@zereight/mcp-gitlab 2.0.8 → 2.0.11

package/README.md

@@ -16,7 +16,58 @@ GitLab MCP(Model Context Protocol) Server. **Includes bug fixes and improvements
 
 When using with the Claude App, you need to set up your API key and URLs directly.
 
-#### npx
+#### Authentication Methods
+
+The server supports two authentication methods:
+
+1. **Personal Access Token** (traditional method)
+2. **OAuth2** (recommended for better security)
+
+#### Using OAuth2 Authentication
+
+OAuth2 provides a more secure authentication flow using browser-based authentication. When enabled, the server will:
+1. Open your browser to GitLab's authorization page
+2. Wait for you to approve the access
+3. Store the token securely for future use
+4. Automatically refresh the token when it expires
+
+For detailed OAuth2 setup instructions, see [OAuth Setup Guide](./docs/oauth-setup.md).
+
+Quick setup - first create a GitLab OAuth application:
+
+1. Go to your GitLab instance: `Settings` → `Applications`
+2. Create a new application with:
+   - **Name**: `GitLab MCP Server` (or any name you prefer)
+   - **Redirect URI**: `http://127.0.0.1:8888/callback`
+   - **Scopes**: Select `api` (provides complete read/write access to the API)
+3. Copy the **Application ID** (this is your Client ID)
+
+Then configure the MCP server with OAuth:
+
+```json
+{
+  "mcpServers": {
+    "gitlab": {
+      "command": "npx",
+      "args": ["-y", "@zereight/mcp-gitlab"],
+      "env": {
+        "GITLAB_USE_OAUTH": "true",
+        "GITLAB_OAUTH_CLIENT_ID": "your_oauth_client_id",
+        "GITLAB_OAUTH_REDIRECT_URI": "http://127.0.0.1:8888/callback",
+        "GITLAB_API_URL": "your_gitlab_api_url",
+        "GITLAB_PROJECT_ID": "your_project_id", // Optional: default project
+        "GITLAB_ALLOWED_PROJECT_IDS": "", // Optional: comma-separated list of allowed project IDs
+        "GITLAB_READ_ONLY_MODE": "false",
+        "USE_GITLAB_WIKI": "false", // use wiki api?
+        "USE_MILESTONE": "false", // use milestone api?
+        "USE_PIPELINE": "false" // use pipeline api?
+      }
+    }
+  }
+}
+```
+
+#### Using Personal Access Token (traditional)
 
 ```json
 {
@@ -67,6 +118,28 @@ When using with the Claude App, you need to set up your API key and URLs directl
 }
 ```
 
+#### Strands Agents SDK (MCP Tools)
+
+```python
+env_vars = {
+        "GITLAB_PERSONAL_ACCESS_TOKEN": gitlab_access_token,
+        "GITLAB_API_URL": gitlab_api_url,
+        "USE_GITLAB_WIKI": use_gitlab_wiki
+        # ......the rest of the optional parameters 
+}
+
+stdio_gitlab_mcp_client = MCPClient(
+        lambda: stdio_client(
+            StdioServerParameters(
+                command="npx",
+                args=["-y", "@zereight/mcp-gitlab"],
+                env=env_vars,
+            )
+        )
+    )
+```
+
+
 #### Docker
 
 - stdio mcp.json
@@ -163,7 +236,11 @@ docker run -i --rm \
 
 #### Authentication Configuration
 
-- `GITLAB_PERSONAL_ACCESS_TOKEN`: Your GitLab personal access token. **Required in standard mode**; not used when `REMOTE_AUTHORIZATION=true`.
+- `GITLAB_PERSONAL_ACCESS_TOKEN`: Your GitLab personal access token. **Required in standard mode**; not used when `REMOTE_AUTHORIZATION=true` or when using OAuth.
+- `GITLAB_USE_OAUTH`: Set to `true` to enable OAuth2 authentication instead of personal access token.
+- `GITLAB_OAUTH_CLIENT_ID`: The Client ID from your GitLab OAuth application. Required when using OAuth.
