GitLab MCP Server
The GitLab MCP Server is a community-built MCP server providing comprehensive GitLab API integration for AI assistants across all GitLab tiers (Free, Premium, Ultimate), with no GitLab Duo required.
Authentication & Deployment
Supports hybrid, shared, and per-user authentication modes via Personal Access Tokens
Works with stdio transport (Claude Code/Desktop) and HTTP transport (LibreChat)
Multi-user deployments with credential isolation
Search & Discovery
search_gitlab— Global search across projects and issuessearch_projects,search_issues,search_merge_requests— Scoped searches with filterssearch_users,search_groups,search_labels— Find team members, groups, and labelsresolve_path— Resolve a GitLab path to a project or group
Project & Repository
get_project,get_projects,get_group_projects— Project info and listingsbrowse_repository— Explore directory structuresget_file_content— Read file contents for code analysisget_project_statistics— Aggregate stats (issues, MRs, stars, forks, storage, languages)
Issues & Merge Requests
get_issues,get_merge_requests— List with paginationget_merge_request_diffs,get_merge_request_commits,get_merge_request_reviewers— MR detailsget_notes— Get comments on issues or MRsget_user_issues,get_user_merge_requests— User-specific itemscreate_issue,create_merge_request— Create new itemsupdate_issue,update_merge_request— Update title, description, assignees, labels, etc.create_note— Add comments to issues or MRs
CI/CD Pipelines
get_merge_request_pipelines,get_pipeline_jobs— Pipeline and job detailsmanage_pipeline— Retry or cancel pipelines
Planning & Tracking
list_milestones— Milestones with progress statslist_iterations— Iterations/sprints (Premium/Ultimate)get_time_tracking— Time estimates, time spent, and timelogs
Work Items
get_work_item,list_work_items— Issues, tasks, epics, incidents, OKRs with full widget data
Groups & Members
list_group_members— Members with access levels
GraphQL & Advanced Queries
get_available_queries,get_type_fields— Schema introspectionexecute_custom_query— Run custom GraphQL queries for complex filtering
Activity Feeds
list_my_events,list_user_events,list_project_events— Activity feeds
Broadcast Messages (Admin only)
List, get, create, update, and delete instance-wide broadcast messages
Provides comprehensive GitLab integration with search across projects, issues, merge requests, users, and groups; code exploration and file browsing; issue and merge request management (create, update); and support for custom GraphQL queries with automatic schema discovery. Supports both GitLab.com and self-hosted instances.
Enables execution of custom GraphQL queries against GitLab's API with automatic schema introspection and discovery of available operations.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@GitLab MCP Serversearch for open issues in the 'web-app' project"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
GitLab MCP Server
A community MCP server for GitLab — works with any GitLab tier (Free, Premium, Ultimate), no GitLab Duo required. PAT-based auth. Streamable HTTP and stdio transports.
npx @ttpears/gitlab-mcp-serverChoose your deployment
You're running | Go to |
Claude Code or another IDE/AI tool, just for you | |
LibreChat for a team with a service-account read token | |
LibreChat where every operation should use the calling user's token |
Solo IDE
Claude Code (recommended)
claude mcp add gitlab \
--env GITLAB_URL=https://gitlab.com \
--env GITLAB_TOKEN=glpat-your-pat \
-- npx -y @ttpears/gitlab-mcp-server--scope controls where the configuration lives:
--scope local(default) — only this user, only this project--scope user— shared across all of your projects--scope project— written to.mcp.jsonin the project root, intended for team check-in
For team check-in, use a ${VAR} placeholder so the PAT itself stays out of git:
{
"mcpServers": {
"gitlab": {
"command": "npx",
"args": ["-y", "@ttpears/gitlab-mcp-server"],
"env": {
"GITLAB_URL": "https://gitlab.com",
"GITLAB_TOKEN": "${GITLAB_TOKEN}"
}
}
}
}Each contributor exports GITLAB_TOKEN in their shell; Claude Code expands it on launch.
Cold start
If launching via npx adds noticeable latency, install once:
npm install -g @ttpears/gitlab-mcp-server…and replace npx -y @ttpears/gitlab-mcp-server with gitlab-mcp-server in your config.
Claude Desktop
Option A — MCPB one-click install (read-only): download
gitlab-mcp-community-${VERSION}.mcpb from the
latest GitHub Release
and drag it onto the Claude Desktop window. Fill in your GitLab URL and a
read-only PAT (read_api scope) when prompted; the token is stored in your
OS keychain. This bundle is intentionally read-only — use Option B if you need
to create/update issues or MRs.
