@zereight/mcp-gitlab 2.1.5 → 2.1.7

package/build/test/stateless/session-id.test.js

@@ -0,0 +1,131 @@
+/**
+ * Unit tests for the sealed Mcp-Session-Id helpers.
+ */
+import assert from "node:assert/strict";
+import { randomBytes } from "node:crypto";
+import { describe, test } from "node:test";
+import { loadKeyMaterialFromEnv, looksLikeStatelessSessionId, mintSessionId, openSessionId, } from "../../stateless/index.js";
+function secret() {
+    return randomBytes(32).toString("base64url");
+}
+function load(current, previous) {
+    const env = {
+        OAUTH_STATELESS_SECRET: current,
+    };
+    if (previous)
+        env.OAUTH_STATELESS_SECRET_PREVIOUS = previous;
+    const m = loadKeyMaterialFromEnv(true, env);
+    assert.ok(m);
+    return m;
+}
+describe("mintSessionId / openSessionId", () => {
+    test("roundtrips across pods", () => {
+        const s = secret();
+        const a = load(s);
+        const b = load(s);
+        const sid = mintSessionId(a, {
+            header: "Authorization",
+            token: "glpat-ABCDEFG123456789-abcdef",
+            apiUrl: "https://gitlab.example.com/api/v4",
+        });
+        assert.ok(looksLikeStatelessSessionId(sid));
+        const opened = openSessionId(b, sid, 3600);
+        assert.ok(opened);
+        assert.equal(opened.h, "Authorization");
+        assert.equal(opened.t, "glpat-ABCDEFG123456789-abcdef");
+        assert.equal(opened.u, "https://gitlab.example.com/api/v4");
+    });
+    test("preserves Private-Token / JOB-TOKEN headers", () => {
+        const m = load(secret());
+        for (const h of ["Private-Token", "JOB-TOKEN"]) {
+            const sid = mintSessionId(m, {
+                header: h,
+                token: "some-token-value-at-least-20-chars",
+                apiUrl: "https://gitlab.example.com/api/v4",
+            });
+            const opened = openSessionId(m, sid, 3600);
+            assert.ok(opened);
+            assert.equal(opened.h, h);
+        }
+    });
+    test("rejects unknown header values", () => {
+        // Hand-craft a payload with a bogus header value. We do this by minting a
+        // legitimate token then mutating the decoded payload via a second mint
+        // won't work (AEAD). Instead, assert the helper rejects garbage input
+        // by tampering with an unrelated value and checking it still fails safely.
+        const m = load(secret());
+        const sid = mintSessionId(m, {
+            header: "Authorization",
+            token: "t".repeat(25),
+            apiUrl: "u",
+        });
+        // Truncate to force bad ciphertext on open.
+        const broken = sid.slice(0, -3);
+        assert.equal(openSessionId(m, broken, 3600), null);
+    });
+    test("expired sid rejected", () => {
+        const m = load(secret());
+        const past = Math.floor(Date.now() / 1000) - 10_000;
+        const sid = mintSessionId(m, {
+            header: "Authorization",
+            token: "t".repeat(25),
+            apiUrl: "u",
+            now: () => past,
+        });
+        assert.equal(openSessionId(m, sid, 60), null);
+    });
+    test("different secret rejects", () => {
+        const a = load(secret());
+        const b = load(secret());
+        const sid = mintSessionId(a, {
+            header: "Authorization",
+            token: "t".repeat(25),
+            apiUrl: "u",
+        });
+        assert.equal(openSessionId(b, sid, 3600), null);
+    });
+    test("rotation: sid minted under previous secret opens on rotated pod", () => {
