Gitlab MCP Server
The gitlab-mcp-server exposes the entire GitLab REST API v4 as MCP tools, resources, and prompts, enabling AI assistants to interact with GitLab using natural language.
Scale & Coverage
1006 individual MCP tools across 162 domain packages
42 meta-tools (57 with Enterprise) that group related operations to reduce LLM token overhead
24 read-only resources, 38 AI-optimized prompts, 11 sampling tools, and 4 elicitation wizards
Core GitLab Operations
Projects & Repositories: Create/read/update/delete projects; browse file trees, read/write/delete files, manage commits, diffs, branches, tags, cherry-pick, revert, compare, submodules
Merge Requests: Full lifecycle management including approvals, inline code review, draft notes, threaded discussions, rebase
Issues & Work Items: Full CRUD, linked issues, time tracking, notes, discussions, epics (GraphQL)
CI/CD: Manage pipelines, jobs, schedules, CI variables, runners, feature flags, job token scopes, CI catalog, lint CI config
Groups & Users: Manage groups, subgroups, members, labels, milestones; user lifecycle (block, ban, deactivate), SSH/GPG keys
Environments & Deployments: Full CRUD with approval/rejection workflows and protected environments
Packages & Registry: Package registry, container registry, protection rules, snippets, wikis
Administration: Instance settings, Sidekiq, OAuth apps, broadcast messages, system hooks, search across global/group/project scope
Access & Security: Deploy keys/tokens, project/group/personal access tokens, runner management
AI-Powered Analysis (Sampling Tools)
Code review of MR diffs, security review (OWASP Top 10), pipeline failure root cause analysis, issue scope assessment, CI config review, deployment history analysis, technical debt detection (TODO/FIXME/HACK), release notes generation, milestone reports
Interactive Wizards (Elicitation Tools)
Step-by-step guided creation of issues, merge requests, releases, and projects
Deployment & Security
Supports stdio and HTTP (Streamable HTTP) transports
Cross-platform: Windows, Linux, macOS (amd64 & arm64), Docker
Self-hosted GitLab support with custom TLS certificates
Read-only mode, safe mode (dry-run preview), automatic pagination and rate-limit retry
Continuous security monitoring via SonarCloud
Compatible with VS Code + Copilot, Claude Desktop, Claude Code, Cursor, Windsurf, JetBrains, Zed, Kiro, and other MCP clients
Compatible with Windsurf (Codeium's editor), enabling GitLab operations through the MCP server within the AI-assisted development environment.
Supports integration with VS Code through GitHub Copilot, allowing AI-assisted GitLab operations directly within the development environment via MCP server configuration.
Provides comprehensive GitLab REST API v4 coverage with 1006 tools across 162 domain sub-packages, enabling AI assistants to manage projects, branches, tags, releases, merge requests, issues, pipelines, jobs, groups, users, wikis, environments, deployments, packages, container registry, runners, and more through natural language commands.
Supports integration with JetBrains IDEs through the AI Assistant MCP configuration, allowing GitLab operations within IntelliJ-based development environments.
GitLab MCP Server
Connect your AI assistant to GitLab so it can review merge requests, triage pipelines, manage issues, and draft releases — in plain language. One static binary (or a container), 1000+ GitLab tools over the full REST + GraphQL API, working with Claude, Cursor, VS Code, and any MCP client.
You talk to your AI assistant; it does the GitLab work. No project IDs, API endpoints, or JSON to remember.
"Review merge request !15 — is it safe to merge?" · "Why did the last pipeline fail?" · "List open issues assigned to me" · "Generate release notes from v1.0 to v2.0"
🤖 Using an AI assistant? Give it this repository URL and ask it to install the server for your client. Everything a model needs to do it headlessly — the declarative per-client config,
claude mcp addone-liners, and defaults — is inllms.txt(no interactive wizard required).
Install in 60 seconds
Pick one. Each path ends with you typing a prompt to your assistant.
