Gitlab MCP Server
Máy chủ Giao thức Ngữ cảnh Mô hình (MCP) cho GitLab — cung cấp 1006 thao tác API REST & GraphQL của GitLab dưới dạng công cụ MCP (28 siêu công cụ / 43 doanh nghiệp), 24 tài nguyên, 38 lời nhắc và 17 loại hoàn thành cho trợ lý AI. Được viết bằng Go, tệp nhị phân tĩnh đơn lẻ, hỗ trợ truyền tải stdio và HTTP.
Tài liệu
GitLab MCP Server
Connect your AI assistant to GitLab so it can review merge requests, triage pipelines, manage issues, and draft releases — in plain language. One static binary (or a container), 1000+ GitLab tools over the full REST + GraphQL API, working with Claude, Cursor, VS Code, and any MCP client.
You talk to your AI assistant; it does the GitLab work. No project IDs, API endpoints, or JSON to remember.
"Review merge request !15 — is it safe to merge?" · "Why did the last pipeline fail?" · "List open issues assigned to me" · "Generate release notes from v1.0 to v2.0"
🤖 Using an AI assistant? Give it this repository URL and ask it to install the server for your client. Everything a model needs to do it headlessly — the declarative per-client config,
claude mcp addone-liners, and defaults — is inllms.txt(no interactive wizard required).
Install in 60 seconds
Pick one. Each path ends with you typing a prompt to your assistant.
One-click install
| Client | One-click button | Token step |
|---|---|---|
| VS Code | prompts you (masked) | |
| VS Code Insiders | prompts you (masked) | |
| Cursor | edit YOUR_GITLAB_TOKEN | |
| LM Studio | edit YOUR_GITLAB_TOKEN | |
| Kiro | edit YOUR_GITLAB_TOKEN |
Each button registers the Docker-based server (auto-pulls the image on first run; you need Docker installed). Need a token? Create a Personal Access Token with the api scope. Self-managed GitLab? Add a GITLAB_URL env var in your client's MCP config after install.
Claude Code (claude mcp add)
Docker (no install — pulls the image on first run):
claude mcp add gitlab --env GITLAB_TOKEN=glpat-xxxx --transport stdio \
-- docker run -i --rm -e GITLAB_TOKEN ghcr.io/jmrplens/gitlab-mcp-server:latest --http=false
Or install the native binary first, then register it:
# Linux/macOS
curl -fsSL https://raw.githubusercontent.com/jmrplens/gitlab-mcp-server/main/scripts/install.sh | sh
# Windows (PowerShell)
irm https://raw.githubusercontent.com/jmrplens/gitlab-mcp-server/main/scripts/install.ps1 | iex
claude mcp add gitlab --env GITLAB_TOKEN=glpat-xxxx -- gitlab-mcp-server
Self-managed GitLab? Add --env GITLAB_URL=https://gitlab.example.com (and --env GITLAB_SKIP_TLS_VERIFY=true for self-signed certs).
Guided setup (any client, no flags to remember)
The binary ships a setup wizard that collects your GitLab token and configures your MCP client for you — ideal if you'd rather not edit JSON:
gitlab-mcp-server --setup
It auto-detects VS Code, Claude Desktop, Claude Code, Cursor, and Windsurf and writes the right config. On Windows, double-click the .exe to launch it.
Manual JSON (Claude Desktop, Cursor, VS Code, …)
Show JSON config for native binary and Docker
Native binary (Claude Desktop mcpServers, Cursor, etc.):
{
"mcpServers": {
"gitlab": {
"command": "/path/to/gitlab-mcp-server",
"env": { "GITLAB_TOKEN": "glpat-xxxxxxxxxxxxxxxxxxxx" }
}
}
}
VS Code (.vscode/mcp.json, note servers + type):
{
"servers": {
"gitlab": {
"type": "stdio",
"command": "/path/to/gitlab-mcp-server",
"env": { "GITLAB_TOKEN": "glpat-xxxxxxxxxxxxxxxxxxxx" }
}
}
}
Docker variant — replace "command"/"args" with:
"command": "docker",
"args": ["run", "-i", "--rm", "-e", "GITLAB_TOKEN", "ghcr.io/jmrplens/gitlab-mcp-server:latest", "--http=false"]
For a shared, long-running HTTP deployment instead of per-user stdio, see HTTP Server Mode.
Then just ask: open your AI client and try "List my GitLab projects." See the Getting Started guide for per-client details and more example prompts.
Why this server
- 🗣️ Plain-language GitLab. The AI translates "is MR !15 safe to merge?" into the right API calls. You don't touch endpoints, IDs, or JSON.
