HTTP_PROXY,
     httpsProxy: HTTPS_PROXY,
+    noProxy: NO_PROXY,
     rejectUnauthorized: NODE_TLS_REJECT_UNAUTHORIZED !== "0",
     caCertPath: GITLAB_CA_CERT_PATH,
     poolMaxSize: GITLAB_POOL_MAX_SIZE,
@@ -492,6 +496,10 @@ function buildAuthHeaders() {
         }
         return {}; // No auth headers if no session context
     }
+    // CI job tokens use a dedicated header (not Bearer/Private-Token)
+    if (GITLAB_JOB_TOKEN) {
+        return { "JOB-TOKEN": String(GITLAB_JOB_TOKEN) };
+    }
     // Standard mode: prioritize OAuth token, then fall back to environment token
     const token = OAUTH_ACCESS_TOKEN || GITLAB_PERSONAL_ACCESS_TOKEN;
     if (IS_OLD && token) {
@@ -529,7 +537,7 @@ function getEffectiveApiUrl() {
  */
 const getFetchConfig = () => {
     const effectiveApiUrl = getEffectiveApiUrl();
-    const agent = clientPool.getOrCreateAgentForUrl(effectiveApiUrl);
+    const agent = clientPool.getAgentFunctionForUrl(effectiveApiUrl);
     return {
         headers: { ...BASE_HEADERS, ...buildAuthHeaders() },
         agent: agent,
@@ -597,6 +605,11 @@ const allTools = [
         description: "Get merge request approval details including approvers (uses approval_state when available, falls back to approvals endpoint)",
         inputSchema: toJSONSchema(GetMergeRequestApprovalStateSchema),
     },
+    {
+        name: "get_merge_request_conflicts",
+        description: "Get the conflicts of a merge request in a GitLab project",
+        inputSchema: toJSONSchema(GetMergeRequestConflictsSchema),
+    },
     {
         name: "execute_graphql",
         description: "Execute a GitLab GraphQL query",
@@ -1152,6 +1165,21 @@ const allTools = [
         description: "Download a release asset file by direct asset path",
         inputSchema: toJSONSchema(DownloadReleaseAssetSchema),
     },
+    {
+        name: "list_webhooks",
+        description: "List all configured webhooks for a GitLab project or group. Provide either project_id or group_id.",
+        inputSchema: toJSONSchema(ListWebhooksSchema),
+    },
+    {
+        name: "list_webhook_events",
+        description: "List recent webhook events (past 7 days) for a project or group webhook. Use summary mode for overview, then get_webhook_event for full details.",
+        inputSchema: toJSONSchema(ListWebhookEventsSchema),
+    },
+    {
+        name: "get_webhook_event",
+        description: "Get full details of a specific webhook event by ID, including request/response payloads. Searches up to 500 most recent events.",
+        inputSchema: toJSONSchema(GetWebhookEventSchema),
+    },
 ];
 // Define which tools are read-only
 const readOnlyTools = new Set([
@@ -1214,6 +1242,10 @@ const readOnlyTools = new Set([
     "get_release",
     "download_release_asset",
     "get_merge_request_approval_state",
+    "get_merge_request_conflicts",
+    "list_webhooks",
+    "list_webhook_events",
+    "get_webhook_event",
 ]);
 // Define which tools are related to wiki and can be toggled by USE_GITLAB_WIKI
 const wikiToolNames = new Set([
@@ -1267,6 +1299,7 @@ const TOOLSET_DEFINITIONS = [
             "approve_merge_request",
             "unapprove_merge_request",
             "get_merge_request_approval_state",
+            "get_merge_request_conflicts",
             "get_merge_request",
             "get_merge_request_diffs",
             "list_merge_request_diffs",
@@ -1439,6 +1472,15 @@ const TOOLSET_DEFINITIONS = [
             "download_attachment",
         ]),
     },
+    {
+        id: "webhooks",
+        isDefault: false,
+        tools: new Set([
+            "list_webhooks",
+            "list_webhook_events",
+            "get_webhook_event",
+        ]),
+    },
 ];
 // Derived lookup: tool name → toolset ID
 const TOOLSET_BY_TOOL_NAME = new Map();
@@ -1550,6 +1592,9 @@ const GITLAB_ALLOWED_PROJECT_IDS = process.env.GITLAB_ALLOWED_PROJECT_IDS?.split
 const GITLAB_COMMIT_FILES_PER_PAGE = process.env.GITLAB_COMMIT_FILES_PER_PAGE
     ? Number.parseInt(process.env.GITLAB_COMMIT_FILES_PER_PAGE, 10)
     : 20;
+const GITLAB_REPO_FILE_ENCODING = getConfig("repo-file-encoding", "GITLAB_REPO_FILE_ENCODING", "text") === "base64"
+    ? "base64"
+    : "text";
 // Validate authentication configuration
 if (REMOTE_AUTHORIZATION) {