One-click install
Each button registers the Docker-based server (auto-pulls the image on first run; you need Docker installed). The Claude Desktop row instead downloads a native .mcpb desktop extension (macOS universal + Windows, no Docker) — open it with Claude Desktop and fill in the settings. Need a token? Create a Personal Access Token with the api scope. Self-managed GitLab? Add a GITLAB_URL env var in your client's MCP config after install.
Claude Code (claude mcp add)
Docker (no install — pulls the image on first run):
claude mcp add gitlab --env GITLAB_TOKEN=glpat-xxxx --transport stdio \
-- docker run -i --rm -e GITLAB_TOKEN ghcr.io/jmrplens/gitlab-mcp-server:latest --http=falseOr install the native binary first, then register it:
# macOS/Linux (Homebrew)
brew install jmrplens/tap/gitlab-mcp-server
# Linux/macOS (script)
curl -fsSL https://raw.githubusercontent.com/jmrplens/gitlab-mcp-server/main/scripts/install.sh | sh
# Windows (PowerShell)
irm https://raw.githubusercontent.com/jmrplens/gitlab-mcp-server/main/scripts/install.ps1 | iex
claude mcp add gitlab --env GITLAB_TOKEN=glpat-xxxx -- gitlab-mcp-serverSelf-managed GitLab? Add --env GITLAB_URL=https://gitlab.example.com (and --env GITLAB_SKIP_TLS_VERIFY=true for self-signed certs).
Guided setup (any client, no flags to remember)
The binary ships a setup wizard that collects your GitLab token and configures your MCP client for you — ideal if you'd rather not edit JSON:
gitlab-mcp-server --setupIt auto-detects VS Code, Claude Desktop, Claude Code, Cursor, and Windsurf and writes the right config. On Windows, double-click the .exe to launch it.
Manual JSON (Claude Desktop, Cursor, VS Code, …)
Native binary (Claude Desktop mcpServers, Cursor, etc.):
{
"mcpServers": {
"gitlab": {
"command": "/path/to/gitlab-mcp-server",
"env": { "GITLAB_TOKEN": "glpat-xxxxxxxxxxxxxxxxxxxx" }
}
}
}VS Code (.vscode/mcp.json, note servers + type):
{
"servers": {
"gitlab": {
"type": "stdio",
"command": "/path/to/gitlab-mcp-server",
"env": { "GITLAB_TOKEN": "glpat-xxxxxxxxxxxxxxxxxxxx" }
}
}
}Docker variant — replace "command"/"args" with:
"command": "docker",
"args": ["run", "-i", "--rm", "-e", "GITLAB_TOKEN", "ghcr.io/jmrplens/gitlab-mcp-server:latest", "--http=false"]For a shared, long-running HTTP deployment instead of per-user stdio, see HTTP Server Mode.
Then just ask: open your AI client and try "List my GitLab projects." See the Getting Started guide for per-client details and more example prompts.
Related MCP server: GitLab MCP Server
Why this server
🗣️ Plain-language GitLab. The AI translates "is MR !15 safe to merge?" into the right API calls. You don't touch endpoints, IDs, or JSON.
🧰 The whole platform — 1000+ tools. Broad GitLab REST v4 + GraphQL coverage: projects, branches, tags, releases, merge requests, issues, pipelines, jobs, groups, users, wikis, environments, deployments, packages, container registry, runners, feature flags, CI/CD variables, security, admin, tokens, and more.
🪶 Low-token by default. The default dynamic surface exposes just 2 tools (
find+execute) while reaching the full catalog — so it fits any client's context window. (Token footprint →)✅ Proven with real models. An automated evaluator runs Anthropic, Google, OpenAI, and Qwen against live GitLab instances: 99.5% aggregate success across thousands of operations. (Results →)
🔒 Safe by design. Read-only mode, safe mode (dry-run preview of every mutation), TLS options for self-hosted GitLab, and continuous SonarCloud quality/security gates.
