@zereight/mcp-gitlab 2.0.33 → 2.0.35

package/README.md

@@ -34,7 +34,7 @@ For detailed OAuth2 setup instructions, see [OAuth Setup Guide](./docs/oauth-set
 
 Quick setup - first create a GitLab OAuth application:
 
-1. Go to your GitLab instance: `Settings` → `Applications`
+1. Go to your GitLab instance: `Admin area` → `Applications`
 2. Create a new application with:
    - **Name**: `GitLab MCP Server` (or any name you prefer)
    - **Redirect URI**: `http://127.0.0.1:8888/callback`
@@ -336,7 +336,7 @@ docker run -i --rm \
 - `GITLAB_OAUTH_REDIRECT_URI`: The OAuth callback URL. Default: `http://127.0.0.1:8888/callback`
 - `GITLAB_OAUTH_TOKEN_PATH`: Custom path to store the OAuth token. Default: `~/.gitlab-mcp-token.json`
 - `REMOTE_AUTHORIZATION`: When set to 'true', enables remote per-session authorization via HTTP headers. In this mode:
-  - The server accepts GitLab PAT tokens from HTTP headers (`Authorization: Bearer <token>` or `Private-Token: <token>`) on a per-session basis
+  - The server accepts GitLab PAT tokens from HTTP headers (`Authorization: Bearer <token>`, `Private-Token: <token>` or `Job-Token: <token>`) on a per-session basis
   - `GITLAB_PERSONAL_ACCESS_TOKEN` environment variable is **not required** and ignored
   - Only works with **Streamable HTTP transport** (`STREAMABLE_HTTP=true`) because session management was already handled by the transport layer
   - **SSE transport is disabled** - attempting to use SSE with remote authorization will cause the server to exit with an error
@@ -357,17 +357,20 @@ docker run -i --rm \
 - `USE_MILESTONE`: Legacy flag. Milestone features are now enabled by default. When set to 'true', ensures milestone-related tools are included even if the `milestones` toolset is not explicitly listed in `GITLAB_TOOLSETS`.
 - `USE_PIPELINE`: Legacy flag. Pipeline features are now enabled by default. When set to 'true', ensures pipeline-related tools are included even if the `pipelines` toolset is not explicitly listed in `GITLAB_TOOLSETS`.
 - `GITLAB_TOOLSETS`: Comma-separated list of toolset IDs to enable. When empty or unset, default toolsets are used. Set to `"all"` to enable every toolset. Available toolsets (default toolsets marked with `*`):
-  - `merge_requests`\* — MR operations, notes, discussions, draft notes, threads (31 tools)
+  - `merge_requests`\* — MR operations, notes, discussions, draft notes, threads, versions, file diffs, conflicts (34 tools)
   - `issues`\* — Issue CRUD, notes, links, discussions (14 tools)
   - `repositories`\* — Search, create, file contents, push, fork, tree (7 tools)
   - `branches`\* — Branch creation, commits, diffs (4 tools)
   - `projects`\* — Project/namespace info, group projects, iterations (8 tools)
   - `labels`\* — Label CRUD (5 tools)
-  - `pipelines`\* — Pipeline and job operations (19 tools)
+  - `pipelines`\* — Pipeline, job, deployment, environment, and artifact operations (19 tools)
   - `milestones`\* — Milestone CRUD, issues, MRs, burndown (9 tools)
-  - `wiki`\* — Wiki page CRUD (5 tools)
+  - `wiki`\* — Wiki page CRUD for projects and groups (10 tools)
   - `releases`\* — Release CRUD, evidence, asset download (7 tools)
   - `users`\* — User info, events, markdown upload, attachments (5 tools)
+  - `workitems` — Work item CRUD via GraphQL, type conversion, statuses, custom fields, notes, timeline events (12 tools, opt-in)
+  - `webhooks` — Webhook listing and event inspection (3 tools, opt-in)
+  - `search` — Code search across projects, groups, or globally (3 tools, requires advanced search or exact code search enabled)
 
   Note: `execute_graphql` is not in any toolset and must be added individually via `GITLAB_TOOLS` if needed.
   Exposing arbitrary GraphQL would allow bypassing toolset boundaries (e.g. querying data that the user intentionally disabled via toolsets like wiki or pipelines), which is a security and permission-containment concern. Keeping `execute_graphql` out of all toolsets and requiring explicit opt-in via `GITLAB_TOOLS=execute_graphql` is intentional, to align with that principle rather than for backward compatibility.
