@zereight/mcp-gitlab 2.1.24 → 2.1.26

package/build/test/test-list-issues.js

@@ -4,7 +4,7 @@ import { spawn } from "child_process";
 import { MockGitLabServer, findMockServerPort } from "./utils/mock-gitlab-server.js";
 const MOCK_TOKEN = "glpat-mock-token-12345";
 const TEST_PROJECT_ID = "123";
-async function callListIssues(args = {}, env) {
+async function callListIssuesResult(args = {}, env) {
     return new Promise((resolve, reject) => {
         const proc = spawn("node", ["build/index.js"], {
             stdio: ["pipe", "pipe", "pipe"],
@@ -35,14 +35,14 @@ async function callListIssues(args = {}, env) {
                     const content = response.result?.content?.[0]?.text;
                     if (content) {
                         try {
-                            resolve(JSON.parse(content));
+                            resolve({ data: JSON.parse(content), text: content });
                         }
                         catch {
                             reject(new Error(`Failed to parse tool output JSON: ${content}`));
                         }
                     }
                     else {
-                        resolve(response.result);
+                        resolve({ data: response.result });
                     }
                 }
             }
@@ -58,6 +58,9 @@ async function callListIssues(args = {}, env) {
         }) + "\n");
     });
 }
+async function callListIssues(args = {}, env) {
+    return (await callListIssuesResult(args, env)).data;
+}
 describe("list_issues", () => {
     let mockGitLab;
     let mockGitLabUrl;
@@ -85,6 +88,15 @@ describe("list_issues", () => {
         const title = Reflect.get(firstIssue, "title");
         assert.strictEqual(title, "Test Issue 1");
     });
+    test("returns compact JSON text", async () => {
+        const result = await callListIssuesResult({ project_id: TEST_PROJECT_ID }, {
+            GITLAB_API_URL: `${mockGitLabUrl}/api/v4`,
+            GITLAB_PERSONAL_ACCESS_TOKEN: MOCK_TOKEN,
+        });
+        assert.ok(result.text, "Tool response should include text content");
+        assert.doesNotMatch(result.text, /\n\s+"/, "Tool response JSON should not be pretty-printed");
+        assert.ok(Array.isArray(result.data), "Response should remain valid JSON");
+    });
     test("prefers author_username over author_id when both are provided", async () => {
         let capturedUrl;
         mockGitLab.addMockHandler("get", `/projects/${TEST_PROJECT_ID}/issues`, (req, res) => {

package/build/test/test-toolset-filtering.js

@@ -20,9 +20,9 @@ const TOOLSET_TOOL_COUNTS = {
     issues: 24,
     repositories: 7,
     branches: 15,
-    projects: 9,
+    projects: 10,
     labels: 5,
-    ci: 2,
+    ci: 4,
     pipelines: 19,
     milestones: 9,
     wiki: 10,
@@ -36,7 +36,8 @@ const TOOLSET_TOOL_COUNTS = {
     variables: 10,
     dependency_proxy: 4,
 };
-const LEGACY_PIPELINE_TOOL_COUNT = TOOLSET_TOOL_COUNTS.pipelines + TOOLSET_TOOL_COUNTS.ci;
+const LEGACY_PIPELINE_CI_TOOL_COUNT = 2;
+const LEGACY_PIPELINE_TOOL_COUNT = TOOLSET_TOOL_COUNTS.pipelines + LEGACY_PIPELINE_CI_TOOL_COUNT;
 const DEFAULT_TOOLSETS = [
     "merge_requests",
     "issues",
@@ -70,9 +71,9 @@ const TOOLSET_SAMPLE_TOOLS = {
     issues: ["create_issue", "list_issues", "create_note", "list_todos"],
     repositories: ["search_repositories", "get_file_contents", "push_files"],
     branches: ["create_branch", "get_branch", "list_branches", "delete_branch", "list_commits", "list_commit_statuses", "create_commit_status"],
-    projects: ["get_project", "list_namespaces", "list_group_iterations"],
+    projects: ["get_project", "update_project", "list_namespaces", "list_group_iterations"],
     labels: ["list_labels", "create_label"],
-    ci: ["validate_ci_lint", "validate_project_ci_lint"],
+    ci: ["validate_ci_lint", "validate_project_ci_lint", "list_ci_catalog_resources", "get_ci_catalog_resource"],
     pipelines: ["list_pipelines", "create_pipeline", "cancel_pipeline_job", "list_deployments", "list_job_artifacts"],
     milestones: ["list_milestones", "create_milestone", "get_milestone_burndown_events"],
     wiki: ["list_wiki_pages", "create_wiki_page", "list_group_wiki_pages", "create_group_wiki_page"],

package/build/test/test-update-project.js

@@ -0,0 +1,112 @@
+import { describe, test } from "node:test";