🖥️ Runs anywhere. One static binary or container; Windows, Linux & macOS; amd64 & arm64; stdio (desktop) and HTTP (remote).
45 MCP resources (read-only data: projects, issues, pipelines, MRs, branches, members, the surface-aware
gitlab://toolsmanifest, and workflow best-practice guides).37 MCP prompts (code review, pipeline status, risk assessment, release notes, standup, analytics, audit, and more).
4 elicitation wizards (interactive issue/MR/release/project creation).
3 MCP capabilities (completions, progress, elicitation) and 50 SVG tool icons for visual identification in MCP clients.
Pagination on every list endpoint with full metadata.
Tool surfaces
The server can present GitLab in three shapes, controlled by TOOL_SURFACE. The default needs no configuration.
Surface | Visible tools | Best for |
Dynamic (default) | 2 ( | Lowest token cost; reaches the full catalog via find/execute. |
Meta-tools ( | 32 base / 49 Ultimate / 50 GitLab.com Ultimate | Domain-grouped dispatchers with an |
Individual ( | ~847 Free/CE · ~999 Premium · 1065–1071 Ultimate | One MCP tool per GitLab operation; needs a large context window. |
Tool counts scale with your GitLab edition (GITLAB_TIER); higher tiers expose more actions. See Dynamic Toolset and Meta-Tools Reference for the ranking model, safety guards, and full catalogs. For dynamic runs where resources dominate context, set CAPABILITY_SURFACE=minimal.
Token Footprint
Measured with go run ./cmd/audit_tokens/ -footprint against the current catalog. Totals estimate startup context visible to an MCP client: visible tool schemas plus shared resources and prompts, using the cl100k_base tokenizer (GPT-4/GPT-3.5 encoding). For the full matrix (meta and individual surfaces, all META_PARAM_SCHEMA modes), see Token Footprint Reference.
Default configuration: with TOOL_SURFACE unset or TOOL_SURFACE=dynamic, CAPABILITY_SURFACE=full, META_TOOLS unset, META_PARAM_SCHEMA=opaque, and GITLAB_TIER unset (detected, fallback free), the server uses the dynamic find/execute surface. Use TOOL_SURFACE=meta only when you explicitly want domain meta-tools; use TOOL_SURFACE=individual only when your client can handle the full tool catalog.
Configuration ( | Tier | Visible tools | Reachable actions |
| Tool schema tokens | Shared tokens | Total tokens |
| Free/CE | 2 | 851 | n/a | 2,180 | 31,758 | 33,938 |
| Free/CE | 2 | 851 | n/a | 2,180 | 1,088 | 3,268 |
| Premium | 2 | 1,003 | n/a | 2,180 | 31,758 | 33,938 |
| Premium | 2 | 1,003 | n/a | 2,180 | 1,088 | 3,268 |
| Ultimate | 2 | 1,069 | n/a | 2,180 | 31,758 | 33,938 |
| Ultimate | 2 | 1,069 | n/a | 2,180 | 1,088 | 3,268 |
Rows use the base Community Edition catalog unless the Tier column says otherwise. GITLAB_TIER controls which actions are available; higher tiers expose more tools and thus more reachable actions.
Compatibility
MCP Capability | Support |
Tools | Up to 1071 individual / 32–50 meta |
Resources | 45 (static + templates) |
Prompts | 37 templates |
Completions | Project, user, group, branch, tag |
Logging | Structured (text/JSON) to stderr |
Progress | Tool execution progress reporting |
Elicitation | 4 interactive creation wizards |
Tested with: VS Code + GitHub Copilot, Claude Desktop, Claude Code, Cursor, Windsurf, JetBrains IDEs, Zed, Kiro, Cline. See the full Compatibility Matrix.
