CERN GitLab MCP Server
The CERN GitLab MCP Server connects LLMs to CERN GitLab, enabling discovery, browsing, and analysis of High Energy Physics (HEP) code and repositories through 14 specialized tools.
Search & Discovery
Search Projects – Find public CERN GitLab projects by keyword, topic, or programming language
Search Code – Find code snippets globally or within specific projects, with line-level context (requires authentication)
Search LHCb Stack – Search code within a specific LHCb software stack (e.g.,
sim11) with automatic Git reference resolution (requires authentication)Search Issues – Find issues and discussions within a project or across all accessible projects (requires authentication)
Browse & Read Repositories
Get Project Info – Retrieve detailed metadata (stars, description, languages, statistics)
List Project Files – Browse files and directories, with recursive listing and branch support
Get File Content – Fetch file content with binary detection and syntax highlighting hints
Get Project README – Auto-detect and retrieve the project README
Get Wiki Pages – List or retrieve project wiki pages (requires authentication)
Analyze & Inspect
Inspect Project – Analyze project structure, build systems (CMake, Make, etc.), dependencies, and CI/CD configuration in a single report
Releases & Versions
List Releases – Browse release history with tags, dates, and descriptions
Get Release – Retrieve release notes, assets, and download links for a specific release
List Tags – List version tags with filtering and sort control
Connectivity & Operations
Test Connectivity – Verify connection, check authentication status, and retrieve GitLab version info
Flexible deployment – Single-user stdio mode, multi-user HTTP mode for centralized deployments, or a dedicated CLI
Authentication – Works without tokens for public repositories; a personal access token unlocks code search, issue search, wiki access, and private/internal projects
Robustness – Built-in rate limiting, retries with exponential backoff, and graceful error handling
LLM integration – Compatible with Claude Desktop, Claude Code, GitHub Copilot, Gemini CLI, and more
Facilitates analysis of C++ projects through dependency parsing and retrieval of build configuration files.
Provides tools to find and analyze CMakeLists.txt files to understand repository build structures.
Enables the discovery and analysis of scientific codebases by parsing dependency files within Fortran ecosystems.
Enables repository exploration through file tree browsing, tag management, and release tracking.
Provides comprehensive tools for searching repositories, browsing files, and analyzing CI/CD configurations and wiki pages on CERN GitLab instances.
Allows for the retrieval and analysis of Makefiles to understand project build configurations.
Supports analysis of Python projects by parsing requirements.txt, pyproject.toml, and setup.py files to identify dependencies.
Parses TOML-based configuration files, such as pyproject.toml, to extract project dependency and metadata information.
Enables structural analysis of YAML files, specifically targeting GitLab CI/CD configurations and Conda environment definitions.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@CERN GitLab MCP Serversearch for ATLAS analysis repositories written in Python"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Features
14 MCP tools for searching, browsing, and analyzing CERN GitLab repositories
Dual-mode operation — stdio (single-user) and HTTP (multi-user) modes
CLI tool (
cerngitlab-cli) for direct command-line usagePublic access — works without authentication for public repositories
Multi-user HTTP mode — CERN SSO + GitLab OAuth authentication for centralized deployments; GitLab enforces all access permissions natively
HEP-focused — dependency parsing for Python and C++ ecosystems, binary detection for
.rootfiles, issue searchRobust — rate limiting, retries with exponential backoff, graceful error handling
Installation
Requires Python 3.10+.
Quickstart (recommended)
No installation needed — just use uvx to run directly:
uvx cerngitlab-mcpFrom PyPI
pip install cerngitlab-mcpFrom source
git clone https://github.com/MohamedElashri/cerngitlab-mcp
cd cerngitlab-mcp
uv syncConfiguration
All settings are configured via environment variables prefixed with CERNGITLAB_:
Variable | Default | Description |
|
| GitLab instance URL |
| (empty) | Personal access token (optional, for stdio mode) |
|
| HTTP timeout in seconds |
|
| Max retries for failed requests |
|
| API rate limit |
|
| Logging level |
| (empty) | Default Git branch or tag to search within. Empty means all branches. |
| (empty) | Set any value to auto-detect HTTP mode |
|
| HTTP server bind address |
|
| HTTP server bind port |
| (empty) | HTTP mode — CERN SSO OAuth client ID |
| (empty) | HTTP mode — GitLab OAuth application client ID |
| (empty) | HTTP mode — GitLab OAuth application client secret |
|
| HTTP mode — Public base URL (used for OAuth callback) |
|
| HTTP mode — Directory for persisting OAuth session files |
Authentication
The server works in two modes:
Without token — Access to all public repositories. Sufficient for most HEP code discovery.
With token — Additional access to internal/private projects, code search, and wiki pages.
