Gitlab MCP Server
by jmrplens
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| LOG_LEVEL | No | Logging verbosity. Use 'debug' to diagnose tool dispatch or GitLab API issues; use 'warn' or 'error' for low-noise production runs. | info |
| GITLAB_URL | No | GitLab instance URL, e.g. https://gitlab.com or https://gitlab.example.com. Must include http:// or https://. Defaults to GitLab.com. | https://gitlab.com |
| AUTO_UPDATE | No | Self-update mode. 'true' downloads and applies the newest release on start; 'check' only logs availability; 'false' disables it. Keep 'false' in containers because the filesystem is ephemeral. | false |
| GITLAB_TOKEN | Yes | GitLab Personal Access Token with the scopes required by the operations you intend to call. Use 'api' for full functionality; narrower read-only setups can use scopes such as read_api, read_user, read_repository, or read_registry depending on the tools you need. Format: glpat-XXXXXXXXXXXXXXXXXXXX. | |
| TOOL_SURFACE | No | Canonical tool catalog selector. 'dynamic' is recommended for Glama and exposes the low-token gitlab_find_action + gitlab_execute_tool workflow. 'meta' exposes domain meta-tools. 'individual' exposes the full individual tool catalog and can be very large. | dynamic |
| EXCLUDE_TOOLS | No | Comma-separated list of MCP tool names to exclude from registration, e.g. gitlab_admin,gitlab_runner. Useful for hiding high-risk or irrelevant domains. | |
| RATE_LIMIT_RPS | No | Per-server tools/call rate limit in requests per second. '0' disables rate limiting. Use a positive number to protect shared or constrained GitLab instances. | 0 |
| AUTO_UPDATE_REPO | No | GitHub repository slug used for release assets when AUTO_UPDATE is enabled. Keep the default for official releases. | jmrplens/gitlab-mcp-server |
| GITLAB_READ_ONLY | No | When 'true', disables every mutating tool at startup. Only read-only list/get/search-style operations remain. Recommended for exploratory, public, or untrusted-LLM scenarios. | false |
| GITLAB_SAFE_MODE | No | Dry-run mode. Mutating tools stay visible but return a structured JSON preview instead of executing. Read-only tools run normally. If GITLAB_READ_ONLY=true, read-only mode takes precedence. | false |
| RATE_LIMIT_BURST | No | Token-bucket burst size used when RATE_LIMIT_RPS is greater than 0. Must be at least 1 when rate limiting is enabled. | 40 |
| GITLAB_ENTERPRISE | No | Enable GitLab Premium/Ultimate tools. Set to 'true' only when the target instance supports Premium/Ultimate features, or when using GitLab.com with those capabilities. | false |
| META_PARAM_SCHEMA | No | Meta-tool input schema strategy for TOOL_SURFACE=meta. 'opaque' keeps tools/list compact; 'compact' includes action parameter names and simple types; 'full' includes full per-action JSON Schemas and costs significantly more tokens. Has little practical effect in dynamic mode. | opaque |
| CAPABILITY_SURFACE | No | Resource and prompt catalog selector. 'full' registers all resources, prompts, workflow guides, and schema resources. 'minimal' keeps the smallest capability surface; dynamic mode still returns action schemas inline. | full |
| EMBEDDED_RESOURCES | No | When 'true', get-style tool results include EmbeddedResource content blocks with canonical gitlab:// resource URIs. Set to 'false' for clients that do not tolerate duplicate or embedded content blocks. | true |
| AUTO_UPDATE_TIMEOUT | No | Pre-start auto-update download timeout. Valid range is 5s to 10m. Mostly irrelevant when AUTO_UPDATE=false. | 60s |
| AUTO_UPDATE_INTERVAL | No | Periodic update check interval for HTTP-mode background checks. Mostly irrelevant when AUTO_UPDATE=false. | 1h |
| GITLAB_IGNORE_SCOPES | No | Skip Personal Access Token scope detection and register all tools regardless of token permissions. API calls may still fail with 403 if the token lacks the required GitLab scopes. | false |
| UPLOAD_MAX_FILE_SIZE | No | Maximum file size for upload tools. Accepts bytes or human-friendly suffixes such as KB, MB, or GB. Upper bound is 1TB. | 2GB |
| GITLAB_SKIP_TLS_VERIFY | No | Skip TLS certificate verification for self-signed certificates or internal CAs. Use only when you trust the network path to GITLAB_URL. | false |
| GITLAB_MCP_ALLOWED_IMPORT_DIRS | No | Additional OS path-list-separated directories allowed for project/group import archives passed by file path. Current working directory and OS temp directory are always allowed. Archives must resolve inside an allowed directory and use .tar.gz. |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
| logging | {} |
| prompts | {
"listChanged": true
} |
| resources | {
"listChanged": true
} |
| completions | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| gitlab_execute_toolA | Execute one GitLab catalog action by canonical action ID (e.g. domain.action). Always include params as an object: {"action":"domain.action","params":{...}}; use params:{} only for actions with no parameters. Use gitlab_find_action first unless the exact action ID and all required param names are already known. Do NOT guess or invent action IDs. Include ONLY the exact param names from the action schema; do NOT invent extra params. Destructive actions require confirm=true. |