     // Remote authorization mode: token comes from HTTP headers
@@ -1565,7 +1610,7 @@ if (REMOTE_AUTHORIZATION) {
     }
     logger.info("Remote authorization enabled: tokens will be read from HTTP headers");
 }
-else if (!USE_OAUTH && !GITLAB_PERSONAL_ACCESS_TOKEN && !GITLAB_AUTH_COOKIE_PATH) {
+else if (!USE_OAUTH && !GITLAB_PERSONAL_ACCESS_TOKEN && !GITLAB_JOB_TOKEN && !GITLAB_AUTH_COOKIE_PATH) {
     // Standard mode: token must be in environment (unless using OAuth)
     logger.error("GITLAB_PERSONAL_ACCESS_TOKEN environment variable is not set");
     logger.info("Either set GITLAB_PERSONAL_ACCESS_TOKEN or enable OAuth with GITLAB_USE_OAUTH=true");
@@ -1614,7 +1659,14 @@ function getEffectiveProjectId(projectId) {
         }
         return projectId || GITLAB_ALLOWED_PROJECT_IDS[0];
     }
-    return GITLAB_PROJECT_ID || projectId;
+    // Prioritize the passed projectId over GITLAB_PROJECT_ID to allow querying different projects
+    if (projectId) {
+        return projectId;
+    }
+    if (GITLAB_PROJECT_ID) {
+        return GITLAB_PROJECT_ID;
+    }
+    throw new Error("No project ID provided and GITLAB_PROJECT_ID is not set");
 }
 /**
  * Create a fork of a GitLab project
@@ -2311,6 +2363,12 @@ async function updateMergeRequestNote(projectId, mergeRequestIid, noteId, body)
     const data = await response.json();
     return GitLabDiscussionNoteSchema.parse(data);
 }
+function encodeRepoFilePayloadContent(content) {
+    if (GITLAB_REPO_FILE_ENCODING === "base64") {
+        return Buffer.from(content).toString("base64");
+    }
+    return content;
+}
 /**
  * Create or update a file in a GitLab project
  * 파일 생성 또는 업데이트
@@ -2329,9 +2387,9 @@ async function createOrUpdateFile(projectId, filePath, content, commitMessage, b
     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/repository/files/${encodedPath}`);
     const body = {
         branch,
-        content,
+        content: encodeRepoFilePayloadContent(content),
         commit_message: commitMessage,
-        encoding: "text",
+        encoding: GITLAB_REPO_FILE_ENCODING,
         ...(previousPath ? { previous_path: previousPath } : {}),
     };
     // Check if file exists
@@ -2403,8 +2461,8 @@ async function createTree(projectId, files, ref) {
         body: JSON.stringify({
             files: files.map(file => ({
                 file_path: file.path,
-                content: file.content,
-                encoding: "text",
+                content: encodeRepoFilePayloadContent(file.content),
+                encoding: GITLAB_REPO_FILE_ENCODING,
             })),
         }),
     });
@@ -2441,8 +2499,8 @@ async function createCommit(projectId, message, branch, actions) {
             actions: actions.map(action => ({
                 action: "create",
                 file_path: action.path,
-                content: action.content,
-                encoding: "text",
+                content: encodeRepoFilePayloadContent(action.content),
+                encoding: GITLAB_REPO_FILE_ENCODING,
             })),
         }),
     });
@@ -2926,7 +2984,7 @@ async function approveMergeRequest(projectId, mergeRequestIid, sha, approvalPass
         body: JSON.stringify(body),
     });
     await handleGitLabError(response);
-    return GitLabMergeRequestApprovalStateSchema.parse(await response.json());
+    return parseApprovalsResponse(await response.json());
 }
 /**
  * Unapprove a previously approved merge request
@@ -2944,7 +3002,7 @@ async function unapproveMergeRequest(projectId, mergeRequestIid) {
         body: JSON.stringify({}),
     });
     await handleGitLabError(response);
-    return GitLabMergeRequestApprovalStateSchema.parse(await response.json());
+    return parseApprovalsResponse(await response.json());
 }
 /**
  * Get the approval state of a merge request
@@ -2974,6 +3032,23 @@ async function getMergeRequestApprovalState(projectId, mergeRequestIid) {
         source_endpoint: "approval_state",
     };
 }
+/**
+ * Get the conflicts of a merge request
+ *
+ * @param {string} projectId - The ID or URL-encoded path of the project
+ * @param {string | number} mergeRequestIid - The internal ID of the merge request
+ * @returns {Promise<Record<string, unknown>>} The merge request conflicts
+ */
+async function getMergeRequestConflicts(projectId, mergeRequestIid) {