+        const s1 = secret();
+        const s2 = secret();
+        const old = load(s1);
+        const rotated = load(s2, s1);
+        const sid = mintSessionId(old, {
+            header: "Authorization",
+            token: "t".repeat(25),
+            apiUrl: "u",
+        });
+        const opened = openSessionId(rotated, sid, 3600);
+        assert.ok(opened);
+    });
+    test("looksLikeStatelessSessionId distinguishes legacy UUIDs", () => {
+        const m = load(secret());
+        const sid = mintSessionId(m, {
+            header: "Authorization",
+            token: "t".repeat(25),
+            apiUrl: "u",
+        });
+        assert.ok(looksLikeStatelessSessionId(sid));
+        assert.ok(!looksLikeStatelessSessionId("a4f1c2b8-f2c4-4ee6-bc14-2b7ab0e6ab11"));
+        assert.ok(!looksLikeStatelessSessionId(""));
+    });
+    test("fresh sid has different iat each time (rotation on every refresh)", () => {
+        const m = load(secret());
+        const sid1 = mintSessionId(m, {
+            header: "Authorization",
+            token: "t".repeat(25),
+            apiUrl: "u",
+            now: () => 1000,
+        });
+        const sid2 = mintSessionId(m, {
+            header: "Authorization",
+            token: "t".repeat(25),
+            apiUrl: "u",
+            now: () => 2000,
+        });
+        assert.notEqual(sid1, sid2);
+        const open1 = openSessionId(m, sid1, 3600, () => 2000);
+        const open2 = openSessionId(m, sid2, 3600, () => 2000);
+        assert.equal(open1.iat, 1000);
+        assert.equal(open2.iat, 2000);
+    });
+});

package/build/test/test-tags.js

@@ -0,0 +1,206 @@
+import { after, before, describe, test } from "node:test";
+import assert from "node:assert";
+import { spawn } from "child_process";
+import { MockGitLabServer, findMockServerPort } from "./utils/mock-gitlab-server.js";
+const MOCK_TOKEN = "glpat-mock-token-tags";
+const TEST_PROJECT_ID = "123";
+const TEST_TAG_NAME = "v1.0.0";
+function buildTag(overrides = {}) {
+    return {
+        name: TEST_TAG_NAME,
+        message: "Annotated release tag",
+        target: "abc123def4567890",
+        commit: {
+            id: "abc123def4567890",
+            short_id: "abc123de",
+            title: "Release v1.0.0",
+            created_at: "2026-03-13T10:00:00.000Z",
+            parent_ids: ["1111111111111111"],
+            message: "Release v1.0.0",
+            author_name: "Test User",
+            author_email: "test@example.com",
+            authored_date: "2026-03-13T09:55:00.000Z",
+            committer_name: "Test User",
+            committer_email: "test@example.com",
+            committed_date: "2026-03-13T10:00:00.000Z",
+        },
+        release: {
+            tag_name: TEST_TAG_NAME,
+            description: "Release notes",
+        },
+        protected: false,
+        created_at: "2026-03-13T10:00:00.000Z",
+        ...overrides,
+    };
+}
+async function callTool(toolName, args, env) {
+    return new Promise((resolve, reject) => {
+        const proc = spawn("node", ["build/index.js"], {
+            stdio: ["pipe", "pipe", "pipe"],
+            env: {
+                ...process.env,
+                ...env,
+            },
+        });
+        let output = "";
+        let errorOutput = "";
+        proc.stdout?.on("data", (d) => (output += d));
+        proc.stderr?.on("data", (d) => (errorOutput += d));
+        proc.on("close", code => {
+            if (code !== 0) {
