@zereight/mcp-gitlab 2.1.12 → 2.1.14

package/build/test/test-remote-downloads.js

@@ -0,0 +1,336 @@
+/**
+ * Remote Mode Download Proxy & Upload Tests
+ *
+ * Tests the /downloads/:type proxy endpoint and verifies that download/upload
+ * tools behave correctly in remote (StreamableHTTP) mode:
+ *   - download_job_artifacts returns a download_url
+ *   - download_attachment for non-image returns a download_url
+ *   - download_attachment for image returns inline base64
+ *   - upload_markdown with content+filename works
+ *   - upload_markdown with file_path is rejected
+ */
+import { describe, test, before, after } from 'node:test';
+import assert from 'node:assert';
+import { launchServer, TransportMode, HOST } from './utils/server-launcher.js';
+import { MockGitLabServer, findMockServerPort } from './utils/mock-gitlab-server.js';
+const MOCK_TOKEN = 'glpat-mock-token-12345';
+const TEST_PROJECT_ID = '123';
+const TEST_JOB_ID = '456';
+const TEST_SECRET = 'testsecret';
+// Minimal 1x1 transparent PNG
+const MINIMAL_PNG = Buffer.from('iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg==', 'base64');
+const LARGE_FILE_TOKEN = 'glpat-largefile-test-token';
+const FAKE_ZIP = Buffer.from('PK\x03\x04fake-zip-content-for-testing');
+const MOCK_UPLOAD_RESPONSE = {
+    id: 99,
+    alt: 'test-file.txt',
+    url: '/uploads/abc123secret/test-file.txt',
+    full_path: '/test-group/test-project/uploads/abc123secret/test-file.txt',
+    markdown: '[test-file.txt](/uploads/abc123secret/test-file.txt)',
+};
+function parseSSE(text) {
+    const lines = text.split('\n');
+    const dataLines = lines.filter(l => l.startsWith('data: '));
+    return dataLines.map(l => JSON.parse(l.slice(6)));
+}
+// --- Test suites ---
+describe('Remote Downloads - Download Proxy Endpoint', { timeout: 30_000 }, () => {
+    let mockGitLab;
+    let server;
+    let serverPort;
+    before(async () => {
+        const mockPort = await findMockServerPort(9300);
+        mockGitLab = new MockGitLabServer({
+            port: mockPort,
+            validTokens: [MOCK_TOKEN, LARGE_FILE_TOKEN],
+        });
+        // Mock artifact download
+        mockGitLab.addMockHandler('get', `/projects/${TEST_PROJECT_ID}/jobs/${TEST_JOB_ID}/artifacts`, (_req, res) => {
+            res.set('Content-Type', 'application/zip');
+            res.set('Content-Disposition', `attachment; filename="artifacts_job_${TEST_JOB_ID}.zip"`);
+            res.send(FAKE_ZIP);
+        });
+        // Mock image attachment
+        mockGitLab.addMockHandler('get', `/projects/${TEST_PROJECT_ID}/uploads/${TEST_SECRET}/image.png`, (_req, res) => {
+            res.set('Content-Type', 'image/png');
+            res.send(MINIMAL_PNG);
+        });
+        // Mock text attachment
+        mockGitLab.addMockHandler('get', `/projects/${TEST_PROJECT_ID}/uploads/${TEST_SECRET}/document.txt`, (_req, res) => {
+            res.set('Content-Type', 'text/plain');
+            res.send('hello document content');
+        });
+        // Mock large artifact (2MB) to verify streaming works for big files
+        mockGitLab.addMockHandler('get', `/projects/${TEST_PROJECT_ID}/jobs/999/artifacts`, (_req, res) => {
+            res.set('Content-Type', 'application/zip');
+            res.set('Content-Disposition', 'attachment; filename="large_artifacts.zip"');
+            // Send 2MB of data in chunks
+            const chunk = Buffer.alloc(64 * 1024, 0x42); // 64KB of 'B'
+            res.writeHead(200);
+            let sent = 0;
+            const total = 2 * 1024 * 1024; // 2MB
+            const sendChunk = () => {
+                while (sent < total) {
+                    const size = Math.min(chunk.length, total - sent);
+                    const ok = res.write(chunk.subarray(0, size));
+                    sent += size;
+                    if (!ok) {
+                        res.once('drain', sendChunk);
+                        return;
+                    }
+                }
+                res.end();
+            };
+            sendChunk();
+        });
+        await mockGitLab.start();
+        serverPort = 3500;
+        server = await launchServer({
+            mode: TransportMode.STREAMABLE_HTTP,
+            port: serverPort,
+            timeout: 10_000,
+            env: {
+                STREAMABLE_HTTP: 'true',
+                REMOTE_AUTHORIZATION: 'true',
+                GITLAB_API_URL: `${mockGitLab.getUrl()}/api/v4`,
+                USE_PIPELINE: 'true',