AI Model Tool-Use Evaluation
The project includes an automated evaluator for model-facing MCP quality. It runs schema-only checks against the tool catalog or executes validated model tool calls through MCP against Docker GitLab CE or licensed Enterprise instances populated with fixtures. It measures whether each model chooses the correct action, sends valid parameters, recovers from actionable GitLab errors, and respects destructive-action safeguards — across Anthropic, Google, OpenAI, and Qwen.
Current published result: Docker CE dynamic 20260627-232303.
Provider | Model | Compatibility | Tool accuracy | Recovery | Docker live status |
Anthropic |
| OK | 100.0% | 100.0% (2/2) | 100.0% final across 555 ops |
| OK | 100.0% | 100.0% (4/4) | 100.0% final across 555 ops | |
OpenAI |
| Review | 99.3% | 84.6% (11/13) | 98.0% final across 555 ops |
Qwen |
| OK | 100.0% | 100.0% (5/5) | 100.0% final across 555 ops |
The published model-evaluation set covers 596 task attempts and 2220 expected MCP operations. Across the selected reports, models emitted 2265 tool calls over 2265 model requests, with 99.5% aggregate final success. See AI Model Evaluation Results for the detailed current matrix.
Current published result: Docker Enterprise meta 20260527.
Provider | Model | Compatibility | Tool accuracy | Recovery | Docker live status |
Anthropic |
| OK | 100.0% | 100.0% (1/1) | 100.0% final across 84 ops |
| Review | 78.2% | 100.0% (7/7) | 100.0% final across 84 ops | |
OpenAI |
| Review | 100.0% | 100.0% (4/4) | 100.0% final across 84 ops |
Qwen |
| OK | 100.0% | 100.0% (1/1) | 100.0% final across 84 ops |
The published model-evaluation set covers 92 task attempts and 336 expected MCP operations. Across the selected reports, models emitted 345 tool calls over 350 model requests, with 100.0% aggregate final success. See AI Model Evaluation Results for the detailed current matrix.
Current published result: Docker Enterprise dynamic 20260628-015421.
Provider | Model | Compatibility | Tool accuracy | Recovery | Docker live status |
Anthropic |
| OK | 100.0% | 100.0% (1/1) | 100.0% final across 202 ops |
| OK | 100.0% | 100.0% (2/2) | 100.0% final across 202 ops | |
OpenAI |
| OK | 100.0% | No repairs | 100.0% final across 202 ops |
Qwen |
| OK | 100.0% | 100.0% (1/1) | 100.0% final across 202 ops |
The published model-evaluation set covers 124 task attempts and 808 expected MCP operations. Across the selected reports, models emitted 817 tool calls over 817 model requests, with 100.0% aggregate final success. See AI Model Evaluation Results for the detailed current matrix.
Documentation
Full documentation is at jmrplens.github.io/gitlab-mcp-server. Use this map for the source-of-truth reference on a specific area:
Document | Description |
Download, setup wizard, per-client configuration | |
Per-client stdio, HTTP legacy, and HTTP OAuth examples | |
Environment variables, transport modes, TLS | |
Exhaustive environment variable table with defaults and examples | |
All command-line flags, exit codes, and runtime examples | |
Shared HTTP deployments, authentication, server pool isolation | |
All individual tools with input/output schemas, including GitLab.com-only Orbit | |
32/48/49 domain meta-tools with action dispatching | |
2-tool low-token mode with canonical action catalog, safety model, and examples | |
All 45 resources with URI templates | |
All 37 prompts with arguments and output format | |
Self-update mechanism, modes, and release format | |
Unit, E2E, schema model evaluation, Docker model evaluation, and curated model results | |
Security model, token scopes, input validation | |
System architecture, component design, data flow | |
Building, testing, CI/CD, contributing | |
Common startup, token, TLS, transport, and tool-discovery issues |
FAQ
Yes. Set GITLAB_URL to your instance URL. When GITLAB_URL is omitted, stdio mode uses https://gitlab.com. Self-signed TLS certificates are supported via GITLAB_SKIP_TLS_VERIFY=true.
