@zereight/mcp-gitlab 2.0.33 → 2.0.34

package/build/test/no-proxy-integration-test.js

@@ -0,0 +1,183 @@
+/**
+ * NO_PROXY Integration Test
+ * Tests NO_PROXY functionality with mock servers
+ */
+import { describe, test, after, before } from 'node:test';
+import assert from 'node:assert';
+import { launchServer, findAvailablePort, cleanupServers, TransportMode, HOST } from './utils/server-launcher.js';
+import { MockGitLabServer, findMockServerPort } from './utils/mock-gitlab-server.js';
+import { CustomHeaderClient } from './clients/custom-header-client.js';
+// Test constants
+const MOCK_TOKEN = 'glpat-mock-token-12345';
+// Port ranges
+const MOCK_GITLAB_PORT_BASE = 9600;
+const MCP_SERVER_PORT_BASE = 3600;
+console.log('🌐 NO_PROXY Integration Test Suite');
+console.log('');
+describe('NO_PROXY Integration Tests', () => {
+    let mcpUrl;
+    let mockGitLab;
+    let servers = [];
+    let mockGitLabUrl;
+    let mockGitLabHost;
+    before(async () => {
+        // Start mock GitLab server
+        const mockPort = await findMockServerPort(MOCK_GITLAB_PORT_BASE);
+        mockGitLab = new MockGitLabServer({
+            port: mockPort,
+            validTokens: [MOCK_TOKEN]
+        });
+        await mockGitLab.start();
+        mockGitLabUrl = mockGitLab.getUrl();
+        // Extract the host:port part for NO_PROXY
+        const url = new URL(mockGitLabUrl);
+        mockGitLabHost = url.host; // This includes port if non-standard
+        console.log(`Mock GitLab: ${mockGitLabUrl}`);
+        console.log(`Mock GitLab Host: ${mockGitLabHost}`);
+    });
+    after(async () => {
+        cleanupServers(servers);
+        if (mockGitLab) {
+            await mockGitLab.stop();
+        }
+    });
+    test('should bypass proxy when hostname is in NO_PROXY', async () => {
+        // Start MCP server with proxy settings and NO_PROXY
+        const mcpPort = await findAvailablePort(MCP_SERVER_PORT_BASE);
+        const server = await launchServer({
+            mode: TransportMode.STREAMABLE_HTTP,
+            port: mcpPort,
+            timeout: 5000,
+            env: {
+                STREAMABLE_HTTP: 'true',
+                REMOTE_AUTHORIZATION: 'true',
+                GITLAB_API_URL: `${mockGitLabUrl}/api/v4`,
+                // Set a fake proxy that would fail if used
+                HTTP_PROXY: 'http://nonexistent-proxy.example.com:9999',
+                HTTPS_PROXY: 'http://nonexistent-proxy.example.com:9999',
+                // Bypass proxy for our mock GitLab server
+                NO_PROXY: mockGitLabHost,
+            }
+        });
+        servers.push(server);
+        mcpUrl = `http://${HOST}:${mcpPort}/mcp`;
+        console.log(`MCP Server: ${mcpUrl}`);
+        console.log(`NO_PROXY: ${mockGitLabHost}`);
+        // Create client and make a request
+        const client = new CustomHeaderClient({
+            'authorization': `Bearer ${MOCK_TOKEN}`,
+        });
+        await client.connect(mcpUrl);
+        // This should succeed because the proxy is bypassed
+        const result = await client.callTool('list_projects', { per_page: 1 });
+        console.log('  ✓ Request succeeded with NO_PROXY bypass');
+        assert.ok(result, 'Request should succeed');
+        await client.disconnect();
+    });
+    test('should use proxy when hostname is NOT in NO_PROXY', async () => {
+        // Start MCP server with proxy settings but NO_PROXY doesn't match
+        const mcpPort = await findAvailablePort(MCP_SERVER_PORT_BASE + 1);
+        const server = await launchServer({
+            mode: TransportMode.STREAMABLE_HTTP,
+            port: mcpPort,
+            timeout: 5000,
+            env: {
+                STREAMABLE_HTTP: 'true',
+                REMOTE_AUTHORIZATION: 'true',
+                GITLAB_API_URL: `${mockGitLabUrl}/api/v4`,