+                MAX_REQUESTS_PER_MINUTE: '2',
+            },
+        });
+    });
+    after(async () => {
+        if (server)
+            server.kill();
+        if (mockGitLab)
+            await mockGitLab.stop();
+    });
+    test('returns 401 without auth headers', async () => {
+        const res = await fetch(`http://${HOST}:${serverPort}/downloads/job-artifacts?project_id=${TEST_PROJECT_ID}&job_id=${TEST_JOB_ID}`);
+        assert.strictEqual(res.status, 401);
+        const body = await res.json();
+        assert.ok(body.error.toLowerCase().includes('auth'));
+    });
+    test('returns 400 for missing parameters', async () => {
+        const res = await fetch(`http://${HOST}:${serverPort}/downloads/job-artifacts?project_id=${TEST_PROJECT_ID}`, { headers: { 'Private-Token': MOCK_TOKEN } });
+        assert.strictEqual(res.status, 400);
+        const body = await res.json();
+        assert.ok(body.error.includes('required'));
+    });
+    test('returns 400 for unknown download types', async () => {
+        const res = await fetch(`http://${HOST}:${serverPort}/downloads/unknown-type?project_id=${TEST_PROJECT_ID}`, { headers: { 'Private-Token': MOCK_TOKEN } });
+        assert.strictEqual(res.status, 400);
+        const body = await res.json();
+        assert.ok(body.error.toLowerCase().includes('unknown'));
+    });
+    test('streams large file (2MB) without buffering issues', async () => {
+        // Use a dedicated token to avoid rate limit interference from other tests
+        const largeFileToken = 'glpat-largefile-test-token';
+        const res = await fetch(`http://${HOST}:${serverPort}/downloads/job-artifacts?project_id=${TEST_PROJECT_ID}&job_id=999`, { headers: { 'Private-Token': largeFileToken } });
+        assert.strictEqual(res.status, 200, 'Should stream large file successfully');
+        const buf = Buffer.from(await res.arrayBuffer());
+        const expectedSize = 2 * 1024 * 1024;
+        assert.strictEqual(buf.length, expectedSize, `Should receive full 2MB (got ${buf.length} bytes)`);
+    });
+    test('returns 429 after exceeding rate limit', async () => {
+        // Use a different token to get a fresh rate limit counter
+        const rateLimitToken = 'glpat-ratelimit-test-token';
+        let got429 = false;
+        for (let i = 0; i < 10; i++) {
+            const res = await fetch(`http://${HOST}:${serverPort}/downloads/job-artifacts?project_id=${TEST_PROJECT_ID}&job_id=${TEST_JOB_ID}`, { headers: { 'Private-Token': rateLimitToken } });
+            if (res.status === 429) {
+                got429 = true;
+                const body = await res.json();
+                assert.ok(body.error.toLowerCase().includes('rate limit'));
+                break;
+            }
+            // consume body (might be 401/403 from GitLab mock, but rate limit still increments)
+            await res.arrayBuffer();
+        }
+        assert.ok(got429, 'Should have received 429 within 10 requests (rate limit is 2/min)');
+    });
+});
+describe('Remote Downloads - Tool Behavior via MCP Protocol', { timeout: 60_000 }, () => {
+    let mockGitLab;
+    let server;
+    let serverPort;
+    let sessionId;
+    before(async () => {
+        const mockPort = await findMockServerPort(9310);
+        mockGitLab = new MockGitLabServer({
+            port: mockPort,
+            validTokens: [MOCK_TOKEN],
+        });
+        // Mock artifact download
+        mockGitLab.addMockHandler('get', `/projects/${TEST_PROJECT_ID}/jobs/${TEST_JOB_ID}/artifacts`, (_req, res) => {
+            res.set('Content-Type', 'application/zip');
+            res.set('Content-Disposition', `attachment; filename="artifacts_job_${TEST_JOB_ID}.zip"`);
+            res.send(FAKE_ZIP);
+        });
+        // Mock image attachment
+        mockGitLab.addMockHandler('get', `/projects/${TEST_PROJECT_ID}/uploads/${TEST_SECRET}/image.png`, (_req, res) => {
+            res.set('Content-Type', 'image/png');
+            res.send(MINIMAL_PNG);
+        });
+        // Mock text attachment
+        mockGitLab.addMockHandler('get', `/projects/${TEST_PROJECT_ID}/uploads/${TEST_SECRET}/document.txt`, (_req, res) => {
+            res.set('Content-Type', 'text/plain');
+            res.send('hello document content');
+        });
+        // Mock upload endpoint
+        mockGitLab.addMockHandler('post', `/projects/${TEST_PROJECT_ID}/uploads`, (req, res) => {
+            res.status(201).json(MOCK_UPLOAD_RESPONSE);
+        });