+import assert from "node:assert";
+import { spawn } from "child_process";
+import { MockGitLabServer, findMockServerPort } from "./utils/mock-gitlab-server.js";
+const MOCK_TOKEN = "mock-update-project-token";
+const TEST_PROJECT_ID = "123";
+async function callUpdateProject(args, env) {
+    return new Promise((resolve, reject) => {
+        const proc = spawn("node", ["build/index.js"], {
+            stdio: ["pipe", "pipe", "pipe"],
+            env: { ...process.env, ...env },
+        });
+        let output = "";
+        let errorOutput = "";
+        proc.stdout?.on("data", (d) => (output += d));
+        proc.stderr?.on("data", (d) => (errorOutput += d));
+        proc.on("close", code => {
+            if (code !== 0) {
+                reject(new Error(`Process exited with code ${code}: ${errorOutput}`));
+                return;
+            }
+            const line = output.split("\n").find(l => l.startsWith("{"));
+            if (!line) {
+                reject(new Error("No JSON output found"));
+                return;
+            }
+            const response = JSON.parse(line);
+            if (response.error) {
+                reject(new Error(response.error?.message ?? String(response.error)));
+                return;
+            }
+            const content = response.result?.content?.[0]?.text;
+            resolve(content ? JSON.parse(content) : response.result);
+        });
+        proc.stdin?.end(JSON.stringify({
+            jsonrpc: "2.0",
+            id: 1,
+            method: "tools/call",
+            params: { name: "update_project", arguments: args },
+        }) + "\n");
+    });
+}
+describe("update_project", () => {
+    test("sends project settings to PUT /projects/:id", async () => {
+        const mockPort = await findMockServerPort();
+        const mockServer = new MockGitLabServer({ port: mockPort, validTokens: [MOCK_TOKEN] });
+        let receivedBody;
+        mockServer.addMockHandler("put", `/projects/${TEST_PROJECT_ID}`, (req, res) => {
+            receivedBody = req.body;
+            res.json({ id: Number(TEST_PROJECT_ID), ...receivedBody });
+        });
+        await mockServer.start();
+        try {
+            const result = await callUpdateProject({
+                project_id: TEST_PROJECT_ID,
+                description: "Managed by MCP",
+                visibility: "private",
+                topics: ["ai", "mcp"],
+                issues_access_level: "enabled",
+                wiki_access_level: "disabled",
+                remove_source_branch_after_merge: "true",
+            }, {
+                GITLAB_API_URL: `${mockServer.getUrl()}/api/v4`,
+                GITLAB_PERSONAL_ACCESS_TOKEN: MOCK_TOKEN,
+            });
+            assert.deepStrictEqual(receivedBody, {
+                description: "Managed by MCP",
+                visibility: "private",
+                topics: ["ai", "mcp"],
+                issues_access_level: "enabled",
+                wiki_access_level: "disabled",
+                remove_source_branch_after_merge: true,
+            });
+            assert.strictEqual(result.description, "Managed by MCP");
+        }
+        finally {
+            await mockServer.stop();
+        }
+    });
+    test("keeps string false as boolean false", async () => {
+        const mockPort = await findMockServerPort();
+        const mockServer = new MockGitLabServer({ port: mockPort, validTokens: [MOCK_TOKEN] });
+        let receivedBody;
+        mockServer.addMockHandler("put", `/projects/${TEST_PROJECT_ID}`, (req, res) => {
+            receivedBody = req.body;
+            res.json({ id: Number(TEST_PROJECT_ID), ...receivedBody });
+        });
+        await mockServer.start();
+        try {
+            await callUpdateProject({ project_id: TEST_PROJECT_ID, remove_source_branch_after_merge: "false" }, {
+                GITLAB_API_URL: `${mockServer.getUrl()}/api/v4`,
+                GITLAB_PERSONAL_ACCESS_TOKEN: MOCK_TOKEN,
+            });
+            assert.strictEqual(receivedBody?.remove_source_branch_after_merge, false);
+        }
+        finally {
+            await mockServer.stop();
+        }
+    });
+    test("rejects public access level for non-pages features", async () => {
