@zereight/mcp-gitlab 2.0.32 → 2.0.34

package/build/oauth.js

@@ -1,3 +1,4 @@
+import * as crypto from "crypto";
 import * as fs from "fs";
 import * as os from "os";
 import * as path from "path";
@@ -10,7 +11,11 @@ import { pino } from "pino";
 const logger = pino({
     name: "gitlab-mcp-oauth",
     level: process.env.LOG_LEVEL || "info",
-});
+}, pino.destination(2));
+function escapeHtml(str) {
+    const map = { "&": "&amp;", "<": "&lt;", ">": "&gt;", '"': "&quot;", "'": "&#39;" };
+    return String(str).replace(/[&<>"']/g, c => map[c] || c);
+}
 // Track pending auth requests across multiple MCP instances
 const pendingAuthRequests = new Map();
 /**
@@ -225,7 +230,7 @@ export class GitLabOAuth {
      */
     async startOAuthFlow() {
         const callbackPort = parseInt(new URL(this.config.redirectUri).port || "8888");
-        const requestId = Math.random().toString(36).substring(7);
+        const requestId = crypto.randomUUID();
         // Check if port is already in use
         const portInUse = await isPortInUse(callbackPort);
         if (portInUse) {
@@ -250,7 +255,7 @@ export class GitLabOAuth {
         const requestIdToOAuthInstance = new Map();
         return new Promise((resolve, reject) => {
             // Create initial request
-            const state = Math.random().toString(36).substring(7);
+            const state = crypto.randomUUID();
             stateToRequestId.set(state, initialRequestId);
             requestIdToOAuthInstance.set(initialRequestId, this);
             const timeout = setTimeout(() => {
@@ -271,7 +276,7 @@ export class GitLabOAuth {
                         }
                         logger.info(`Received auth request from another instance: ${newRequestId}`);
                         // Create a new OAuth flow for this request
-                        const newState = Math.random().toString(36).substring(7);
+                        const newState = crypto.randomUUID();
                         stateToRequestId.set(newState, newRequestId);
                         // Store a reference to use the same OAuth config
                         requestIdToOAuthInstance.set(newRequestId, this);
@@ -315,7 +320,7 @@ export class GitLabOAuth {
                 <html>
                   <body>
                     <h1>Authentication Failed</h1>
-                    <p>Error: ${error}</p>
+                    <p>Error: ${escapeHtml(String(error))}</p>
                     <p>You can close this window.</p>
                   </body>
                 </html>
@@ -523,7 +528,7 @@ export async function initializeOAuthClient(gitlabUrl = "https://gitlab.com") {
         clientSecret,
         redirectUri,
         gitlabUrl,
-        scopes: ["api"],
+        scopes: [process.env.GITLAB_READ_ONLY_MODE === "true" ? "read_api" : "api"],
         tokenStoragePath,
     });
     // Single call: triggers browser flow if needed, or reads cached token

package/build/schemas.js

@@ -1333,6 +1333,9 @@ export const GitLabMergeRequestApprovalStateSchema = z.object({
 export const GetMergeRequestApprovalStateSchema = ProjectParamsSchema.extend({
     merge_request_iid: z.coerce.string().describe("The IID of the merge request"),
 });
+export const GetMergeRequestConflictsSchema = ProjectParamsSchema.extend({
+    merge_request_iid: z.coerce.string().describe("The IID of the merge request"),
+});
 export const GetMergeRequestDiffsSchema = GetMergeRequestSchema.extend({
     view: z.enum(["inline", "parallel"]).optional().describe("Diff view type"),
     excluded_file_patterns: z
@@ -2449,3 +2452,69 @@ export const DownloadReleaseAssetSchema = z.object({
         .string()
         .describe("Path to the release asset file as specified when creating or updating its link"),
 });
+// --- Webhook schemas ---
+export const ListWebhooksSchema = z
+    .object({
+    project_id: z.coerce