+        await mockGitLab.start();
+        serverPort = 3510;
+        server = await launchServer({
+            mode: TransportMode.STREAMABLE_HTTP,
+            port: serverPort,
+            timeout: 10_000,
+            env: {
+                STREAMABLE_HTTP: 'true',
+                REMOTE_AUTHORIZATION: 'true',
+                GITLAB_API_URL: `${mockGitLab.getUrl()}/api/v4`,
+                USE_PIPELINE: 'true',
+            },
+        });
+        // Initialize MCP session
+        const initRes = await fetch(`http://${HOST}:${serverPort}/mcp`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Accept': 'application/json, text/event-stream',
+                'Private-Token': MOCK_TOKEN,
+            },
+            body: JSON.stringify({
+                jsonrpc: '2.0',
+                id: 1,
+                method: 'initialize',
+                params: {
+                    protocolVersion: '2025-03-26',
+                    capabilities: {},
+                    clientInfo: { name: 'test-remote-downloads', version: '1.0' },
+                },
+            }),
+        });
+        assert.strictEqual(initRes.status, 200, 'Initialize should succeed');
+        sessionId = initRes.headers.get('mcp-session-id');
+        assert.ok(sessionId, 'Should receive a session ID');
+    });
+    after(async () => {
+        if (server)
+            server.kill();
+        if (mockGitLab)
+            await mockGitLab.stop();
+    });
+    async function callTool(id, name, args) {
+        const res = await fetch(`http://${HOST}:${serverPort}/mcp`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Accept': 'application/json, text/event-stream',
+                'Private-Token': MOCK_TOKEN,
+                'mcp-session-id': sessionId,
+            },
+            body: JSON.stringify({
+                jsonrpc: '2.0',
+                id,
+                method: 'tools/call',
+                params: { name, arguments: args },
+            }),
+        });
+        assert.strictEqual(res.status, 200, `Tool call ${name} should return 200`);
+        const text = await res.text();
+        const responses = parseSSE(text);
+        const result = responses.find(r => r.id === id);
+        assert.ok(result, `Should find response with id=${id} in SSE stream`);
+        return result;
+    }
+    test('download_job_artifacts returns download_url with embedded auth token', async () => {
+        const result = await callTool(10, 'download_job_artifacts', {
+            project_id: TEST_PROJECT_ID,
+            job_id: TEST_JOB_ID,
+        });
+        assert.ok(result.result, 'Should have a result');
+        const content = result.result.content;
+        assert.ok(content && content.length > 0, 'Should have content');
+        const textBlock = content.find(c => c.type === 'text');
+        assert.ok(textBlock?.text, 'Should have text content');
+        const parsed = JSON.parse(textBlock.text);
+        assert.ok(parsed.download_url, 'Should contain download_url');
+        assert.ok(parsed.download_url.includes('/downloads/job-artifacts'), 'URL should point to proxy endpoint');
+        assert.ok(parsed.download_url.includes(`project_id=${TEST_PROJECT_ID}`), 'URL should include project_id');
+        assert.ok(parsed.download_url.includes(`job_id=${TEST_JOB_ID}`), 'URL should include job_id');
+        assert.ok(parsed.download_url.includes('_token='), 'URL should contain embedded auth token');
+        assert.ok(parsed.filename.includes('.zip'), 'Should have zip filename');
+        // The URL should work WITHOUT auth headers (token is embedded)
+        const downloadRes = await fetch(parsed.download_url);
+        assert.strictEqual(downloadRes.status, 200, 'Download URL should work without auth headers');
+        const buf = Buffer.from(await downloadRes.arrayBuffer());
+        assert.ok(buf.length > 0, 'Downloaded content should not be empty');
+        assert.ok(buf.includes(Buffer.from('PK')), 'Should contain zip magic bytes');
+    });
+    test('download_attachment for non-image returns download_url', async () => {
+        const result = await callTool(11, 'download_attachment', {
+            project_id: TEST_PROJECT_ID,
+            secret: TEST_SECRET,
+            filename: 'document.txt',
+        });
+        assert.ok(result.result, 'Should have a result');
+        const content = result.result.content;
+        assert.ok(content && content.length > 0, 'Should have content');