+                return reject(new Error(`Process exited with code ${code}: ${errorOutput}`));
+            }
+            const line = output.split("\n").find(l => l.startsWith("{"));
+            if (!line) {
+                return reject(new Error("No JSON output found"));
+            }
+            try {
+                const response = JSON.parse(line);
+                if (response.error) {
+                    reject(response.error);
+                    return;
+                }
+                const content = response.result?.content?.[0]?.text;
+                if (!content) {
+                    resolve(response.result);
+                    return;
+                }
+                try {
+                    resolve(JSON.parse(content));
+                }
+                catch {
+                    resolve(content);
+                }
+            }
+            catch (error) {
+                reject(error);
+            }
+        });
+        proc.stdin?.end(JSON.stringify({
+            jsonrpc: "2.0",
+            id: 1,
+            method: "tools/call",
+            params: { name: toolName, arguments: args },
+        }) + "\n");
+    });
+}
+describe("tag tools", () => {
+    let mockGitLab;
+    let mockGitLabUrl;
+    before(async () => {
+        const mockPort = await findMockServerPort(20000, 50);
+        mockGitLab = new MockGitLabServer({
+            port: mockPort,
+            validTokens: [MOCK_TOKEN],
+        });
+        mockGitLab.addMockHandler("get", `/projects/${TEST_PROJECT_ID}/repository/tags`, (req, res) => {
+            assert.strictEqual(req.query.search, "^v");
+            assert.strictEqual(req.query.order_by, "version");
+            assert.strictEqual(req.query.sort, "desc");
+            assert.strictEqual(req.query.page, "2");
+            assert.strictEqual(req.query.per_page, "10");
+            res.json([buildTag()]);
+        });
+        mockGitLab.addMockHandler("get", `/projects/${TEST_PROJECT_ID}/repository/tags/${encodeURIComponent(TEST_TAG_NAME)}`, (_req, res) => {
+            res.json(buildTag());
+        });
+        mockGitLab.addMockHandler("post", `/projects/${TEST_PROJECT_ID}/repository/tags`, (req, res) => {
+            assert.deepStrictEqual(req.body, {
+                tag_name: TEST_TAG_NAME,
+                ref: "main",
+                message: "Release tag",
+            });
+            res.json(buildTag({ created_at: null }));
+        });
+        mockGitLab.addMockHandler("delete", `/projects/${TEST_PROJECT_ID}/repository/tags/${encodeURIComponent(TEST_TAG_NAME)}`, (_req, res) => {
+            res.status(204).send();
+        });
+        mockGitLab.addMockHandler("get", `/projects/${TEST_PROJECT_ID}/repository/tags/${encodeURIComponent(TEST_TAG_NAME)}/signature`, (_req, res) => {
+            res.json({
+                signature_type: "X509",
+                verification_status: "unverified",
+                x509_certificate: {
+                    id: 1,
+                    subject: "CN=Test User,O=Example",
+                    subject_key_identifier: "A1725E379E7B25B2",
+                    email: null,
+                    serial_number: 123456789,
+                    certificate_status: "good",
+                    x509_issuer: {
+                        id: 1,
+                        subject: "CN=Example CA,O=Example",
+                        subject_key_identifier: "C6411E6F5B9E2CFD",
+                        crl_url: null,
+                    },
