GitLab MCP Server

io.github.jmrplens/gitlab-mcp-server·v2.2.0·Git & Code Hosting

Manage GitLab projects, issues, merge requests, pipelines, repositories, and admin workflows.

Trust verdict · v1 advisory · method

NOT YET SCREENEDno verdict on file

Verdict not yet evaluated for this tool. The semantic screen takes adversarial cases first; coverage rolls out as the corpus expands (15/150 labels to graduation). The deterministic conformance probe is built but has not yet run on the public corpus, so a recorded verdict here is REVIEW or UNVERIFIED, never a clearing ALLOW. Until a verdict is recorded, an agent should treat this tool as not-yet-cleared and fall back to its own checks. Method: the eval, four-state verdict, honest limits.

Own this server? Screen its description →

Environment variables

GITLAB_URL

GitLab instance URL (default: https://gitlab.com; set for self-managed instances)

GITLAB_TOKEN

requiredsecret

GitLab Personal Access Token (glpat-...)

GITLAB_SKIP_TLS_VERIFY

Skip TLS certificate verification for self-signed certs (default: false)

TOOL_SURFACE

Tool catalog selector: dynamic, meta, or individual (default: dynamic)

CAPABILITY_SURFACE

Resource and prompt catalog selector: full or minimal (default: full)

META_PARAM_SCHEMA

Meta-tool input schema detail: opaque, compact, or full (default: opaque)

GITLAB_ENTERPRISE

Enable GitLab Premium/Ultimate tools; GitLab.com Enterprise/Premium also exposes Orbit Knowledge Graph tools (default: false)

GITLAB_READ_ONLY

Read-only mode: disables all mutating tools (default: false)

GITLAB_SAFE_MODE

Safe mode: intercepts mutating tools and returns a JSON preview instead of executing (default: false)

EMBEDDED_RESOURCES

Append EmbeddedResource content blocks (clickable links to MCP resources) to get_* tool results (default: true)

EXCLUDE_TOOLS

Comma-separated tool names to exclude from registration (e.g. gitlab_admin,gitlab_runner)

GITLAB_IGNORE_SCOPES

Skip Personal Access Token scope detection and register all tools regardless of token permissions (default: false)

UPLOAD_MAX_FILE_SIZE

Maximum attachment upload size in bytes or human-readable (e.g. 2GB). Default: 2147483648 (2 GB)

GITLAB_MCP_ALLOWED_IMPORT_DIRS

Extra OS path-list-separated directories allowed for local GitLab import archives

RATE_LIMIT_RPS

Per-server tools/call rate limit in requests per second; 0 disables it (default: 0)

RATE_LIMIT_BURST

Token-bucket burst size when RATE_LIMIT_RPS is greater than 0 (default: 40)

LOG_LEVEL

Logging verbosity (default: info)

AUTO_UPDATE

Auto-update mode: true (auto-apply), check (log-only), false (disabled). Default: true

AUTO_UPDATE_REPO

GitHub repository slug for release assets (default: jmrplens/gitlab-mcp-server)

AUTO_UPDATE_INTERVAL

Periodic update check interval in HTTP mode (default: 1h)

AUTO_UPDATE_TIMEOUT

Startup/background update timeout, range 5s-10m (default: 60s)

GITLAB_URL

GitLab instance URL (default: https://gitlab.com; set for self-managed instances)

GITLAB_TOKEN

requiredsecret

GitLab Personal Access Token (glpat-...)

GITLAB_SKIP_TLS_VERIFY

Skip TLS certificate verification for self-signed certs (default: false)

TOOL_SURFACE

Tool catalog selector: dynamic, meta, or individual (default: dynamic)

CAPABILITY_SURFACE

Resource and prompt catalog selector: full or minimal (default: full)

META_PARAM_SCHEMA

Meta-tool input schema detail: opaque, compact, or full (default: opaque)

GITLAB_ENTERPRISE

Enable GitLab Premium/Ultimate tools; GitLab.com Enterprise/Premium also exposes Orbit Knowledge Graph tools (default: false)

GITLAB_READ_ONLY

Read-only mode: disables all mutating tools (default: false)

GITLAB_SAFE_MODE

Safe mode: intercepts mutating tools and returns a JSON preview instead of executing (default: false)

EMBEDDED_RESOURCES

Append EmbeddedResource content blocks (clickable links to MCP resources) to get_* tool results (default: true)

EXCLUDE_TOOLS

Comma-separated tool names to exclude from registration (e.g. gitlab_admin,gitlab_runner)

GITLAB_IGNORE_SCOPES

Skip Personal Access Token scope detection and register all tools regardless of token permissions (default: false)

UPLOAD_MAX_FILE_SIZE

Maximum attachment upload size in bytes or human-readable (e.g. 2GB). Default: 2147483648 (2 GB)

GITLAB_MCP_ALLOWED_IMPORT_DIRS

Extra OS path-list-separated directories allowed for local GitLab import archives

RATE_LIMIT_RPS

Per-server tools/call rate limit in requests per second; 0 disables it (default: 0)

RATE_LIMIT_BURST

Token-bucket burst size when RATE_LIMIT_RPS is greater than 0 (default: 40)

LOG_LEVEL

Logging verbosity (default: info)

AUTO_UPDATE

Auto-update mode: true (auto-apply), check (log-only), false (disabled). Default: true

AUTO_UPDATE_REPO

GitHub repository slug for release assets (default: jmrplens/gitlab-mcp-server)

AUTO_UPDATE_INTERVAL

Periodic update check interval in HTTP mode (default: 1h)

AUTO_UPDATE_TIMEOUT

Startup/background update timeout, range 5s-10m (default: 60s)

GITLAB_URL

GitLab instance URL (default: https://gitlab.com; set for self-managed instances)

GITLAB_TOKEN

requiredsecret

GitLab Personal Access Token (glpat-...)