+- `GITLAB_OAUTH_REDIRECT_URI`: The OAuth callback URL. Default: `http://127.0.0.1:8888/callback`
+- `GITLAB_OAUTH_TOKEN_PATH`: Custom path to store the OAuth token. Default: `~/.gitlab-mcp-token.json`
 - `REMOTE_AUTHORIZATION`: When set to 'true', enables remote per-session authorization via HTTP headers. In this mode:
   - The server accepts GitLab PAT tokens from HTTP headers (`Authorization: Bearer <token>` or `Private-Token: <token>`) on a per-session basis
   - `GITLAB_PERSONAL_ACCESS_TOKEN` environment variable is **not required** and ignored
@@ -173,7 +250,7 @@ docker run -i --rm \
   - Tokens are stored per session and automatically cleaned up when sessions close or timeout
 - `SESSION_TIMEOUT_SECONDS`: Session auth token timeout in seconds. Default: `3600` (1 hour). Valid range: 1-86400 seconds (recommended: 60+). After this period of inactivity, the auth token is removed but the transport session remains active. The client must provide auth headers again on the next request. Only applies when `REMOTE_AUTHORIZATION=true`.
 
-#### Server Configuration
+#### General Configuration
 
 - `GITLAB_API_URL`: Your GitLab API URL. (Default: `https://gitlab.com/api/v4`)
 - `GITLAB_PROJECT_ID`: Default project ID. If set, Overwrite this value when making an API request.

package/build/index.js

@@ -17,12 +17,13 @@ import { CookieJar, parse as parseCookie } from "tough-cookie";
 import { fileURLToPath } from "url";
 import { z } from "zod";
 import { zodToJsonSchema } from "zod-to-json-schema";
+import { initializeOAuth } from "./oauth.js";
 // Add type imports for proxy agents
 import { Agent } from "http";
 import { Agent as HttpsAgent } from "https";
 import { URL } from "url";
 import { BulkPublishDraftNotesSchema, CancelPipelineJobSchema, CancelPipelineSchema, CreateBranchSchema, CreateDraftNoteSchema, CreateIssueLinkSchema, CreateIssueNoteSchema, CreateIssueSchema, CreateLabelSchema, // Added
-CreateMergeRequestNoteSchema, CreateMergeRequestSchema, CreateMergeRequestThreadSchema, CreateNoteSchema, CreateOrUpdateFileSchema, CreatePipelineSchema, CreateProjectMilestoneSchema, CreateRepositorySchema, CreateWikiPageSchema, DeleteDraftNoteSchema, DeleteIssueLinkSchema, DeleteIssueSchema, DeleteLabelSchema, DeleteProjectMilestoneSchema, DeleteWikiPageSchema, EditProjectMilestoneSchema, ForkRepositorySchema, GetBranchDiffsSchema, GetCommitDiffSchema, GetCommitSchema, GetDraftNoteSchema, GetFileContentsSchema, GetIssueLinkSchema, GetIssueSchema, GetLabelSchema, GetMergeRequestDiffsSchema, GetMergeRequestSchema, GetMilestoneBurndownEventsSchema, GetMilestoneIssuesSchema, GetMilestoneMergeRequestsSchema, GetNamespaceSchema, 
+CreateMergeRequestNoteSchema, CreateMergeRequestDiscussionNoteSchema, CreateMergeRequestSchema, CreateMergeRequestThreadSchema, CreateNoteSchema, CreateOrUpdateFileSchema, CreatePipelineSchema, CreateProjectMilestoneSchema, CreateRepositorySchema, CreateWikiPageSchema, DeleteDraftNoteSchema, DeleteIssueLinkSchema, DeleteIssueSchema, DeleteLabelSchema, DeleteProjectMilestoneSchema, DeleteWikiPageSchema, DeleteMergeRequestNoteSchema, EditProjectMilestoneSchema, ForkRepositorySchema, GetBranchDiffsSchema, GetCommitDiffSchema, GetCommitSchema, GetDraftNoteSchema, GetFileContentsSchema, GetIssueLinkSchema, GetIssueSchema, GetLabelSchema, GetMergeRequestDiffsSchema, GetMergeRequestSchema, GetMilestoneBurndownEventsSchema, GetMilestoneIssuesSchema, GetMilestoneMergeRequestsSchema, GetNamespaceSchema, 
 // pipeline job schemas
 GetPipelineJobOutputSchema, GetPipelineSchema, GetProjectMilestoneSchema, GetProjectSchema, GetRepositoryTreeSchema, GetUsersSchema, GetWikiPageSchema, GitLabCommitSchema, GitLabCompareResultSchema, GitLabContentSchema, GitLabCreateUpdateFileResponseSchema, GitLabDiffSchema, 