+                // Set a fake proxy that would fail if used
+                HTTP_PROXY: 'http://nonexistent-proxy.example.com:9999',
+                HTTPS_PROXY: 'http://nonexistent-proxy.example.com:9999',
+                // NO_PROXY doesn't match our server
+                NO_PROXY: 'different-host.example.com,10.0.0.1',
+            }
+        });
+        servers.push(server);
+        mcpUrl = `http://${HOST}:${mcpPort}/mcp`;
+        console.log(`MCP Server: ${mcpUrl}`);
+        console.log(`NO_PROXY: different-host.example.com,10.0.0.1 (should NOT match)`);
+        // Create client and make a request
+        const client = new CustomHeaderClient({
+            'authorization': `Bearer ${MOCK_TOKEN}`,
+        });
+        await client.connect(mcpUrl);
+        // This should fail because it tries to use the nonexistent proxy
+        try {
+            await client.callTool('list_projects', { per_page: 1 });
+            assert.fail('Request should have failed due to proxy connection error');
+        }
+        catch (error) {
+            console.log('  ✓ Request failed as expected (proxy error)');
+            // Expected to fail with connection/proxy error
+            assert.ok(error, 'Should throw an error when proxy fails');
+        }
+        await client.disconnect();
+    });
+    test('should bypass proxy with wildcard NO_PROXY', async () => {
+        // Start MCP server with wildcard NO_PROXY
+        const mcpPort = await findAvailablePort(MCP_SERVER_PORT_BASE + 2);
+        const server = await launchServer({
+            mode: TransportMode.STREAMABLE_HTTP,
+            port: mcpPort,
+            timeout: 5000,
+            env: {
+                STREAMABLE_HTTP: 'true',
+                REMOTE_AUTHORIZATION: 'true',
+                GITLAB_API_URL: `${mockGitLabUrl}/api/v4`,
+                // Set a fake proxy that would fail if used
+                HTTP_PROXY: 'http://nonexistent-proxy.example.com:9999',
+                HTTPS_PROXY: 'http://nonexistent-proxy.example.com:9999',
+                // Wildcard bypasses all proxies
+                NO_PROXY: '*',
+            }
+        });
+        servers.push(server);
+        mcpUrl = `http://${HOST}:${mcpPort}/mcp`;
+        console.log(`MCP Server: ${mcpUrl}`);
+        console.log(`NO_PROXY: * (wildcard - bypasses all)`);
+        // Create client and make a request
+        const client = new CustomHeaderClient({
+            'authorization': `Bearer ${MOCK_TOKEN}`,
+        });
+        await client.connect(mcpUrl);
+        // This should succeed because wildcard bypasses all proxies
+        const result = await client.callTool('list_projects', { per_page: 1 });
+        console.log('  ✓ Request succeeded with wildcard NO_PROXY');
+        assert.ok(result, 'Request should succeed');
+        await client.disconnect();
+    });
+    test('should bypass proxy with exact IP and localhost', async () => {
+        // Start MCP server with explicit IP and localhost patterns
+        const mcpPort = await findAvailablePort(MCP_SERVER_PORT_BASE + 3);
+        const server = await launchServer({
+            mode: TransportMode.STREAMABLE_HTTP,
+            port: mcpPort,
+            timeout: 5000,
+            env: {
+                STREAMABLE_HTTP: 'true',
+                REMOTE_AUTHORIZATION: 'true',
+                GITLAB_API_URL: `${mockGitLabUrl}/api/v4`,
+                // Set a fake proxy that would fail if used
+                HTTP_PROXY: 'http://nonexistent-proxy.example.com:9999',
+                HTTPS_PROXY: 'http://nonexistent-proxy.example.com:9999',
+                // Use explicit localhost and 127.0.0.1 patterns
+                NO_PROXY: 'localhost,127.0.0.1',
+            }
+        });
+        servers.push(server);
+        mcpUrl = `http://${HOST}:${mcpPort}/mcp`;
+        console.log(`MCP Server: ${mcpUrl}`);