Option B — manual config (read or write): add to claude_desktop_config.json:
{
"mcpServers": {
"gitlab": {
"command": "npx",
"args": ["-y", "@ttpears/gitlab-mcp-server"],
"env": {
"GITLAB_URL": "https://gitlab.com",
"GITLAB_TOKEN": "glpat-your-pat"
}
}
}
}LibreChat — service-account reads
A read-only service token covers reads (so anyone in the workspace can ask
questions). Each user supplies their own PAT for writes through LibreChat's
customUserVars.
LibreChat's documented extension point is docker-compose.override.yml — the
fragments below assume you're adding gitlab-mcp there alongside LibreChat's
own api, mongodb, etc.
.env
GITLAB_URL=https://gitlab.example.com
GITLAB_READ_TOKEN=glpat-readonly-service-token # read_api scope onlyUse https://gitlab.com for SaaS GitLab; use your own host for self-hosted.
docker-compose.override.yml
services:
gitlab-mcp:
image: ghcr.io/ttpears/gitlab-mcp:1.14.0
env_file:
- .env
networks:
- librechat
restart: unless-stoppedenv_file reads GITLAB_URL and GITLAB_READ_TOKEN from .env. No port
mapping needed — LibreChat's api container reaches gitlab-mcp over the
shared librechat network. Add ports: ["8008:8008"] only if you need to
hit it from the host (e.g. for curl http://localhost:8008/health).
Then:
docker compose -f docker-compose.yml -f docker-compose.override.yml up -d gitlab-mcp apiapi is restarted alongside so it re-reads librechat.yaml.
librechat.yaml
mcpServers:
gitlab:
type: streamable-http
url: http://gitlab-mcp:8008/
startup: false # don't connect until the user supplies their PAT
initTimeout: 30000
timeout: 120000
headers:
Authorization: "Bearer {{GITLAB_PAT}}"
X-GitLab-Url: "{{GITLAB_URL_OVERRIDE}}" # optional; lets a user point at a different GitLab
customUserVars:
GITLAB_PAT:
title: "GitLab Personal Access Token"
description: "Your GitLab PAT with api scope. Used for issues, MRs, and comments you create or edit."
GITLAB_URL_OVERRIDE:
title: "GitLab URL (optional)"
description: "Leave blank to use the workspace default. Override only if your account is on a different GitLab instance."initTimeout / timeout are forgiving defaults for slower internal networks
and large schemas — drop them if SaaS GitLab feels snappy.
Server-side env vars use
${VAR}. Per-user vars use{{VAR}}. They are not interchangeable.
LibreChat — strict per-user
Every call must carry a user PAT. No service-account fallback. Reads as well as writes are gated on the user's token.
Add MCP Server (UI path — recommended)
Host gitlab-mcp somewhere LibreChat can reach. For a quick standalone host:
docker run -d --restart unless-stopped \ -p 8008:8008 \ -e GITLAB_URL=https://gitlab.example.com \ --name gitlab-mcp \ ghcr.io/ttpears/gitlab-mcp:1.14.0Or, when running alongside LibreChat in the same compose project, drop it into
docker-compose.override.yml(no token env vars):services: gitlab-mcp: image: ghcr.io/ttpears/gitlab-mcp:1.14.0 environment: GITLAB_URL: https://gitlab.example.com networks: - librechat restart: unless-stoppedIn LibreChat → MCP Servers → Add MCP Server:
URL:
https://your-host/(orhttp://gitlab-mcp:8008/if same network)Authentication: API Key → check User provides key → header format Bearer
Save
Each user fills in their PAT through the MCP Tool Select Dialog when configuring an agent.
librechat.yaml equivalent
mcpServers:
gitlab:
type: streamable-http
url: http://gitlab-mcp:8008/
startup: false
initTimeout: 30000
timeout: 120000
headers:
Authorization: "Bearer {{GITLAB_PAT}}"
customUserVars:
GITLAB_PAT:
title: "GitLab Personal Access Token"
description: "Your GitLab PAT with api scope."The container needs no env-configured token at all in this mode — every
request is rejected unless Authorization: Bearer … is present.
Hosting for a remote LibreChat
The server speaks plain HTTP. For LibreChat-as-a-service or any cross-network deployment, terminate TLS at a reverse proxy. Common patterns:
Caddy — auto-TLS via Let's Encrypt:
mcp.example.com { reverse_proxy gitlab-mcp:8008 }Traefik — Docker labels on the
gitlab-mcpservice.Cloudflare Tunnel — no public IP needed; expose
gitlab-mcp:8008through the tunnel.
The Authorization and Mcp-Session-Id headers must pass through unchanged. Most defaults handle this fine.
How this differs from GitLab's official MCP server
GitLab ships an official MCP server (Beta) that requires Premium/Ultimate and GitLab Duo.