To create a token:
Go to https://gitlab.cern.ch/-/user_settings/personal_access_tokens
Create a token with
read_apiscopeSet
CERNGITLAB_TOKEN=glpat-xxxxxxxxxxxx
Note: The code search (
search_code), issue search (search_issues), and wiki (get_wiki_pages) tools require authentication on CERN GitLab.
Usage
Claude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"cerngitlab": {
"command": "uvx",
"args": ["cerngitlab-mcp"],
"env": {
"CERNGITLAB_TOKEN": "glpat-xxxxxxxxxxxx"
}
}
}
}Note for macOS users: If you see an error about
uvxnot being found, you may need to provide the absolute path. Claude Desktop does not support~or$HOMEexpansion.
Run
which uvxin your terminal to find the path (e.g.,/Users/yourusername/.local/bin/uvx).Use that absolute path in the
commandfield:"command": "/Users/yourusername/.local/bin/uvx"
Claude Code
Project-specific (default) — installs in the current directory's configuration:
claude mcp add cerngitlab-mcp -- uvx cerngitlab-mcpGlobal — installs for your user account (works in all projects):
claude mcp add --scope user cerngitlab-mcp -- uvx cerngitlab-mcpTo include authentication, add -e CERNGITLAB_TOKEN=glpat-xxxxxxxxxxxx before the --:
# Example: Global installation with token
claude mcp add --scope user -e CERNGITLAB_TOKEN=glpat-xxxxxxxxxxxx cerngitlab-mcp -- uvx cerngitlab-mcpManual Configuration — you can also manually edit your global config at ~/.claude.json (on Linux/macOS) or %APPDATA%\Claude\claude.json (on Windows):
{
"mcpServers": {
"cerngitlab": {
"command": "uvx",
"args": ["cerngitlab-mcp"],
"env": {
"CERNGITLAB_TOKEN": "glpat-xxxxxxxxxxxx"
}
}
}
}GitHub Copilot
Add to your VS Code settings.json:
{
"mcp": {
"servers": {
"cerngitlab": {
"command": "uvx",
"args": ["cerngitlab-mcp"],
"env": {
"CERNGITLAB_TOKEN": "glpat-xxxxxxxxxxxx"
}
}
}
}
}Or add a .vscode/mcp.json to your project:
{
"servers": {
"cerngitlab": {
"command": "uvx",
"args": ["cerngitlab-mcp"],
"env": {
"CERNGITLAB_TOKEN": "glpat-xxxxxxxxxxxx"
}
}
}
}Gemini CLI
Add to your ~/.gemini/settings.json:
{
"mcpServers": {
"cerngitlab": {
"command": "uvx",
"args": ["cerngitlab-mcp"],
"env": {
"CERNGITLAB_TOKEN": "glpat-xxxxxxxxxxxx"
}
}
}
}Direct usage
Stdio Mode (Single-User, Default)
# Run with uvx (no install needed)
uvx cerngitlab-mcp
# Or if installed from PyPI
cerngitlab-mcp
# Explicit stdio mode
cerngitlab-mcp --mode stdio
# Or from source
uv run cerngitlab-mcp
# With authentication
CERNGITLAB_TOKEN=glpat-xxx uvx cerngitlab-mcpHTTP Mode (Multi-User)
# HTTP mode for multi-user deployment
cerngitlab-mcp --mode http --host 0.0.0.0 --port 8080
# Or use environment variables
CERNGITLAB_HTTP_MODE=true CERNGITLAB_HOST=0.0.0.0 CERNGITLAB_PORT=8080 cerngitlab-mcp
# Dedicated HTTP entry point
cerngitlab-mcp-httpMode Selection
--mode stdio- Single-user mode using stdin/stdout (default)--mode http- Multi-user mode using HTTP API--mode auto- Auto-detect based on environment variables
The server automatically detects HTTP mode if CERNGITLAB_HTTP_MODE, CERNGITLAB_HOST, or CERNGITLAB_PORT environment variables are set.
Tools
Tool | Description | Auth required |
| Search for public CERN GitLab projects (repositories) by keyword, topic, or language | No |
| Get detailed project metadata (stars, description, languages, statistics) | No |
| List files and directories in a project's repository | No |
| Fetch the content of a specific file (includes binary detection) | No |
| Get the README content for a project | No |
| Search for code within a specific project or globally | Yes* |
| Search for code within an LHCb software stack (e.g., 'sim11'), with automatic Git ref resolution | Yes* |
| Search for issues in a project | Yes |
| List wiki pages for a project | Yes |
| Analyze project structure, build system, dependencies, and CI/CD | No |
| List releases for a project | No |
| Get details of a specific release | No |
| List tags for a project | No |
| Test connection to the GitLab instance | No |
For detailed parameter documentation, see docs/dev.md.