+        .string()
+        .optional()
+        .describe("Project ID or URL-encoded path. Provide either project_id or group_id, not both."),
+    group_id: z.coerce
+        .string()
+        .optional()
+        .describe("Group ID or URL-encoded path. Provide either project_id or group_id, not both."),
+})
+    .merge(PaginationOptionsSchema)
+    .refine(data => (data.project_id || data.group_id) && !(data.project_id && data.group_id), {
+    message: "Provide exactly one of project_id or group_id",
+});
+export const ListWebhookEventsSchema = z
+    .object({
+    project_id: z.coerce
+        .string()
+        .optional()
+        .describe("Project ID or URL-encoded path. Provide either project_id or group_id, not both."),
+    group_id: z.coerce
+        .string()
+        .optional()
+        .describe("Group ID or URL-encoded path. Provide either project_id or group_id, not both."),
+    hook_id: z.coerce.number().describe("ID of the webhook"),
+    status: z
+        .union([z.number(), z.string()])
+        .optional()
+        .describe("Filter by response status code (e.g. 200, 500) or category: successful, client_failure, server_failure"),
+    summary: z
+        .boolean()
+        .optional()
+        .describe("If true, return only summary fields (id, url, trigger, response_status, execution_duration) without full request/response payloads. Recommended for overview queries to avoid huge responses."),
+    per_page: z
+        .number()
+        .max(20)
+        .optional()
+        .default(20)
+        .describe("Number of events per page"),
+    page: z.number().optional().describe("Page number for pagination"),
+})
+    .refine(data => (data.project_id || data.group_id) && !(data.project_id && data.group_id), {
+    message: "Provide exactly one of project_id or group_id",
+});
+export const GetWebhookEventSchema = z
+    .object({
+    project_id: z.coerce
+        .string()
+        .optional()
+        .describe("Project ID or URL-encoded path. Provide either project_id or group_id, not both."),
+    group_id: z.coerce
+        .string()
+        .optional()
+        .describe("Group ID or URL-encoded path. Provide either project_id or group_id, not both."),
+    hook_id: z.coerce.number().describe("ID of the webhook"),
+    event_id: z.coerce.number().describe("ID of the webhook event to retrieve"),
+    page: z
+        .number()
+        .optional()
+        .describe("If known, the page where the event is located (from list_webhook_events). Skips auto-pagination and fetches only this page."),
+})
+    .refine(data => (data.project_id || data.group_id) && !(data.project_id && data.group_id), {
+    message: "Provide exactly one of project_id or group_id",
+});

package/build/test/no-proxy-integration-test.js

@@ -0,0 +1,183 @@
+/**
+ * NO_PROXY Integration Test
+ * Tests NO_PROXY functionality with mock servers
+ */
+import { describe, test, after, before } from 'node:test';
+import assert from 'node:assert';
+import { launchServer, findAvailablePort, cleanupServers, TransportMode, HOST } from './utils/server-launcher.js';
+import { MockGitLabServer, findMockServerPort } from './utils/mock-gitlab-server.js';
+import { CustomHeaderClient } from './clients/custom-header-client.js';
+// Test constants
+const MOCK_TOKEN = 'glpat-mock-token-12345';
+// Port ranges
+const MOCK_GITLAB_PORT_BASE = 9600;
+const MCP_SERVER_PORT_BASE = 3600;
+console.log('🌐 NO_PROXY Integration Test Suite');
+console.log('');
+describe('NO_PROXY Integration Tests', () => {
+    let mcpUrl;
+    let mockGitLab;
+    let servers = [];
+    let mockGitLabUrl;
+    let mockGitLabHost;
+    before(async () => {
+        // Start mock GitLab server
+        const mockPort = await findMockServerPort(MOCK_GITLAB_PORT_BASE);
+        mockGitLab = new MockGitLabServer({
+            port: mockPort,