+        const textBlock = content.find(c => c.type === 'text');
+        assert.ok(textBlock?.text, 'Should have text content');
+        const parsed = JSON.parse(textBlock.text);
+        assert.ok(parsed.download_url, 'Should contain download_url');
+        assert.ok(parsed.download_url.includes('/downloads/attachment'), 'URL should point to attachment proxy');
+        assert.ok(parsed.download_url.includes(`project_id=${TEST_PROJECT_ID}`), 'URL should include project_id');
+        assert.ok(parsed.download_url.includes(`secret=${TEST_SECRET}`), 'URL should include secret');
+        assert.ok(parsed.download_url.includes('filename=document.txt'), 'URL should include filename');
+        assert.strictEqual(parsed.filename, 'document.txt', 'Should echo the filename');
+    });
+    test('download_attachment for image returns base64 inline', async () => {
+        const result = await callTool(12, 'download_attachment', {
+            project_id: TEST_PROJECT_ID,
+            secret: TEST_SECRET,
+            filename: 'image.png',
+        });
+        assert.ok(result.result, 'Should have a result');
+        const content = result.result.content;
+        assert.ok(content && content.length > 0, 'Should have content');
+        const imageBlock = content.find(c => c.type === 'image');
+        assert.ok(imageBlock, 'Should contain an image content block');
+        assert.strictEqual(imageBlock.mimeType, 'image/png', 'Should have image/png mime type');
+        assert.ok(imageBlock.data && imageBlock.data.length > 0, 'Should have non-empty base64 data');
+    });
+    test('upload_markdown with content+filename works', async () => {
+        const fileContent = Buffer.from('hello upload test').toString('base64');
+        const result = await callTool(13, 'upload_markdown', {
+            project_id: TEST_PROJECT_ID,
+            content: fileContent,
+            filename: 'test-file.txt',
+        });
+        assert.ok(result.result, 'Should have a result');
+        assert.ok(!result.error, `Should not have error: ${result.error?.message}`);
+        const content = result.result.content;
+        assert.ok(content && content.length > 0, 'Should have content');
+        const textBlock = content.find(c => c.type === 'text');
+        assert.ok(textBlock?.text, 'Should have text content');
+        const parsed = JSON.parse(textBlock.text);
+        assert.ok(parsed.markdown, 'Should have markdown field');
+        assert.ok(parsed.url, 'Should have url field');
+    });
+    test('upload_markdown with file_path is rejected in remote mode', async () => {
+        const result = await callTool(14, 'upload_markdown', {
+            project_id: TEST_PROJECT_ID,
+            file_path: '/tmp/some-file.txt',
+        });
+        // In remote mode the server uses MarkdownUploadRemoteSchema which
+        // requires content+filename and does not accept file_path. This should
+        // result in a validation error.
+        const hasError = !!result.error ||
+            (result.result?.content?.some(c => c.type === 'text' && c.text && (c.text.toLowerCase().includes('error') ||
+                c.text.toLowerCase().includes('required') ||
+                c.text.toLowerCase().includes('invalid'))));
+        assert.ok(hasError, 'Should reject file_path in remote mode (needs content+filename)');
+    });
+});

package/build/test/test-toolset-filtering.js

@@ -19,7 +19,7 @@ const TOOLSET_TOOL_COUNTS = {
     merge_requests: 41,
     issues: 24,
     repositories: 7,
-    branches: 9,
+    branches: 10,
     projects: 9,
     labels: 5,
     ci: 2,
@@ -32,6 +32,7 @@ const TOOLSET_TOOL_COUNTS = {
     search: 3,
     workitems: 18,
     webhooks: 3,
+    groups: 1,
 };
 const LEGACY_PIPELINE_TOOL_COUNT = TOOLSET_TOOL_COUNTS.pipelines + TOOLSET_TOOL_COUNTS.ci;
 const DEFAULT_TOOLSETS = [
@@ -43,6 +44,7 @@ const DEFAULT_TOOLSETS = [
     "labels",
     "ci",
     "users",
+    "groups",
 ];
 const NON_DEFAULT_TOOLSETS = [
     "pipelines",
@@ -75,6 +77,7 @@ const TOOLSET_SAMPLE_TOOLS = {
     users: ["get_users", "upload_markdown", "download_attachment"],
     search: ["search_code", "search_project_code", "search_group_code"],
     webhooks: ["list_webhooks", "list_webhook_events", "get_webhook_event"],
+    groups: ["create_group"],
 };
 // --- Helpers ---
 async function launchMcpServer(mockGitLabUrl, mcpPort, extraEnv = {}) {

package/build/tools/registry.js

@@ -1,7 +1,8 @@
 import { zodToJsonSchema } from "zod-to-json-schema";