| gitlab_find_actionA | Find GitLab catalog actions by searching with domain keywords (e.g. 'project create', 'merge request approve', 'pipeline retry', 'issue delete', 'ci variable'). Returns exact schemas, required params, safety metadata, and execute examples. ALWAYS use this before gitlab_execute_tool when the canonical action ID or params schema is not already known; do NOT invent action IDs. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| audit_branch_protection | Audit branch protection rules for a GitLab project. Lists all protected branches with push/merge access levels and code owner approval settings. Identifies whether the default branch is protected and highlights potential security gaps. |
| audit_project_access | Audit user access and permissions for a GitLab project. Lists all members (direct and inherited) with their access levels, identifies users with elevated privileges (Maintainer/Owner), and flags inactive or blocked accounts. |
| audit_project_full | Run a comprehensive audit of a GitLab project covering settings, branch protection, access management, labels, milestones, and templates in a single report. Use this for a complete project health assessment with actionable recommendations. |
| audit_project_settings | Audit a GitLab project's core settings. Reviews visibility, merge strategy, CI/CD configuration, default branch, wiki/issues/snippets toggles, and push rules. Use this to identify misconfigurations or deviations from best practices. |
| audit_project_workflow | Audit workflow configuration for a GitLab project: labels (names, colors, descriptions), milestones (open/closed, due dates), and issue/MR templates. Identifies gaps like labels without descriptions, milestones without due dates, or missing templates. |
| branch_mr_summary | List all MRs targeting a specific branch in a project. Shows readiness summary with conflict/draft/approval counts. Ideal for release branch reviews. |
| compare_branches | Compare two Git branches or refs showing commit differences and file changes between them. Useful for understanding divergence before merging or releasing. |
| daily_standup | Generate a daily standup summary based on the user's GitLab activity in the last 24 hours: contribution events, authored MRs, assigned MRs, MRs under review, assigned issues, and created issues. Produces a comprehensive report with done/planned/blockers sections. |
| generate_release_notes | Generate comprehensive release notes from commits, merge requests, and file changes between two Git refs (tags, branches, or SHAs). Produces a structured document with commits, merged MRs with labels, contributors, and statistics for organizing into user-friendly release notes. |
| group_milestone_progress | Track milestone progress across all projects in a group. Shows issue/MR completion per milestone with progress bars. |
| label_distribution | Analyze label usage distribution in a project. Shows open/closed issue counts and open MR counts per label. Zero additional API calls beyond label list. |
| merge_velocity | Analyze MR throughput metrics for a project. Shows merge rate, average time-to-merge, and daily merged count chart. Ideal for tracking team delivery pace. |
| milestone_progress | Track milestone progress for a project. Shows issue/MR completion, progress bar, and due date risk. Omit milestone argument to see all active milestones. |
| mr_review_status | Analyze the discussion health of open MRs in a project. Shows unresolved thread counts per MR to identify items needing attention. |
| mr_risk_assessment | Assess the risk level (LOW/MEDIUM/HIGH/CRITICAL) of a merge request based on size (lines added/removed), number of changed files, new/deleted files, sensitive file patterns (env, auth, migration, CI, security), and conflict status. |
| my_activity_summary | Generate a personal activity summary for a configurable time period. Includes contribution events breakdown, MRs created/merged/reviewed, issues created/closed, and a daily activity chart. Aggregates across all projects. |
| my_issues | Show all issues assigned to you across all projects. Includes overdue detection and project grouping. Use this to see your full issue backlog without specifying a project. |
| my_open_mrs | Show all open merge requests across all projects where you are author or assignee. Results are grouped by project for easy scanning. Use this to get a personal MR dashboard without specifying a project. |
| my_pending_reviews | Show all open merge requests where you are assigned as reviewer across all projects. Helps track which MRs are waiting for your review. Results grouped by project. |
| project_activity_report | Generate a project activity report including recent events, merged MRs, and open issues. Shows daily activity chart and contributor breakdown. |
