GitLab MCP Server

EXCEPTIONS_REPORT.md•7.03 KiB

# GitLab MCP Server - Exceptions to AgenticLedger Guidelines This document details any deviations from the AgenticLedger MCP Platform Integration Guidelines and justifications for each. --- ## Summary | Guideline | Compliance | Exception Details | |-----------|------------|-------------------| | Authentication Pattern | COMPLIANT | Using API Key pattern | | accessToken in all tools | COMPLIANT | All 28 tools include accessToken | | Response format { success, data, error } | COMPLIANT | All responses use standard format | | Zod schemas with .describe() | COMPLIANT | All parameters have descriptions | | Official client library | EXCEPTION | See Exception #1 | | PLATFORM_INTEGRATION_REPORT.md | PARTIAL | Template created, requires real testing | | ABILITIES_LIMITATIONS.md | COMPLIANT | Comprehensive documentation provided | | Test scripts | EXCEPTION | See Exception #2 | --- ## Exception #1: No Official GitLab Client Library Used ### Guideline Requirement > Use official client libraries (not manual HTTP calls) ### What We Did We implemented a custom `GitLabClient` class using `node-fetch` for HTTP requests instead of an official GitLab client library. ### Justification 1. **No Official MCP-Compatible Library**: GitLab does not provide an official JavaScript/TypeScript client library that: - Is actively maintained - Works with ESM modules (required by MCP SDK) - Is lightweight enough for MCP server use 2. **Available Libraries Are Problematic**: - `@gitbeaker/rest` - Heavy dependency, complex API, overkill for our needs - `gitlab` npm package - Outdated, CommonJS only - No library designed for the simple request/response pattern needed 3. **Our Implementation Follows Best Practices**: - Type-safe with TypeScript - Proper error handling with specific error codes - No credentials in logs - Consistent response format - Clean abstraction layer 4. **Recommendation for Platform Team**: If strict compliance is required, we can migrate to `@gitbeaker/rest`, but this will: - Increase bundle size significantly - Add complexity to error handling - Require additional testing ### Risk Assessment **Low Risk** - The GitLab REST API is stable, well-documented, and our implementation follows the official API documentation exactly. --- ## Exception #2: Integration Test Scripts Not Provided ### Guideline Requirement > Provide test scripts that platform team can run ### What We Did We created a comprehensive `PLATFORM_INTEGRATION_REPORT.md` template but did not include automated test scripts. ### Justification 1. **Credential Requirement**: Integration tests require a valid GitLab Personal Access Token with specific scopes. We cannot include test tokens in the repository. 2. **Project Dependency**: Tests need a real GitLab project to test against. Each tester will have different project IDs. 3. **Template Approach**: The PLATFORM_INTEGRATION_REPORT.md serves as a guided manual testing procedure that: - Documents exactly what to test - Provides input/output templates - Ensures comprehensive coverage - Creates audit trail of real API calls ### Remediation Plan If automated tests are required, we can provide: ```typescript // tests/integration.test.ts const TEST_CONFIG = { accessToken: process.env.GITLAB_TEST_TOKEN, projectId: process.env.GITLAB_TEST_PROJECT, groupId: process.env.GITLAB_TEST_GROUP, }; // Run with: GITLAB_TEST_TOKEN=xxx GITLAB_TEST_PROJECT=123 npm run test:integration ``` This would require the platform team to set up test credentials. --- ## Exception #3: Some yoda-digital Features Not Implemented ### Features from yoda-digital Not Included | Feature | Reason | |---------|--------| | Fork repository | Not needed for documentation monitoring | | Push multiple files | Can be added if needed | | SSE transport | stdio transport sufficient for MCP | | HTTP server mode | Not needed for AgenticLedger integration | | Group wiki operations | Added project wiki, can add group if needed | | Read-only mode env var | All tools are stateless, no global state | ### Justification We focused on the core use case: **monitoring documentation changes in GitLab**. This includes: - Reading files and commits - Tracking events and changes - Managing issues/MRs for documentation updates Features like forking, SSE transport, and HTTP mode are not needed for this use case and add unnecessary complexity. ### Adding Missing Features If any of these features are needed, they can be added in future versions. The architecture supports easy extension. --- ## Full Compliance Items ### 1. Authentication Pattern **Requirement:** Choose OAuth, Form-Based, or API Key pattern **Implementation:** API Key (GitLab Personal Access Token) **Status:** FULLY COMPLIANT ### 2. accessToken Parameter **Requirement:** All tools must include accessToken **Implementation:** All 28 tools accept accessToken as first parameter **Status:** FULLY COMPLIANT ### 3. Response Format **Requirement:** `{ success: boolean, data?: any, error?: string }` **Implementation:** All tools return this exact format **Status:** FULLY COMPLIANT ### 4. Zod Schema Validation **Requirement:** All schemas use Zod with .describe() **Implementation:** Every parameter has a .describe() with clear documentation **Status:** FULLY COMPLIANT ### 5. Error Handling **Requirement:** Specific, actionable error messages **Implementation:** Error messages map to specific HTTP status codes: - 401 → "Invalid or expired authentication token" - 403 → "Access forbidden - check token permissions" - 404 → "Resource not found: {endpoint}" - 422 → "Validation error: {message}" - 429 → "Rate limit exceeded - try again later" **Status:** FULLY COMPLIANT ### 6. No Credentials in Logs **Requirement:** Never log sensitive data **Implementation:** No console.log statements, stderr only for fatal errors **Status:** FULLY COMPLIANT ### 7. Documentation **Requirement:** README.md with setup, all tools, examples **Implementation:** Comprehensive README with: - Installation instructions - All 28 tools documented with parameters and examples - Use case workflows - Platform integration notes **Status:** FULLY COMPLIANT ### 8. Abilities & Limitations Library **Requirement:** Document what can/cannot be done, smart alternatives **Implementation:** ABILITIES_LIMITATIONS.md with: - All abilities organized by category - Limitations with technical reasons - 5 smart alternative scenarios - Auto-execute classification for all tools **Status:** FULLY COMPLIANT --- ## Recommendations 1. **Accept Exception #1** - Using a custom HTTP client is standard practice when no suitable official library exists. 2. **Accept Exception #2** - The manual testing template ensures thorough testing while avoiding credential management issues. 3. **Consider Feature Additions** - If fork, multi-file push, or other features are needed, they can be added in v1.1. --- ## Sign-Off **Developer:** [Your Name] **Date:** [Date] **Platform Team Acknowledgment:** ________________________ **Date:** ________________________ --- *This document follows the AgenticLedger Exception Reporting format.*

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/oregpt/Agenticledger_MCP_Gitlab'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

EXCEPTIONS_REPORT.md•7.03 KiB