 import { toJSONSchema } from "../utils/schema.js";
-import { USE_GITLAB_WIKI, USE_MILESTONE, USE_PIPELINE, } from "../config.js";
-import { ApproveMergeRequestSchema, BulkPublishDraftNotesSchema, CancelPipelineJobSchema, CancelPipelineSchema, ConvertWorkItemTypeSchema, CreateBranchSchema, CreateDraftNoteSchema, CreateGroupWikiPageSchema, CreateIssueLinkSchema, CreateIssueNoteSchema, CreateIssueSchema, CreateIssueEmojiReactionSchema, CreateIssueNoteEmojiReactionSchema, ListIssueEmojiReactionsSchema, ListIssueNoteEmojiReactionsSchema, CreateLabelSchema, MarkAllTodosDoneSchema, ListTodosSchema, MarkTodoDoneSchema, CreateMergeRequestDiscussionNoteSchema, CreateMergeRequestEmojiReactionSchema, ListMergeRequestEmojiReactionsSchema, ListMergeRequestNoteEmojiReactionsSchema, CreateMergeRequestNoteSchema, CreateMergeRequestNoteEmojiReactionSchema, CreateMergeRequestSchema, CreateMergeRequestThreadSchema, CreateNoteSchema, CreateCommitStatusSchema, CreateOrUpdateFileSchema, CreatePipelineSchema, CreateProjectMilestoneSchema, CreateReleaseEvidenceSchema, CreateReleaseSchema, CreateRepositorySchema, CreateTagSchema, CreateTimelineEventSchema, CreateWikiPageSchema, CreateWorkItemNoteSchema, CreateWorkItemEmojiReactionSchema, CreateWorkItemNoteEmojiReactionSchema, ListWorkItemEmojiReactionsSchema, ListWorkItemNoteEmojiReactionsSchema, CreateWorkItemSchema, DeleteBranchSchema, DeleteDraftNoteSchema, DeleteGroupWikiPageSchema, DeleteIssueLinkSchema, DeleteIssueSchema, DeleteIssueEmojiReactionSchema, DeleteIssueNoteEmojiReactionSchema, DeleteLabelSchema, DeleteMergeRequestDiscussionNoteSchema, DeleteMergeRequestNoteSchema, DeleteMergeRequestEmojiReactionSchema, DeleteMergeRequestNoteEmojiReactionSchema, DeleteProjectMilestoneSchema, DeleteReleaseSchema, DeleteTagSchema, DeleteWikiPageSchema, DeleteWorkItemEmojiReactionSchema, DeleteWorkItemNoteEmojiReactionSchema, DownloadAttachmentSchema, DownloadJobArtifactsSchema, DownloadReleaseAssetSchema, EditProjectMilestoneSchema, ExecuteGraphQLSchema, ForkRepositorySchema, HealthCheckSchema, GetBranchSchema, GetBranchDiffsSchema, GetCommitDiffSchema, GetCommitSchema, GetDeploymentSchema, GetDraftNoteSchema, GetEnvironmentSchema, GetFileContentsSchema, GetGroupWikiPageSchema, GetIssueLinkSchema, GetIssueSchema, GetJobArtifactFileSchema, GetLabelSchema, GetMergeRequestApprovalStateSchema, GetMergeRequestConflictsSchema, GetMergeRequestDiffsSchema, GetMergeRequestFileDiffSchema, GetMergeRequestNoteSchema, GetMergeRequestNotesSchema, GetMergeRequestSchema, GetMergeRequestVersionSchema, GetMilestoneBurndownEventsSchema, GetMilestoneIssuesSchema, GetMilestoneMergeRequestsSchema, GetNamespaceSchema, GetPipelineJobOutputSchema, GetPipelineSchema, GetProjectEventsSchema, GetProjectMilestoneSchema, GetProjectSchema, GetReleaseSchema, GetRepositoryTreeSchema, GetTagSchema, GetTagSignatureSchema, GetTimelineEventsSchema, GetUsersSchema, GetUserSchema, WhoAmISchema, GetWebhookEventSchema, GetWikiPageSchema, GetWorkItemSchema, ListBranchesSchema, ListCommitsSchema, ListCommitStatusesSchema, ListCustomFieldDefinitionsSchema, ListDeploymentsSchema, ListDraftNotesSchema, ListEnvironmentsSchema, ListEventsSchema, ListGroupIterationsSchema, ListGroupProjectsSchema, ListGroupWikiPagesSchema, ListIssueDiscussionsSchema, ListIssueLinksSchema, ListIssuesSchema, ListJobArtifactsSchema, ListLabelsSchema, ListMergeRequestChangedFilesSchema, ListMergeRequestDiffsSchema, ListMergeRequestDiscussionsSchema, ListMergeRequestPipelinesSchema, ListMergeRequestVersionsSchema, ListMergeRequestsSchema, ListNamespacesSchema, ListPipelineJobsSchema, ListPipelineTriggerJobsSchema, ValidateCiLintSchema, ValidateProjectCiLintSchema, ListPipelinesSchema, ListProjectMembersSchema, ListProjectMilestonesSchema, ListProjectsSchema, ListReleasesSchema, ListTagsSchema, ListWebhookEventsSchema, ListWebhooksSchema, ListWikiPagesSchema, ListWorkItemNotesSchema, ListWorkItemStatusesSchema, ListWorkItemsSchema, MarkdownUploadSchema, MergeMergeRequestSchema, MoveWorkItemSchema, MyIssuesSchema, PlayPipelineJobSchema, PromoteProjectMilestoneSchema, PublishDraftNoteSchema, PushFilesSchema, ResolveMergeRequestThreadSchema, RetryPipelineJobSchema, RetryPipelineSchema, SearchCodeSchema, SearchGroupCodeSchema, SearchProjectCodeSchema, SearchRepositoriesSchema, UnapproveMergeRequestSchema, UpdateDraftNoteSchema, UpdateGroupWikiPageSchema, UpdateIssueNoteSchema, UpdateIssueSchema, UpdateIssueDescriptionPatchSchema, UpdateLabelSchema, UpdateMergeRequestDiscussionNoteSchema, UpdateMergeRequestNoteSchema, UpdateMergeRequestSchema, UpdateReleaseSchema, UpdateWikiPageSchema, UpdateWorkItemSchema, VerifyNamespaceSchema, } from "../schemas.js";
