@zereight/mcp-gitlab 2.1.25 → 2.1.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. package/README.ko.md +1 -0
  2. package/README.md +11 -1
  3. package/README.zh-CN.md +1 -0
  4. package/build/config.js +1 -0
  5. package/build/index.js +723 -343
  6. package/build/oauth.js +65 -3
  7. package/build/schemas.js +474 -197
  8. package/build/test/dynamic-api-url-allowlist.test.js +104 -0
  9. package/build/test/dynamic-api-url-test.js +3 -3
  10. package/build/test/oauth-tests.js +39 -0
  11. package/build/test/remote-auth-simple-test.js +13 -2
  12. package/build/test/schema-tests.js +51 -0
  13. package/build/test/sse-auth-guard.test.js +96 -0
  14. package/build/test/streamable-http-concurrent-session.test.js +92 -0
  15. package/build/test/streamable-http-unauthenticated-discovery.test.js +113 -0
  16. package/build/test/test-ci-catalog.js +177 -0
  17. package/build/test/test-create-repository.js +120 -0
  18. package/build/test/test-list-issues.js +15 -3
  19. package/build/test/test-toolset-filtering.js +6 -5
  20. package/build/test/test-update-project.js +112 -0
  21. package/build/test/utils/forwarded-public-base-url.test.js +38 -0
  22. package/build/tools/registry.js +25 -2
  23. package/build/utils/forwarded-public-base-url.js +62 -0
  24. package/build/utils/schema.js +15 -1
  25. package/package.json +2 -2
package/README.ko.md CHANGED
@@ -238,6 +238,7 @@ MCP 클라이언트 설정:
238
238
  | `REMOTE_AUTHORIZATION` | 예 | 활성화하려면 `true` |
239
239
  | `STREAMABLE_HTTP` | 예 | 반드시 `true` |
240
240
  | `ENABLE_DYNAMIC_API_URL` | 선택 | 요청별 `X-GitLab-API-URL` 헤더 허용 |
241
+ | `GITLAB_ALLOWED_HOSTS` | 선택 | 허용할 호스트의 쉼표 구분 목록; `GITLAB_API_URL` 호스트는 항상 허용 |
241
242
 
242
243
  **예시 요청 헤더:**
243
244
 
package/README.md CHANGED
@@ -111,6 +111,7 @@ docker run -i --rm \
111
111
  -e USE_MILESTONE=true \
112
112
  -e USE_PIPELINE=true \
113
113
  -e SSE=true \
114
+ -e SSE_AUTH_TOKEN=your_mcp_sse_token \
114
115
  -p 3333:3002 \
115
116
  zereight050/gitlab-mcp
116
117
  ```
@@ -120,7 +121,10 @@ docker run -i --rm \
120
121
  "mcpServers": {
121
122
  "gitlab": {
122
123
  "type": "sse",
123
- "url": "http://localhost:3333/sse"
124
+ "url": "http://localhost:3333/sse",
125
+ "headers": {
126
+ "Authorization": "Bearer your_mcp_sse_token"
127
+ }
124
128
  }
125
129
  }
126
130
  }
@@ -267,8 +271,14 @@ the token to GitLab on behalf of the caller.
267
271
  | `REMOTE_AUTHORIZATION` | ✅ | Set to `true` to enable |
268
272
  | `STREAMABLE_HTTP` | ✅ | Must be `true` |
269
273
  | `ENABLE_DYNAMIC_API_URL` | optional | Allow per-request GitLab URL via `X-GitLab-API-URL` header |
274
+ | `GITLAB_ALLOWED_HOSTS` | optional | Comma-separated allowed `X-GitLab-API-URL` hosts; `GITLAB_API_URL` hosts are always allowed |
275
+ | `GITLAB_ALLOW_UNAUTHENTICATED_TOOL_DISCOVERY` | optional | Allow unauthenticated `initialize`, `notifications/initialized`, and `tools/list` only (tool calls still require auth) |
270
276
  | `MCP_TRUST_PROXY` | optional | Trust `Forwarded` / `X-Forwarded-*` headers behind a reverse proxy (download URLs, Express `req.ip`, OAuth rate limits) |
271
277
 
278
+ `GITLAB_ALLOW_UNAUTHENTICATED_TOOL_DISCOVERY=true` is intended for MCP gateways
279
+ or admin UIs that need to inspect tool metadata before a user provides a GitLab
280
+ token. Leave it disabled unless the tool list is safe to expose in your deployment.
281
+
272
282
  When `MCP_SERVER_URL` is not set, remote download URLs fall back to the local
273
283
  server address. Set `MCP_TRUST_PROXY=true` only if the server is reachable through a
274
284
  trusted reverse proxy and direct client access to the MCP server is blocked.
package/README.zh-CN.md CHANGED
@@ -238,6 +238,7 @@ MCP 客户端配置:
238
238
  | `REMOTE_AUTHORIZATION` | 是 | 设置为 `true` 以启用 |
239
239
  | `STREAMABLE_HTTP` | 是 | 必须为 `true` |
240
240
  | `ENABLE_DYNAMIC_API_URL` | 可选 | 允许按请求通过 `X-GitLab-API-URL` 请求头指定 GitLab URL |
241
+ | `GITLAB_ALLOWED_HOSTS` | 可选 | 逗号分隔的允许主机;`GITLAB_API_URL` 中的主机始终允许 |
241
242
 
242
243
  **示例请求头:**
243
244
 
package/build/config.js CHANGED
@@ -47,6 +47,7 @@ export const SSE = getConfig("sse", "SSE") === "true";
47
47
  export const STREAMABLE_HTTP = getConfig("streamable-http", "STREAMABLE_HTTP") === "true";
48
48
  export const REMOTE_AUTHORIZATION = getConfig("remote-auth", "REMOTE_AUTHORIZATION") === "true";
49
49
  export const GITLAB_MCP_OAUTH = getConfig("mcp-oauth", "GITLAB_MCP_OAUTH") === "true";
50
+ export const GITLAB_ALLOW_UNAUTHENTICATED_TOOL_DISCOVERY = getConfig("allow-unauthenticated-tool-discovery", "GITLAB_ALLOW_UNAUTHENTICATED_TOOL_DISCOVERY") === "true";
50
51
  export const MCP_TRUST_PROXY = getConfig("mcp-trust-proxy", "MCP_TRUST_PROXY") === "true";
51
52
  // ---------------------------------------------------------------------------
52
53
  // OAuth / MCP OAuth