 // Discussion Schemas
@@ -30,7 +31,7 @@ GitLabDiscussionNoteSchema, // Added
 GitLabDiscussionSchema, 
 // Draft Notes Schemas
 GitLabDraftNoteSchema, GitLabForkSchema, GitLabIssueLinkSchema, GitLabIssueSchema, GitLabIssueWithLinkDetailsSchema, GitLabMarkdownUploadSchema, GitLabMergeRequestSchema, GitLabMilestonesSchema, GitLabNamespaceExistsResponseSchema, GitLabNamespaceSchema, GitLabPipelineJobSchema, GitLabPipelineSchema, GitLabPipelineTriggerJobSchema, GitLabProjectMemberSchema, GitLabProjectSchema, GitLabReferenceSchema, GitLabRepositorySchema, GitLabSearchResponseSchema, GitLabTreeItemSchema, GitLabTreeSchema, GitLabUserSchema, GitLabUsersResponseSchema, GitLabWikiPageSchema, GroupIteration, ListCommitsSchema, ListDraftNotesSchema, ListGroupIterationsSchema, ListGroupProjectsSchema, ListIssueDiscussionsSchema, ListIssueLinksSchema, ListIssuesSchema, ListLabelsSchema, ListMergeRequestDiffsSchema, // Added
-ListMergeRequestDiscussionsSchema, ListMergeRequestsSchema, ListNamespacesSchema, ListPipelineJobsSchema, ListPipelinesSchema, ListPipelineTriggerJobsSchema, ListProjectMembersSchema, ListProjectMilestonesSchema, ListProjectsSchema, ListWikiPagesSchema, MarkdownUploadSchema, DownloadAttachmentSchema, MergeMergeRequestSchema, MyIssuesSchema, PaginatedDiscussionsResponseSchema, PromoteProjectMilestoneSchema, PublishDraftNoteSchema, PlayPipelineJobSchema, PushFilesSchema, RetryPipelineJobSchema, RetryPipelineSchema, SearchRepositoriesSchema, UpdateDraftNoteSchema, UpdateIssueNoteSchema, UpdateIssueSchema, UpdateLabelSchema, UpdateMergeRequestNoteSchema, UpdateMergeRequestSchema, UpdateWikiPageSchema, VerifyNamespaceSchema, GitLabEventSchema, ListEventsSchema, GetProjectEventsSchema, ExecuteGraphQLSchema, GitLabReleaseSchema, ListReleasesSchema, GetReleaseSchema, CreateReleaseSchema, UpdateReleaseSchema, DeleteReleaseSchema, CreateReleaseEvidenceSchema, DownloadReleaseAssetSchema, } from "./schemas.js";
+ListMergeRequestDiscussionsSchema, ListMergeRequestsSchema, ListNamespacesSchema, ListPipelineJobsSchema, ListPipelinesSchema, ListPipelineTriggerJobsSchema, ListProjectMembersSchema, ListProjectMilestonesSchema, ListProjectsSchema, ListWikiPagesSchema, MarkdownUploadSchema, DownloadAttachmentSchema, MergeMergeRequestSchema, MyIssuesSchema, PaginatedDiscussionsResponseSchema, PromoteProjectMilestoneSchema, PublishDraftNoteSchema, PlayPipelineJobSchema, PushFilesSchema, RetryPipelineJobSchema, RetryPipelineSchema, SearchRepositoriesSchema, UpdateDraftNoteSchema, UpdateIssueNoteSchema, UpdateIssueSchema, UpdateLabelSchema, UpdateMergeRequestNoteSchema, UpdateMergeRequestDiscussionNoteSchema, UpdateMergeRequestSchema, UpdateWikiPageSchema, VerifyNamespaceSchema, GitLabEventSchema, ListEventsSchema, GetProjectEventsSchema, ExecuteGraphQLSchema, GitLabReleaseSchema, ListReleasesSchema, GetReleaseSchema, CreateReleaseSchema, UpdateReleaseSchema, DeleteReleaseSchema, CreateReleaseEvidenceSchema, DownloadReleaseAssetSchema, GetMergeRequestNotesSchema, GetMergeRequestNoteSchema, DeleteMergeRequestDiscussionNoteSchema, ResolveMergeRequestThreadSchema } from "./schemas.js";
 import { randomUUID } from "crypto";
 import { pino } from "pino";
 const logger = pino({
@@ -130,10 +131,11 @@ function validateConfiguration() {
     }
     // Validate auth configuration
     const remoteAuth = process.env.REMOTE_AUTHORIZATION === "true";
+    const useOAuth = process.env.GITLAB_USE_OAUTH === "true";
     const hasToken = !!process.env.GITLAB_PERSONAL_ACCESS_TOKEN;
     const hasCookie = !!process.env.GITLAB_AUTH_COOKIE_PATH;
-    if (!remoteAuth && !hasToken && !hasCookie) {
