npm - gitlab-mcp-agent-server - Versions diffs - 0.2.7 → 0.2.9 - Mend

gitlab-mcp-agent-server 0.2.7 → 0.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/build/src/infrastructure/auth/gitlab-oauth-manager.js +80 -4
package/build/src/interface/mcp/create-mcp-server.js +2 -0
package/build/src/interface/mcp/register-tools.js +12 -0
package/docs/USER_GUIDE.md +6 -2
package/package.json +1 -1

package/build/src/infrastructure/auth/gitlab-oauth-manager.js CHANGED Viewed

@@ -11,6 +11,7 @@ class GitLabOAuthManager {
     options;
     tokenStore;
     oauthBaseUrl;
+    pendingOauth;
     constructor(options) {
         this.options = options;
         this.tokenStore = new oauth_token_store_1.OAuthTokenStore(options.tokenStorePath);
@@ -43,9 +44,80 @@ class GitLabOAuthManager {
         if (!this.options.autoLogin) {
             throw new errors_1.ConfigurationError('OAuth token is missing. Enable GITLAB_OAUTH_AUTO_LOGIN or provide GITLAB_OAUTH_ACCESS_TOKEN.');
         }
-        const interactiveToken = await this.loginInteractivelyWithLock();
-        this.tokenStore.write(interactiveToken);
-        return interactiveToken.accessToken;
+        const start = await this.startOAuthAuthorization();
+        if (start.status === 'already_authorized') {
+            const token = this.tokenStore.read();
+            if (token?.accessToken) {
+                return token.accessToken;
+            }
+        }
+        if (start.status === 'started' || start.status === 'in_progress') {
+            throw new errors_1.ConfigurationError(`OAuth authorization is required. Open: ${start.localEntryUrl} (or direct: ${start.authorizeUrl}), complete authorization, then retry the tool call.`);
+        }
+        if (start.status === 'waiting_other_process') {
+            throw new errors_1.ConfigurationError(`OAuth flow is running in another process for this instance. ${start.message} Lock: ${start.lockFilePath}`);
+        }
+        throw new errors_1.ConfigurationError(start.message);
+    }
+    async startOAuthAuthorization() {
+        const stored = this.tokenStore.read();
+        if (stored && !isExpiringSoon(stored.expiresAt)) {
+            return {
+                status: 'already_authorized',
+                message: 'OAuth token already exists and is valid.'
+            };
+        }
+        if (this.pendingOauth) {
+            return {
+                status: 'in_progress',
+                message: 'OAuth authorization is already in progress in this process.',
+                localEntryUrl: this.pendingOauth.localEntryUrl,
+                authorizeUrl: this.pendingOauth.authorizeUrl
+            };
+        }
+        const lockFilePath = `${this.options.tokenStorePath}.oauth.lock`;
+        const lock = acquireOauthLock(lockFilePath);
+        if (!lock.acquired) {
+            return {
+                status: 'waiting_other_process',
+                message: 'OAuth flow is already running in another process for this instance.',
+                lockFilePath
+            };
+        }
+        let links;
+        const promise = this.loginInteractively((readyLinks) => {
+            links = readyLinks;
+        })
+            .then((token) => {
+            this.tokenStore.write(token);
+        })
+            .finally(() => {
+            lock.release();
+            this.pendingOauth = undefined;
+        });
+        // Wait a short time until listener is ready and URLs are known.
+        const maxReadyWaitMs = 2_000;
+        const pollMs = 100;
+        let waited = 0;
+        while (!links && waited < maxReadyWaitMs) {
+            await sleep(pollMs);
+            waited += pollMs;
+        }
+        if (!links) {
+            lock.release();
+            throw new Error('Failed to start OAuth callback listener.');
+        }
+        this.pendingOauth = {
+            ...links,
+            startedAt: new Date().toISOString(),
+            promise
+        };
+        return {
+            status: 'started',
+            message: 'Open the provided URL and complete OAuth authorization.',
+            localEntryUrl: links.localEntryUrl,
+            authorizeUrl: links.authorizeUrl
+        };
     }
     async loginInteractivelyWithLock() {
         const lockFilePath = `${this.options.tokenStorePath}.oauth.lock`;
@@ -118,7 +190,7 @@ class GitLabOAuthManager {
         const payload = (await response.json());
         return mapTokenResponse(payload);
     }
-    async loginInteractively() {
+    async loginInteractively(onReady) {
         this.assertOAuthClientCredentials();
         this.assertRedirectUri();
         const redirect = new URL(this.options.redirectUri);
@@ -205,6 +277,10 @@ class GitLabOAuthManager {
                 reject(new Error(`OAuth callback server failed on ${redirect.hostname}:${resolvePort(redirect)}: ${error.message}`));
             });
             server.listen(resolvePort(redirect), redirect.hostname, () => {
+                onReady?.({
+                    localEntryUrl,
+                    authorizeUrl: authorizeUrl.toString()
+                });
                 const opened = this.options.openBrowser && openInBrowser(localEntryUrl);
                 if (!opened) {
                     console.error('Open this local URL to start OAuth authorization:');