- 🧰 The whole platform — 1000+ tools. Broad GitLab REST v4 + GraphQL coverage: projects, branches, tags, releases, merge requests, issues, pipelines, jobs, groups, users, wikis, environments, deployments, packages, container registry, runners, feature flags, CI/CD variables, security, admin, tokens, and more.
- 🪶 Low-token by default. The default dynamic surface exposes just 2 tools (
find+execute) while reaching the full catalog — so it fits any client's context window. (Token footprint →) - ✅ Proven with real models. An automated evaluator runs Anthropic, Google, OpenAI, and Qwen against live GitLab instances: 99.5% aggregate success across thousands of operations. (Results →)
- 🔒 Safe by design. Read-only mode, safe mode (dry-run preview of every mutation), TLS options for self-hosted GitLab, and continuous SonarCloud quality/security gates.
- 🖥️ Runs anywhere. One static binary or container; Windows, Linux & macOS; amd64 & arm64; stdio (desktop) and HTTP (remote).
More: resources, prompts, and capabilities
- 45 MCP resources (read-only data: projects, issues, pipelines, MRs, branches, members, the surface-aware
gitlab://toolsmanifest, and workflow best-practice guides). - 37 MCP prompts (code review, pipeline status, risk assessment, release notes, standup, analytics, audit, and more).
- 4 elicitation wizards (interactive issue/MR/release/project creation).
- 3 MCP capabilities (completions, progress, elicitation) and 50 SVG tool icons for visual identification in MCP clients.
- Pagination on every list endpoint with full metadata.
Tool surfaces
The server can present GitLab in three shapes, controlled by TOOL_SURFACE. The default needs no configuration.
| Surface | Visible tools | Best for |
|---|---|---|
| Dynamic (default) | 2 (gitlab_find_action, gitlab_execute_action) | Lowest token cost; reaches the full catalog via find/execute. |
Meta-tools (meta) | 32 base / 48 Premium / 49 GitLab.com Enterprise | Domain-grouped dispatchers with an action parameter. |
Individual (individual) | ~862 Free/CE · ~999 Premium · 1062–1068 Ultimate | One MCP tool per GitLab operation; needs a large context window. |
Tool counts scale with your GitLab edition (GITLAB_TIER); higher tiers expose more actions. See Dynamic Toolset and Meta-Tools Reference for the ranking model, safety guards, and full catalogs. For dynamic runs where resources dominate context, set CAPABILITY_SURFACE=minimal.
Token Footprint
Measured with go run ./cmd/audit_tokens/ -footprint against the current catalog. Totals estimate startup context visible to an MCP client: visible tool schemas plus shared resources and prompts, using the cl100k_base tokenizer (GPT-4/GPT-3.5 encoding). For the full matrix (meta and individual surfaces, all META_PARAM_SCHEMA modes), see Token Footprint Reference.
Default configuration: with TOOL_SURFACE unset or TOOL_SURFACE=dynamic, CAPABILITY_SURFACE=full, META_TOOLS unset, META_PARAM_SCHEMA=opaque, and GITLAB_TIER unset (detected, fallback free), the server uses the dynamic find/execute surface. Use TOOL_SURFACE=meta only when you explicitly want domain meta-tools; use TOOL_SURFACE=individual only when your client can handle the full tool catalog.
Configuration (TOOL_SURFACE / CAPABILITY_SURFACE) | Tier | Visible tools | Reachable actions | META_PARAM_SCHEMA | Tool schema tokens | Shared tokens | Total tokens |
|---|---|---|---|---|---|---|---|
dynamic / full (default) | Free/CE | 2 | 865 | n/a | 2,180 | 31,758 | 33,938 |
dynamic / minimal | Free/CE | 2 | 865 | n/a | 2,180 | 1,088 | 3,268 |
dynamic / full (default) | Premium | 2 | 1,003 | n/a | 2,180 | 31,758 | 33,938 |
dynamic / minimal | Premium | 2 | 1,003 | n/a | 2,180 | 1,088 | 3,268 |
dynamic / full (default) | Ultimate | 2 | 1,066 | n/a | 2,180 | 31,758 | 33,938 |
dynamic / minimal | Ultimate | 2 | 1,066 | n/a | 2,180 | 1,088 | 3,268 |
Rows use the base Community Edition catalog unless the Tier column says otherwise. GITLAB_TIER controls which actions are available; higher tiers expose more tools and thus more reachable actions.
Compatibility
| MCP Capability | Support |
|---|---|
| Tools | Up to 1068 individual / 32–49 meta |
| Resources | 45 (static + templates) |
| Prompts | 37 templates |
| Completions | Project, user, group, branch, tag |
| Logging | Structured (text/JSON) to stderr |
| Progress | Tool execution progress reporting |
| Elicitation | 4 interactive creation wizards |
Tested with: VS Code + GitHub Copilot, Claude Desktop, Claude Code, Cursor, Windsurf, JetBrains IDEs, Zed, Kiro, Cline. See the full Compatibility Matrix.