+    projectId = decodeURIComponent(projectId);
+    const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/conflicts`);
+    const response = await fetch(url.toString(), {
+        ...getFetchConfig(),
+        method: "GET",
+    });
+    await handleGitLabError(response);
+    return (await response.json());
+}
 async function getMergeRequestApprovalsFallback(projectId, mergeRequestIid) {
     const approvalsUrl = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/approvals`);
     const approvalsResponse = await fetch(approvalsUrl.toString(), {
@@ -2981,7 +3056,16 @@ async function getMergeRequestApprovalsFallback(projectId, mergeRequestIid) {
         method: "GET",
     });
     await handleGitLabError(approvalsResponse);
-    const parsedApprovals = GitLabMergeRequestApprovalsResponseSchema.parse(await approvalsResponse.json());
+    return parseApprovalsResponse(await approvalsResponse.json());
+}
+/**
+ * Parse the response from POST /approve and POST /unapprove endpoints.
+ * These endpoints return the approvals format (approved_by contains nested
+ * { user: {...} } objects), which must be converted to the flat format
+ * used by GitLabMergeRequestApprovalStateSchema.
+ */
+function parseApprovalsResponse(responseJson) {
+    const parsedApprovals = GitLabMergeRequestApprovalsResponseSchema.parse(responseJson);
     const approvedByUsers = getUniqueApprovalUsers((parsedApprovals.approved_by || []).map(approvedByEntry => approvedByEntry.user));
     const approvedByUsernames = approvedByUsers.map(user => user.username);
     return GitLabMergeRequestApprovalStateSchema.parse({
@@ -3046,7 +3130,7 @@ noteableIid, body) {
  * @returns {Promise<GitLabDraftNote[]>} Array of draft notes
  */
 async function getDraftNote(project_id, merge_request_iid, draft_note_id) {
-    const response = await fetch(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(project_id)}/merge_requests/${merge_request_iid}/draft_notes/${draft_note_id}`);
+    const response = await fetch(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(project_id)}/merge_requests/${merge_request_iid}/draft_notes/${draft_note_id}`, { ...getFetchConfig() });
     if (!response.ok) {
         const errorText = await response.text();
         throw new Error(`GitLab API error: ${response.status} ${response.statusText}\n${errorText}`);
@@ -3624,6 +3708,89 @@ async function listGroupProjects(options) {
     const projects = await response.json();
     return GitLabProjectSchema.array().parse(projects);
 }
+// Webhook API helper functions
+/**
+ * Build the base URL for webhooks (project or group)
+ */
+function buildWebhookBaseUrl(projectId, groupId) {
+    if (projectId) {
+        projectId = decodeURIComponent(projectId);
+        return `${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/hooks`;
+    }
+    const decodedGroupId = decodeURIComponent(groupId);
+    return `${getEffectiveApiUrl()}/groups/${encodeURIComponent(decodedGroupId)}/hooks`;
+}
+/**
+ * List webhooks for a project or group
+ */
+async function listWebhooks(options) {
+    const url = new URL(buildWebhookBaseUrl(options.project_id, options.group_id));
+    if (options.page)
+        url.searchParams.append("page", options.page.toString());
+    if (options.per_page)
+        url.searchParams.append("per_page", options.per_page.toString());
+    const response = await fetch(url.toString(), { ...getFetchConfig() });
+    await handleGitLabError(response);
+    return (await response.json());
+}
+/**
+ * Summarize webhook events by stripping heavy payload fields
+ */
+function summarizeWebhookEvents(events) {
+    return events.map(event => ({
+        id: event.id,
+        url: event.url,
+        trigger: event.trigger,
+        response_status: event.response_status,
+        execution_duration: event.execution_duration,
+    }));
+}
+/**
+ * Fetch a single page of webhook events
+ */
+async function fetchWebhookEventsPage(baseUrl, page, perPage, status) {
+    const url = new URL(baseUrl);
+    url.searchParams.set("page", page.toString());
+    url.searchParams.set("per_page", perPage.toString());
+    if (status !== undefined)
+        url.searchParams.append("status", String(status));
+    const response = await fetch(url.toString(), { ...getFetchConfig() });
+    await handleGitLabError(response);
