gitlab-mcp
Provides 44 tools across 18 entity types to manage GitLab resources, including projects, merge requests, pipelines, work items (issues, epics, tasks), wiki pages, repository files, and CI/CD configurations.
Advanced GitLab MCP server
Advanced GitLab MCP server — 58 CQRS tools exposing 230 GitLab operations across 26 entity types. The tool catalog and parameters are filtered to each instance's GitLab version, tier, and token scopes, so the agent sees only what the connected instance actually supports.
Packages
This is a monorepo with two npm packages:
@structured-world/gitlab-mcp— the MCP server. In-memory and file OAuth-session storage, no database dependency. This is all most users need.@structured-world/gitlab-mcp-db— optional PostgreSQL/Prisma OAuth-session backend for running multiple replicas behind a load balancer. Enable it withOAUTH_STORAGE_TYPE=postgresql; see the PostgreSQL deployment guide for the full setup.
Related MCP server: GitLab MCP Server
Quick Start
{
"mcpServers": {
"gitlab": {
"command": "npx",
"args": ["-y", "@structured-world/gitlab-mcp"],
"env": {
"GITLAB_TOKEN": "your_gitlab_token",
"GITLAB_API_URL": "https://gitlab.com"
}
}
}
}Requirements: Node.js >= 24
Highlights
58 tools across 26 entity types — projects, merge requests, pipelines, work items, wiki, and more
CQRS architecture —
browse_*for queries,manage_*for commandsConnection resilience — Bounded startup, auto-reconnect with exponential backoff, disconnected mode when GitLab is unreachable
Multi-instance support — Connect to GitLab.com, self-managed, and self-hosted instances with per-instance OAuth and rate limiting
Multiple transports — stdio, SSE, StreamableHTTP
OAuth 2.1 — Per-user authentication via Claude Custom Connector
Read-only mode — Safe operation for production environments
Auto-discovery — Detects GitLab config from git remotes
Fine-grained control — Enable/disable tool groups, filter actions, customize descriptions
Docker support —
ghcr.io/structured-world/gitlab-mcp:latest
Tool model
GitLab exposes hundreds of API operations. Giving each its own MCP tool floods an agent's context; a thin API wrapper pushes that complexity back onto the agent. This server takes a third path: 58 CQRS tools, each holding several typed actions, expose 230 operations across 26 entity types.
browse_*tools are read-only queries;manage_*tools are writes.Sub-resources fold into actions rather than new tools —
browse_pipelinescovers pipelines, jobs, and logs in a single tool.The tool list, actions, and parameters are resolved at schema-generation time against GitLab version, tier, token scopes, admin-mode, feature flags, and profiles.
Examples:
browse_pipelines— list, get, jobs, job, logs, triggersmanage_pipeline— create, retry, cancelbrowse_environments— list, get, list_deploymentsmanage_environment— create, update, stop, delete, update_deployment_statusbrowse_deploy_keys/manage_deploy_key— list, get / add, enable, update, delete
Documentation
Full documentation is available at gitlab-mcp.sw.foundation
Section | Description |
npm, Docker, VS Code, Codex | |
Environment variables, feature flags | |
Connect to multiple GitLab instances | |
All 58 tools with parameters | |
Team authentication with Claude | |
Production deployment with SSL | |
Tool descriptions, action filtering | |
Browse and export tool documentation |
Auto-generated Tool Reference
For the complete tool reference with parameters:
# View locally
yarn list-tools --detail
# Generate documentation
yarn list-tools --export --toc > docs/tools/api-reference.mdSee the Full API Reference for the auto-generated tool documentation.
Docker
# HTTP mode
docker run -e PORT=3002 -e GITLAB_TOKEN=your_token -p 3333:3002 \
ghcr.io/structured-world/gitlab-mcp:latest
# stdio mode
docker run -i --rm -e GITLAB_TOKEN=your_token \
ghcr.io/structured-world/gitlab-mcp:latestConnection Resilience
The server handles GitLab connectivity issues gracefully:
Bounded startup — Server starts within
GITLAB_INIT_TIMEOUT_MS(default 5s) regardless of GitLab availabilityDisconnected mode — When GitLab is unreachable (
disconnected/failedstate), only themanage_contexttool is exposed, with local actions such aswhoami,switch_profile, andset_scopefor diagnostics. During active reconnect (connectingstate), the full tool list remains available so MCP clients don't lose their tool catalog during brief outages. MCP clients are notified of tool availability changes viatools/list_changedAuto-reconnect — Exponential backoff reconnection (5s → 60s) with ±10% jitter
Error classification — Transient errors (network, 5xx, timeouts) trigger auto-reconnect. Auth/config errors at startup transition to
failedstate (no auto-reconnect). Mid-session token revocation is detected via an authenticatedHEAD /api/v4/usercheck that runs alongside each periodic health check (static token mode only; skipped in OAuth mode). A 401 or 403 on this check transitions the instance tofailedstate immediately.Instance health monitor — Each monitored instance URL has its own XState state machine. Untracked OAuth URLs currently pass through as reachable.
Variable | Default | Description |
|
| Max time to wait for GitLab during startup |
|
| Initial reconnect delay (doubles each attempt) |
|
| Maximum reconnect delay |
|
| Health check interval when connected |
|
| Consecutive transient failures before disconnecting |
|
| Max time for tool/bootstrap execution before timeout |
|
| Max time to flush a non-SSE response before destroying zombie connection ( |
|
| Max number of per-URL instance states kept in memory (OAuth multi-tenant; LRU eviction when exceeded) |
|
| TTL for idle per-URL instance states in ms; evicted on next insert (OAuth multi-tenant) |
Feature Flags
Flag | Default | Tools Enabled |
|
| Label management |
|
| Merge requests |
|
| File operations |
|
| CI/CD variables |
|
| Issues, epics, tasks |
|
| Webhook management |
|
| Code snippets |
|
| 50+ integrations |
|
| Wiki pages |
|
| Milestones |
|
| Pipelines & CI/CD |
|
| Release management |
|
| Branch & tag management |
|
| Team members |
|
| Cross-project search |
|
| Iteration planning (sprints) |
|
| CI access credentials: job token scope and deploy keys |
|
| Environments and deployments |
|
| CI runner management |
|
| Container registry repositories and tags |
|
| Project/group/personal access token management |
|
| Audit events (Premium+) |
|
| Vulnerability management (Ultimate) |
Contributing
See CONTRIBUTING.md for development setup, testing, and PR guidelines.
Support the Project
USDT (TRC-20): TFDsezHa1cBkoeZT5q2T49Wp66K8t2DmdA
License
Apache License 2.0 — see LICENSE for details.
Based on zereight/gitlab-mcp (MIT). See LICENSE.MIT.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Appeared in Searches
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/structured-world/gitlab-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server