+                },
+            });
+        });
+        await mockGitLab.start();
+        mockGitLabUrl = mockGitLab.getUrl();
+    });
+    after(async () => {
+        await mockGitLab.stop();
+    });
+    const env = () => ({
+        GITLAB_API_URL: `${mockGitLabUrl}/api/v4`,
+        GITLAB_PERSONAL_ACCESS_TOKEN: MOCK_TOKEN,
+        GITLAB_TOOLSETS: "tags",
+    });
+    test("list_tags returns parsed tags with query filters", async () => {
+        const result = await callTool("list_tags", {
+            project_id: TEST_PROJECT_ID,
+            search: "^v",
+            order_by: "version",
+            sort: "desc",
+            page: 2,
+            per_page: 10,
+        }, env());
+        assert.ok(Array.isArray(result));
+        assert.strictEqual(result.length, 1);
+        assert.strictEqual(result[0].name, TEST_TAG_NAME);
+    });
+    test("get_tag returns a single tag", async () => {
+        const result = await callTool("get_tag", { project_id: TEST_PROJECT_ID, tag_name: TEST_TAG_NAME }, env());
+        assert.strictEqual(result.name, TEST_TAG_NAME);
+        assert.strictEqual(result.commit.short_id, "abc123de");
+    });
+    test("create_tag posts the expected payload", async () => {
+        const result = await callTool("create_tag", {
+            project_id: TEST_PROJECT_ID,
+            tag_name: TEST_TAG_NAME,
+            ref: "main",
+            message: "Release tag",
+        }, env());
+        assert.strictEqual(result.name, TEST_TAG_NAME);
+        assert.strictEqual(result.release.description, "Release notes");
+        assert.strictEqual(result.created_at, null);
+    });
+    test("delete_tag returns a success payload", async () => {
+        const result = await callTool("delete_tag", { project_id: TEST_PROJECT_ID, tag_name: TEST_TAG_NAME }, env());
+        assert.deepStrictEqual(result, {
+            status: "success",
+            message: `Tag '${TEST_TAG_NAME}' deleted successfully`,
+        });
+    });
+    test("get_tag_signature returns signature data", async () => {
+        const result = await callTool("get_tag_signature", { project_id: TEST_PROJECT_ID, tag_name: TEST_TAG_NAME }, env());
+        assert.deepStrictEqual(result, {
+            signature_type: "X509",
+            verification_status: "unverified",
+            x509_certificate: {
+                id: 1,
+                subject: "CN=Test User,O=Example",
+                subject_key_identifier: "A1725E379E7B25B2",
+                email: null,
+                serial_number: 123456789,
+                certificate_status: "good",
+                x509_issuer: {
+                    id: 1,
+                    subject: "CN=Example CA,O=Example",
+                    subject_key_identifier: "C6411E6F5B9E2CFD",
+                    crl_url: null,
+                },
+            },
+        });
+    });
+});

package/build/test/test-toolset-filtering.js

@@ -26,6 +26,7 @@ const TOOLSET_TOOL_COUNTS = {
     milestones: 9,
     wiki: 10,
     releases: 7,
+    tags: 5,
     users: 5,
     search: 3,
     workitems: 18,
@@ -40,7 +41,16 @@ const DEFAULT_TOOLSETS = [
     "labels",
     "users",
 ];
-const NON_DEFAULT_TOOLSETS = ["pipelines", "milestones", "wiki", "releases", "workitems", "webhooks", "search"];
+const NON_DEFAULT_TOOLSETS = [
+    "pipelines",
+    "milestones",
+    "wiki",
+    "releases",
+    "tags",
+    "workitems",
+    "webhooks",
+    "search",
+];
 // discover_tools meta-tool is always force-injected (Step 5.5)