+    return (await response.json());
+}
+/**
+ * List webhook events for a project or group webhook
+ */
+async function listWebhookEvents(options) {
+    const eventsUrl = `${buildWebhookBaseUrl(options.project_id, options.group_id)}/${options.hook_id}/events`;
+    const events = await fetchWebhookEventsPage(eventsUrl, options.page ?? 1, options.per_page ?? 20, options.status);
+    return options.summary ? summarizeWebhookEvents(events) : events;
+}
+/**
+ * Get a specific webhook event by ID (searches up to 500 recent events)
+ */
+async function getWebhookEvent(options) {
+    const eventsUrl = `${buildWebhookBaseUrl(options.project_id, options.group_id)}/${options.hook_id}/events`;
+    // GitLab enforces max per_page=20 for webhook events
+    const perPage = 20;
+    if (options.page) {
+        // Direct page lookup — single API call
+        const events = await fetchWebhookEventsPage(eventsUrl, options.page, perPage);
+        const match = events.find(e => e.id === options.event_id);
+        return match ?? null;
+    }
+    // Auto-paginate up to 500 events
+    const maxPages = 25;
+    for (let page = 1; page <= maxPages; page++) {
+        const events = await fetchWebhookEventsPage(eventsUrl, page, perPage);
+        const match = events.find(e => e.id === options.event_id);
+        if (match)
+            return match;
+        if (events.length < perPage)
+            break;
+    }
+    return null;
+}
 // Wiki API helper functions
 /**
  * List wiki pages in a project
@@ -4056,11 +4223,8 @@ async function createPipeline(projectId, ref, variables, inputs) {
         body.inputs = inputs;
     }
     const response = await fetch(url.toString(), {
+        ...getFetchConfig(),
         method: "POST",
-        headers: {
-            ...BASE_HEADERS,
-            ...buildAuthHeaders(),
-        },
         body: JSON.stringify(body),
     });
     await handleGitLabError(response);
@@ -4078,11 +4242,8 @@ async function retryPipeline(projectId, pipelineId) {
     projectId = decodeURIComponent(projectId); // Decode project ID
     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/pipelines/${pipelineId}/retry`);
     const response = await fetch(url.toString(), {
+        ...getFetchConfig(),
         method: "POST",
-        headers: {
-            ...BASE_HEADERS,
-            ...buildAuthHeaders(),
-        },
     });
     await handleGitLabError(response);
     const data = await response.json();
@@ -4099,11 +4260,8 @@ async function cancelPipeline(projectId, pipelineId) {
     projectId = decodeURIComponent(projectId); // Decode project ID
     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/pipelines/${pipelineId}/cancel`);
     const response = await fetch(url.toString(), {
+        ...getFetchConfig(),
         method: "POST",
-        headers: {
-            ...BASE_HEADERS,
-            ...buildAuthHeaders(),
-        },
     });
     await handleGitLabError(response);
     const data = await response.json();
@@ -4194,13 +4352,7 @@ async function getRepositoryTree(options) {
         queryParams.append("page_token", options.page_token);
     if (options.pagination)
         queryParams.append("pagination", options.pagination);
-    const headers = {
-        ...BASE_HEADERS,
-        ...buildAuthHeaders(),
-    };
-    const response = await fetch(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(options.project_id))}/repository/tree?${queryParams.toString()}`, {
-        headers,
-    });
+    const response = await fetch(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(options.project_id))}/repository/tree?${queryParams.toString()}`, { ...getFetchConfig() });
     if (response.status === 404) {
         throw new Error("Repository or path not found");
     }
@@ -4661,15 +4813,12 @@ async function markdownUpload(projectId, filePath) {
         contentType: "application/octet-stream",
     });
     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(effectiveProjectId)}/uploads`);
+    const defaultFetchConfig = getFetchConfig();
+    delete defaultFetchConfig.headers["Content-Type"]; // Let form-data set the correct Content-Type with boundary
     const response = await fetch(url.toString(), {
+        ...defaultFetchConfig,
         method: "POST",
-        headers: {