@@ -400,6 +403,7 @@ docker run -i --rm \
 - `SSE`: When set to 'true', enables the Server-Sent Events transport.
 - `STREAMABLE_HTTP`: When set to 'true', enables the Streamable HTTP transport. If both **SSE** and **STREAMABLE_HTTP** are set to 'true', the server will prioritize Streamable HTTP over SSE transport.
 - `GITLAB_COMMIT_FILES_PER_PAGE`: The number of files per page that GitLab returns for commit diffs. This value should match the server-side GitLab setting. Adjust this if your GitLab instance uses a custom per-page value for commit diffs.
+- `GITLAB_REPO_FILE_ENCODING`: Encoding for repository file create/update and related commit payloads sent to the GitLab API. Use `text` (default) or `base64`. Equivalent CLI: `--repo-file-encoding=text|base64`.
 
 #### Performance & Security Configuration
 
@@ -407,6 +411,16 @@ docker run -i --rm \
 - `MAX_SESSIONS`: Maximum number of concurrent sessions allowed. Default: `1000`. Valid range: 1-10000. When limit is reached, new connections are rejected with HTTP 503.
 - `MAX_REQUESTS_PER_MINUTE`: Rate limit per session in requests per minute. Default: `60`. Valid range: 1-1000. Exceeded requests return HTTP 429.
 - `PORT`: Server port. Default: `3002`. Valid range: 1-65535.
+- `HTTP_PROXY`: HTTP proxy server URL for outgoing requests. Example: `http://proxy.example.com:8080`. Supports HTTP/HTTPS and SOCKS proxies (URLs starting with `socks://` or `socks5://`). CLI arg: `--http-proxy`
+- `HTTPS_PROXY`: HTTPS proxy server URL for outgoing requests. Example: `https://proxy.example.com:8080`. Supports HTTP/HTTPS and SOCKS proxies. CLI arg: `--https-proxy`
+- `NO_PROXY`: Comma-separated list of hosts that should bypass the proxy. Supports:
+  - Exact hostname matches (e.g., `localhost`, `gitlab.internal.com`)
+  - Domain suffix matches (e.g., `.internal.com` matches any subdomain)
+  - IP addresses (e.g., `127.0.0.1`, `192.168.1.1`)
+  - Port-specific matches (e.g., `example.com:443`)
+  - Wildcard `*` to bypass proxy for all hosts
+  - Example: `NO_PROXY=localhost,127.0.0.1,.internal.com`
+  - CLI arg: `--no-proxy`
 
 #### Monitoring Endpoints
 
@@ -483,6 +497,92 @@ The token is stored per session (identified by `mcp-session-id` header) and reus
 - **Rate limiting:** Each session is limited to `MAX_REQUESTS_PER_MINUTE` requests per minute (default 60)
 - **Capacity limit:** Server accepts up to `MAX_SESSIONS` concurrent sessions (default 1000)
 
+### MCP OAuth Setup (Claude.ai Native OAuth)
+
+When using `GITLAB_MCP_OAUTH=true`, the server acts as an OAuth proxy to your GitLab
+instance. Claude.ai (and any MCP-spec-compliant client) handles the entire browser
+authentication flow automatically — no manual Personal Access Token management needed.
+
+**Prerequisites:**
+
+A **pre-registered GitLab OAuth application** is required. GitLab restricts dynamically
+registered (unverified) applications to the `mcp` scope, which is insufficient for API
+calls (need `api` or `read_api`).