GITLAB_SKIP_TLS_VERIFY

Skip TLS certificate verification for self-signed certs (default: false)

TOOL_SURFACE

Tool catalog selector: dynamic, meta, or individual (default: dynamic)

CAPABILITY_SURFACE

Resource and prompt catalog selector: full or minimal (default: full)

META_PARAM_SCHEMA

Meta-tool input schema detail: opaque, compact, or full (default: opaque)

GITLAB_ENTERPRISE

Enable GitLab Premium/Ultimate tools; GitLab.com Enterprise/Premium also exposes Orbit Knowledge Graph tools (default: false)

GITLAB_READ_ONLY

Read-only mode: disables all mutating tools (default: false)

GITLAB_SAFE_MODE

Safe mode: intercepts mutating tools and returns a JSON preview instead of executing (default: false)

EMBEDDED_RESOURCES

Append EmbeddedResource content blocks (clickable links to MCP resources) to get_* tool results (default: true)

EXCLUDE_TOOLS

Comma-separated tool names to exclude from registration (e.g. gitlab_admin,gitlab_runner)

GITLAB_IGNORE_SCOPES

Skip Personal Access Token scope detection and register all tools regardless of token permissions (default: false)

UPLOAD_MAX_FILE_SIZE

Maximum attachment upload size in bytes or human-readable (e.g. 2GB). Default: 2147483648 (2 GB)

GITLAB_MCP_ALLOWED_IMPORT_DIRS

Extra OS path-list-separated directories allowed for local GitLab import archives

RATE_LIMIT_RPS

Per-server tools/call rate limit in requests per second; 0 disables it (default: 0)

RATE_LIMIT_BURST

Token-bucket burst size when RATE_LIMIT_RPS is greater than 0 (default: 40)

LOG_LEVEL

Logging verbosity (default: info)

AUTO_UPDATE

Auto-update mode: true (auto-apply), check (log-only), false (disabled). Default: true

AUTO_UPDATE_REPO

GitHub repository slug for release assets (default: jmrplens/gitlab-mcp-server)

AUTO_UPDATE_INTERVAL

Periodic update check interval in HTTP mode (default: 1h)

AUTO_UPDATE_TIMEOUT

Startup/background update timeout, range 5s-10m (default: 60s)

GITLAB_URL

GitLab instance URL (default: https://gitlab.com; set for self-managed instances)

GITLAB_TOKEN

requiredsecret

GitLab Personal Access Token (glpat-...)

GITLAB_SKIP_TLS_VERIFY

Skip TLS certificate verification for self-signed certs (default: false)

TOOL_SURFACE

Tool catalog selector: dynamic, meta, or individual (default: dynamic)

CAPABILITY_SURFACE

Resource and prompt catalog selector: full or minimal (default: full)

META_PARAM_SCHEMA

Meta-tool input schema detail: opaque, compact, or full (default: opaque)

GITLAB_ENTERPRISE

Enable GitLab Premium/Ultimate tools; GitLab.com Enterprise/Premium also exposes Orbit Knowledge Graph tools (default: false)

GITLAB_READ_ONLY

Read-only mode: disables all mutating tools (default: false)

GITLAB_SAFE_MODE

Safe mode: intercepts mutating tools and returns a JSON preview instead of executing (default: false)

EMBEDDED_RESOURCES

Append EmbeddedResource content blocks (clickable links to MCP resources) to get_* tool results (default: true)

EXCLUDE_TOOLS

Comma-separated tool names to exclude from registration (e.g. gitlab_admin,gitlab_runner)

GITLAB_IGNORE_SCOPES

Skip Personal Access Token scope detection and register all tools regardless of token permissions (default: false)

UPLOAD_MAX_FILE_SIZE

Maximum attachment upload size in bytes or human-readable (e.g. 2GB). Default: 2147483648 (2 GB)

GITLAB_MCP_ALLOWED_IMPORT_DIRS

Extra OS path-list-separated directories allowed for local GitLab import archives

RATE_LIMIT_RPS

Per-server tools/call rate limit in requests per second; 0 disables it (default: 0)

RATE_LIMIT_BURST

Token-bucket burst size when RATE_LIMIT_RPS is greater than 0 (default: 40)

LOG_LEVEL

Logging verbosity (default: info)

AUTO_UPDATE

Auto-update mode: true (auto-apply), check (log-only), false (disabled). Default: true

AUTO_UPDATE_REPO

GitHub repository slug for release assets (default: jmrplens/gitlab-mcp-server)

AUTO_UPDATE_INTERVAL

Periodic update check interval in HTTP mode (default: 1h)

AUTO_UPDATE_TIMEOUT

Startup/background update timeout, range 5s-10m (default: 60s)

GITLAB_URL

GitLab instance URL (default: https://gitlab.com; set for self-managed instances)

GITLAB_TOKEN

requiredsecret

GitLab Personal Access Token (glpat-...)