-            ...BASE_HEADERS,
-            ...buildAuthHeaders(),
-            // Remove Content-Type header to let form-data set it with boundary
-            "Content-Type": undefined,
-        },
-        body: form,
+        body: form
     });
     if (!response.ok) {
         await handleGitLabError(response);
@@ -4695,11 +4844,8 @@ async function downloadAttachment(projectId, secret, filename, localPath) {
     const effectiveProjectId = getEffectiveProjectId(projectId);
     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(effectiveProjectId)}/uploads/${secret}/${filename}`);
     const response = await fetch(url.toString(), {
+        ...getFetchConfig(),
         method: "GET",
-        headers: {
-            ...BASE_HEADERS,
-            ...buildAuthHeaders(),
-        },
     });
     if (!response.ok) {
         await handleGitLabError(response);
@@ -4746,13 +4892,7 @@ async function listEvents(options = {}) {
             url.searchParams.append(key, value.toString());
         }
     });
-    const response = await fetch(url.toString(), {
-        method: "GET",
-        headers: {
-            ...BASE_HEADERS,
-            ...buildAuthHeaders(),
-        },
-    });
+    const response = await fetch(url.toString(), { ...getFetchConfig() });
     if (!response.ok) {
         await handleGitLabError(response);
     }
@@ -4774,13 +4914,7 @@ async function getProjectEvents(projectId, options = {}) {
             url.searchParams.append(key, value.toString());
         }
     });
-    const response = await fetch(url.toString(), {
-        method: "GET",
-        headers: {
-            ...BASE_HEADERS,
-            ...buildAuthHeaders(),
-        },
-    });
+    const response = await fetch(url.toString(), { ...getFetchConfig() });
     if (!response.ok) {
         await handleGitLabError(response);
     }
@@ -5271,6 +5405,13 @@ async function handleToolCall(params) {
                     content: [{ type: "text", text: JSON.stringify(approvalState, null, 2) }],
                 };
             }
+            case "get_merge_request_conflicts": {
+                const args = GetMergeRequestConflictsSchema.parse(params.arguments);
+                const conflicts = await getMergeRequestConflicts(args.project_id, args.merge_request_iid);
+                return {
+                    content: [{ type: "text", text: JSON.stringify(conflicts, null, 2) }],
+                };
+            }
             case "mr_discussions": {
                 const args = ListMergeRequestDiscussionsSchema.parse(params.arguments);
                 const { project_id, merge_request_iid, ...options } = args;
@@ -6102,6 +6243,40 @@ async function handleToolCall(params) {
                     content: [{ type: "text", text: assetContent }],
                 };
             }
+            case "list_webhooks": {
+                const args = ListWebhooksSchema.parse(params.arguments);
+                const webhooks = await listWebhooks(args);
+                return {
+                    content: [{ type: "text", text: JSON.stringify(webhooks, null, 2) }],
+                };
+            }
+            case "list_webhook_events": {
+                const args = ListWebhookEventsSchema.parse(params.arguments);
+                const events = await listWebhookEvents(args);
+                return {
+                    content: [{ type: "text", text: JSON.stringify(events, null, 2) }],
+                };
+            }
+            case "get_webhook_event": {
+                const args = GetWebhookEventSchema.parse(params.arguments);
+                const event = await getWebhookEvent(args);
+                if (!event) {
+                    const searchScope = args.page
+                        ? `on page ${args.page}`
+                        : "in the 500 most recent events";
+                    return {
+                        content: [
+                            {
+                                type: "text",
+                                text: JSON.stringify({ error: `Webhook event ${args.event_id} not found ${searchScope}` }, null, 2),
+                            },
+                        ],
+                    };
+                }
+                return {
+                    content: [{ type: "text", text: JSON.stringify(event, null, 2) }],