+        await assert.rejects(() => callUpdateProject({ project_id: TEST_PROJECT_ID, issues_access_level: "public" }, {
+            GITLAB_API_URL: "https://gitlab.example.com/api/v4",
+            GITLAB_PERSONAL_ACCESS_TOKEN: MOCK_TOKEN,
+        }), /Invalid enum value/);
+    });
+    test("rejects empty updates before calling GitLab", async () => {
+        await assert.rejects(() => callUpdateProject({ project_id: TEST_PROJECT_ID }, {
+            GITLAB_API_URL: "https://gitlab.example.com/api/v4",
+            GITLAB_PERSONAL_ACCESS_TOKEN: MOCK_TOKEN,
+        }), /Provide at least one project setting/);
+    });
+});

package/build/test/utils/forwarded-public-base-url.test.js

@@ -0,0 +1,38 @@
+import { describe, test } from "node:test";
+import assert from "node:assert";
+import { getForwardedPublicBaseUrl } from "../../utils/forwarded-public-base-url.js";
+function req(headers) {
+    return { headers };
+}
+describe("getForwardedPublicBaseUrl", () => {
+    test("returns undefined unless proxy headers are trusted", () => {
+        assert.strictEqual(getForwardedPublicBaseUrl(req({ "x-forwarded-proto": "https", "x-forwarded-host": "gitlab.example.com" }), false), undefined);
+    });
+    test("builds a public base URL from forwarded headers", () => {
+        assert.strictEqual(getForwardedPublicBaseUrl(req({
+            "x-forwarded-proto": "https",
+            "x-forwarded-host": "mcp.example.com",
+            "x-forwarded-prefix": "/gitlab-mcp/",
+        }), true), "https://mcp.example.com/gitlab-mcp");
+    });
+    test("uses the last comma-separated forwarded value", () => {
+        assert.strictEqual(getForwardedPublicBaseUrl(req({
+            "x-forwarded-proto": "http, https",
+            "x-forwarded-host": "internal, mcp.example.com",
+        }), true), "https://mcp.example.com");
+    });
+    test("parses quoted Forwarded header values", () => {
+        assert.strictEqual(getForwardedPublicBaseUrl(req({
+            forwarded: 'for=192.0.2.43; proto="https"; host="mcp.example.com"',
+            "x-forwarded-prefix": "/gitlab-mcp",
+        }), true), "https://mcp.example.com/gitlab-mcp");
+    });
+    test("rejects unsafe host and prefix values", () => {
+        assert.strictEqual(getForwardedPublicBaseUrl(req({ "x-forwarded-proto": "https", "x-forwarded-host": "bad/host" }), true), undefined);
+        assert.strictEqual(getForwardedPublicBaseUrl(req({
+            "x-forwarded-proto": "https",
+            "x-forwarded-host": "mcp.example.com",
+            "x-forwarded-prefix": "//evil",
+        }), true), "https://mcp.example.com");
+    });
+});

package/build/tools/registry.js

@@ -1,7 +1,7 @@
 import { zodToJsonSchema } from "zod-to-json-schema";
 import { toJSONSchema } from "../utils/schema.js";
 import { USE_GITLAB_WIKI, USE_MILESTONE, USE_PIPELINE, SSE, STREAMABLE_HTTP, } from "../config.js";
-import { ApproveMergeRequestSchema, BulkPublishDraftNotesSchema, CancelPipelineJobSchema, CancelPipelineSchema, ConvertWorkItemTypeSchema, CreateBranchSchema, CreateDraftNoteSchema, CreateGroupSchema, CreateGroupWikiPageSchema, CreateIssueLinkSchema, CreateIssueNoteSchema, CreateIssueSchema, CreateIssueEmojiReactionSchema, CreateIssueNoteEmojiReactionSchema, ListIssueEmojiReactionsSchema, ListIssueNoteEmojiReactionsSchema, CreateLabelSchema, MarkAllTodosDoneSchema, ListTodosSchema, MarkTodoDoneSchema, CreateMergeRequestDiscussionNoteSchema, CreateMergeRequestEmojiReactionSchema, ListMergeRequestEmojiReactionsSchema, ListMergeRequestNoteEmojiReactionsSchema, CreateMergeRequestNoteSchema, CreateMergeRequestNoteEmojiReactionSchema, CreateMergeRequestSchema, CreateMergeRequestThreadSchema, CreateNoteSchema, CreateCommitStatusSchema, CreateOrUpdateFileSchema, CreatePipelineSchema, CreateProjectMilestoneSchema, CreateReleaseEvidenceSchema, CreateReleaseSchema, CreateRepositorySchema, CreateTagSchema, CreateTimelineEventSchema, CreateWikiPageSchema, CreateWorkItemNoteSchema, CreateWorkItemEmojiReactionSchema, CreateWorkItemNoteEmojiReactionSchema, ListWorkItemEmojiReactionsSchema, ListWorkItemNoteEmojiReactionsSchema, CreateWorkItemSchema, DeleteBranchSchema, GetProtectedBranchSchema, ListProtectedBranchesSchema, ProtectBranchSchema, UnprotectBranchSchema, UpdateDefaultBranchSchema, DeleteDraftNoteSchema, DeleteGroupWikiPageSchema, DeleteIssueLinkSchema, DeleteIssueSchema, DeleteIssueEmojiReactionSchema, DeleteIssueNoteEmojiReactionSchema, DeleteLabelSchema, DeleteMergeRequestDiscussionNoteSchema, DeleteMergeRequestNoteSchema, DeleteMergeRequestEmojiReactionSchema, DeleteMergeRequestNoteEmojiReactionSchema, DeleteProjectMilestoneSchema, DeleteReleaseSchema, DeleteTagSchema, DeleteWikiPageSchema, DeleteWorkItemEmojiReactionSchema, DeleteWorkItemNoteEmojiReactionSchema, DownloadAttachmentSchema, DownloadAttachmentRemoteSchema, DownloadJobArtifactsSchema, DownloadJobArtifactsRemoteSchema, DownloadReleaseAssetSchema, EditProjectMilestoneSchema, ExecuteGraphQLSchema, ForkRepositorySchema, HealthCheckSchema, GetBranchSchema, GetBranchDiffsSchema, GetCommitDiffSchema, GetCommitSchema, GetFileBlameSchema, GetDeploymentSchema, GetDraftNoteSchema, GetEnvironmentSchema, GetFileContentsSchema, GetGroupWikiPageSchema, GetIssueLinkSchema, GetIssueSchema, GetJobArtifactFileSchema, GetLabelSchema, GetMergeRequestApprovalStateSchema, GetMergeRequestConflictsSchema, GetMergeRequestDiffsSchema, GetMergeRequestFileDiffSchema, GetMergeRequestNoteSchema, GetMergeRequestNotesSchema, GetMergeRequestSchema, GetMergeRequestVersionSchema, GetMilestoneBurndownEventsSchema, GetMilestoneIssuesSchema, GetMilestoneMergeRequestsSchema, GetNamespaceSchema, GetPipelineJobOutputSchema, GetPipelineSchema, GetProjectEventsSchema, GetProjectMilestoneSchema, GetProjectSchema, GetReleaseSchema, GetRepositoryTreeSchema, GetTagSchema, GetTagSignatureSchema, GetTimelineEventsSchema, GetUsersSchema, GetUserSchema, WhoAmISchema, GetWebhookEventSchema, GetWikiPageSchema, GetWorkItemSchema, ListBranchesSchema, ListCommitsSchema, ListCommitStatusesSchema, ListCustomFieldDefinitionsSchema, ListDeploymentsSchema, ListDraftNotesSchema, ListEnvironmentsSchema, ListEventsSchema, ListGroupIterationsSchema, ListGroupProjectsSchema, ListGroupWikiPagesSchema, ListIssueDiscussionsSchema, ListIssueLinksSchema, ListIssuesSchema, ListJobArtifactsSchema, ListLabelsSchema, ListMergeRequestChangedFilesSchema, ListMergeRequestDiffsSchema, ListMergeRequestDiscussionsSchema, ListMergeRequestPipelinesSchema, ListMergeRequestVersionsSchema, ListMergeRequestsSchema, ListNamespacesSchema, ListPipelineJobsSchema, ListPipelineTriggerJobsSchema, ValidateCiLintSchema, ValidateProjectCiLintSchema, ListPipelinesSchema, ListProjectMembersSchema, ListProjectMilestonesSchema, ListProjectsSchema, ListReleasesSchema, ListTagsSchema, ListWebhookEventsSchema, ListWebhooksSchema, ListWikiPagesSchema, ListWorkItemNotesSchema, ListWorkItemStatusesSchema, ListWorkItemsSchema, MarkdownUploadSchema, MarkdownUploadRemoteSchema, MergeMergeRequestSchema, MoveWorkItemSchema, MyIssuesSchema, PlayPipelineJobSchema, PromoteProjectMilestoneSchema, PublishDraftNoteSchema, PushFilesSchema, ResolveMergeRequestThreadSchema, RetryPipelineJobSchema, RetryPipelineSchema, SearchCodeSchema, SearchGroupCodeSchema, SearchProjectCodeSchema, SearchRepositoriesSchema, UnapproveMergeRequestSchema, UpdateDraftNoteSchema, UpdateGroupWikiPageSchema, UpdateIssueNoteSchema, UpdateIssueSchema, UpdateIssueDescriptionPatchSchema, UpdateLabelSchema, UpdateMergeRequestDiscussionNoteSchema, UpdateMergeRequestNoteSchema, UpdateMergeRequestSchema, UpdateReleaseSchema, UpdateWikiPageSchema, UpdateWorkItemSchema, VerifyNamespaceSchema, ListProjectVariablesSchema, GetProjectVariableSchema, CreateProjectVariableSchema, UpdateProjectVariableSchema, DeleteProjectVariableSchema, ListGroupVariablesSchema, GetGroupVariableSchema, CreateGroupVariableSchema, UpdateGroupVariableSchema, DeleteGroupVariableSchema, GetDependencyProxySettingsSchema, UpdateDependencyProxySettingsSchema, ListDependencyProxyBlobsSchema, PurgeDependencyProxyCacheSchema, } from "../schemas.js";