 const DISCOVER_TOOLS_COUNT = 1;
 const DEFAULT_TOOL_COUNT = DEFAULT_TOOLSETS.reduce((sum, id) => sum + TOOLSET_TOOL_COUNTS[id], 0) + DISCOVER_TOOLS_COUNT;
@@ -57,6 +67,7 @@ const TOOLSET_SAMPLE_TOOLS = {
     milestones: ["list_milestones", "create_milestone", "get_milestone_burndown_events"],
     wiki: ["list_wiki_pages", "create_wiki_page", "list_group_wiki_pages", "create_group_wiki_page"],
     releases: ["list_releases", "create_release", "download_release_asset"],
+    tags: ["list_tags", "create_tag", "get_tag_signature"],
     users: ["get_users", "upload_markdown", "download_attachment"],
     search: ["search_code", "search_project_code", "search_group_code"],
     webhooks: ["list_webhooks", "list_webhook_events", "get_webhook_event"],

package/build/tools/registry.js

@@ -1,7 +1,7 @@
 import { zodToJsonSchema } from "zod-to-json-schema";
 import { toJSONSchema } from "../utils/schema.js";
 import { USE_GITLAB_WIKI, USE_MILESTONE, USE_PIPELINE, } from "../config.js";
-import { ApproveMergeRequestSchema, BulkPublishDraftNotesSchema, CancelPipelineJobSchema, CancelPipelineSchema, ConvertWorkItemTypeSchema, CreateBranchSchema, CreateDraftNoteSchema, CreateGroupWikiPageSchema, CreateIssueLinkSchema, CreateIssueNoteSchema, CreateIssueSchema, CreateIssueEmojiReactionSchema, CreateIssueNoteEmojiReactionSchema, ListIssueEmojiReactionsSchema, ListIssueNoteEmojiReactionsSchema, CreateLabelSchema, CreateMergeRequestDiscussionNoteSchema, CreateMergeRequestEmojiReactionSchema, ListMergeRequestEmojiReactionsSchema, ListMergeRequestNoteEmojiReactionsSchema, CreateMergeRequestNoteSchema, CreateMergeRequestNoteEmojiReactionSchema, CreateMergeRequestSchema, CreateMergeRequestThreadSchema, CreateNoteSchema, CreateOrUpdateFileSchema, CreatePipelineSchema, CreateProjectMilestoneSchema, CreateReleaseEvidenceSchema, CreateReleaseSchema, CreateRepositorySchema, CreateTimelineEventSchema, CreateWikiPageSchema, CreateWorkItemNoteSchema, CreateWorkItemEmojiReactionSchema, CreateWorkItemNoteEmojiReactionSchema, ListWorkItemEmojiReactionsSchema, ListWorkItemNoteEmojiReactionsSchema, CreateWorkItemSchema, DeleteDraftNoteSchema, DeleteGroupWikiPageSchema, DeleteIssueLinkSchema, DeleteIssueSchema, DeleteIssueEmojiReactionSchema, DeleteIssueNoteEmojiReactionSchema, DeleteLabelSchema, DeleteMergeRequestDiscussionNoteSchema, DeleteMergeRequestNoteSchema, DeleteMergeRequestEmojiReactionSchema, DeleteMergeRequestNoteEmojiReactionSchema, DeleteProjectMilestoneSchema, DeleteReleaseSchema, DeleteWikiPageSchema, DeleteWorkItemEmojiReactionSchema, DeleteWorkItemNoteEmojiReactionSchema, DownloadAttachmentSchema, DownloadJobArtifactsSchema, DownloadReleaseAssetSchema, EditProjectMilestoneSchema, ExecuteGraphQLSchema, ForkRepositorySchema, GetBranchDiffsSchema, GetCommitDiffSchema, GetCommitSchema, GetDeploymentSchema, GetDraftNoteSchema, GetEnvironmentSchema, GetFileContentsSchema, GetGroupWikiPageSchema, GetIssueLinkSchema, GetIssueSchema, GetJobArtifactFileSchema, GetLabelSchema, GetMergeRequestApprovalStateSchema, GetMergeRequestConflictsSchema, GetMergeRequestDiffsSchema, GetMergeRequestFileDiffSchema, GetMergeRequestNoteSchema, GetMergeRequestNotesSchema, GetMergeRequestSchema, GetMergeRequestVersionSchema, GetMilestoneBurndownEventsSchema, GetMilestoneIssuesSchema, GetMilestoneMergeRequestsSchema, GetNamespaceSchema, GetPipelineJobOutputSchema, GetPipelineSchema, GetProjectEventsSchema, GetProjectMilestoneSchema, GetProjectSchema, GetReleaseSchema, GetRepositoryTreeSchema