+            validTokens: [MOCK_TOKEN]
+        });
+        await mockGitLab.start();
+        mockGitLabUrl = mockGitLab.getUrl();
+        // Extract the host:port part for NO_PROXY
+        const url = new URL(mockGitLabUrl);
+        mockGitLabHost = url.host; // This includes port if non-standard
+        console.log(`Mock GitLab: ${mockGitLabUrl}`);
+        console.log(`Mock GitLab Host: ${mockGitLabHost}`);
+    });
+    after(async () => {
+        cleanupServers(servers);
+        if (mockGitLab) {
+            await mockGitLab.stop();
+        }
+    });
+    test('should bypass proxy when hostname is in NO_PROXY', async () => {
+        // Start MCP server with proxy settings and NO_PROXY
+        const mcpPort = await findAvailablePort(MCP_SERVER_PORT_BASE);
+        const server = await launchServer({
+            mode: TransportMode.STREAMABLE_HTTP,
+            port: mcpPort,
+            timeout: 5000,
+            env: {
+                STREAMABLE_HTTP: 'true',
+                REMOTE_AUTHORIZATION: 'true',
+                GITLAB_API_URL: `${mockGitLabUrl}/api/v4`,
+                // Set a fake proxy that would fail if used
+                HTTP_PROXY: 'http://nonexistent-proxy.example.com:9999',
+                HTTPS_PROXY: 'http://nonexistent-proxy.example.com:9999',
+                // Bypass proxy for our mock GitLab server
+                NO_PROXY: mockGitLabHost,
+            }
+        });
+        servers.push(server);
+        mcpUrl = `http://${HOST}:${mcpPort}/mcp`;
+        console.log(`MCP Server: ${mcpUrl}`);
+        console.log(`NO_PROXY: ${mockGitLabHost}`);
+        // Create client and make a request
+        const client = new CustomHeaderClient({
+            'authorization': `Bearer ${MOCK_TOKEN}`,
+        });
+        await client.connect(mcpUrl);
+        // This should succeed because the proxy is bypassed
+        const result = await client.callTool('list_projects', { per_page: 1 });
+        console.log('  ✓ Request succeeded with NO_PROXY bypass');
+        assert.ok(result, 'Request should succeed');
+        await client.disconnect();
+    });
+    test('should use proxy when hostname is NOT in NO_PROXY', async () => {
+        // Start MCP server with proxy settings but NO_PROXY doesn't match
+        const mcpPort = await findAvailablePort(MCP_SERVER_PORT_BASE + 1);
+        const server = await launchServer({
+            mode: TransportMode.STREAMABLE_HTTP,
+            port: mcpPort,
+            timeout: 5000,
+            env: {
+                STREAMABLE_HTTP: 'true',
+                REMOTE_AUTHORIZATION: 'true',
+                GITLAB_API_URL: `${mockGitLabUrl}/api/v4`,
+                // Set a fake proxy that would fail if used
+                HTTP_PROXY: 'http://nonexistent-proxy.example.com:9999',
+                HTTPS_PROXY: 'http://nonexistent-proxy.example.com:9999',
+                // NO_PROXY doesn't match our server
+                NO_PROXY: 'different-host.example.com,10.0.0.1',
+            }
+        });
+        servers.push(server);
+        mcpUrl = `http://${HOST}:${mcpPort}/mcp`;
+        console.log(`MCP Server: ${mcpUrl}`);
+        console.log(`NO_PROXY: different-host.example.com,10.0.0.1 (should NOT match)`);
+        // Create client and make a request
+        const client = new CustomHeaderClient({
+            'authorization': `Bearer ${MOCK_TOKEN}`,
+        });
+        await client.connect(mcpUrl);
+        // This should fail because it tries to use the nonexistent proxy
+        try {
+            await client.callTool('list_projects', { per_page: 1 });
+            assert.fail('Request should have failed due to proxy connection error');
+        }
+        catch (error) {
+            console.log('  ✓ Request failed as expected (proxy error)');
+            // Expected to fail with connection/proxy error