+
+1. Go to your GitLab instance → **Admin Area > Applications** (instance-wide) or **User Settings > Applications** (personal)
+2. Create a new application with:
+   - **Confidential**: unchecked
+   - **Scopes**: `api`, `read_api`, `read_user`
+3. Save and copy the **Application ID** — this is your `GITLAB_OAUTH_APP_ID`
+
+**How it works:**
+
+1. User adds your MCP server URL in Claude.ai
+2. Claude.ai discovers OAuth endpoints via `/.well-known/oauth-authorization-server`
+3. Claude.ai registers itself via Dynamic Client Registration (`POST /register`) — handled locally by the MCP server (each client gets a virtual client ID)
+4. Claude.ai redirects the user's browser to GitLab's login page using the pre-registered OAuth application
+5. User authenticates; GitLab redirects back to `https://claude.ai/api/mcp/auth_callback`
+6. Claude.ai sends `Authorization: Bearer <token>` on every MCP request
+7. Server validates the token with GitLab and stores it per session
+
+**Server setup:**
+
+```bash
+docker run -d \
+  -e STREAMABLE_HTTP=true \
+  -e GITLAB_MCP_OAUTH=true \
+  -e GITLAB_OAUTH_APP_ID="your-gitlab-oauth-app-client-id" \
+  -e GITLAB_API_URL="https://gitlab.example.com/api/v4" \
+  -e MCP_SERVER_URL="https://your-mcp-server.example.com" \
+  -p 3002:3002 \
+  zereight050/gitlab-mcp
+```
+
+For local development (HTTP allowed):
+
+```bash
+MCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URL=true \
+STREAMABLE_HTTP=true \
+GITLAB_MCP_OAUTH=true \
+GITLAB_OAUTH_APP_ID=your-gitlab-oauth-app-client-id \
+MCP_SERVER_URL=http://localhost:3002 \
+GITLAB_API_URL=https://gitlab.com/api/v4 \
+node build/index.js
+```
+
+**Claude.ai configuration:**
+
+```json
+{
+  "mcpServers": {
+    "GitLab": {
+      "url": "https://your-mcp-server.example.com/mcp"
+    }
+  }
+}
+```
+
+No `headers` field is needed — Claude.ai obtains the token via OAuth automatically.
+
+**Environment variables:**
+
+| Variable | Required | Description |
+|---|---|---|
+| `GITLAB_MCP_OAUTH` | Yes | Set to `true` to enable |
+| `GITLAB_OAUTH_APP_ID` | Yes | Client ID of the pre-registered GitLab OAuth application |
+| `MCP_SERVER_URL` | Yes | Public HTTPS URL of your MCP server |
+| `GITLAB_API_URL` | Yes | Your GitLab instance API URL (e.g. `https://gitlab.com/api/v4`) |
+| `STREAMABLE_HTTP` | Yes | Must be `true` (SSE is not supported) |
+| `MCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URL` | No | Set `true` for local HTTP dev only |
+
+**Important Notes:**
+
+- MCP OAuth **only works with Streamable HTTP transport** (`SSE=true` is incompatible)
+- Each user session stores its own OAuth token — sessions are fully isolated
+- Session timeout, rate limiting, and capacity limits apply identically to the
+  `REMOTE_AUTHORIZATION` mode (`SESSION_TIMEOUT_SECONDS`, `MAX_REQUESTS_PER_MINUTE`,
+  `MAX_SESSIONS`)
+
 ## Tools 🛠️
 
 <details>
@@ -503,91 +603,134 @@ The token is stored per session (identified by `mcp-session-id` header) and reus
 11. `get_merge_request` - Get details of a merge request with compact deployment summary, behind-count, commit addition summary, and approval summary (Either mergeRequestIid or branchName must be provided)
 12. `get_merge_request_diffs` - Get the changes/diffs of a merge request (Either mergeRequestIid or branchName must be provided)
 13. `list_merge_request_diffs` - List merge request diffs with pagination support (Either mergeRequestIid or branchName must be provided)
-14. `get_branch_diffs` - Get the changes/diffs between two branches or commits in a GitLab project
-15. `update_merge_request` - Update a merge request (Either mergeRequestIid or branchName must be provided)
-16. `create_note` - Create a new note (comment) to an issue or merge request
-17. `create_merge_request_thread` - Create a new thread on a merge request
-18. `mr_discussions` - List discussion items for a merge request
-19. `update_merge_request_note` - Modify an existing merge request thread note
-20. `create_merge_request_note` - Add a new note to an existing merge request thread
-21. `get_draft_note` - Get a single draft note from a merge request
-22. `list_draft_notes` - List draft notes for a merge request
-23. `create_draft_note` - Create a draft note for a merge request
-24. `update_draft_note` - Update an existing draft note
-25. `delete_draft_note` - Delete a draft note
-26. `publish_draft_note` - Publish a single draft note
-27. `bulk_publish_draft_notes` - Publish all draft notes for a merge request
-28. `update_issue_note` - Modify an existing issue thread note
-29. `create_issue_note` - Add a new note to an existing issue thread
-30. `list_issues` - List issues (default: created by current user only; use scope='all' for all accessible issues)
-31. `my_issues` - List issues assigned to the authenticated user (defaults to open issues)
-32. `get_issue` - Get details of a specific issue in a GitLab project