AI Model Tool-Use Evaluation
The project includes an automated evaluator for model-facing MCP quality. It runs schema-only checks against the tool catalog or executes validated model tool calls through MCP against Docker GitLab CE or licensed Enterprise instances populated with fixtures. It measures whether each model chooses the correct action, sends valid parameters, recovers from actionable GitLab errors, and respects destructive-action safeguards — across Anthropic, Google, OpenAI, and Qwen.
Current published result: Docker CE dynamic 20260627-232303.
| Provider | Model | Compatibility | Tool accuracy | Recovery | Docker live status |
|---|---|---|---|---|---|
| Anthropic | claude-haiku-4-5-20251001 | OK | 100.0% | 100.0% (2/2) | 100.0% final across 555 ops |
gemini-flash-latest | OK | 100.0% | 100.0% (4/4) | 100.0% final across 555 ops | |
| OpenAI | gpt-5.4-nano | Review | 99.3% | 84.6% (11/13) | 98.0% final across 555 ops |
| Qwen | qwen3.6-flash | OK | 100.0% | 100.0% (5/5) | 100.0% final across 555 ops |
The published model-evaluation set covers 596 task attempts and 2220 expected MCP operations. Across the selected reports, models emitted 2265 tool calls over 2265 model requests, with 99.5% aggregate final success. See AI Model Evaluation Results for the detailed current matrix.
Enterprise meta & dynamic evaluation results
Current published result: Docker Enterprise meta 20260527.
| Provider | Model | Compatibility | Tool accuracy | Recovery | Docker live status |
|---|---|---|---|---|---|
| Anthropic | claude-haiku-4-5-20251001 | OK | 100.0% | 100.0% (1/1) | 100.0% final across 84 ops |
gemini-flash-latest | Review | 78.2% | 100.0% (7/7) | 100.0% final across 84 ops | |
| OpenAI | gpt-5.4-nano | Review | 100.0% | 100.0% (4/4) | 100.0% final across 84 ops |
| Qwen | qwen3.6-flash | OK | 100.0% | 100.0% (1/1) | 100.0% final across 84 ops |
The published model-evaluation set covers 92 task attempts and 336 expected MCP operations. Across the selected reports, models emitted 345 tool calls over 350 model requests, with 100.0% aggregate final success. See AI Model Evaluation Results for the detailed current matrix.
Current published result: Docker Enterprise dynamic 20260628-015421.
| Provider | Model | Compatibility | Tool accuracy | Recovery | Docker live status |
|---|---|---|---|---|---|
| Anthropic | claude-haiku-4-5-20251001 | OK | 100.0% | 100.0% (1/1) | 100.0% final across 202 ops |
gemini-flash-latest | OK | 100.0% | 100.0% (2/2) | 100.0% final across 202 ops | |
| OpenAI | gpt-5.4-nano | OK | 100.0% | No repairs | 100.0% final across 202 ops |
| Qwen | qwen3.6-flash | OK | 100.0% | 100.0% (1/1) | 100.0% final across 202 ops |
The published model-evaluation set covers 124 task attempts and 808 expected MCP operations. Across the selected reports, models emitted 817 tool calls over 817 model requests, with 100.0% aggregate final success. See AI Model Evaluation Results for the detailed current matrix.
Documentation
Full documentation is at jmrplens.github.io/gitlab-mcp-server. Use this map for the source-of-truth reference on a specific area:
| Document | Description |
|---|---|
| Getting Started | Download, setup wizard, per-client configuration |
| IDE Configuration | Per-client stdio, HTTP legacy, and HTTP OAuth examples |
| Configuration | Environment variables, transport modes, TLS |
| Environment Variables | Exhaustive environment variable table with defaults and examples |
| CLI Reference | All command-line flags, exit codes, and runtime examples |
| HTTP Server Mode | Shared HTTP deployments, authentication, server pool isolation |
| Tools Reference | All individual tools with input/output schemas, including GitLab.com-only Orbit |
| Meta-Tools | 32/48/49 domain meta-tools with action dispatching |
| Dynamic Toolset | 2-tool low-token mode with canonical action catalog, safety model, and examples |
| Resources | All 45 resources with URI templates |
| Prompts | All 37 prompts with arguments and output format |
| Auto-Update | Self-update mechanism, modes, and release format |
| Testing | Unit, E2E, schema model evaluation, Docker model evaluation, and curated model results |
| Security | Security model, token scopes, input validation |
| Architecture | System architecture, component design, data flow |
| Development Guide | Building, testing, CI/CD, contributing |
| Troubleshooting | Common startup, token, TLS, transport, and tool-discovery issues |
FAQ
Does it work with self-hosted GitLab?