+            assert.ok(error, 'Should throw an error when proxy fails');
+        }
+        await client.disconnect();
+    });
+    test('should bypass proxy with wildcard NO_PROXY', async () => {
+        // Start MCP server with wildcard NO_PROXY
+        const mcpPort = await findAvailablePort(MCP_SERVER_PORT_BASE + 2);
+        const server = await launchServer({
+            mode: TransportMode.STREAMABLE_HTTP,
+            port: mcpPort,
+            timeout: 5000,
+            env: {
+                STREAMABLE_HTTP: 'true',
+                REMOTE_AUTHORIZATION: 'true',
+                GITLAB_API_URL: `${mockGitLabUrl}/api/v4`,
+                // Set a fake proxy that would fail if used
+                HTTP_PROXY: 'http://nonexistent-proxy.example.com:9999',
+                HTTPS_PROXY: 'http://nonexistent-proxy.example.com:9999',
+                // Wildcard bypasses all proxies
+                NO_PROXY: '*',
+            }
+        });
+        servers.push(server);
+        mcpUrl = `http://${HOST}:${mcpPort}/mcp`;
+        console.log(`MCP Server: ${mcpUrl}`);
+        console.log(`NO_PROXY: * (wildcard - bypasses all)`);
+        // Create client and make a request
+        const client = new CustomHeaderClient({
+            'authorization': `Bearer ${MOCK_TOKEN}`,
+        });
+        await client.connect(mcpUrl);
+        // This should succeed because wildcard bypasses all proxies
+        const result = await client.callTool('list_projects', { per_page: 1 });
+        console.log('  ✓ Request succeeded with wildcard NO_PROXY');
+        assert.ok(result, 'Request should succeed');
+        await client.disconnect();
+    });
+    test('should bypass proxy with exact IP and localhost', async () => {
+        // Start MCP server with explicit IP and localhost patterns
+        const mcpPort = await findAvailablePort(MCP_SERVER_PORT_BASE + 3);
+        const server = await launchServer({
+            mode: TransportMode.STREAMABLE_HTTP,
+            port: mcpPort,
+            timeout: 5000,
+            env: {
+                STREAMABLE_HTTP: 'true',
+                REMOTE_AUTHORIZATION: 'true',
+                GITLAB_API_URL: `${mockGitLabUrl}/api/v4`,
+                // Set a fake proxy that would fail if used
+                HTTP_PROXY: 'http://nonexistent-proxy.example.com:9999',
+                HTTPS_PROXY: 'http://nonexistent-proxy.example.com:9999',
+                // Use explicit localhost and 127.0.0.1 patterns
+                NO_PROXY: 'localhost,127.0.0.1',
+            }
+        });
+        servers.push(server);
+        mcpUrl = `http://${HOST}:${mcpPort}/mcp`;
+        console.log(`MCP Server: ${mcpUrl}`);
+        console.log(`NO_PROXY: localhost,127.0.0.1 (exact matches)`);
+        // Create client and make a request
+        const client = new CustomHeaderClient({
+            'authorization': `Bearer ${MOCK_TOKEN}`,
+        });
+        await client.connect(mcpUrl);
+        // This should succeed because 127.0.0.1 and localhost are explicitly in NO_PROXY
+        const result = await client.callTool('list_projects', { per_page: 1 });
+        console.log('  ✓ Request succeeded with exact IP/localhost NO_PROXY match');
+        assert.ok(result, 'Request should succeed');
+        await client.disconnect();
+    });
+});
+console.log('✅ NO_PROXY integration tests completed');

package/build/test/no-proxy-test.js

@@ -0,0 +1,138 @@
+/**
+ * NO_PROXY Test Suite
+ * Tests NO_PROXY pattern matching and proxy bypass functionality
+ */
+import { describe, test } from 'node:test';
+import assert from 'node:assert';
+import { GitLabClientPool } from '../gitlab-client-pool.js';
+console.log('🚫 NO_PROXY Test Suite');
+console.log('');
+describe('NO_PROXY Pattern Matching', () => {