+import { ApproveMergeRequestSchema, BulkPublishDraftNotesSchema, CancelPipelineJobSchema, CancelPipelineSchema, ConvertWorkItemTypeSchema, CreateBranchSchema, CreateDraftNoteSchema, CreateGroupSchema, CreateGroupWikiPageSchema, CreateIssueLinkSchema, CreateIssueNoteSchema, CreateIssueSchema, CreateIssueEmojiReactionSchema, CreateIssueNoteEmojiReactionSchema, ListIssueEmojiReactionsSchema, ListIssueNoteEmojiReactionsSchema, CreateLabelSchema, MarkAllTodosDoneSchema, ListTodosSchema, MarkTodoDoneSchema, CreateMergeRequestDiscussionNoteSchema, CreateMergeRequestEmojiReactionSchema, ListMergeRequestEmojiReactionsSchema, ListMergeRequestNoteEmojiReactionsSchema, CreateMergeRequestNoteSchema, CreateMergeRequestNoteEmojiReactionSchema, CreateMergeRequestSchema, CreateMergeRequestThreadSchema, CreateNoteSchema, CreateCommitStatusSchema, CreateOrUpdateFileSchema, CreatePipelineSchema, CreateProjectMilestoneSchema, CreateReleaseEvidenceSchema, CreateReleaseSchema, CreateRepositorySchema, CreateTagSchema, CreateTimelineEventSchema, CreateWikiPageSchema, CreateWorkItemNoteSchema, CreateWorkItemEmojiReactionSchema, CreateWorkItemNoteEmojiReactionSchema, ListWorkItemEmojiReactionsSchema, ListWorkItemNoteEmojiReactionsSchema, CreateWorkItemSchema, DeleteBranchSchema, GetProtectedBranchSchema, ListProtectedBranchesSchema, ProtectBranchSchema, UnprotectBranchSchema, UpdateDefaultBranchSchema, DeleteDraftNoteSchema, DeleteGroupWikiPageSchema, DeleteIssueLinkSchema, DeleteIssueSchema, DeleteIssueEmojiReactionSchema, DeleteIssueNoteEmojiReactionSchema, DeleteLabelSchema, DeleteMergeRequestDiscussionNoteSchema, DeleteMergeRequestNoteSchema, DeleteMergeRequestEmojiReactionSchema, DeleteMergeRequestNoteEmojiReactionSchema, DeleteProjectMilestoneSchema, DeleteReleaseSchema, DeleteTagSchema, DeleteWikiPageSchema, DeleteWorkItemEmojiReactionSchema, DeleteWorkItemNoteEmojiReactionSchema, DownloadAttachmentSchema, DownloadAttachmentRemoteSchema, DownloadJobArtifactsSchema, DownloadJobArtifactsRemoteSchema, DownloadReleaseAssetSchema, EditProjectMilestoneSchema, ExecuteGraphQLSchema, ForkRepositorySchema, HealthCheckSchema, GetBranchSchema, GetBranchDiffsSchema, GetCommitDiffSchema, GetCommitSchema, GetFileBlameSchema, GetDeploymentSchema, GetDraftNoteSchema, GetEnvironmentSchema, GetFileContentsSchema, GetGroupWikiPageSchema, GetIssueLinkSchema, GetIssueSchema, GetJobArtifactFileSchema, GetLabelSchema, GetMergeRequestApprovalStateSchema, GetMergeRequestConflictsSchema, GetMergeRequestDiffsSchema, GetMergeRequestFileDiffSchema, GetMergeRequestNoteSchema, GetMergeRequestNotesSchema, GetMergeRequestSchema, GetMergeRequestVersionSchema, GetMilestoneBurndownEventsSchema, GetMilestoneIssuesSchema, GetMilestoneMergeRequestsSchema, GetNamespaceSchema, GetPipelineJobOutputSchema, GetPipelineSchema, GetProjectEventsSchema, GetProjectMilestoneSchema, GetProjectSchema, GetReleaseSchema, GetRepositoryTreeSchema, GetTagSchema, GetTagSignatureSchema, GetTimelineEventsSchema, GetUsersSchema, GetUserSchema, WhoAmISchema, GetWebhookEventSchema, GetWikiPageSchema, GetWorkItemSchema, ListBranchesSchema, ListCommitsSchema, ListCommitStatusesSchema, ListCustomFieldDefinitionsSchema, ListDeploymentsSchema, ListDraftNotesSchema, ListEnvironmentsSchema, ListEventsSchema, ListGroupIterationsSchema, ListGroupProjectsSchema, ListGroupWikiPagesSchema, ListIssueDiscussionsSchema, ListIssueLinksSchema, ListIssuesSchema, ListJobArtifactsSchema, ListLabelsSchema, ListMergeRequestChangedFilesSchema, ListMergeRequestDiffsSchema, ListMergeRequestDiscussionsSchema, ListMergeRequestPipelinesSchema, ListMergeRequestVersionsSchema, ListMergeRequestsSchema, ListNamespacesSchema, ListPipelineJobsSchema, ListPipelineTriggerJobsSchema, ValidateCiLintSchema, ValidateProjectCiLintSchema, ListCiCatalogResourcesSchema, GetCiCatalogResourceSchema, ListPipelinesSchema, ListProjectMembersSchema, ListProjectMilestonesSchema, ListProjectsSchema, ListReleasesSchema, ListTagsSchema, ListWebhookEventsSchema, ListWebhooksSchema, ListWikiPagesSchema, ListWorkItemNotesSchema, ListWorkItemStatusesSchema, ListWorkItemsSchema, MarkdownUploadSchema, MarkdownUploadRemoteSchema, MergeMergeRequestSchema, MoveWorkItemSchema, MyIssuesSchema, PlayPipelineJobSchema, PromoteProjectMilestoneSchema, PublishDraftNoteSchema, PushFilesSchema, ResolveMergeRequestThreadSchema, RetryPipelineJobSchema, RetryPipelineSchema, SearchCodeSchema, SearchGroupCodeSchema, SearchProjectCodeSchema, SearchRepositoriesSchema, UnapproveMergeRequestSchema, UpdateDraftNoteSchema, UpdateGroupWikiPageSchema, UpdateIssueNoteSchema, UpdateIssueSchema, UpdateIssueDescriptionPatchSchema, UpdateLabelSchema, UpdateProjectSchema, UpdateMergeRequestDiscussionNoteSchema, UpdateMergeRequestNoteSchema, UpdateMergeRequestSchema, UpdateReleaseSchema, UpdateWikiPageSchema, UpdateWorkItemSchema, VerifyNamespaceSchema, ListProjectVariablesSchema, GetProjectVariableSchema, CreateProjectVariableSchema, UpdateProjectVariableSchema, DeleteProjectVariableSchema, ListGroupVariablesSchema, GetGroupVariableSchema, CreateGroupVariableSchema, UpdateGroupVariableSchema, DeleteGroupVariableSchema, GetDependencyProxySettingsSchema, UpdateDependencyProxySettingsSchema, ListDependencyProxyBlobsSchema, PurgeDependencyProxyCacheSchema, } from "../schemas.js";