+        console.log(`NO_PROXY: localhost,127.0.0.1 (exact matches)`);
+        // Create client and make a request
+        const client = new CustomHeaderClient({
+            'authorization': `Bearer ${MOCK_TOKEN}`,
+        });
+        await client.connect(mcpUrl);
+        // This should succeed because 127.0.0.1 and localhost are explicitly in NO_PROXY
+        const result = await client.callTool('list_projects', { per_page: 1 });
+        console.log('  ✓ Request succeeded with exact IP/localhost NO_PROXY match');
+        assert.ok(result, 'Request should succeed');
+        await client.disconnect();
+    });
+});
+console.log('✅ NO_PROXY integration tests completed');

package/build/test/no-proxy-test.js

@@ -0,0 +1,138 @@
+/**
+ * NO_PROXY Test Suite
+ * Tests NO_PROXY pattern matching and proxy bypass functionality
+ */
+import { describe, test } from 'node:test';
+import assert from 'node:assert';
+import { GitLabClientPool } from '../gitlab-client-pool.js';
+console.log('🚫 NO_PROXY Test Suite');
+console.log('');
+describe('NO_PROXY Pattern Matching', () => {
+    test('should bypass proxy for exact hostname match', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: 'gitlab.internal.com',
+        });
+        // Create agent for the NO_PROXY matched host
+        const agent = pool.getOrCreateAgentForUrl('https://gitlab.internal.com/api/v4');
+        // The agent should NOT be a proxy agent
+        // It should be a standard HTTPS agent
+        assert.ok(agent, 'Agent should be created');
+        assert.strictEqual(agent.constructor.name, 'Agent', 'Should be a standard Agent, not a proxy agent');
+    });
+    test('should use proxy for non-matching hostname', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: 'gitlab.internal.com',
+        });
+        // Create agent for a host that should use proxy
+        const agent = pool.getOrCreateAgentForUrl('https://gitlab.external.com/api/v4');
+        // The agent should be a proxy agent
+        assert.ok(agent, 'Agent should be created');
+        assert.notStrictEqual(agent.constructor.name, 'Agent', 'Should be a proxy agent, not standard Agent');
+    });
+    test('should bypass proxy for domain suffix match', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: '.internal.com',
+        });
+        // Test multiple subdomains
+        const agent1 = pool.getOrCreateAgentForUrl('https://gitlab.internal.com/api/v4');
+        const agent2 = pool.getOrCreateAgentForUrl('https://api.internal.com/api/v4');
+        const agent3 = pool.getOrCreateAgentForUrl('https://dev.gitlab.internal.com/api/v4');
+        assert.strictEqual(agent1.constructor.name, 'Agent', 'gitlab.internal.com should bypass proxy');
+        assert.strictEqual(agent2.constructor.name, 'Agent', 'api.internal.com should bypass proxy');
+        assert.strictEqual(agent3.constructor.name, 'Agent', 'dev.gitlab.internal.com should bypass proxy');
+    });
+    test('should bypass proxy for localhost', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: 'localhost,127.0.0.1',
+        });
+        const agent1 = pool.getOrCreateAgentForUrl('http://localhost:8080/api/v4');
+        const agent2 = pool.getOrCreateAgentForUrl('http://127.0.0.1:8080/api/v4');
+        assert.strictEqual(agent1.constructor.name, 'Agent', 'localhost should bypass proxy');
+        assert.strictEqual(agent2.constructor.name, 'Agent', '127.0.0.1 should bypass proxy');
+    });
+    test('should bypass proxy for wildcard pattern', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: '*',
+        });
+        const agent = pool.getOrCreateAgentForUrl('https://gitlab.com/api/v4');
+        assert.strictEqual(agent.constructor.name, 'Agent', 'Wildcard should bypass all proxies');
+    });
+    test('should handle multiple NO_PROXY patterns', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: 'localhost,.internal.com,192.168.1.1',