+    test('should bypass proxy for exact hostname match', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: 'gitlab.internal.com',
+        });
+        // Create agent for the NO_PROXY matched host
+        const agent = pool.getOrCreateAgentForUrl('https://gitlab.internal.com/api/v4');
+        // The agent should NOT be a proxy agent
+        // It should be a standard HTTPS agent
+        assert.ok(agent, 'Agent should be created');
+        assert.strictEqual(agent.constructor.name, 'Agent', 'Should be a standard Agent, not a proxy agent');
+    });
+    test('should use proxy for non-matching hostname', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: 'gitlab.internal.com',
+        });
+        // Create agent for a host that should use proxy
+        const agent = pool.getOrCreateAgentForUrl('https://gitlab.external.com/api/v4');
+        // The agent should be a proxy agent
+        assert.ok(agent, 'Agent should be created');
+        assert.notStrictEqual(agent.constructor.name, 'Agent', 'Should be a proxy agent, not standard Agent');
+    });
+    test('should bypass proxy for domain suffix match', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: '.internal.com',
+        });
+        // Test multiple subdomains
+        const agent1 = pool.getOrCreateAgentForUrl('https://gitlab.internal.com/api/v4');
+        const agent2 = pool.getOrCreateAgentForUrl('https://api.internal.com/api/v4');
+        const agent3 = pool.getOrCreateAgentForUrl('https://dev.gitlab.internal.com/api/v4');
+        assert.strictEqual(agent1.constructor.name, 'Agent', 'gitlab.internal.com should bypass proxy');
+        assert.strictEqual(agent2.constructor.name, 'Agent', 'api.internal.com should bypass proxy');
+        assert.strictEqual(agent3.constructor.name, 'Agent', 'dev.gitlab.internal.com should bypass proxy');
+    });
+    test('should bypass proxy for localhost', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: 'localhost,127.0.0.1',
+        });
+        const agent1 = pool.getOrCreateAgentForUrl('http://localhost:8080/api/v4');
+        const agent2 = pool.getOrCreateAgentForUrl('http://127.0.0.1:8080/api/v4');
+        assert.strictEqual(agent1.constructor.name, 'Agent', 'localhost should bypass proxy');
+        assert.strictEqual(agent2.constructor.name, 'Agent', '127.0.0.1 should bypass proxy');
+    });
+    test('should bypass proxy for wildcard pattern', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: '*',
+        });
+        const agent = pool.getOrCreateAgentForUrl('https://gitlab.com/api/v4');
+        assert.strictEqual(agent.constructor.name, 'Agent', 'Wildcard should bypass all proxies');
+    });
+    test('should handle multiple NO_PROXY patterns', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: 'localhost,.internal.com,192.168.1.1',
+        });
+        const agent1 = pool.getOrCreateAgentForUrl('http://localhost/api/v4');
+        const agent2 = pool.getOrCreateAgentForUrl('https://gitlab.internal.com/api/v4');
+        const agent3 = pool.getOrCreateAgentForUrl('http://192.168.1.1/api/v4');
+        const agent4 = pool.getOrCreateAgentForUrl('https://gitlab.com/api/v4');
+        assert.strictEqual(agent1.constructor.name, 'Agent', 'localhost should bypass proxy');
+        assert.strictEqual(agent2.constructor.name, 'Agent', '.internal.com should bypass proxy');
+        assert.strictEqual(agent3.constructor.name, 'Agent', '192.168.1.1 should bypass proxy');
+        assert.notStrictEqual(agent4.constructor.name, 'Agent', 'gitlab.com should use proxy');
+    });
+    test('should handle NO_PROXY with whitespace', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: ' localhost , .internal.com , 192.168.1.1 ',
+        });
+        const agent1 = pool.getOrCreateAgentForUrl('http://localhost/api/v4');
+        const agent2 = pool.getOrCreateAgentForUrl('https://gitlab.internal.com/api/v4');
