gitlab-mcp-server
by DevquasarX9
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| LOG_LEVEL | No | debug, info, warn, or error | info |
| GITLAB_TOKEN | Yes | GitLab PAT, project access token, group access token, or OAuth bearer token | |
| GROUP_ALIASES | No | Comma-separated alias=my-group mappings for group_id inputs | |
| MCP_HTTP_HOST | No | HTTP bind host | 127.0.0.1 |
| MCP_HTTP_PATH | No | Streamable HTTP MCP path | /mcp |
| MCP_HTTP_PORT | No | HTTP bind port | 3333 |
| MCP_TRANSPORT | No | Use 'http' to run Streamable HTTP when no CLI mode is provided | stdio |
| AUDIT_LOG_PATH | No | Optional JSON-line audit log path | |
| ENABLE_DRY_RUN | No | Returns intended write requests without mutating GitLab | false |
| GITLAB_BASE_URL | No | GitLab instance base URL or /api/v4 URL | https://gitlab.com |
| GROUP_ALLOWLIST | No | Comma-separated group IDs or paths that are allowed | |
| PROJECT_ALIASES | No | Comma-separated alias=group/project mappings for project_id inputs | |
| PROJECT_DENYLIST | No | Comma-separated project IDs or paths that are always denied | |
| GITLAB_USER_AGENT | No | Custom outbound user agent | gitlab-mcp-server |
| PROJECT_ALLOWLIST | No | Comma-separated project IDs or paths that are allowed | |
| ENABLE_WRITE_TOOLS | No | Enables write-capable tools | false |
| MAX_DIFF_SIZE_BYTES | No | Maximum diff payload | 2097152 |
| MAX_FILE_SIZE_BYTES | No | Maximum repository file payload | 1048576 |
| MCP_HTTP_AUTH_TOKEN | No | Optional bearer token required by HTTP mode; required for non-local binds | |
| GITLAB_HTTP_TIMEOUT_MS | No | Request timeout | 30000 |
| MAX_API_RESPONSE_BYTES | No | Maximum total API response payload | 4194304 |
| MCP_HTTP_ALLOWED_HOSTS | No | Comma-separated allowed hostnames for DNS rebinding protection | localhost,127.0.0.1,[::1] |
| GITLAB_MCP_TOOL_PROFILE | No | Limits MCP tool discovery to a workflow profile | readonly |
| ENABLE_DESTRUCTIVE_TOOLS | No | Enables destructive tools that also require per-call confirmation | false |
| GITLAB_MCP_ENABLED_TOOLS | No | Comma-separated explicit tool allowlist applied after the profile | |
| GITLAB_TOKEN_HEADER_MODE | No | Use 'private-token' when required by some self-managed setups | bearer |
| MCP_HTTP_ALLOWED_ORIGINS | No | Comma-separated browser origins allowed in HTTP mode | |
| GITLAB_MCP_DISABLED_TOOLS | No | Comma-separated explicit tool denylist applied after the profile | |
| MCP_HTTP_ALLOW_NON_LOCALHOST | No | Allows non-local HTTP binds only when a bearer token is also configured | false |
| EXPOSE_SECRET_VARIABLE_VALUES | No | Keeps CI/CD secret values redacted unless explicitly enabled | false |
| GITLAB_MCP_EXPOSE_DISABLED_WRITES | No | Compatibility override to advertise write/destructive tools even when server-side gates are disabled | false |
Capabilities
Server capabilities have not been inspected yet.
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
No tools | |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/DevquasarX9/mcp-gitlab'
If you have feedback or need assistance with the MCP directory API, please join our Discord server