-        errors.push('Either GITLAB_PERSONAL_ACCESS_TOKEN, GITLAB_AUTH_COOKIE_PATH, or REMOTE_AUTHORIZATION=true must be set');
+    if (!remoteAuth && !useOAuth && !hasToken && !hasCookie) {
+        errors.push('Either GITLAB_PERSONAL_ACCESS_TOKEN, GITLAB_AUTH_COOKIE_PATH, GITLAB_USE_OAUTH=true, or REMOTE_AUTHORIZATION=true must be set');
     }
     if (errors.length > 0) {
         logger.error('Configuration validation failed:');
@@ -143,7 +145,9 @@ function validateConfiguration() {
     logger.info('Configuration validation passed');
 }
 const GITLAB_PERSONAL_ACCESS_TOKEN = process.env.GITLAB_PERSONAL_ACCESS_TOKEN;
+let OAUTH_ACCESS_TOKEN = null;
 const GITLAB_AUTH_COOKIE_PATH = process.env.GITLAB_AUTH_COOKIE_PATH;
+const USE_OAUTH = process.env.GITLAB_USE_OAUTH === "true";
 const IS_OLD = process.env.GITLAB_IS_OLD === "true";
 const GITLAB_READ_ONLY_MODE = process.env.GITLAB_READ_ONLY_MODE === "true";
 const GITLAB_DENIED_TOOLS_REGEX = process.env.GITLAB_DENIED_TOOLS_REGEX ? new RegExp(process.env.GITLAB_DENIED_TOOLS_REGEX) : undefined;
@@ -281,12 +285,13 @@ function buildAuthHeaders() {
         }
         return {}; // No auth headers if no session context
     }
-    // Standard mode: use environment token
-    if (IS_OLD && GITLAB_PERSONAL_ACCESS_TOKEN) {
-        return { 'Private-Token': String(GITLAB_PERSONAL_ACCESS_TOKEN) };
+    // Standard mode: prioritize OAuth token, then fall back to environment token
+    const token = OAUTH_ACCESS_TOKEN || GITLAB_PERSONAL_ACCESS_TOKEN;
+    if (IS_OLD && token) {
+        return { 'Private-Token': String(token) };
     }
-    if (GITLAB_PERSONAL_ACCESS_TOKEN) {
-        return { Authorization: `Bearer ${GITLAB_PERSONAL_ACCESS_TOKEN}` };
+    if (token) {
+        return { Authorization: `Bearer ${token}` };
     }
     return {};
 }
@@ -395,21 +400,56 @@ const allTools = [
         description: "Create a new thread on a merge request",
         inputSchema: toJSONSchema(CreateMergeRequestThreadSchema),
     },
+    {
+        name: 'resolve_merge_request_thread',
+        description: "Resolve a thread on a merge request",
+        inputSchema: toJSONSchema(ResolveMergeRequestThreadSchema),
+    },
     {
         name: "mr_discussions",
         description: "List discussion items for a merge request",
         inputSchema: toJSONSchema(ListMergeRequestDiscussionsSchema),
     },
     {
-        name: "update_merge_request_note",
-        description: "Modify an existing merge request thread note",
-        inputSchema: toJSONSchema(UpdateMergeRequestNoteSchema),
+        name: "delete_merge_request_discussion_note",
+        description: "Delete a discussion note on a merge request",
+        inputSchema: toJSONSchema(DeleteMergeRequestDiscussionNoteSchema),
+    },
+    {
+        name: "update_merge_request_discussion_note",
+        description: "Update a discussion note on a merge request",
+        inputSchema: toJSONSchema(UpdateMergeRequestDiscussionNoteSchema),
+    },
+    {
+        name: "create_merge_request_discussion_note",
+        description: "Add a new discussion note to an existing merge request thread",
+        inputSchema: toJSONSchema(CreateMergeRequestDiscussionNoteSchema),
     },
     {
         name: "create_merge_request_note",
-        description: "Add a new note to an existing merge request thread",
+        description: "Add a new note to a merge request",
         inputSchema: toJSONSchema(CreateMergeRequestNoteSchema),
     },
+    {
+        name: "delete_merge_request_note",
+        description: "Delete an existing merge request note",
+        inputSchema: toJSONSchema(DeleteMergeRequestNoteSchema),
+    },
+    {
+        name: "get_merge_request_note",