| project_contributors | Rank project contributors by commits, additions, and deletions. Uses the repository contributors API for accurate stats. |
| project_health_check | Comprehensive project health assessment combining latest pipeline status, open merge requests, and branch hygiene (merged/stale branch counts). Provides actionable recommendations for project maintenance. |
| release_cadence | Analyze release frequency for a project. Shows time between releases, average cadence, and release history chart. |
| release_readiness | Check readiness of a release branch by analyzing open MRs targeting it, draft/conflict counts, and unresolved discussion threads. |
| review_mr | Generate a structured code review for a merge request. Files are categorized by risk (high-risk, business logic, tests, documentation) with per-file metrics and a review plan. Full diffs are included without truncation. |
| reviewer_workload | Analyze review distribution across group members. Shows how many open MRs each member is reviewing and identifies imbalances. Useful for managers to ensure fair review distribution. |
| stale_items_report | Find MRs and issues in a project that haven't been updated for a configurable number of days. Helps identify forgotten or blocked items. |
| suggest_mr_reviewers | Suggest suitable merge request reviewers based on the files changed and the list of active project members. Excludes the MR author from suggestions. |
| summarize_mr_changes | Summarize the changed files and key modifications in a merge request. Lists each file with its change type (new/modified/deleted/renamed). Use this to quickly understand the scope of a merge request. |
| summarize_open_mrs | Summarize all open merge requests in a project including title, author, branches, age in days, and merge status. Highlights stale MRs (>7 days) that need attention. |
| summarize_pipeline_status | Summarize the latest CI/CD pipeline status for a project. Groups jobs by outcome (failed/passed/other) and includes failure reasons for debugging. |
| team_member_workload | Generate a comprehensive workload summary for a specific team member over a configurable time period. Includes contribution events, authored and assigned merge requests, MRs under review, authored and assigned issues. Use this for team management and capacity planning. |
| team_mr_dashboard | List all merge requests for a GitLab group with optional state and target branch filters. Shows MRs grouped by project with summary statistics. |
| team_overview | Generate a team dashboard showing all group members with their open MR counts and recently merged MRs. Includes a workload distribution pie chart. Requires a GitLab group ID. |
| unassigned_items | Find open MRs and issues in a project that have no assignee. Helps identify ownership gaps and items needing attention. |
| user_activity_report | Generate a detailed activity report for a specific user: contribution events, merged MRs, reviewed MRs, daily activity chart. Designed for managers to review team member productivity. |
| user_stats | Generate comprehensive user statistics from GitLab: contribution events breakdown, merge request stats (authored/assigned/reviewed by state), issue stats (authored/assigned by state), daily activity trends, and a Mermaid activity chart. Use this for performance reviews, productivity tracking, or personal dashboards. |
| weekly_team_recap | Generate a comprehensive weekly recap for a team. Combines merged MRs, open MRs, issues activity, and events into a single summary with Mermaid charts. |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
| groups | List all GitLab groups accessible to the authenticated user. Returns each group's ID, name, full path, description, visibility level, and web URL. |
| code_review | Code review checklist and best practices for GitLab merge request reviews. |
| conventional_commits | Conventional commit message format and examples for consistent Git history. |
| git_workflow | Best practices for Git branching strategies with GitLab (feature branches, trunk-based, GitLab Flow). |
| merge_request_hygiene | Guidelines for creating and reviewing high-quality merge requests. |
| pipeline_troubleshooting | Common GitLab CI/CD pipeline issues and how to diagnose and fix them. |
| meta_schema_index | Catalog of every registered meta-tool and its actions. Use the gitlab://schema/meta/{tool}/{action} template resource to fetch the JSON Schema for a specific action's params. |
| current_user | Get the currently authenticated GitLab user profile. Returns username, display name, email, state (active/blocked), admin status, and web URL. |
| workspace_roots | List workspace root directories provided by the MCP client. Use these paths to locate .git/config files and extract git remote URLs for project discovery via gitlab_discover_project. |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/jmrplens/gitlab-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server