+import { USE_GITLAB_WIKI, USE_MILESTONE, USE_PIPELINE, SSE, STREAMABLE_HTTP, } from "../config.js";
+import { ApproveMergeRequestSchema, BulkPublishDraftNotesSchema, CancelPipelineJobSchema, CancelPipelineSchema, ConvertWorkItemTypeSchema, CreateBranchSchema, CreateDraftNoteSchema, CreateGroupSchema, CreateGroupWikiPageSchema, CreateIssueLinkSchema, CreateIssueNoteSchema, CreateIssueSchema, CreateIssueEmojiReactionSchema, CreateIssueNoteEmojiReactionSchema, ListIssueEmojiReactionsSchema, ListIssueNoteEmojiReactionsSchema, CreateLabelSchema, MarkAllTodosDoneSchema, ListTodosSchema, MarkTodoDoneSchema, CreateMergeRequestDiscussionNoteSchema, CreateMergeRequestEmojiReactionSchema, ListMergeRequestEmojiReactionsSchema, ListMergeRequestNoteEmojiReactionsSchema, CreateMergeRequestNoteSchema, CreateMergeRequestNoteEmojiReactionSchema, CreateMergeRequestSchema, CreateMergeRequestThreadSchema, CreateNoteSchema, CreateCommitStatusSchema, CreateOrUpdateFileSchema, CreatePipelineSchema, CreateProjectMilestoneSchema, CreateReleaseEvidenceSchema, CreateReleaseSchema, CreateRepositorySchema, CreateTagSchema, CreateTimelineEventSchema, CreateWikiPageSchema, CreateWorkItemNoteSchema, CreateWorkItemEmojiReactionSchema, CreateWorkItemNoteEmojiReactionSchema, ListWorkItemEmojiReactionsSchema, ListWorkItemNoteEmojiReactionsSchema, CreateWorkItemSchema, DeleteBranchSchema, DeleteDraftNoteSchema, DeleteGroupWikiPageSchema, DeleteIssueLinkSchema, DeleteIssueSchema, DeleteIssueEmojiReactionSchema, DeleteIssueNoteEmojiReactionSchema, DeleteLabelSchema, DeleteMergeRequestDiscussionNoteSchema, DeleteMergeRequestNoteSchema, DeleteMergeRequestEmojiReactionSchema, DeleteMergeRequestNoteEmojiReactionSchema, DeleteProjectMilestoneSchema, DeleteReleaseSchema, DeleteTagSchema, DeleteWikiPageSchema, DeleteWorkItemEmojiReactionSchema, DeleteWorkItemNoteEmojiReactionSchema, DownloadAttachmentSchema, DownloadAttachmentRemoteSchema, DownloadJobArtifactsSchema, DownloadJobArtifactsRemoteSchema, DownloadReleaseAssetSchema, EditProjectMilestoneSchema, ExecuteGraphQLSchema, ForkRepositorySchema, HealthCheckSchema, GetBranchSchema, GetBranchDiffsSchema, GetCommitDiffSchema, GetCommitSchema, GetFileBlameSchema, GetDeploymentSchema, GetDraftNoteSchema, GetEnvironmentSchema, GetFileContentsSchema, GetGroupWikiPageSchema, GetIssueLinkSchema, GetIssueSchema, GetJobArtifactFileSchema, GetLabelSchema, GetMergeRequestApprovalStateSchema, GetMergeRequestConflictsSchema, GetMergeRequestDiffsSchema, GetMergeRequestFileDiffSchema, GetMergeRequestNoteSchema, GetMergeRequestNotesSchema, GetMergeRequestSchema, GetMergeRequestVersionSchema, GetMilestoneBurndownEventsSchema, GetMilestoneIssuesSchema, GetMilestoneMergeRequestsSchema, GetNamespaceSchema, GetPipelineJobOutputSchema, GetPipelineSchema, GetProjectEventsSchema, GetProjectMilestoneSchema, GetProjectSchema, GetReleaseSchema, GetRepositoryTreeSchema, GetTagSchema, GetTagSignatureSchema, GetTimelineEventsSchema, GetUsersSchema, GetUserSchema, WhoAmISchema, GetWebhookEventSchema, GetWikiPageSchema, GetWorkItemSchema, ListBranchesSchema, ListCommitsSchema, ListCommitStatusesSchema, ListCustomFieldDefinitionsSchema, ListDeploymentsSchema, ListDraftNotesSchema, ListEnvironmentsSchema, ListEventsSchema, ListGroupIterationsSchema, ListGroupProjectsSchema, ListGroupWikiPagesSchema, ListIssueDiscussionsSchema, ListIssueLinksSchema, ListIssuesSchema, ListJobArtifactsSchema, ListLabelsSchema, ListMergeRequestChangedFilesSchema, ListMergeRequestDiffsSchema, ListMergeRequestDiscussionsSchema, ListMergeRequestPipelinesSchema, ListMergeRequestVersionsSchema, ListMergeRequestsSchema, ListNamespacesSchema, ListPipelineJobsSchema, ListPipelineTriggerJobsSchema, ValidateCiLintSchema, ValidateProjectCiLintSchema, ListPipelinesSchema, ListProjectMembersSchema, ListProjectMilestonesSchema, ListProjectsSchema, ListReleasesSchema, ListTagsSchema, ListWebhookEventsSchema, ListWebhooksSchema, ListWikiPagesSchema, ListWorkItemNotesSchema, ListWorkItemStatusesSchema, ListWorkItemsSchema, MarkdownUploadSchema, MarkdownUploadRemoteSchema, MergeMergeRequestSchema, MoveWorkItemSchema, MyIssuesSchema, PlayPipelineJobSchema, PromoteProjectMilestoneSchema, PublishDraftNoteSchema, PushFilesSchema, ResolveMergeRequestThreadSchema, RetryPipelineJobSchema, RetryPipelineSchema, SearchCodeSchema, SearchGroupCodeSchema, SearchProjectCodeSchema, SearchRepositoriesSchema, UnapproveMergeRequestSchema, UpdateDraftNoteSchema, UpdateGroupWikiPageSchema, UpdateIssueNoteSchema, UpdateIssueSchema, UpdateIssueDescriptionPatchSchema, UpdateLabelSchema, UpdateMergeRequestDiscussionNoteSchema, UpdateMergeRequestNoteSchema, UpdateMergeRequestSchema, UpdateReleaseSchema, UpdateWikiPageSchema, UpdateWorkItemSchema, VerifyNamespaceSchema, } from "../schemas.js";