Example Prompts
Search for repositories
"Search CERN GitLab for Python repositories related to ROOT analysis and show me the most starred ones"
Understand a project
"Get the README and file structure of the lhcb/DaVinci project on CERN GitLab"
Find fitting examples
"Search for repositories on CERN GitLab that use RooFit and show me example fitting code"
View LHCb software stack code
"Search the LHCb sim11 stack for the initialization routines in the Boole project"
Analyze a project structure
"Inspect the lhcb/allen project to understand its build system, dependencies, and CI pipeline configuration"
Find usage context
"Search for issues related to 'segmentation fault' in the atlas/athena project to see if others have encountered this"
Track releases
"List the recent releases of lhcb/DaVinci and show me the release notes for the latest version"
Find framework configurations
"Search for Gaudi framework configuration files on CERN GitLab and show me examples"
Development
See docs/dev.md for development setup, project structure, testing, and release instructions.
Multi-User HTTP Deployment
HTTP mode provides a centralized server for multiple users. It uses CERN SSO + GitLab OAuth for authentication, users authenticate with their existing CERN identity, and GitLab's own permission system enforces all access controls.
Prerequisites
CERN SSO client — Register a client at the CERN Authorization Service. Note the client ID.
GitLab OAuth application — Create one at
https://gitlab.cern.ch/-/profile/applications.Set the redirect URI to
https://gitlabmcp.cern.ch/oauth/callback(replace with actual URL)Enable the
read_api read_repository read_userscopesNote the application ID and secret.
Setup
export CERNGITLAB_CERN_CLIENT_ID=your-cern-sso-client-id
export CERNGITLAB_GITLAB_OAUTH_CLIENT_ID=your-gitlab-oauth-app-id
export CERNGITLAB_GITLAB_OAUTH_CLIENT_SECRET=your-gitlab-oauth-secret
export CERNGITLAB_SERVER_BASE_URL=https://gitlabmcp.cern.ch
export CERNGITLAB_SESSION_STORAGE_PATH=/var/lib/cerngitlab/sessions # optional
# Start the server
cerngitlab-mcp --mode http --host 0.0.0.0 --port 8000See examples/oauth_server.py in the repository for a self-contained reference script.
Authentication Flow
Client sends a request with
Authorization: Bearer <cern-sso-token>header.Server validates the CERN SSO token via CERN's JWKS endpoint.
If the user has no active GitLab OAuth session, the server returns HTTP 202 with a
authorization_urlfield.The user visits that URL, authorizes the GitLab OAuth application, and is redirected back to
/oauth/callback.Subsequent requests are served using the stored GitLab OAuth token. Sessions expire after 2 hours.
API Endpoints
Method | Path | Auth | Description |
|
| — | Server information |
|
| — | Health check |
|
| CERN SSO | Start or check the OAuth authorization flow |
|
| — | Receive the GitLab OAuth code (browser redirect) |
|
| CERN SSO | List available MCP tools |
|
| CERN SSO | Execute a specific tool |
|
| CERN SSO | Revoke the current user's OAuth session |
|
| — | List all active sessions (admin use) |
Example Usage
Assuming the server is running at https://gitlabmcp.cern.ch and the CERN_SSO_TOKEN environment variable is set to a valid CERN SSO token:
# Step 1 – check authorization status
curl -H "Authorization: Bearer $CERN_SSO_TOKEN" \
https://gitlabmcp.cern.ch/oauth/authorize
# If 202, visit the returned authorization_url in a browser and authorize.
# Step 2 – list available tools (once authorized)
curl -H "Authorization: Bearer $CERN_SSO_TOKEN" \
https://gitlabmcp.cern.ch/tools
# Step 3 – execute a tool
curl -X POST -H "Authorization: Bearer $CERN_SSO_TOKEN" \
-H "Content-Type: application/json" \
-d '{"arguments": {"query": "ROOT"}}' \
https://gitlabmcp.cern.ch/tools/search_projects
# Revoke session
curl -X DELETE -H "Authorization: Bearer $CERN_SSO_TOKEN" \
https://gitlabmcp.cern.ch/sessionCLI Tool
A command-line interface is also available for direct usage without the MCP server:
# Install or use with uvx
uvx cerngitlab-cli
# Test connectivity
cerngitlab-cli test-connection
# Search for projects
cerngitlab-cli search-projects --query "ROOT analysis" --language python
# Get project info
cerngitlab-cli get-project-info --project lhcb/DaVinci
# Search code
cerngitlab-cli search-code --search-term "RooFit" --per-page 10
# Inspect project structure
cerngitlab-cli inspect-project --project lhcb/allenAll commands output JSON to stdout for easy piping and composition. See cerngitlab-cli --help for the full list of commands.
Skill File
A detailed skill file (SKILL.md) is available with:
Complete documentation of all 14 tools
Input/output specifications
Usage examples
Authentication requirements
This can be used by LLMs or agents to understand the available tools and how to use them.
License
This software is provided under the AGPL-3.0 license.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/MohamedElashri/cerngitlab-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server