 const IS_REMOTE = SSE || STREAMABLE_HTTP;
 // Define all available tools
 export const allTools = [
@@ -426,7 +426,7 @@ export const allTools = [
     },
     {
         name: "verify_namespace",
-        description: "Verify if a namespace path exists",
+        description: "Verify if a namespace path exists. Use parent_id to scope the check to a specific parent namespace — required for nested namespaces where the same path may exist under different parents.",
         inputSchema: toJSONSchema(VerifyNamespaceSchema),
     },
     {
@@ -439,6 +439,11 @@ export const allTools = [
         description: "List projects accessible by the current user",
         inputSchema: toJSONSchema(ListProjectsSchema),
     },
+    {
+        name: "update_project",
+        description: "Update project settings such as description, visibility, default branch, and feature access levels",
+        inputSchema: toJSONSchema(UpdateProjectSchema),
+    },
     {
         name: "list_project_members",
         description: "List members of a GitLab project",
@@ -589,6 +594,16 @@ export const allTools = [
         description: "Validate an existing .gitlab-ci.yml configuration for a project",
         inputSchema: toJSONSchema(ValidateProjectCiLintSchema),
     },
+    {
+        name: "list_ci_catalog_resources",
+        description: "List GitLab CI/CD Catalog resources/components visible to the user",
+        inputSchema: toJSONSchema(ListCiCatalogResourcesSchema),
+    },
+    {
+        name: "get_ci_catalog_resource",
+        description: "Get details for a GitLab CI/CD Catalog resource, including versions and components",
+        inputSchema: toJSONSchema(GetCiCatalogResourceSchema),
+    },
     {
         name: "create_pipeline",
         description: "Create a new pipeline for a branch or tag",
@@ -1097,6 +1112,8 @@ export const readOnlyTools = new Set([
     "get_pipeline_job_output",
     "validate_ci_lint",
     "validate_project_ci_lint",
+    "list_ci_catalog_resources",
+    "get_ci_catalog_resource",
     "list_job_artifacts",
     "download_job_artifacts",
     "get_job_artifact_file",
@@ -1355,6 +1372,7 @@ export const TOOLSET_DEFINITIONS = [
         tools: new Set([
             "get_project",
             "list_projects",
+            "update_project",
             "list_project_members",
             "list_namespaces",
             "get_namespace",
@@ -1378,7 +1396,12 @@ export const TOOLSET_DEFINITIONS = [
     {
         id: "ci",
         isDefault: true,
-        tools: new Set(["validate_ci_lint", "validate_project_ci_lint"]),
+        tools: new Set([
+            "validate_ci_lint",
+            "validate_project_ci_lint",
+            "list_ci_catalog_resources",
+            "get_ci_catalog_resource",
+        ]),
     },
     {
         id: "groups",

package/build/utils/forwarded-public-base-url.js

@@ -0,0 +1,62 @@
+function getLastHeaderValue(value) {
+    const raw = Array.isArray(value) ? value[value.length - 1] : value;
+    if (!raw)
+        return undefined;
+    const parts = raw.split(",").map(part => part.trim()).filter(Boolean);
+    return parts.length > 0 ? parts[parts.length - 1] : undefined;
+}
+function unquoteHeaderValue(value) {
+    if (value.length >= 2 && value.startsWith('"') && value.endsWith('"')) {
+        return value.slice(1, -1).replace(/\\"/g, '"').replace(/\\\\/g, "\\");
+    }
+    return value;
+}
+function trimTrailingSlashes(value) {
+    let end = value.length;
+    while (end > 0 && value[end - 1] === "/")
+        end--;
+    return value.slice(0, end);
+}
+export function getForwardedPublicBaseUrl(req, trustProxy) {
+    if (!trustProxy)
+        return undefined;
+    const forwarded = getLastHeaderValue(req.headers.forwarded);
+    const forwardedValues = {};
+    if (forwarded) {
+        for (const part of forwarded.split(";")) {
+            const separator = part.indexOf("=");
+            if (separator <= 0)
+                continue;