+const IS_REMOTE = SSE || STREAMABLE_HTTP;
 // Define all available tools
 export const allTools = [
     {
@@ -54,6 +55,11 @@ export const allTools = [
         description: "Create a new GitLab project",
         inputSchema: toJSONSchema(CreateRepositorySchema),
     },
+    {
+        name: "create_group",
+        description: "Create new group or subgroup",
+        inputSchema: toJSONSchema(CreateGroupSchema),
+    },
     {
         name: "get_file_contents",
         description: "Get contents of a file or directory from a GitLab project",
@@ -385,12 +391,12 @@ export const allTools = [
     },
     {
         name: "list_namespaces",
-        description: "List all namespaces available to the current user",
+        description: "List all namespaces (users and groups) available to the current user. Filter by kind='group' for groups only.",
         inputSchema: toJSONSchema(ListNamespacesSchema),
     },
     {
         name: "get_namespace",
-        description: "Get details of a namespace by ID or path",
+        description: "Get details of a namespace (user or group) by ID or path. Groups are namespaces with kind='group'.",
         inputSchema: toJSONSchema(GetNamespaceSchema),
     },
     {
@@ -595,8 +601,12 @@ export const allTools = [
     },
     {
         name: "download_job_artifacts",
-        description: "Download job artifact archive (zip) to a local path",
-        inputSchema: toJSONSchema(DownloadJobArtifactsSchema),
+        description: IS_REMOTE
+            ? "Get a download URL for a job's artifact archive (zip)"
+            : "Download job artifact archive (zip) and save to a local path",
+        inputSchema: IS_REMOTE
+            ? toJSONSchema(DownloadJobArtifactsRemoteSchema)
+            : toJSONSchema(DownloadJobArtifactsSchema),
     },
     {
         name: "get_job_artifact_file",
@@ -683,6 +693,11 @@ export const allTools = [
         description: "Get changes/diffs of a specific commit",
         inputSchema: toJSONSchema(GetCommitDiffSchema),
     },
+    {
+        name: "get_file_blame",
+        description: "Get git blame for a file at a given ref. Each entry maps a contiguous range of source lines to the commit that last changed them (id, author, authored_date, message). Use range_start/range_end to limit blame to specific lines.",
+        inputSchema: toJSONSchema(GetFileBlameSchema),
+    },
     {
         name: "list_commit_statuses",
         description: "List statuses for a commit",
@@ -700,13 +715,21 @@ export const allTools = [
     },
     {
         name: "upload_markdown",
-        description: "Upload a file for use in markdown content",
-        inputSchema: toJSONSchema(MarkdownUploadSchema),
+        description: IS_REMOTE
+            ? "Upload base64-encoded content for use in markdown"
+            : "Upload a file for use in markdown content",
+        inputSchema: IS_REMOTE
+            ? toJSONSchema(MarkdownUploadRemoteSchema)
+            : toJSONSchema(MarkdownUploadSchema),
     },
     {
         name: "download_attachment",
-        description: "Download an uploaded file from a project (images returned as base64; use local_path to save to disk)",
-        inputSchema: toJSONSchema(DownloadAttachmentSchema),
+        description: IS_REMOTE
+            ? "Download an uploaded file from a project (images returned inline as base64, other files returned as download URL)"
+            : "Download an uploaded file from a project (images returned as base64; use local_path to save to disk)",
+        inputSchema: IS_REMOTE
+            ? toJSONSchema(DownloadAttachmentRemoteSchema)
+            : toJSONSchema(DownloadAttachmentSchema),
     },
     {
         name: "health_check",
@@ -755,7 +778,9 @@ export const allTools = [
     },
     {
         name: "download_release_asset",
-        description: "Download a release asset file by direct asset path",
+        description: IS_REMOTE
+            ? "Get a download URL for a release asset file"
+            : "Download a release asset file by direct asset path",