+        description: "Get a specific note for a merge request",
+        inputSchema: toJSONSchema(GetMergeRequestNoteSchema),
+    },
+    {
+        name: 'get_merge_request_notes',
+        description: "List notes for a merge request",
+        inputSchema: toJSONSchema(GetMergeRequestNotesSchema),
+    },
+    {
+        name: "update_merge_request_note",
+        description: "Modify an existing merge request note",
+        inputSchema: toJSONSchema(UpdateMergeRequestNoteSchema),
+    },
     {
         name: "get_draft_note",
         description: "Get a single draft note from a merge request",
@@ -913,12 +953,11 @@ if (REMOTE_AUTHORIZATION) {
     }
     logger.info("Remote authorization enabled: tokens will be read from HTTP headers");
 }
-else {
-    // Standard mode: token must be in environment
-    if (!GITLAB_PERSONAL_ACCESS_TOKEN) {
-        logger.error("GITLAB_PERSONAL_ACCESS_TOKEN environment variable is not set");
-        process.exit(1);
-    }
+else if (!USE_OAUTH && !GITLAB_PERSONAL_ACCESS_TOKEN && !GITLAB_AUTH_COOKIE_PATH) {
+    // Standard mode: token must be in environment (unless using OAuth)
+    logger.error("GITLAB_PERSONAL_ACCESS_TOKEN environment variable is not set");
+    logger.info("Either set GITLAB_PERSONAL_ACCESS_TOKEN or enable OAuth with GITLAB_USE_OAUTH=true");
+    process.exit(1);
 }
 /**
  * Utility function for handling GitLab API errors
@@ -1429,6 +1468,18 @@ async function listMergeRequestDiscussions(projectId, mergeRequestIid, options =
 async function listIssueDiscussions(projectId, issueIid, options = {}) {
     return listDiscussions(projectId, "issues", issueIid, options);
 }
+async function deleteMergeRequestDiscussionNote(projectId, mergeRequestIid, discussionId, noteId) {
+    projectId = decodeURIComponent(projectId); // Decode project ID
+    const url = new URL(`${GITLAB_API_URL}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/discussions/${discussionId}/notes/${noteId}`);
+    const response = await fetch(url.toString(), {
+        ...DEFAULT_FETCH_CONFIG,
+        method: "DELETE",
+    });
+    if (!response.ok) {
+        const errorText = await response.text();
+        throw new Error(`GitLab API error: ${response.status} ${response.statusText}\n${errorText}`);
+    }
+}
 /**
  * Modify an existing merge request thread note
  * 병합 요청 토론 노트 수정
@@ -1441,7 +1492,7 @@ async function listIssueDiscussions(projectId, issueIid, options = {}) {
  * @param {boolean} [resolved] - Resolve/unresolve state
  * @returns {Promise<GitLabDiscussionNote>} The updated note
  */
-async function updateMergeRequestNote(projectId, mergeRequestIid, discussionId, noteId, body, resolved) {
+async function updateMergeRequestDiscussionNote(projectId, mergeRequestIid, discussionId, noteId, body, resolved) {
     projectId = decodeURIComponent(projectId); // Decode project ID
     const url = new URL(`${GITLAB_API_URL}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/discussions/${discussionId}/notes/${noteId}`);
     // Only one of body or resolved can be sent according to GitLab API
@@ -1509,7 +1560,7 @@ async function createIssueNote(projectId, issueIid, discussionId, body, createdA
     return GitLabDiscussionNoteSchema.parse(data);
 }
 /**
- * Add a new note to an existing merge request thread
+ * Add a new discussion note to an existing merge request thread
  * 기존 병합 요청 스레드에 새 노트 추가
  *
  * @param {string} projectId - The ID or URL-encoded path of the project
@@ -1519,7 +1570,7 @@ async function createIssueNote(projectId, issueIid, discussionId, body, createdA
  * @param {string} [createdAt] - The creation date of the note (ISO 8601 format)
  * @returns {Promise<GitLabDiscussionNote>} The created note
  */