+        });
+        const agent1 = pool.getOrCreateAgentForUrl('http://localhost/api/v4');
+        const agent2 = pool.getOrCreateAgentForUrl('https://gitlab.internal.com/api/v4');
+        const agent3 = pool.getOrCreateAgentForUrl('http://192.168.1.1/api/v4');
+        const agent4 = pool.getOrCreateAgentForUrl('https://gitlab.com/api/v4');
+        assert.strictEqual(agent1.constructor.name, 'Agent', 'localhost should bypass proxy');
+        assert.strictEqual(agent2.constructor.name, 'Agent', '.internal.com should bypass proxy');
+        assert.strictEqual(agent3.constructor.name, 'Agent', '192.168.1.1 should bypass proxy');
+        assert.notStrictEqual(agent4.constructor.name, 'Agent', 'gitlab.com should use proxy');
+    });
+    test('should handle NO_PROXY with whitespace', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: ' localhost , .internal.com , 192.168.1.1 ',
+        });
+        const agent1 = pool.getOrCreateAgentForUrl('http://localhost/api/v4');
+        const agent2 = pool.getOrCreateAgentForUrl('https://gitlab.internal.com/api/v4');
+        assert.strictEqual(agent1.constructor.name, 'Agent', 'Should handle whitespace in NO_PROXY');
+        assert.strictEqual(agent2.constructor.name, 'Agent', 'Should handle whitespace in NO_PROXY');
+    });
+    test('should work without NO_PROXY set', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+        });
+        const agent = pool.getOrCreateAgentForUrl('https://gitlab.com/api/v4');
+        // Should use proxy when NO_PROXY is not set
+        assert.notStrictEqual(agent.constructor.name, 'Agent', 'Should use proxy when NO_PROXY is not set');
+    });
+    test('should work with NO_PROXY set but empty', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: '',
+        });
+        const agent = pool.getOrCreateAgentForUrl('https://gitlab.com/api/v4');
+        // Should use proxy when NO_PROXY is empty
+        assert.notStrictEqual(agent.constructor.name, 'Agent', 'Should use proxy when NO_PROXY is empty');
+    });
+    test('should handle port-specific patterns', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: 'gitlab.internal.com:443',
+        });
+        const agent1 = pool.getOrCreateAgentForUrl('https://gitlab.internal.com/api/v4'); // HTTPS uses port 443 by default
+        const agent2 = pool.getOrCreateAgentForUrl('http://gitlab.internal.com/api/v4'); // HTTP uses port 80 by default
+        assert.strictEqual(agent1.constructor.name, 'Agent', 'Should bypass proxy for matching port');
+        assert.notStrictEqual(agent2.constructor.name, 'Agent', 'Should use proxy for non-matching port');
+    });
+    test('should handle case-insensitive matching', () => {
+        const pool = new GitLabClientPool({
+            httpProxy: 'http://proxy.example.com:8080',
+            httpsProxy: 'http://proxy.example.com:8080',
+            noProxy: 'GitLab.Internal.COM',
+        });
+        const agent1 = pool.getOrCreateAgentForUrl('https://gitlab.internal.com/api/v4');
+        const agent2 = pool.getOrCreateAgentForUrl('https://GITLAB.INTERNAL.COM/api/v4');
+        assert.strictEqual(agent1.constructor.name, 'Agent', 'Should match case-insensitively (lowercase)');
+        assert.strictEqual(agent2.constructor.name, 'Agent', 'Should match case-insensitively (uppercase)');
+    });
+});
+console.log('✅ NO_PROXY tests completed');

package/build/test/remote-auth-simple-test.js

@@ -9,6 +9,7 @@ import { MockGitLabServer, findMockServerPort } from './utils/mock-gitlab-server
 import { CustomHeaderClient } from './clients/custom-header-client.js';
 // Test constants
 const MOCK_TOKEN = 'glpat-mock-token-12345';
+const MOCK_JOB_TOKEN = 'glcbt-mock-job-token-9876';
 const TEST_PROJECT_ID = '123';
 // Port ranges to avoid collisions