, GetTimelineEventsSchema, GetUsersSchema, GetWebhookEventSchema, GetWikiPageSchema, GetWorkItemSchema, ListCommitsSchema, ListCustomFieldDefinitionsSchema, ListDeploymentsSchema, ListDraftNotesSchema, ListEnvironmentsSchema, ListEventsSchema, ListGroupIterationsSchema, ListGroupProjectsSchema, ListGroupWikiPagesSchema, ListIssueDiscussionsSchema, ListIssueLinksSchema, ListIssuesSchema, ListJobArtifactsSchema, ListLabelsSchema, ListMergeRequestChangedFilesSchema, ListMergeRequestDiffsSchema, ListMergeRequestDiscussionsSchema, ListMergeRequestVersionsSchema, ListMergeRequestsSchema, ListNamespacesSchema, ListPipelineJobsSchema, ListPipelineTriggerJobsSchema, ListPipelinesSchema, ListProjectMembersSchema, ListProjectMilestonesSchema, ListProjectsSchema, ListReleasesSchema, ListWebhookEventsSchema, ListWebhooksSchema, ListWikiPagesSchema, ListWorkItemNotesSchema, ListWorkItemStatusesSchema, ListWorkItemsSchema, MarkdownUploadSchema, MergeMergeRequestSchema, MoveWorkItemSchema, MyIssuesSchema, PlayPipelineJobSchema, PromoteProjectMilestoneSchema, PublishDraftNoteSchema, PushFilesSchema, ResolveMergeRequestThreadSchema, RetryPipelineJobSchema, RetryPipelineSchema, SearchCodeSchema, SearchGroupCodeSchema, SearchProjectCodeSchema, SearchRepositoriesSchema, UnapproveMergeRequestSchema, UpdateDraftNoteSchema, UpdateGroupWikiPageSchema, UpdateIssueNoteSchema, UpdateIssueSchema, UpdateLabelSchema, UpdateMergeRequestDiscussionNoteSchema, UpdateMergeRequestNoteSchema, UpdateMergeRequestSchema, UpdateReleaseSchema, UpdateWikiPageSchema, UpdateWorkItemSchema, VerifyNamespaceSchema, } from "../schemas.js";
+import { ApproveMergeRequestSchema, BulkPublishDraftNotesSchema, CancelPipelineJobSchema, CancelPipelineSchema, ConvertWorkItemTypeSchema, CreateBranchSchema, CreateDraftNoteSchema, CreateGroupWikiPageSchema, CreateIssueLinkSchema, CreateIssueNoteSchema, CreateIssueSchema, CreateIssueEmojiReactionSchema, CreateIssueNoteEmojiReactionSchema, ListIssueEmojiReactionsSchema, ListIssueNoteEmojiReactionsSchema, CreateLabelSchema, CreateMergeRequestDiscussionNoteSchema, CreateMergeRequestEmojiReactionSchema, ListMergeRequestEmojiReactionsSchema, ListMergeRequestNoteEmojiReactionsSchema, CreateMergeRequestNoteSchema, CreateMergeRequestNoteEmojiReactionSchema, CreateMergeRequestSchema, CreateMergeRequestThreadSchema, CreateNoteSchema, CreateOrUpdateFileSchema, CreatePipelineSchema, CreateProjectMilestoneSchema, CreateReleaseEvidenceSchema, CreateReleaseSchema, CreateRepositorySchema, CreateTagSchema, CreateTimelineEventSchema, CreateWikiPageSchema, CreateWorkItemNoteSchema, CreateWorkItemEmojiReactionSchema, CreateWorkItemNoteEmojiReactionSchema, ListWorkItemEmojiReactionsSchema, ListWorkItemNoteEmojiReactionsSchema, CreateWorkItemSchema, DeleteDraftNoteSchema, DeleteGroupWikiPageSchema, DeleteIssueLinkSchema, DeleteIssueSchema, DeleteIssueEmojiReactionSchema, DeleteIssueNoteEmojiReactionSchema, DeleteLabelSchema, DeleteMergeRequestDiscussionNoteSchema, DeleteMergeRequestNoteSchema, DeleteMergeRequestEmojiReactionSchema, DeleteMergeRequestNoteEmojiReactionSchema, DeleteProjectMilestoneSchema, DeleteReleaseSchema, DeleteTagSchema, DeleteWikiPageSchema, DeleteWorkItemEmojiReactionSchema, DeleteWorkItemNoteEmojiReactionSchema, DownloadAttachmentSchema, DownloadJobArtifactsSchema, DownloadReleaseAssetSchema, EditProjectMilestoneSchema, ExecuteGraphQLSchema, ForkRepositorySchema, GetBranchDiffsSchema, GetCommitDiffSchema, GetCommitSchema, GetDeploymentSchema, GetDraftNoteSchema, GetEnvironmentSchema, GetFileContentsSchema, GetGroupWikiPageSchema, GetIssueLinkSchema, GetIssueSchema, GetJobArtifactFileSchema, GetLabelSchema, GetMergeRequestApprovalStateSchema, GetMergeRequestConflictsSchema, GetMergeRequestDiffsSchema, GetMergeRequestFileDiffSchema, GetMergeRequestNoteSchema, GetMergeRequestNotesSchema, GetMergeRequestSchema, GetMergeRequestVersionSchema, GetMilestoneBurndownEventsSchema, GetMilestoneIssuesSchema, GetMilestoneMergeRequestsSchema, GetNamespaceSchema, GetPipelineJobOutputSchema, GetPipelineSchema, GetProjectEventsSchema, GetProjectMilestoneSchema, GetProjectSchema, GetReleaseSchema, GetRepositoryTreeSchema, GetTagSchema, GetTagSignatureSchema, GetTimelineEventsSchema, GetUsersSchema, GetWebhookEventSchema, GetWikiPageSchema, GetWorkItemSchema, ListCommitsSchema, ListCustomFieldDefinitionsSchema, ListDeploymentsSchema, ListDraftNotesSchema, ListEnvironmentsSchema, ListEventsSchema, ListGroupIterationsSchema, ListGroupProjectsSchema, ListGroupWikiPagesSchema, ListIssueDiscussionsSchema, ListIssueLinksSchema, ListIssuesSchema, ListJobArtifactsSchema, ListLabelsSchema, ListMergeRequestChangedFilesSchema, ListMergeRequestDiffsSchema, ListMergeRequestDiscussionsSchema, ListMergeRequestVersionsSchema, ListMergeRequestsSchema, ListNamespacesSchema, ListPipelineJobsSchema, ListPipelineTriggerJobsSchema, ListPipelinesSchema, ListProjectMembersSchema, ListProjectMilestonesSchema, ListProjectsSchema, ListReleasesSchema, ListTagsSchema, ListWebhookEventsSchema, ListWebhooksSchema, ListWikiPagesSchema, ListWorkItemNotesSchema, ListWorkItemStatusesSchema, ListWorkItemsSchema, MarkdownUploadSchema, MergeMergeRequestSchema, MoveWorkItemSchema, MyIssuesSchema, PlayPipelineJobSchema, PromoteProjectMilestoneSchema, PublishDraftNoteSchema, PushFilesSchema, ResolveMergeRequestThreadSchema, RetryPipelineJobSchema, RetryPipelineSchema, SearchCodeSchema, SearchGroupCodeSchema, SearchProjectCodeSchema, SearchRepositoriesSchema, UnapproveMergeRequestSchema, UpdateDraftNoteSchema, UpdateGroupWikiPageSchema, UpdateIssueNoteSchema, UpdateIssueSchema, UpdateLabelSchema, UpdateMergeRequestDiscussionNoteSchema, UpdateMergeRequestNoteSchema, UpdateMergeRequestSchema, UpdateReleaseSchema, UpdateWikiPageSchema, UpdateWorkItemSchema, VerifyNamespaceSchema, } from "../schemas.js";
 // Define all available tools
 export const allTools = [
     {
@@ -681,6 +681,31 @@ export const allTools = [
         description: "Download a release asset file by direct asset path",
         inputSchema: toJSONSchema(DownloadReleaseAssetSchema),
     },
+    {
+        name: "list_tags",
+        description: "List repository tags for a project",
+        inputSchema: toJSONSchema(ListTagsSchema),
+    },
+    {
+        name: "get_tag",
+        description: "Get a repository tag by name",
+        inputSchema: toJSONSchema(GetTagSchema),
+    },
+    {
+        name: "create_tag",
+        description: "Create a new repository tag",
+        inputSchema: toJSONSchema(CreateTagSchema),
+    },
+    {
+        name: "delete_tag",
+        description: "Delete a repository tag",
+        inputSchema: toJSONSchema(DeleteTagSchema),
+    },
+    {
+        name: "get_tag_signature",
+        description: "Get the X.509 signature of a signed tag (404 if unsigned)",
+        inputSchema: toJSONSchema(GetTagSignatureSchema),
+    },
     // --- Work item tools (GraphQL-based) ---
     {
         name: "get_work_item",
@@ -892,6 +917,9 @@ export const readOnlyTools = new Set([