+        assert.strictEqual(agent1.constructor.name, 'Agent', 'Should handle whitespace in NO_PROXY');
+        assert.strictEqual(agent2.constructor.name, 'Agent', 'Should handle whitespace in NO_PROXY');
+    });
+    test('should work without NO_PROXY set', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+        });
+        const agent = pool.getOrCreateAgentForUrl('https://gitlab.com/api/v4');
+        // Should use proxy when NO_PROXY is not set
+        assert.notStrictEqual(agent.constructor.name, 'Agent', 'Should use proxy when NO_PROXY is not set');
+    });
+    test('should work with NO_PROXY set but empty', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: '',
+        });
+        const agent = pool.getOrCreateAgentForUrl('https://gitlab.com/api/v4');
+        // Should use proxy when NO_PROXY is empty
+        assert.notStrictEqual(agent.constructor.name, 'Agent', 'Should use proxy when NO_PROXY is empty');
+    });
+    test('should handle port-specific patterns', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: 'gitlab.internal.com:443',
+        });
+        const agent1 = pool.getOrCreateAgentForUrl('https://gitlab.internal.com/api/v4'); // HTTPS uses port 443 by default
+        const agent2 = pool.getOrCreateAgentForUrl('http://gitlab.internal.com/api/v4'); // HTTP uses port 80 by default
+        assert.strictEqual(agent1.constructor.name, 'Agent', 'Should bypass proxy for matching port');
+        assert.notStrictEqual(agent2.constructor.name, 'Agent', 'Should use proxy for non-matching port');
+    });
+    test('should handle case-insensitive matching', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: 'GitLab.Internal.COM',
+        });
+        const agent1 = pool.getOrCreateAgentForUrl('https://gitlab.internal.com/api/v4');
+        const agent2 = pool.getOrCreateAgentForUrl('https://GITLAB.INTERNAL.COM/api/v4');
+        assert.strictEqual(agent1.constructor.name, 'Agent', 'Should match case-insensitively (lowercase)');
+        assert.strictEqual(agent2.constructor.name, 'Agent', 'Should match case-insensitively (uppercase)');
+    });
+});
+console.log('✅ NO_PROXY tests completed');

package/build/test/remote-auth-simple-test.js

@@ -9,6 +9,7 @@ import { MockGitLabServer, findMockServerPort } from './utils/mock-gitlab-server
 import { CustomHeaderClient } from './clients/custom-header-client.js';
 // Test constants
 const MOCK_TOKEN = 'glpat-mock-token-12345';
+const MOCK_JOB_TOKEN = 'glcbt-mock-job-token-9876';
 const TEST_PROJECT_ID = '123';
 // Port ranges to avoid collisions
 const MOCK_GITLAB_PORT_BASE = 9000;
@@ -32,7 +33,7 @@ describe('Remote Authorization - Basic Functionality', () => {
         const mockPort = await findMockServerPort(MOCK_GITLAB_PORT_BASE);
         mockGitLab = new MockGitLabServer({
             port: mockPort,
-            validTokens: [MOCK_TOKEN]
+            validTokens: [MOCK_TOKEN, MOCK_JOB_TOKEN],
         });
         await mockGitLab.start();
         const mockGitLabUrl = mockGitLab.getUrl();
@@ -80,6 +81,16 @@ describe('Remote Authorization - Basic Functionality', () => {
         console.log(`  ✓ Connected with Private-Token, got ${tools.tools.length} tools`);
         await client.disconnect();
     });
+    test('should connect with JOB-TOKEN header', async () => {
+        const client = new CustomHeaderClient({
+            'job-token': MOCK_JOB_TOKEN,
+        });
+        await client.connect(mcpUrl);
+        const tools = await client.listTools();
+        assert.ok(tools.tools.length > 0, 'Should have tools');
+        console.log(`  ✓ Connected with JOB-TOKEN, got ${tools.tools.length} tools`);
+        await client.disconnect();
+    });
     test('should successfully call listTools with auth', async () => {
         const client = new CustomHeaderClient({
             'authorization': `Bearer ${MOCK_TOKEN}`