 const MOCK_GITLAB_PORT_BASE = 9000;
@@ -32,7 +33,7 @@ describe('Remote Authorization - Basic Functionality', () => {
         const mockPort = await findMockServerPort(MOCK_GITLAB_PORT_BASE);
         mockGitLab = new MockGitLabServer({
             port: mockPort,
-            validTokens: [MOCK_TOKEN]
+            validTokens: [MOCK_TOKEN, MOCK_JOB_TOKEN],
         });
         await mockGitLab.start();
         const mockGitLabUrl = mockGitLab.getUrl();
@@ -80,6 +81,16 @@ describe('Remote Authorization - Basic Functionality', () => {
         console.log(`  ✓ Connected with Private-Token, got ${tools.tools.length} tools`);
         await client.disconnect();
     });
+    test('should connect with JOB-TOKEN header', async () => {
+        const client = new CustomHeaderClient({
+            'job-token': MOCK_JOB_TOKEN,
+        });
+        await client.connect(mcpUrl);
+        const tools = await client.listTools();
+        assert.ok(tools.tools.length > 0, 'Should have tools');
+        console.log(`  ✓ Connected with JOB-TOKEN, got ${tools.tools.length} tools`);
+        await client.disconnect();
+    });
     test('should successfully call listTools with auth', async () => {
         const client = new CustomHeaderClient({
             'authorization': `Bearer ${MOCK_TOKEN}`

package/build/test/test-geteffectiveprojectid.js

@@ -0,0 +1,236 @@
+/**
+ * Test suite for getEffectiveProjectId function
+ * Tests the behavior of project ID resolution with different environment configurations
+ */
+import { describe, test, before, after } from 'node:test';
+import assert from 'node:assert';
+import { launchServer, findAvailablePort, cleanupServers, TransportMode, HOST } from './utils/server-launcher.js';
+import { MockGitLabServer, findMockServerPort } from './utils/mock-gitlab-server.js';
+import { StreamableHTTPTestClient } from './clients/streamable-http-client.js';
+// Use the same token that will be passed via GITLAB_TOKEN_TEST environment variable
+const MOCK_TOKEN = process.env.GITLAB_TOKEN_TEST || 'glpat-mock-token-12345';
+const DEFAULT_PROJECT_ID = '123';
+const OTHER_PROJECT_ID = '456';
+console.log('🔍 Testing getEffectiveProjectId functionality');
+console.log('');
+describe('getEffectiveProjectId - No GITLAB_ALLOWED_PROJECT_IDS', () => {
+    let mcpUrl;
+    let mockGitLab;
+    let servers = [];
+    let client;
+    before(async () => {
+        // Start mock GitLab server
+        const mockPort = await findMockServerPort(9100);
+        mockGitLab = new MockGitLabServer({
+            port: mockPort,
+            validTokens: [MOCK_TOKEN]
+        });
+        await mockGitLab.start();
+        const mockGitLabUrl = mockGitLab.getUrl();
+        // Start MCP server WITHOUT GITLAB_ALLOWED_PROJECT_IDS
+        const mcpPort = await findAvailablePort(3100);
+        const server = await launchServer({
+            mode: TransportMode.STREAMABLE_HTTP,
+            port: mcpPort,
+            timeout: 5000,
+            env: {
+                STREAMABLE_HTTP: 'true',
+                GITLAB_API_URL: `${mockGitLabUrl}/api/v4`,
+                GITLAB_PROJECT_ID: DEFAULT_PROJECT_ID,
+                GITLAB_READ_ONLY_MODE: 'true',
+            }
+        });
+        servers.push(server);
+        mcpUrl = `http://${HOST}:${mcpPort}/mcp`;
+        client = new StreamableHTTPTestClient();
+        await client.connect(mcpUrl);
+        console.log(`Mock GitLab: ${mockGitLabUrl}`);
+        console.log(`MCP Server: ${mcpUrl}`);
+        console.log(`Default Project: ${DEFAULT_PROJECT_ID}`);
+    });
+    after(async () => {
+        if (client) {
+            await client.disconnect();
+        }
+        cleanupServers(servers);
+        if (mockGitLab) {
+            await mockGitLab.stop();
+        }
+    });
+    test('should use GITLAB_PROJECT_ID when no project_id is provided', async () => {