+            const key = part.slice(0, separator).trim().toLowerCase();
+            const value = unquoteHeaderValue(part.slice(separator + 1).trim());
+            if (key && value)
+                forwardedValues[key] = value;
+        }
+    }
+    const proto = (forwardedValues.proto || getLastHeaderValue(req.headers["x-forwarded-proto"]))?.toLowerCase();
+    const host = forwardedValues.host || getLastHeaderValue(req.headers["x-forwarded-host"]);
+    if (!proto || !host || !/^https?$/.test(proto))
+        return undefined;
+    if (/[\s/\\]/.test(host))
+        return undefined;
+    const prefix = getLastHeaderValue(req.headers["x-forwarded-prefix"]);
+    const safePrefix = prefix &&
+        prefix.startsWith("/") &&
+        !prefix.startsWith("//") &&
+        !prefix.includes("://") &&
+        !/[\s\\]/.test(prefix)
+        ? trimTrailingSlashes(prefix)
+        : undefined;
+    try {
+        const baseUrl = new URL(`${proto}://${host}`);
+        if (baseUrl.username || baseUrl.password || baseUrl.pathname !== "/" || baseUrl.search || baseUrl.hash) {
+            return undefined;
+        }
+        if (safePrefix)
+            baseUrl.pathname = safePrefix;
+        return baseUrl.toString().replace(/\/$/, "");
+    }
+    catch {
+        return undefined;
+    }
+}

package/build/utils/schema.js

@@ -86,5 +86,19 @@ export const toJSONSchema = (schema) => {
         }
         return obj;
     }
-    return fixNullableOptional(jsonSchema, true);
+    const fixedSchema = fixNullableOptional(jsonSchema, true);
+    if (!fixedSchema.properties && Array.isArray(fixedSchema.anyOf)) {
+        const variants = fixedSchema.anyOf.filter((item) => item?.type === "object" && item.properties);
+        if (variants.length === fixedSchema.anyOf.length) {
+            fixedSchema.type = "object";
+            fixedSchema.properties = variants.reduce((properties, item) => {
+                Object.entries(item.properties).forEach(([key, value]) => {
+                    if (!properties[key])
+                        properties[key] = value;
+                });
+                return properties;
+            }, {});
+        }
+    }
+    return fixedSchema;
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zereight/mcp-gitlab",
-  "version": "2.1.24",
+  "version": "2.1.26",
   "mcpName": "io.github.zereight/gitlab-mcp",
   "description": "GitLab MCP server for projects, merge requests, issues, pipelines, wiki, releases, and more",
   "keywords": [
@@ -51,16 +51,18 @@
     "changelog": "auto-changelog -p",
     "test": "npm run test:all",
     "test:all": "npm run build && npm run test:mock && npm run test:live",
-    "test:mock": "node --import tsx/esm --test test/remote-auth-simple-test.ts && node --import tsx/esm --test test/mcp-oauth-tests.ts && node --import tsx/esm --test test/test-oauth-proxy-rate-limit.ts && node --import tsx/esm --test test/streamable-http-static-token-auth.test.ts && tsx test/oauth-tests.ts && tsx test/test-list-merge-requests.ts && tsx test/test-list-issues.ts && node --import tsx/esm --test test/test-merge-request-pipelines.ts && tsx test/test-list-project-members.ts && tsx test/test-download-attachment.ts && node --import tsx/esm --test test/test-upload-markdown.ts && node --import tsx/esm --test test/test-job-artifacts.ts && node --import tsx/esm --test test/test-remote-downloads.ts && node --import tsx/esm --test test/test-deployment-tools.ts && node --import tsx/esm --test test/test-merge-request-approval-state-tools.ts && node --import tsx/esm --test test/test-search-code.ts && node --import tsx/esm --test test/test-tags.ts && node --import tsx/esm --test test/test-protected-branches.ts && node --import tsx/esm --test test/test-toolset-filtering.ts && node --import tsx/esm --test test/test-ci-lint.ts && node --import tsx/esm --test test/test-todos.ts && node --import tsx/esm --test test/test-auth-retry.ts && node --import tsx/esm --test test/test-issue-description-patch.ts && node --import tsx/esm --test test/test-geteffectiveprojectid.ts && node --import tsx/esm --test test/test-get-file-blame.ts && node --import tsx/esm --test test/stateless/codec.test.ts test/stateless/client-id.test.ts test/stateless/callback-proxy.test.ts test/stateless/session-id.test.ts test/stateless/session-id-integration.test.ts test/stateless/config-ttl.test.ts && node --import tsx/esm --test test/utils/tool-args.test.ts && node --import tsx/esm --test test/utils/proxy-client-ip.test.ts && node --import tsx/esm --test test/utils/graphql-query.test.ts && node --import tsx/esm --test test/utils/wiki-title.test.ts && node --import tsx/esm --test test/utils/merge-request-position.test.ts && node --import tsx/esm --test test/nullish-tool-arguments-schema.test.ts && node --import tsx/esm --test test/test-ci-variables.ts && node --import tsx/esm --test test/test-dependency-proxy.ts",