-33. `update_issue` - Update an issue in a GitLab project
-34. `delete_issue` - Delete an issue from a GitLab project
-35. `list_issue_links` - List all issue links for a specific issue
-36. `list_issue_discussions` - List discussions for an issue in a GitLab project
-37. `get_issue_link` - Get a specific issue link
-38. `create_issue_link` - Create an issue link between two issues
-39. `delete_issue_link` - Delete an issue link
-40. `list_namespaces` - List all namespaces available to the current user
-41. `get_namespace` - Get details of a namespace by ID or path
-42. `verify_namespace` - Verify if a namespace path exists
-43. `get_project` - Get details of a specific project
-44. `list_projects` - List projects accessible by the current user
-45. `list_project_members` - List members of a GitLab project
-46. `list_labels` - List labels for a project
-47. `get_label` - Get a single label from a project
-48. `create_label` - Create a new label in a project
-49. `update_label` - Update an existing label in a project
-50. `delete_label` - Delete a label from a project
-51. `list_group_projects` - List projects in a GitLab group with filtering options
-52. `list_wiki_pages` - List wiki pages in a GitLab project
-53. `get_wiki_page` - Get details of a specific wiki page
-54. `create_wiki_page` - Create a new wiki page in a GitLab project
-55. `update_wiki_page` - Update an existing wiki page in a GitLab project
-56. `delete_wiki_page` - Delete a wiki page from a GitLab project
-57. `get_repository_tree` - Get the repository tree for a GitLab project (list files and directories)
-58. `list_pipelines` - List pipelines in a GitLab project with filtering options
-59. `get_pipeline` - Get details of a specific pipeline in a GitLab project
-60. `list_pipeline_jobs` - List all jobs in a specific pipeline
-61. `list_pipeline_trigger_jobs` - List all trigger jobs (bridges) in a specific pipeline that trigger downstream pipelines
-62. `get_pipeline_job` - Get details of a GitLab pipeline job number
-63. `get_pipeline_job_output` - Get the output/trace of a GitLab pipeline job with optional pagination to limit context window usage
-64. `create_pipeline` - Create a new pipeline for a branch or tag
-65. `retry_pipeline` - Retry a failed or canceled pipeline
-66. `cancel_pipeline` - Cancel a running pipeline
-67. `play_pipeline_job` - Run a manual pipeline job
-68. `retry_pipeline_job` - Retry a failed or canceled pipeline job
-69. `cancel_pipeline_job` - Cancel a running pipeline job
-70. `list_merge_requests` - List merge requests globally or in a specific GitLab project with filtering options (project_id is now optional)
-71. `list_milestones` - List milestones in a GitLab project with filtering options
-72. `get_milestone` - Get details of a specific milestone
-73. `create_milestone` - Create a new milestone in a GitLab project
-74. `edit_milestone` - Edit an existing milestone in a GitLab project
-75. `delete_milestone` - Delete a milestone from a GitLab project
-76. `get_milestone_issue` - Get issues associated with a specific milestone
-77. `get_milestone_merge_requests` - Get merge requests associated with a specific milestone
-78. `promote_milestone` - Promote a milestone to the next stage
-79. `get_milestone_burndown_events` - Get burndown events for a specific milestone
-80. `get_users` - Get GitLab user details by usernames
-81. `list_commits` - List repository commits with filtering options
-82. `get_commit` - Get details of a specific commit
-83. `get_commit_diff` - Get changes/diffs of a specific commit
-84. `list_group_iterations` - List group iterations with filtering options
-85. `upload_markdown` - Upload a file to a GitLab project for use in markdown content
-86. `download_attachment` - Download an uploaded file from a GitLab project by secret and filename
-87. `list_events` - List all events for the currently authenticated user
-88. `get_project_events` - List all visible events for a specified project
-89. `list_releases` - List all releases for a project
-90. `get_release` - Get a release by tag name
-91. `create_release` - Create a new release in a GitLab project
-92. `update_release` - Update an existing release in a GitLab project
-93. `delete_release` - Delete a release from a GitLab project (does not delete the associated tag)
-94. `create_release_evidence` - Create release evidence for an existing release (GitLab Premium/Ultimate only)
-95. `download_release_asset` - Download a release asset file by direct asset path
-96. `approve_merge_request` - Approve a merge request (requires appropriate permissions)
-97. `unapprove_merge_request` - Unapprove a previously approved merge request
-98. `get_merge_request_approval_state` - Get merge request approval details including approvers (uses `approval_state` when available, otherwise falls back to `approvals`)