+                };
+            }
             default:
                 throw new Error(`Unknown tool: ${params.name}`);
         }
@@ -6147,6 +6322,10 @@ function determineTransportMode() {
 async function startStdioServer() {
     const serverInstance = createServer();
     const transport = new StdioServerTransport();
+    transport.onclose = () => {
+        logger.info("Stdio transport closed, releasing client pool");
+        clientPool.closeAll();
+    };
     await serverInstance.connect(transport);
 }
 /**
@@ -6155,6 +6334,7 @@ async function startStdioServer() {
 async function startSSEServer() {
     const app = express();
     const transports = {};
+    let shuttingDown = false;
     app.get("/sse", async (_, res) => {
         const serverInstance = createServer();
         const transport = new SSEServerTransport("/messages", res);
@@ -6181,12 +6361,35 @@ async function startSSEServer() {
             transport: TransportMode.SSE,
         });
     });
-    app.listen(Number(PORT), HOST, () => {
+    const httpServer = app.listen(Number(PORT), HOST, () => {
         logger.info(`GitLab MCP Server running with SSE transport`);
         const colorGreen = "\x1b[32m";
         const colorReset = "\x1b[0m";
         logger.info(`${colorGreen}Endpoint: http://${HOST}:${PORT}/sse${colorReset}`);
     });
+    const shutdown = async (signal) => {
+        if (shuttingDown)
+            return;
+        shuttingDown = true;
+        logger.info(`${signal} received, shutting down SSE server...`);
+        httpServer.close(() => logger.info("SSE HTTP server closed"));
+        await Promise.allSettled(Object.values(transports).map(async (transport) => {
+            try {
+                await transport.close();
+            }
+            catch (error) {
+                logger.error("Error closing SSE transport:", error);
+            }
+        }));
+        clientPool.closeAll();
+        process.exit(0);
+    };
+    process.on("SIGTERM", () => {
+        void shutdown("SIGTERM");
+    });
+    process.on("SIGINT", () => {
+        void shutdown("SIGINT");
+    });
 }
 /**
  * Start server with Streamable HTTP transport
@@ -6240,10 +6443,12 @@ async function startStreamableHTTPServer() {
     /**
      * Parse authentication from request headers
      * Returns null if no auth found or invalid format
+     * Supports: JOB-TOKEN header, Private-Token header, Authorization Bearer header
      */
     const parseAuthHeaders = (req) => {
         const authHeader = req.headers["authorization"] || "";
         const privateToken = req.headers["private-token"] || "";
+        const jobToken = req.headers["job-token"] || "";
         const dynamicApiUrl = req.headers["x-gitlab-api-url"]?.trim();
         let apiUrl = GITLAB_API_URL; // Default API URL
         // Only process dynamic URL if the feature is enabled
@@ -6260,7 +6465,11 @@ async function startStreamableHTTPServer() {
         // Extract token
         let token = null;
         let header = null;
-        if (privateToken) {
+        if (jobToken) {
+            token = jobToken.trim();
+            header = "JOB-TOKEN";
+        }
+        else if (privateToken) {
             token = privateToken.trim();
             header = "Private-Token";
         }
@@ -6348,8 +6557,8 @@ async function startStreamableHTTPServer() {
                 if (!authData) {
                     metrics.authFailures++;
                     res.status(401).json({
-                        error: "Missing Authorization or Private-Token header",
-                        message: "Remote authorization is enabled. Please provide Authorization or Private-Token header.",
+                        error: "Missing Authorization, Private-Token, or JOB-TOKEN header",
+                        message: "Remote authorization is enabled. Please provide Authorization, Private-Token, or JOB-TOKEN header.",
                     });
                     return;
                 }
@@ -6547,6 +6756,7 @@ async function startStreamableHTTPServer() {
         Object.keys(authTimeouts).forEach(sessionId => {
             clearAuthTimeout(sessionId);
         });
+        clientPool.closeAll();
         logger.info("Graceful shutdown complete");
         process.exit(0);
     };