         inputSchema: toJSONSchema(DownloadReleaseAssetSchema),
     },
     {
@@ -995,6 +1020,7 @@ export const readOnlyTools = new Set([
     "list_commits",
     "get_commit",
     "get_commit_diff",
+    "get_file_blame",
     "list_commit_statuses",
     "list_group_iterations",
     "get_group_iteration",
@@ -1203,6 +1229,7 @@ export const TOOLSET_DEFINITIONS = [
             "list_commits",
             "get_commit",
             "get_commit_diff",
+            "get_file_blame",
             "list_commit_statuses",
             "create_commit_status",
         ]),
@@ -1238,6 +1265,11 @@ export const TOOLSET_DEFINITIONS = [
         isDefault: true,
         tools: new Set(["validate_ci_lint", "validate_project_ci_lint"]),
     },
+    {
+        id: "groups",
+        isDefault: true,
+        tools: new Set(["create_group"]),
+    },
     {
         id: "pipelines",
         isDefault: false,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zereight/mcp-gitlab",
-  "version": "2.1.12",
+  "version": "2.1.14",
   "mcpName": "io.github.zereight/gitlab-mcp",
   "description": "GitLab MCP server for projects, merge requests, issues, pipelines, wiki, releases, and more",
   "keywords": [
@@ -51,7 +51,7 @@
     "changelog": "auto-changelog -p",
     "test": "npm run test:all",
     "test:all": "npm run build && npm run test:mock && npm run test:live",
-    "test:mock": "node --import tsx/esm --test test/remote-auth-simple-test.ts && node --import tsx/esm --test test/mcp-oauth-tests.ts && node --import tsx/esm --test test/streamable-http-static-token-auth.test.ts && tsx test/oauth-tests.ts && tsx test/test-list-merge-requests.ts && node --import tsx/esm --test test/test-merge-request-pipelines.ts && tsx test/test-list-project-members.ts && tsx test/test-download-attachment.ts && node --import tsx/esm --test test/test-job-artifacts.ts && node --import tsx/esm --test test/test-deployment-tools.ts && node --import tsx/esm --test test/test-merge-request-approval-state-tools.ts && node --import tsx/esm --test test/test-search-code.ts && node --import tsx/esm --test test/test-tags.ts && node --import tsx/esm --test test/test-toolset-filtering.ts && node --import tsx/esm --test test/test-ci-lint.ts && node --import tsx/esm --test test/test-todos.ts && node --import tsx/esm --test test/test-auth-retry.ts && node --import tsx/esm --test test/test-issue-description-patch.ts && node --import tsx/esm --test test/stateless/codec.test.ts test/stateless/client-id.test.ts test/stateless/callback-proxy.test.ts test/stateless/session-id.test.ts test/stateless/session-id-integration.test.ts test/stateless/config-ttl.test.ts",
+    "test:mock": "node --import tsx/esm --test test/remote-auth-simple-test.ts && node --import tsx/esm --test test/mcp-oauth-tests.ts && node --import tsx/esm --test test/streamable-http-static-token-auth.test.ts && tsx test/oauth-tests.ts && tsx test/test-list-merge-requests.ts && node --import tsx/esm --test test/test-merge-request-pipelines.ts && tsx test/test-list-project-members.ts && tsx test/test-download-attachment.ts && node --import tsx/esm --test test/test-job-artifacts.ts && node --import tsx/esm --test test/test-deployment-tools.ts && node --import tsx/esm --test test/test-merge-request-approval-state-tools.ts && node --import tsx/esm --test test/test-search-code.ts && node --import tsx/esm --test test/test-tags.ts && node --import tsx/esm --test test/test-toolset-filtering.ts && node --import tsx/esm --test test/test-ci-lint.ts && node --import tsx/esm --test test/test-todos.ts && node --import tsx/esm --test test/test-auth-retry.ts && node --import tsx/esm --test test/test-issue-description-patch.ts && node --import tsx/esm --test test/test-geteffectiveprojectid.ts && node --import tsx/esm --test test/test-get-file-blame.ts && node --import tsx/esm --test test/stateless/codec.test.ts test/stateless/client-id.test.ts test/stateless/callback-proxy.test.ts test/stateless/session-id.test.ts test/stateless/session-id-integration.test.ts test/stateless/config-ttl.test.ts",
     "test:stateless": "npm run build && node --import tsx/esm --test test/stateless/codec.test.ts test/stateless/client-id.test.ts test/stateless/callback-proxy.test.ts test/stateless/session-id.test.ts test/stateless/session-id-integration.test.ts test/stateless/config-ttl.test.ts",
     "test:mcp-oauth": "npm run build && node --import tsx/esm --test test/mcp-oauth-tests.ts",
     "test:live": "node test/validate-api.js",