+14. `get_merge_request_conflicts` - Get the conflicts of a merge request in a GitLab project
+15. `list_merge_request_changed_files` - STEP 1 of code review workflow. Returns ONLY the list of changed file paths in a merge request — WITHOUT diff content. Call this first to get file paths, then call get_merge_request_file_diff with multiple files in a single batched call (recommended 3-5 files per call). Supports excluded_file_patterns filtering using regex. (Either mergeRequestIid or branchName must be provided)
+16. `get_merge_request_file_diff` - STEP 2 of code review workflow. Get diffs for one or more files from a merge request. Call list_merge_request_changed_files first, then pass them as an array to fetch diffs efficiently. Batching multiple files (recommended 3-5) is supported. (Either mergeRequestIid or branchName must be provided)
+17. `list_merge_request_versions` - List all versions of a merge request
+18. `get_merge_request_version` - Get a specific version of a merge request
+19. `get_branch_diffs` - Get the changes/diffs between two branches or commits in a GitLab project
+20. `update_merge_request` - Update a merge request (Either mergeRequestIid or branchName must be provided)
+21. `create_note` - Create a new note (comment) to an issue or merge request
+22. `create_merge_request_thread` - Create a new thread on a merge request
+23. `mr_discussions` - List discussion items for a merge request
+24. `resolve_merge_request_thread` - Resolve a thread on a merge request
+25. `update_merge_request_note` - Modify an existing merge request thread note
+26. `create_merge_request_note` - Add a new note to an existing merge request thread
+27. `delete_merge_request_discussion_note` - Delete a discussion note on a merge request
+28. `update_merge_request_discussion_note` - Update a discussion note on a merge request
+29. `create_merge_request_discussion_note` - Add a new discussion note to an existing merge request thread
+30. `delete_merge_request_note` - Delete an existing merge request note
+31. `get_merge_request_note` - Get a specific note for a merge request
+32. `get_merge_request_notes` - List notes for a merge request
+33. `get_draft_note` - Get a single draft note from a merge request
+34. `list_draft_notes` - List draft notes for a merge request
+35. `create_draft_note` - Create a draft note for a merge request
+36. `update_draft_note` - Update an existing draft note
+37. `delete_draft_note` - Delete a draft note
+38. `publish_draft_note` - Publish a single draft note
+39. `bulk_publish_draft_notes` - Publish all draft notes for a merge request
+40. `list_merge_requests` - List merge requests globally or in a specific GitLab project with filtering options (project_id is now optional)
+41. `approve_merge_request` - Approve a merge request (requires appropriate permissions)
+42. `unapprove_merge_request` - Unapprove a previously approved merge request
+43. `get_merge_request_approval_state` - Get merge request approval details including approvers (uses `approval_state` when available, otherwise falls back to `approvals`)
+44. `update_issue_note` - Modify an existing issue thread note
+45. `create_issue_note` - Add a new note to an existing issue thread
+46. `list_issues` - List issues (default: created by current user only; use scope='all' for all accessible issues)
+47. `my_issues` - List issues assigned to the authenticated user (defaults to open issues)
+48. `get_issue` - Get details of a specific issue in a GitLab project
+49. `update_issue` - Update an issue in a GitLab project
+50. `delete_issue` - Delete an issue from a GitLab project
+51. `list_issue_links` - List all issue links for a specific issue
+52. `list_issue_discussions` - List discussions for an issue in a GitLab project
+53. `get_issue_link` - Get a specific issue link
+54. `create_issue_link` - Create an issue link between two issues
+55. `delete_issue_link` - Delete an issue link
+56. `list_namespaces` - List all namespaces available to the current user
+57. `get_namespace` - Get details of a namespace by ID or path
+58. `verify_namespace` - Verify if a namespace path exists
+59. `get_project` - Get details of a specific project
+60. `list_projects` - List projects accessible by the current user
+61. `list_project_members` - List members of a GitLab project
+62. `list_group_projects` - List projects in a GitLab group with filtering options
+63. `list_group_iterations` - List group iterations with filtering options
+64. `list_labels` - List labels for a project
+65. `get_label` - Get a single label from a project
+66. `create_label` - Create a new label in a project
+67. `update_label` - Update an existing label in a project
+68. `delete_label` - Delete a label from a project
+69. `list_pipelines` - List pipelines in a GitLab project with filtering options