-async function createMergeRequestNote(projectId, mergeRequestIid, discussionId, body, createdAt) {
+async function createMergeRequestDiscussionNote(projectId, mergeRequestIid, discussionId, body, createdAt) {
     projectId = decodeURIComponent(projectId); // Decode project ID
     const url = new URL(`${GITLAB_API_URL}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/discussions/${discussionId}/notes`);
     const payload = { body };
@@ -1535,6 +1586,81 @@ async function createMergeRequestNote(projectId, mergeRequestIid, discussionId,
     const data = await response.json();
     return GitLabDiscussionNoteSchema.parse(data);
 }
+async function createMergeRequestNote(projectId, mergeRequestIid, body) {
+    projectId = decodeURIComponent(projectId); // Decode project ID
+    const url = new URL(`${GITLAB_API_URL}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/notes`);
+    const payload = {
+        id: projectId,
+        merge_request_iid: mergeRequestIid,
+        body,
+    };
+    const response = await fetch(url.toString(), {
+        ...DEFAULT_FETCH_CONFIG,
+        method: "POST",
+        body: JSON.stringify(payload),
+    });
+    await handleGitLabError(response);
+    const data = await response.json();
+    return GitLabDiscussionNoteSchema.parse(data);
+}
+async function deleteMergeRequestNote(projectId, mergeRequestIid, noteId) {
+    projectId = decodeURIComponent(projectId); // Decode project ID
+    const url = new URL(`${GITLAB_API_URL}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/notes/${noteId}`);
+    const response = await fetch(url.toString(), {
+        ...DEFAULT_FETCH_CONFIG,
+        method: "DELETE",
+    });
+    if (!response.ok) {
+        const errorText = await response.text();
+        throw new Error(`GitLab API error: ${response.status} ${response.statusText}\n${errorText}`);
+    }
+}
+async function getMergeRequestNote(projectId, mergeRequestIid, noteId) {
+    projectId = decodeURIComponent(projectId); // Decode project ID
+    const url = new URL(`${GITLAB_API_URL}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/notes/${noteId}`);
+    const response = await fetch(url.toString(), {
+        ...DEFAULT_FETCH_CONFIG,
+        method: "GET",
+    });
+    await handleGitLabError(response);
+    const data = await response.json();
+    return GitLabDiscussionNoteSchema.parse(data);
+}
+async function getMergeRequestNotes(projectId, mergeRequestIid, sort, order_by) {
+    projectId = decodeURIComponent(projectId); // Decode project ID
+    const url = new URL(`${GITLAB_API_URL}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/notes`);
+    if (sort) {
+        url.searchParams.append("sort", sort);
+    }
+    if (order_by) {
+        url.searchParams.append("order_by", order_by);
+    }
+    const response = await fetch(url.toString(), {
+        ...DEFAULT_FETCH_CONFIG,
+        method: "GET",
+    });
+    await handleGitLabError(response);
+    const data = await response.json();
+    return z.array(GitLabDiscussionNoteSchema).parse(data);
+}
+async function updateMergeRequestNote(projectId, mergeRequestIid, noteId, body) {
+    projectId = decodeURIComponent(projectId); // Decode project ID
+    const url = new URL(`${GITLAB_API_URL}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/notes/${noteId}`);
+    const payload = {
+        id: projectId,
+        merge_request_iid: mergeRequestIid,
+        note_id: noteId,
+        body,
+    };
+    const response = await fetch(url.toString(), {
+        ...DEFAULT_FETCH_CONFIG,
+        method: "PUT",
+        body: JSON.stringify(payload),
+    });
+    await handleGitLabError(response);
+    const data = await response.json();