Yes. Set GITLAB_URL to your instance URL. When GITLAB_URL is omitted, stdio mode uses https://gitlab.com. Self-signed TLS certificates are supported via GITLAB_SKIP_TLS_VERIFY=true.
Is my data safe?
The server runs locally on your machine (stdio mode) or on your own infrastructure (HTTP mode). No data is sent to third parties — all API calls go directly to your GitLab instance. See SECURITY.md for details.
Can I use it in read-only mode?
Yes. Set GITLAB_READ_ONLY=true to disable all mutating tools (create, update, delete). Only read operations will be available.
Alternatively, set GITLAB_SAFE_MODE=true for a dry-run mode: mutating tools remain visible but return a structured JSON preview instead of executing. Useful for auditing, training, or reviewing what an AI assistant would do.
What GitLab editions are supported?
Both Community Edition (CE) and Enterprise Edition (EE). Set GITLAB_TIER=premium or GITLAB_TIER=ultimate in stdio mode to enable additional tools for Premium/Ultimate features (DORA metrics, vulnerabilities, compliance, etc.); leave it unset to detect the tier from the instance license (fallback free). In HTTP mode, --tier can force the tier, otherwise it is detected per token+URL pool entry from the license.
How does it handle rate limiting?
The server includes retry logic with backoff for GitLab API rate limits. Errors are classified as transient (retryable) or permanent, with actionable hints in error messages.
Which AI clients are supported?
Any MCP-compatible client: VS Code + GitHub Copilot, Claude Desktop, Cursor, Claude Code, Windsurf, JetBrains IDEs, Zed, Kiro, and others. The built-in setup wizard can auto-configure most clients.
Building from Source
git clone https://github.com/jmrplens/gitlab-mcp-server.git
cd gitlab-mcp-server
make build
The published container image is ghcr.io/jmrplens/gitlab-mcp-server:latest. See the Development Guide for cross-compilation, Docker Compose, and contributing guidelines.
| Component | Technology |
|---|---|
| Language | Go 1.26+ |
| MCP SDK | github.com/modelcontextprotocol/go-sdk v1.6.1 |
| GitLab Client | gitlab.com/gitlab-org/api/client-go/v2 v2.43.0 |
| Transport | stdio (default), HTTP (Streamable HTTP) |
Contributing & Security
- Contributing: see CONTRIBUTING.md for development guidelines, branch naming, commit conventions, and the PR process.
- Security: see SECURITY.md for the security policy and vulnerability reporting.
- Code of Conduct: see CODE_OF_CONDUCT.md (Contributor Covenant v2.1).
Repository mirror: GitHub is the canonical repository. A read-only mirror is available on GitLab.com for discoverability; please open contributions on GitHub.
Unnecessary statistics — numbers nobody asked for
File counts
| Category | Files | Lines |
|---|---|---|
Source (.go, non-test) | 950 | 192,000 |
Unit tests (_test.go) | 519 | 292,607 |
| End-to-end tests | 142 | 35,177 |
| Total | 1,611 | 519,784 |
Functions
| Category | Count |
|---|---|
| Source functions | 7,321 |
| — exported (public) | 2,557 |
| — unexported (private) | 4,764 |
Unit test functions (TestXxx) | 11,315 |
Subtests (t.Run(...)) | 2,634 |
| End-to-end test functions | 286 |
Ratios worth noting
| Observation | Value |
|---|---|
| Test lines vs source lines | 1.52× more tests than code |
| Average source file length | ~202 lines |
| Average test file length | ~563 lines |
| Comment lines in source | 20,494 (~10.7% of source) |
| Test functions per source function | 1.5× |
Code patterns
| Pattern | Count |
|---|---|
if err != nil checks | 6,554 |
defer statements | 706 |
struct types defined | 2,709 |
//nolint suppressions | 179 |
TODO / FIXME / HACK comments | 2 |
Project
| Metric | Value |
|---|---|
| Go packages | 224 |
Direct dependencies (go.mod) | 13 |
| Indirect dependencies | 50 |
| Git commits | 217 |
| Unique contributors | 4 |
Hall of fame
| Record | File |
|---|---|
| Longest source file | internal/tools/projects/projects.go — 3,818 lines |
| Longest test file | internal/tools/projects/projects_test.go — 7,931 lines |
Because why not
| Fact | Value |
|---|---|
| Source code printed at 55 lines/page | ~3,490 pages of A4 |
Source lines mentioning "gitlab" | 12,399 (impossible to avoid) |
| Longest function name in source | assertDynamicCompatibilityPolicyOwnedByActionCompat (51 chars) |
| Longest test function name | TestRequiredMissingAndUnknownParamNames_SchemaValidation_ReturnsSortedMissingAndUnknown (87 chars) |