This server | GitLab official | |
GitLab tier | Free, Premium, Ultimate | Premium / Ultimate only |
GitLab Duo required | No | Yes |
Auth | Personal Access Token | OAuth 2.0 Dynamic Client Registration |
Transport | stdio + streamable HTTP | stdio + HTTP |
Multi-user | Per-call PAT or service-account fallback | OAuth per-user |
GraphQL schema discovery | Yes — introspect & run custom queries | No |
Repository browsing & file reading | Yes | No |
Update issues / MRs / notes | Yes | No (create only) |
Delete issues / notes | Yes | No |
CI/CD pipeline management | Yes | Yes |
MR diffs & commits | Yes | Yes |
Time tracking & timelogs | Yes | No |
MR reviewer & approval status | Yes | No |
Iteration / milestone tracking | Yes | No |
Project statistics dashboard | Yes | No |
Group member listing | Yes | No |
Semantic code search | No | Yes (requires additional setup) |
Choose this server for Free/CE, GraphQL flexibility, or LibreChat multi-user. Choose the official server for Premium+Duo with semantic code search, or if you prefer OAuth.
Tools
Search & Discovery
Tool | Description |
| Global search across projects, issues, and merge requests |
| Find repositories by name or description |
| Search issues globally or within a project (filter by assignee, author, labels, state) |
| Find merge requests by username or within a project |
| Find team members and contributors |
| Discover groups and organizations |
| Search labels in a project or group |
| List group members with access levels |
| Explore directory structure and files |
| Read file contents for code analysis |
Read Operations
Tool | Description |
| Detailed project information |
| List project issues with pagination |
| List project merge requests with pagination |
| Get CI/CD pipelines for a merge request |
| Get jobs for a specific pipeline |
| Get diff statistics for a merge request |
| Get commits for a merge request |
| Get notes/comments on an issue or merge request |
| List milestones with progress statistics |
| List iterations/sprints (Premium/Ultimate) |
| Get time estimate, spent, and timelogs |
| Get MR approval and reviewer status |
| Aggregate project stats dashboard |
| Get all issues assigned to a user |
| Get MRs authored by or assigned to a user |
| Fetch a work item (issue, task, epic, incident, OKR) by ID with full widget data |
| List work items in a group or project, filtered by type and state |
| List instance-wide broadcast messages |
| Get a specific broadcast message by ID |
| Authenticated user's activity feed — pushes, MRs, comments, approvals |
| Another user's public activity feed by username or ID |
| Activity events for a specific project |
| Resolve a path to a project or group |
| Discover available GraphQL operations |
| Run custom GraphQL queries |
Write Operations (require user authentication)
Tool | Description |
| Create new issues |
| Create new merge requests |
| Add a comment/note to an issue or merge request |
| Update title, description, assignees, labels, due date |
| Update title, description, assignees, reviewers, labels |
| Edit the body of an existing comment |
| Delete an issue (issue author or maintainer required) |
| Delete a comment (note author or maintainer required) |
| Retry or cancel a CI/CD pipeline |
| Create a broadcast message (instance admin) |
| Update a broadcast message (instance admin) |
| Delete a broadcast message (instance admin) |
Configuration
Environment variables
Variable | Description | Default |
| GitLab instance URL |
|
| Full-access fallback token (reads + writes) | — |
| Read-only fallback token (writes always rejected) | — |
| Maximum items per page (1–100) |
|
| Request timeout in milliseconds |
|
| HTTP server port |
|
| Transport mode ( |
|
GITLAB_TOKEN and GITLAB_READ_TOKEN are mutually exclusive; setting both is a startup error.
Removed in 1.14.0
GITLAB_AUTH_MODE— the three-way enum is gone. Pick your deployment shape by which env var you set; see Choose your deployment.GITLAB_SHARED_ACCESS_TOKEN— rename toGITLAB_TOKEN(full access) orGITLAB_READ_TOKEN(read-only).
Old env vars trigger a deprecation warning at startup and are otherwise ignored.
Troubleshooting
"This operation requires authentication" / "Write operation requires a user token":
For LibreChat: check the user filled in their PAT in the MCP Tool Select Dialog (or in their
customUserVars).For Claude Code: confirm
GITLAB_TOKENis set in the MCP server'senvblock.If you set
GITLAB_READ_TOKEN, write operations against it are rejected by design — supply per-call user creds for writes.
Connection issues with LibreChat:
type: streamable-http(notsse).URL is the Docker service name (
http://gitlab-mcp:8008/), not localhost, when LibreChat and gitlab-mcp share a Docker network.docker logs gitlab-mcpshows session init and request lines.
Schema introspection failed:
GitLab 12.0+ with GraphQL API enabled.
Verify
GITLAB_URLis reachable from the container.
Debug logging:
NODE_ENV=development GITLAB_TOKEN=glpat-... npm startHealth check (HTTP mode):
curl http://localhost:8008/healthChangelog
See CHANGELOG.md. Releases before 1.14.0 are in
GitHub releases.
License
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/ttpears/gitlab-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server