+70. `get_pipeline` - Get details of a specific pipeline in a GitLab project
+71. `list_pipeline_jobs` - List all jobs in a specific pipeline
+72. `list_pipeline_trigger_jobs` - List all trigger jobs (bridges) in a specific pipeline that trigger downstream pipelines
+73. `get_pipeline_job` - Get details of a GitLab pipeline job number
+74. `get_pipeline_job_output` - Get the output/trace of a GitLab pipeline job with optional pagination to limit context window usage
+75. `create_pipeline` - Create a new pipeline for a branch or tag
+76. `retry_pipeline` - Retry a failed or canceled pipeline
+77. `cancel_pipeline` - Cancel a running pipeline
+78. `play_pipeline_job` - Run a manual pipeline job
+79. `retry_pipeline_job` - Retry a failed or canceled pipeline job
+80. `cancel_pipeline_job` - Cancel a running pipeline job
+81. `list_deployments` - List deployments in a GitLab project with filtering options
+82. `get_deployment` - Get details of a specific deployment in a GitLab project
+83. `list_environments` - List environments in a GitLab project
+84. `get_environment` - Get details of a specific environment in a GitLab project
+85. `list_job_artifacts` - List artifact files in a job's artifacts archive. Returns file names, paths, types, and sizes
+86. `download_job_artifacts` - Download the entire artifact archive (zip) for a job to a local path. Returns the saved file path
+87. `get_job_artifact_file` - Get the content of a single file from a job's artifacts by its path within the archive
+88. `list_milestones` - List milestones in a GitLab project with filtering options
+89. `get_milestone` - Get details of a specific milestone
+90. `create_milestone` - Create a new milestone in a GitLab project
+91. `edit_milestone` - Edit an existing milestone in a GitLab project
+92. `delete_milestone` - Delete a milestone from a GitLab project
+93. `get_milestone_issue` - Get issues associated with a specific milestone
+94. `get_milestone_merge_requests` - Get merge requests associated with a specific milestone
+95. `promote_milestone` - Promote a milestone to the next stage
+96. `get_milestone_burndown_events` - Get burndown events for a specific milestone
+97. `list_wiki_pages` - List wiki pages in a GitLab project
+98. `get_wiki_page` - Get details of a specific wiki page
+99. `create_wiki_page` - Create a new wiki page in a GitLab project
+100. `update_wiki_page` - Update an existing wiki page in a GitLab project
+101. `delete_wiki_page` - Delete a wiki page from a GitLab project
+102. `list_group_wiki_pages` - List wiki pages in a GitLab group
+103. `get_group_wiki_page` - Get details of a specific group wiki page
+104. `create_group_wiki_page` - Create a new wiki page in a GitLab group
+105. `update_group_wiki_page` - Update an existing wiki page in a GitLab group
+106. `delete_group_wiki_page` - Delete a wiki page from a GitLab group
+107. `get_repository_tree` - Get the repository tree for a GitLab project (list files and directories)
+108. `list_commits` - List repository commits with filtering options
+109. `get_commit` - Get details of a specific commit
+110. `get_commit_diff` - Get changes/diffs of a specific commit
+111. `list_releases` - List all releases for a project
+112. `get_release` - Get a release by tag name
+113. `create_release` - Create a new release in a GitLab project
+114. `update_release` - Update an existing release in a GitLab project
+115. `delete_release` - Delete a release from a GitLab project (does not delete the associated tag)
+116. `create_release_evidence` - Create release evidence for an existing release (GitLab Premium/Ultimate only)
+117. `download_release_asset` - Download a release asset file by direct asset path
+118. `get_users` - Get GitLab user details by usernames
+119. `list_events` - List all events for the currently authenticated user
+120. `get_project_events` - List all visible events for a specified project
+121. `upload_markdown` - Upload a file to a GitLab project for use in markdown content
+122. `download_attachment` - Download an uploaded file from a GitLab project by secret and filename
+123. `get_work_item` - Get a single work item with full details including status, hierarchy (parent/children), type, labels, assignees, and all widgets
+124. `list_work_items` - List work items in a project with filters (type, state, search, assignees, labels). Returns items with status and hierarchy info
+125. `create_work_item` - Create a new work item (issue, task, incident, test_case, epic, key_result, objective, requirement, ticket). Supports setting title, description, labels, assignees, weight, parent, health status, start/due dates, milestone, and confidentiality
+126. `update_work_item` - Update a work item. Can modify title, description, labels, assignees, weight, state, status, parent hierarchy, children, health status, start/due dates, milestone, confidentiality, linked items, and custom fields