+        // Call get_project without specifying project_id
+        const result = await client.callTool('get_project', {
+            project_id: ''
+        });
+        assert.ok(result.content, 'Should have content');
+        const content = result.content[0];
+        assert.ok('text' in content, 'Content should have text');
+        const project = JSON.parse(content.text);
+        // The mock server should receive a request for the default project
+        assert.strictEqual(project.id.toString(), DEFAULT_PROJECT_ID, 'Should use GITLAB_PROJECT_ID as default');
+        console.log(`  ✓ Used default project ${DEFAULT_PROJECT_ID} when no project_id provided`);
+    });
+    test('should prioritize passed project_id over GITLAB_PROJECT_ID', async () => {
+        // Call get_project with a different project_id
+        const result = await client.callTool('get_project', {
+            project_id: OTHER_PROJECT_ID
+        });
+        assert.ok(result.content, 'Should have content');
+        const content = result.content[0];
+        assert.ok('text' in content, 'Content should have text');
+        const project = JSON.parse(content.text);
+        // Should use the passed project_id, not GITLAB_PROJECT_ID
+        assert.strictEqual(project.id.toString(), OTHER_PROJECT_ID, 'Should use passed project_id');
+        console.log(`  ✓ Used passed project_id ${OTHER_PROJECT_ID} instead of default ${DEFAULT_PROJECT_ID}`);
+    });
+});
+describe('getEffectiveProjectId - With single GITLAB_ALLOWED_PROJECT_IDS', () => {
+    let mcpUrl;
+    let mockGitLab;
+    let servers = [];
+    let client;
+    before(async () => {
+        // Start mock GitLab server
+        const mockPort = await findMockServerPort(9200);
+        mockGitLab = new MockGitLabServer({
+            port: mockPort,
+            validTokens: [MOCK_TOKEN]
+        });
+        await mockGitLab.start();
+        const mockGitLabUrl = mockGitLab.getUrl();
+        // Start MCP server WITH single GITLAB_ALLOWED_PROJECT_IDS
+        const mcpPort = await findAvailablePort(3200);
+        const server = await launchServer({
+            mode: TransportMode.STREAMABLE_HTTP,
+            port: mcpPort,
+            timeout: 5000,
+            env: {
+                STREAMABLE_HTTP: 'true',
+                GITLAB_API_URL: `${mockGitLabUrl}/api/v4`,
+                GITLAB_PROJECT_ID: DEFAULT_PROJECT_ID,
+                GITLAB_ALLOWED_PROJECT_IDS: DEFAULT_PROJECT_ID,
+                GITLAB_READ_ONLY_MODE: 'true',
+            }
+        });
+        servers.push(server);
+        mcpUrl = `http://${HOST}:${mcpPort}/mcp`;
+        client = new StreamableHTTPTestClient();
+        await client.connect(mcpUrl);
+        console.log(`Mock GitLab: ${mockGitLabUrl}`);
+        console.log(`MCP Server: ${mcpUrl}`);
+        console.log(`Allowed Project: ${DEFAULT_PROJECT_ID}`);
+    });
+    after(async () => {
+        if (client) {
+            await client.disconnect();
+        }
+        cleanupServers(servers);
+        if (mockGitLab) {
+            await mockGitLab.stop();
+        }
+    });
+    test('should use single allowed project as default', async () => {
+        const result = await client.callTool('get_project', {
+            project_id: ''
+        });
+        assert.ok(result.content, 'Should have content');
+        const content = result.content[0];
+        assert.ok('text' in content, 'Content should have text');
+        const project = JSON.parse(content.text);
+        assert.strictEqual(project.id.toString(), DEFAULT_PROJECT_ID, 'Should use allowed project as default');
+        console.log(`  ✓ Used allowed project ${DEFAULT_PROJECT_ID} as default`);
+    });
+    test('should reject access to non-allowed project', async () => {
+        try {
+            await client.callTool('get_project', {