+    return GitLabDiscussionNoteSchema.parse(data);
+}
 /**
  * Create or update a file in a GitLab project
  * 파일 생성 또는 업데이트
@@ -2145,6 +2271,21 @@ async function bulkPublishDraftNotes(projectId, mergeRequestIid) {
         return [];
     }
 }
+async function resolveMergeRequestThread(projectId, mergeRequestIid, discussionId, resolved) {
+    projectId = decodeURIComponent(projectId);
+    const url = new URL(`${GITLAB_API_URL}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/discussions/${discussionId}`);
+    if (resolved !== undefined) {
+        url.searchParams.append("resolved", resolved ? "true" : "false");
+    }
+    const response = await fetch(url.toString(), {
+        ...DEFAULT_FETCH_CONFIG,
+        method: "PUT",
+    });
+    if (!response.ok) {
+        const errorText = await response.text();
+        throw new Error(`GitLab API error: ${response.status} ${response.statusText}\n${errorText}`);
+    }
+}
 /**
  * Create a new thread on a merge request
  * 📦 새로운 함수: createMergeRequestThread - 병합 요청에 새로운 스레드(토론)를 생성하는 함수
@@ -3762,18 +3903,61 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                     content: [{ type: "text", text: JSON.stringify(mergeRequest, null, 2) }],
                 };
             }
-            case "update_merge_request_note": {
-                const args = UpdateMergeRequestNoteSchema.parse(request.params.arguments);
-                const note = await updateMergeRequestNote(args.project_id, args.merge_request_iid, args.discussion_id, args.note_id, args.body, // Now optional
+            case "delete_merge_request_discussion_note": {
+                const args = DeleteMergeRequestDiscussionNoteSchema.parse(request.params.arguments);
+                const { project_id, merge_request_iid, discussion_id, note_id } = args;
+                await deleteMergeRequestDiscussionNote(project_id, merge_request_iid, discussion_id, note_id);
+                return {
+                    content: [{ type: "text", text: "Merge request discussion note deleted successfully" }],
+                };
+            }
+            case "update_merge_request_discussion_note": {
+                const args = UpdateMergeRequestDiscussionNoteSchema.parse(request.params.arguments);
+                const note = await updateMergeRequestDiscussionNote(args.project_id, args.merge_request_iid, args.discussion_id, args.note_id, args.body, // Now optional
                 args.resolved // Now one of body or resolved must be provided, not both
                 );
                 return {
                     content: [{ type: "text", text: JSON.stringify(note, null, 2) }],
                 };
             }
+            case "create_merge_request_discussion_note": {
+                const args = CreateMergeRequestDiscussionNoteSchema.parse(request.params.arguments);
+                const note = await createMergeRequestDiscussionNote(args.project_id, args.merge_request_iid, args.discussion_id, args.body, args.created_at);
+                return {
+                    content: [{ type: "text", text: JSON.stringify(note, null, 2) }],
+                };
+            }
             case "create_merge_request_note": {
                 const args = CreateMergeRequestNoteSchema.parse(request.params.arguments);
-                const note = await createMergeRequestNote(args.project_id, args.merge_request_iid, args.discussion_id, args.body, args.created_at);
+                const note = await createMergeRequestNote(args.project_id, args.merge_request_iid, args.body);
+                return {
+                    content: [{ type: "text", text: JSON.stringify(note, null, 2) }],
+                };
+            }
+            case "delete_merge_request_note": {