package/build/src/interface/mcp/create-mcp-server.js CHANGED Viewed

@@ -33,6 +33,7 @@ function createMcpServer() {
             openBrowser: config.gitlab.oauth.openBrowser
         })
         : new token_provider_1.StaticTokenProvider(config.gitlab.accessToken);
+    const oauthManager = tokenProvider instanceof gitlab_oauth_manager_1.GitLabOAuthManager ? tokenProvider : undefined;
     const gitlabApiClient = new gitlab_api_client_1.GitLabApiClient({
         apiUrl: config.gitlab.apiUrl,
         tokenProvider
@@ -45,6 +46,7 @@ function createMcpServer() {
     const issueWorkflowPolicy = new issue_workflow_policy_1.IssueWorkflowPolicy(config);
     (0, register_tools_1.registerTools)(server, {
         config,
+        oauthManager,
         projectResolver,
         issueWorkflowPolicy,
         healthCheckUseCase: new health_check_1.HealthCheckUseCase(),

package/build/src/interface/mcp/register-tools.js CHANGED Viewed

@@ -4,6 +4,18 @@ exports.registerTools = registerTools;
 const zod_1 = require("zod");
 const errors_1 = require("../../shared/errors");
 function registerTools(server, deps) {
+    if (deps.oauthManager) {
+        server.registerTool('gitlab_oauth_start', {
+            title: 'GitLab OAuth Start',
+            description: 'Starts OAuth authorization flow and returns links to complete authorization in browser.',
+            inputSchema: {}
+        }, async () => {
+            return runTool(async () => {
+                const result = await deps.oauthManager?.startOAuthAuthorization();
+                return result ?? { status: 'unsupported', message: 'OAuth mode is not enabled.' };
+            });
+        });
+    }
     server.registerTool('health_check', {
         title: 'Health Check',
         description: 'Returns server status.',

package/docs/USER_GUIDE.md CHANGED Viewed

@@ -103,8 +103,10 @@ npx -y gitlab-mcp-agent-server
 3. Если `GITLAB_OAUTH_OPEN_BROWSER=true` и окружение GUI доступно, браузер откроется автоматически.
 4. Локальный URL `http://127.0.0.1:8787/` автоматически редиректит на GitLab OAuth.
 5. Если браузер не может быть открыт, сервер печатает URL авторизации в лог.
-6. После подтверждения в GitLab и callback на `http://127.0.0.1:8787/oauth/callback` токены сохраняются в token store для конкретного instance.
-7. В браузере показывается feedback-страница:
+6. При первом вызове GitLab tool сервер вернет в ответе явную инструкцию с URL для OAuth.
+   После завершения авторизации повтори тот же tool-вызов.
+7. После подтверждения в GitLab и callback на `http://127.0.0.1:8787/oauth/callback` токены сохраняются в token store для конкретного instance.
+8. В браузере показывается feedback-страница:
    - `Success`: токен сохранен, можно вернуться в ИИ-агент;
    - `Error`: показана причина и кнопка повторного запуска OAuth.
@@ -143,6 +145,7 @@ npx -y gitlab-mcp-agent-server
 ## 8. Быстрая проверка работоспособности
+0. Если нужен OAuth URL прямо в чате агента, вызови `gitlab_oauth_start`.
 1. Вызови `gitlab_list_labels`.
 2. Создай issue: `gitlab_create_issue`.
 3. Получи issue: `gitlab_get_issue`.
@@ -176,6 +179,7 @@ npx -y gitlab-mcp-agent-server
 1. Проверь stale lock и удали его:
    - `rm -f ~/.config/gitlab-mcp/<gitlab-host>/token.json.oauth.lock`
 2. Повтори запрос и заверши OAuth в браузере в течение окна авторизации.
+3. Или сначала вызови `gitlab_oauth_start` и открой `localEntryUrl` из ответа.
 ## 10. Advanced (необязательно)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "gitlab-mcp-agent-server",
-  "version": "0.2.7",
+  "version": "0.2.9",
   "description": "MCP server for GitLab integration via OAuth",
   "main": "build/src/index.js",
   "bin": {