+127. `convert_work_item_type` - Convert a work item to a different type (e.g. issue to task, task to incident)
+128. `list_work_item_statuses` - List available statuses for a work item type in a project. Requires GitLab Premium/Ultimate with configurable statuses
+129. `list_custom_field_definitions` - List available custom field definitions for a work item type in a project. Returns field names, types, and IDs needed for setting custom fields via update_work_item
+130. `move_work_item` - Move a work item (issue, task, etc.) to a different project. Uses GitLab GraphQL issueMove mutation
+131. `list_work_item_notes` - List notes and discussions on a work item. Returns threaded discussions with author, body, timestamps, and system/internal flags
+132. `create_work_item_note` - Add a note/comment to a work item. Supports Markdown, internal notes, and threaded replies
+133. `get_timeline_events` - List timeline events for an incident. Returns chronological events with notes, timestamps, and tags
+134. `create_timeline_event` - Create a timeline event on an incident. Supports tags: 'Start time', 'End time', 'Impact detected', 'Response initiated', 'Impact mitigated', 'Cause identified'
+135. `list_webhooks` - List all configured webhooks for a GitLab project or group. Provide either project_id or group_id
+136. `list_webhook_events` - List recent webhook events (past 7 days) for a project or group webhook. Use summary mode for overview, then get_webhook_event for full details
+137. `get_webhook_event` - Get full details of a specific webhook event by ID, including request/response payloads
+138. `search_code` - Search for code across all projects on the GitLab instance (requires advanced search or exact code search to be enabled)
+139. `search_project_code` - Search for code within a specific GitLab project (requires advanced search or exact code search to be enabled)
+140. `search_group_code` - Search for code within a specific GitLab group (requires advanced search or exact code search to be enabled)
+141. `execute_graphql` - Execute a GitLab GraphQL query
 <!-- TOOLS-END -->
 
 </details>

package/build/gitlab-client-pool.js

@@ -4,6 +4,64 @@ import { HttpProxyAgent } from "http-proxy-agent";
 import { HttpsProxyAgent } from "https-proxy-agent";
 import { SocksProxyAgent } from "socks-proxy-agent";
 import fs from "fs";
+/**
+ * Checks if a URL should bypass the proxy based on NO_PROXY patterns.
+ * Supports:
+ * - Exact hostname matches (e.g., "localhost", "gitlab.example.com")
+ * - Domain suffix matches (e.g., ".example.com" matches "gitlab.example.com")
+ * - IP addresses (e.g., "127.0.0.1", "192.168.1.1")
+ * - Wildcard "*" to bypass all proxies
+ * - Port-specific matches (e.g., "example.com:8080")
+ *
+ * @param url The URL to check
+ * @param noProxy Comma-separated list of patterns from NO_PROXY
+ * @returns true if the URL should bypass the proxy, false otherwise
+ */
+function shouldBypassProxy(url, noProxy) {
+    if (!noProxy) {
+        return false;
+    }
+    // Parse URL to get hostname and port
+    let hostname;
+    let port;
+    let protocol;
+    try {
+        const parsedUrl = new URL(url);
+        hostname = parsedUrl.hostname.toLowerCase();
+        protocol = parsedUrl.protocol;
+        // Use explicit port if provided, otherwise use default port based on protocol
+        port = parsedUrl.port || (protocol === 'https:' ? '443' : '80');
+    }
+    catch {
+        return false;
+    }
+    // Split NO_PROXY into patterns and trim whitespace
+    const patterns = noProxy.split(',').map(p => p.trim().toLowerCase()).filter(p => p.length > 0);
+    for (const pattern of patterns) {
+        // Wildcard matches everything
+        if (pattern === '*') {
+            return true;
+        }
+        // Handle port-specific patterns (e.g., "example.com:8080")
+        const [patternHost, patternPort] = pattern.split(':');
+        // If pattern specifies a port, check if it matches
+        if (patternPort && port !== patternPort) {
+            continue;
+        }
+        // Check for domain suffix match (e.g., ".example.com")
+        if (patternHost.startsWith('.')) {
+            const suffix = patternHost.substring(1);
+            if (hostname === suffix || hostname.endsWith('.' + suffix)) {
+                return true;
+            }
+        }
+        // Check for exact hostname match
+        else if (hostname === patternHost) {
+            return true;
+        }
+    }
+    return false;
+}
 /**
  * Manages a pool of HTTP/HTTPS agents for different GitLab API URLs.
  * This allows the server to efficiently handle requests to multiple GitLab instances
@@ -23,7 +81,7 @@ export class GitLabClientPool {
      * @returns A `ClientAgents` object containing the configured agents.