+                const args = DeleteMergeRequestNoteSchema.parse(request.params.arguments);
+                await deleteMergeRequestNote(args.project_id, args.merge_request_iid, args.note_id);
+                return {
+                    content: [{ type: "text", text: "Merge request note deleted successfully" }],
+                };
+            }
+            case 'get_merge_request_note': {
+                const args = GetMergeRequestNoteSchema.parse(request.params.arguments);
+                const note = await getMergeRequestNote(args.project_id, args.merge_request_iid, args.note_id);
+                return {
+                    content: [{ type: "text", text: JSON.stringify(note, null, 2) }],
+                };
+            }
+            case 'get_merge_request_notes': {
+                const args = GetMergeRequestNotesSchema.parse(request.params.arguments);
+                const notes = await getMergeRequestNotes(args.project_id, args.merge_request_iid, args.sort, args.order_by);
+                return {
+                    content: [{ type: "text", text: JSON.stringify(notes, null, 2) }],
+                };
+            }
+            case 'update_merge_request_note': {
+                const args = UpdateMergeRequestNoteSchema.parse(request.params.arguments);
+                const note = await updateMergeRequestNote(args.project_id, args.merge_request_iid, args.note_id, args.body);
                 return {
                     content: [{ type: "text", text: JSON.stringify(note, null, 2) }],
                 };
@@ -3995,6 +4179,14 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                     content: [{ type: "text", text: JSON.stringify(thread, null, 2) }],
                 };
             }
+            case "resolve_merge_request_thread": {
+                const args = ResolveMergeRequestThreadSchema.parse(request.params.arguments);
+                const { project_id, merge_request_iid, discussion_id, resolved } = args;
+                await resolveMergeRequestThread(project_id, merge_request_iid, discussion_id, resolved);
+                return {
+                    content: [{ type: "text", text: "Thread resolved successfully" }],
+                };
+            }
             case "list_issues": {
                 const args = ListIssuesSchema.parse(request.params.arguments);
                 const { project_id, ...options } = args;
@@ -4675,7 +4867,7 @@ async function startStreamableHTTPServer() {
         // GitLab PAT format: glpat-xxxxx (min 20 chars)
         if (token.length < 20)
             return false;
-        if (!/^[a-zA-Z0-9_-]+$/.test(token))
+        if (!/^[a-zA-Z0-9_\.-]+$/.test(token))
             return false;
         return true;
     };
@@ -5011,6 +5203,20 @@ async function runServer() {
     try {
         // Validate configuration before starting server
         validateConfiguration();
+        // Initialize OAuth token if OAuth is enabled
+        if (USE_OAUTH) {
+            logger.info("Using OAuth authentication...");
+            try {
+                const gitlabBaseUrl = GITLAB_API_URL.replace(/\/api\/v4$/, "");
+                OAUTH_ACCESS_TOKEN = await initializeOAuth(gitlabBaseUrl);
+                logger.info("OAuth authentication successful");
+                // Note: Headers are automatically generated by buildAuthHeaders() using OAUTH_ACCESS_TOKEN
+            }
+            catch (error) {
+                logger.error("OAuth authentication failed:", error);
+                process.exit(1);
+            }
+        }
         const transportMode = determineTransportMode();
         await initializeServerByTransportMode(transportMode);
     }