+    "test:mock": "node --import tsx/esm --test test/remote-auth-simple-test.ts && node --import tsx/esm --test test/mcp-oauth-tests.ts && node --import tsx/esm --test test/test-oauth-proxy-rate-limit.ts && node --import tsx/esm --test test/streamable-http-static-token-auth.test.ts && node --import tsx/esm --test test/streamable-http-concurrent-session.test.ts && node --import tsx/esm --test test/streamable-http-unauthenticated-discovery.test.ts && tsx test/oauth-tests.ts && tsx test/test-list-merge-requests.ts && tsx test/test-list-issues.ts && node --import tsx/esm --test test/test-create-repository.ts && node --import tsx/esm --test test/test-update-project.ts && node --import tsx/esm --test test/test-merge-request-pipelines.ts && tsx test/test-list-project-members.ts && tsx test/test-download-attachment.ts && node --import tsx/esm --test test/test-upload-markdown.ts && node --import tsx/esm --test test/test-job-artifacts.ts && node --import tsx/esm --test test/test-remote-downloads.ts && node --import tsx/esm --test test/test-deployment-tools.ts && node --import tsx/esm --test test/test-merge-request-approval-state-tools.ts && node --import tsx/esm --test test/test-search-code.ts && node --import tsx/esm --test test/test-tags.ts && node --import tsx/esm --test test/test-protected-branches.ts && node --import tsx/esm --test test/test-toolset-filtering.ts && node --import tsx/esm --test test/test-ci-lint.ts && node --import tsx/esm --test test/test-ci-catalog.ts && node --import tsx/esm --test test/test-todos.ts && node --import tsx/esm --test test/test-auth-retry.ts && node --import tsx/esm --test test/test-issue-description-patch.ts && node --import tsx/esm --test test/test-geteffectiveprojectid.ts && node --import tsx/esm --test test/test-get-file-blame.ts && node --import tsx/esm --test test/stateless/codec.test.ts test/stateless/client-id.test.ts test/stateless/callback-proxy.test.ts test/stateless/session-id.test.ts test/stateless/session-id-integration.test.ts test/stateless/config-ttl.test.ts && node --import tsx/esm --test test/utils/tool-args.test.ts && node --import tsx/esm --test test/utils/proxy-client-ip.test.ts && node --import tsx/esm --test test/utils/forwarded-public-base-url.test.ts && node --import tsx/esm --test test/utils/graphql-query.test.ts && node --import tsx/esm --test test/utils/wiki-title.test.ts && node --import tsx/esm --test test/utils/merge-request-position.test.ts && node --import tsx/esm --test test/nullish-tool-arguments-schema.test.ts && node --import tsx/esm --test test/test-ci-variables.ts && node --import tsx/esm --test test/test-dependency-proxy.ts",
     "test:stateless": "npm run build && node --import tsx/esm --test test/stateless/codec.test.ts test/stateless/client-id.test.ts test/stateless/callback-proxy.test.ts test/stateless/session-id.test.ts test/stateless/session-id-integration.test.ts test/stateless/config-ttl.test.ts",
     "test:mcp-oauth": "npm run build && node --import tsx/esm --test test/mcp-oauth-tests.ts",
     "test:live": "node test/validate-api.js",
+    "test:consumer-smoke": "bash scripts/consumer-install-smoke.sh",
     "test:remote-auth": "npm run build && node --import tsx/esm --test test/remote-auth-simple-test.ts",
     "test:schema": "tsx test/schema-tests.ts && tsx test/test-json-schema.ts",
     "test:oauth": "tsx test/oauth-tests.ts",
     "test:list-merge-requests": "npm run build && tsx test/test-list-merge-requests.ts",
     "test:approvals": "npm run build && tsx test/test-merge-request-approvals.ts",
     "lint": "eslint . --ext .ts",
+    "check:runtime-deps": "node scripts/check-runtime-deps.mjs",
     "lint:fix": "eslint . --ext .ts --fix",
     "release": "bash scripts/release.sh",
     "release:mcp-registry": "bash scripts/publish_mcp_registry.sh",