+                project_id: OTHER_PROJECT_ID
+            });
+            assert.fail('Should have rejected access to non-allowed project');
+        }
+        catch (error) {
+            assert.ok(error instanceof Error);
+            assert.ok(error.message.includes('Access denied'), 'Should indicate access denied');
+            console.log('  ✓ Correctly rejected access to non-allowed project');
+        }
+    });
+});
+describe('getEffectiveProjectId - With multiple GITLAB_ALLOWED_PROJECT_IDS', () => {
+    let mcpUrl;
+    let mockGitLab;
+    let servers = [];
+    let client;
+    before(async () => {
+        // Start mock GitLab server
+        const mockPort = await findMockServerPort(9300);
+        mockGitLab = new MockGitLabServer({
+            port: mockPort,
+            validTokens: [MOCK_TOKEN]
+        });
+        await mockGitLab.start();
+        const mockGitLabUrl = mockGitLab.getUrl();
+        // Start MCP server WITH multiple GITLAB_ALLOWED_PROJECT_IDS
+        const mcpPort = await findAvailablePort(3300);
+        const server = await launchServer({
+            mode: TransportMode.STREAMABLE_HTTP,
+            port: mcpPort,
+            timeout: 5000,
+            env: {
+                STREAMABLE_HTTP: 'true',
+                GITLAB_API_URL: `${mockGitLabUrl}/api/v4`,
+                GITLAB_ALLOWED_PROJECT_IDS: `${DEFAULT_PROJECT_ID},${OTHER_PROJECT_ID}`,
+                GITLAB_READ_ONLY_MODE: 'true',
+            }
+        });
+        servers.push(server);
+        mcpUrl = `http://${HOST}:${mcpPort}/mcp`;
+        client = new StreamableHTTPTestClient();
+        await client.connect(mcpUrl);
+        console.log(`Mock GitLab: ${mockGitLabUrl}`);
+        console.log(`MCP Server: ${mcpUrl}`);
+        console.log(`Allowed Projects: ${DEFAULT_PROJECT_ID},${OTHER_PROJECT_ID}`);
+    });
+    after(async () => {
+        if (client) {
+            await client.disconnect();
+        }
+        cleanupServers(servers);
+        if (mockGitLab) {
+            await mockGitLab.stop();
+        }
+    });
+    test('should require explicit project_id when multiple projects allowed', async () => {
+        try {
+            await client.callTool('get_project', {
+                project_id: ''
+            });
+            assert.fail('Should have required explicit project_id');
+        }
+        catch (error) {
+            assert.ok(error instanceof Error);
+            assert.ok(error.message.includes('Please specify a project ID'), 'Should require project ID');
+            console.log('  ✓ Correctly required explicit project_id');
+        }
+    });
+    test('should allow access to first allowed project', async () => {
+        const result = await client.callTool('get_project', {
+            project_id: DEFAULT_PROJECT_ID
+        });
+        assert.ok(result.content, 'Should have content');
+        const content = result.content[0];
+        assert.ok('text' in content, 'Content should have text');
+        const project = JSON.parse(content.text);
+        assert.strictEqual(project.id.toString(), DEFAULT_PROJECT_ID, 'Should allow first project');
+        console.log(`  ✓ Allowed access to first project ${DEFAULT_PROJECT_ID}`);
+    });
+    test('should allow access to second allowed project', async () => {
+        const result = await client.callTool('get_project', {
+            project_id: OTHER_PROJECT_ID
+        });
+        assert.ok(result.content, 'Should have content');
+        const content = result.content[0];
+        assert.ok('text' in content, 'Content should have text');
+        const project = JSON.parse(content.text);
+        assert.strictEqual(project.id.toString(), OTHER_PROJECT_ID, 'Should allow second project');
+        console.log(`  ✓ Allowed access to second project ${OTHER_PROJECT_ID}`);
+    });
+});