      */
     createAgentsForUrl(apiUrl) {
-        const { httpProxy, httpsProxy, rejectUnauthorized, caCertPath } = this.options;
+        const { httpProxy, httpsProxy, noProxy, rejectUnauthorized, caCertPath } = this.options;
         const url = new URL(apiUrl);
         let sslOptions = {};
         if (rejectUnauthorized === false) {
@@ -38,10 +96,12 @@ export class GitLabClientPool {
                 throw new Error(`Failed to read CA certificate: ${caCertPath}`);
             }
         }
+        // Check if this URL should bypass the proxy
+        const bypassProxy = shouldBypassProxy(apiUrl, noProxy);
         let httpAgent;
         let httpsAgent;
-        // Configure HTTP agent with proxy if specified
-        if (httpProxy) {
+        // Configure HTTP agent with proxy if specified and not bypassed
+        if (httpProxy && !bypassProxy) {
             httpAgent = httpProxy.startsWith("socks")
                 ? new SocksProxyAgent(httpProxy)
                 : new HttpProxyAgent(httpProxy);
@@ -49,8 +109,8 @@ export class GitLabClientPool {
         else {
             httpAgent = new Agent({ keepAlive: true });
         }
-        // Configure HTTPS agent with proxy and SSL options if specified
-        if (httpsProxy) {
+        // Configure HTTPS agent with proxy and SSL options if specified and not bypassed
+        if (httpsProxy && !bypassProxy) {
             httpsAgent = httpsProxy.startsWith("socks")
                 // The `as any` cast is used here to bypass a TypeScript type mismatch error.
                 // The `socks-proxy-agent` documentation indicates that TLS options like
@@ -72,6 +132,31 @@ export class GitLabClientPool {
      * @returns The corresponding `Agent` for the URL's protocol.
      */
     getOrCreateAgentForUrl(apiUrl) {
+        const agents = this.getOrCreateAgentsForUrl(apiUrl);
+        const url = new URL(apiUrl);
+        return url.protocol === "https:" ? agents.httpsAgent : agents.httpAgent;
+    }
+    /**
+     * Returns an agent-selection function for use with node-fetch's `agent` option.
+     * The returned function picks the correct HTTP or HTTPS agent based on the
+     * request URL's protocol. This is critical for self-hosted GitLab instances
+     * where the server may redirect between HTTP and HTTPS (e.g., when
+     * `external_url` differs from the actual internal protocol).
+     * @param apiUrl The base API URL used to look up or create the agent pair.
+     * @returns A function `(parsedURL: URL) => Agent` suitable for node-fetch.
+     */
+    getAgentFunctionForUrl(apiUrl) {
+        const agents = this.getOrCreateAgentsForUrl(apiUrl);
+        return (parsedURL) => {
+            return parsedURL.protocol === "https:" ? agents.httpsAgent : agents.httpAgent;
+        };
+    }
+    /**
+     * Ensures agents exist for the given API URL and returns the pair.
+     * @param apiUrl The full URL of the request.
+     * @returns The `ClientAgents` (both HTTP and HTTPS agents) for the URL.
+     */
+    getOrCreateAgentsForUrl(apiUrl) {
         const url = new URL(apiUrl);
         const baseUrl = `${url.protocol}//${url.host}${url.pathname.substring(0, url.pathname.lastIndexOf('/api/v4') + '/api/v4'.length)}`;
         if (!this.clients.has(baseUrl)) {
@@ -86,7 +171,7 @@ export class GitLabClientPool {
             // This should not happen given the logic above, but it satisfies TypeScript
             throw new Error(`Failed to create or get client for URL: ${baseUrl}`);
         }
-        return url.protocol === "https:" ? agents.httpsAgent : agents.httpAgent;
+        return agents;
     }
     /**
      * Retrieves the client agents for a specific base API URL.
@@ -110,4 +195,27 @@ export class GitLabClientPool {
         }
         return this.clients.get(defaultUrl);
     }
+    /**
+     * Destroy all pooled agents and clear pool state.
+     * This should be called on graceful shutdown so sockets are closed
+     * and the process can exit cleanly.
+     */
+    closeAll() {
+        for (const [, agents] of this.clients) {
+            const destroyIfSupported = (agent) => {
+                if (agent && typeof agent.destroy === "function") {
+                    agent.destroy();
+                }
+            };
+            destroyIfSupported(agents.httpAgent);
+            destroyIfSupported(agents.httpsAgent);
+        }
+        this.clients.clear();
+    }
+    getStats() {
+        return {
+            size: this.clients.size,
+            maxSize: this.options.poolMaxSize ?? 0,
+        };
+    }
 }