The server runs locally on your machine (stdio mode) or on your own infrastructure (HTTP mode). No data is sent to third parties — all API calls go directly to your GitLab instance. See SECURITY.md for details.
Yes. Set GITLAB_READ_ONLY=true to disable all mutating tools (create, update, delete). Only read operations will be available.
Alternatively, set GITLAB_SAFE_MODE=true for a dry-run mode: mutating tools remain visible but return a structured JSON preview instead of executing. Useful for auditing, training, or reviewing what an AI assistant would do.
Both Community Edition (CE) and Enterprise Edition (EE). Set GITLAB_TIER=premium or GITLAB_TIER=ultimate in stdio mode to enable additional tools for Premium/Ultimate features (DORA metrics, vulnerabilities, compliance, etc.); leave it unset to detect the tier from the instance license (fallback free). In HTTP mode, --tier can force the tier, otherwise it is detected per token+URL pool entry from the license.
The server includes retry logic with backoff for GitLab API rate limits. Errors are classified as transient (retryable) or permanent, with actionable hints in error messages.
Any MCP-compatible client: VS Code + GitHub Copilot, Claude Desktop, Cursor, Claude Code, Windsurf, JetBrains IDEs, Zed, Kiro, and others. The built-in setup wizard can auto-configure most clients.
Building from Source
git clone https://github.com/jmrplens/gitlab-mcp-server.git
cd gitlab-mcp-server
make buildThe published container image is ghcr.io/jmrplens/gitlab-mcp-server:latest. See the Development Guide for cross-compilation, Docker Compose, and contributing guidelines.
Component | Technology |
Language | Go 1.26+ |
MCP SDK |
|
GitLab Client |
|
Transport | stdio (default), HTTP (Streamable HTTP) |
Privacy Policy
The server runs entirely on your machine and has no telemetry, analytics, or backend of its own — data flows only between your MCP client and the GitLab instance you configure (plus an optional signed-binary update check against GitHub Releases). Your token is used solely to authenticate GitLab requests and is never logged. Full details: PRIVACY.md.
Contributing & Security
Contributing: see CONTRIBUTING.md for development guidelines, branch naming, commit conventions, and the PR process.
Security: see SECURITY.md for the security policy and vulnerability reporting.
Code of Conduct: see CODE_OF_CONDUCT.md (Contributor Covenant v2.1).
Repository mirror: GitHub is the canonical repository. A read-only mirror is available on GitLab.com for discoverability; please open contributions on GitHub.
File counts
Category | Files | Lines |
Source ( | 966 | 192,834 |
Unit tests ( | 535 | 297,899 |
End-to-end tests | 169 | 43,893 |
Total | 1,670 | 534,626 |
Functions
Category | Count |
Source functions | 7,394 |
— exported (public) | 2,590 |
— unexported (private) | 4,804 |
Unit test functions ( | 11,541 |
Subtests ( | 2,887 |
End-to-end test functions | 376 |
Ratios worth noting
Observation | Value |
Test lines vs source lines | 1.54× more tests than code |
Average source file length | ~199 lines |
Average test file length | ~556 lines |
Comment lines in source | 20,980 (~10.9% of source) |
Test functions per source function | 1.6× |
Code patterns
Pattern | Count |
| 6,605 |
| 828 |
| 2,708 |
| 204 |
| 3 |
Project
Metric | Value |
Go packages | 227 |
Direct dependencies ( | 13 |
Indirect dependencies | 50 |
Git commits | 248 |
Unique contributors | 4 |
Hall of fame
Record | File |
Longest source file |
|
Longest test file |
|
Because why not
Fact | Value |
Source code printed at 55 lines/page | ~3,506 pages of A4 |
Source lines mentioning | 12,488 (impossible to avoid) |
Longest function name in source |
|
Longest test function name |
|
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/jmrplens/gitlab-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server