     "list_releases",
     "get_release",
     "download_release_asset",
+    "list_tags",
+    "get_tag",
+    "get_tag_signature",
     "get_merge_request_approval_state",
     "get_work_item",
     "list_work_items",
@@ -919,6 +947,7 @@ export const destructiveTools = new Set([
     "delete_group_wiki_page",
     "delete_milestone",
     "delete_release",
+    "delete_tag",
     "delete_merge_request_note",
     "delete_merge_request_discussion_note",
     "delete_draft_note",
@@ -1169,6 +1198,17 @@ export const TOOLSET_DEFINITIONS = [
             "download_release_asset",
         ]),
     },
+    {
+        id: "tags",
+        isDefault: false,
+        tools: new Set([
+            "list_tags",
+            "get_tag",
+            "create_tag",
+            "delete_tag",
+            "get_tag_signature",
+        ]),
+    },
     {
         id: "users",
         isDefault: true,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zereight/mcp-gitlab",
-  "version": "2.1.5",
+  "version": "2.1.7",
   "mcpName": "io.github.zereight/gitlab-mcp",
   "description": "GitLab MCP server for projects, merge requests, issues, pipelines, wiki, releases, and more",
   "keywords": [
@@ -51,7 +51,8 @@
     "changelog": "auto-changelog -p",
     "test": "npm run test:all",
     "test:all": "npm run build && npm run test:mock && npm run test:live",
-    "test:mock": "node --import tsx/esm --test test/remote-auth-simple-test.ts && node --import tsx/esm --test test/mcp-oauth-tests.ts && tsx test/oauth-tests.ts && tsx test/test-list-merge-requests.ts && tsx test/test-list-project-members.ts && tsx test/test-download-attachment.ts && node --import tsx/esm --test test/test-job-artifacts.ts && node --import tsx/esm --test test/test-deployment-tools.ts && node --import tsx/esm --test test/test-merge-request-approval-state-tools.ts && node --import tsx/esm --test test/test-search-code.ts && node --import tsx/esm --test test/test-toolset-filtering.ts && node --import tsx/esm --test test/test-auth-retry.ts",
+    "test:mock": "node --import tsx/esm --test test/remote-auth-simple-test.ts && node --import tsx/esm --test test/mcp-oauth-tests.ts && tsx test/oauth-tests.ts && tsx test/test-list-merge-requests.ts && tsx test/test-list-project-members.ts && tsx test/test-download-attachment.ts && node --import tsx/esm --test test/test-job-artifacts.ts && node --import tsx/esm --test test/test-deployment-tools.ts && node --import tsx/esm --test test/test-merge-request-approval-state-tools.ts && node --import tsx/esm --test test/test-search-code.ts && node --import tsx/esm --test test/test-tags.ts && node --import tsx/esm --test test/test-toolset-filtering.ts && node --import tsx/esm --test test/test-auth-retry.ts && node --import tsx/esm --test test/stateless/codec.test.ts test/stateless/client-id.test.ts test/stateless/callback-proxy.test.ts test/stateless/session-id.test.ts test/stateless/session-id-integration.test.ts test/stateless/config-ttl.test.ts",
+    "test:stateless": "npm run build && node --import tsx/esm --test test/stateless/codec.test.ts test/stateless/client-id.test.ts test/stateless/callback-proxy.test.ts test/stateless/session-id.test.ts test/stateless/session-id-integration.test.ts test/stateless/config-ttl.test.ts",
     "test:mcp-oauth": "npm run build && node --import tsx/esm --test test/mcp-oauth-tests.ts",
     "test:live": "node test/validate-api.js",
     "test:remote-auth": "npm run build && node --import tsx/esm --test test/remote-auth-simple-test.ts",