GITLAB_SKIP_TLS_VERIFY

Skip TLS certificate verification for self-signed certs (default: false)

TOOL_SURFACE

Tool catalog selector: dynamic, meta, or individual (default: dynamic)

CAPABILITY_SURFACE

Resource and prompt catalog selector: full or minimal (default: full)

META_PARAM_SCHEMA

Meta-tool input schema detail: opaque, compact, or full (default: opaque)

GITLAB_ENTERPRISE

Enable GitLab Premium/Ultimate tools; GitLab.com Enterprise/Premium also exposes Orbit Knowledge Graph tools (default: false)

GITLAB_READ_ONLY

Read-only mode: disables all mutating tools (default: false)

GITLAB_SAFE_MODE

Safe mode: intercepts mutating tools and returns a JSON preview instead of executing (default: false)

EMBEDDED_RESOURCES

Append EmbeddedResource content blocks (clickable links to MCP resources) to get_* tool results (default: true)

EXCLUDE_TOOLS

Comma-separated tool names to exclude from registration (e.g. gitlab_admin,gitlab_runner)

GITLAB_IGNORE_SCOPES

Skip Personal Access Token scope detection and register all tools regardless of token permissions (default: false)

UPLOAD_MAX_FILE_SIZE

Maximum attachment upload size in bytes or human-readable (e.g. 2GB). Default: 2147483648 (2 GB)

GITLAB_MCP_ALLOWED_IMPORT_DIRS

Extra OS path-list-separated directories allowed for local GitLab import archives

RATE_LIMIT_RPS

Per-server tools/call rate limit in requests per second; 0 disables it (default: 0)

RATE_LIMIT_BURST

Token-bucket burst size when RATE_LIMIT_RPS is greater than 0 (default: 40)

LOG_LEVEL

Logging verbosity (default: info)

AUTO_UPDATE

Auto-update mode: true (auto-apply), check (log-only), false (disabled). Default: true

AUTO_UPDATE_REPO

GitHub repository slug for release assets (default: jmrplens/gitlab-mcp-server)

AUTO_UPDATE_INTERVAL

Periodic update check interval in HTTP mode (default: 1h)

AUTO_UPDATE_TIMEOUT

Startup/background update timeout, range 5s-10m (default: 60s)

GITLAB_URL

GitLab instance URL (default: https://gitlab.com; set for self-managed instances)

GITLAB_TOKEN

requiredsecret

GitLab Personal Access Token (glpat-...)

GITLAB_SKIP_TLS_VERIFY

Skip TLS certificate verification for self-signed certs (default: false)

TOOL_SURFACE

Tool catalog selector: dynamic, meta, or individual (default: dynamic)

CAPABILITY_SURFACE

Resource and prompt catalog selector: full or minimal (default: full)

META_PARAM_SCHEMA

Meta-tool input schema detail: opaque, compact, or full (default: opaque)

GITLAB_ENTERPRISE

Enable GitLab Premium/Ultimate tools; GitLab.com Enterprise/Premium also exposes Orbit Knowledge Graph tools (default: false)

GITLAB_READ_ONLY

Read-only mode: disables all mutating tools (default: false)

GITLAB_SAFE_MODE

Safe mode: intercepts mutating tools and returns a JSON preview instead of executing (default: false)

EMBEDDED_RESOURCES

Append EmbeddedResource content blocks (clickable links to MCP resources) to get_* tool results (default: true)

EXCLUDE_TOOLS

Comma-separated tool names to exclude from registration (e.g. gitlab_admin,gitlab_runner)

GITLAB_IGNORE_SCOPES

Skip Personal Access Token scope detection and register all tools regardless of token permissions (default: false)

UPLOAD_MAX_FILE_SIZE

Maximum attachment upload size in bytes or human-readable (e.g. 2GB). Default: 2147483648 (2 GB)

GITLAB_MCP_ALLOWED_IMPORT_DIRS

Extra OS path-list-separated directories allowed for local GitLab import archives

RATE_LIMIT_RPS

Per-server tools/call rate limit in requests per second; 0 disables it (default: 0)

RATE_LIMIT_BURST

Token-bucket burst size when RATE_LIMIT_RPS is greater than 0 (default: 40)

LOG_LEVEL

Logging verbosity (default: info)

AUTO_UPDATE

Auto-update mode: true (auto-apply), check (log-only), false (disabled). Default: true

AUTO_UPDATE_REPO

GitHub repository slug for release assets (default: jmrplens/gitlab-mcp-server)

AUTO_UPDATE_INTERVAL

Periodic update check interval in HTTP mode (default: 1h)

AUTO_UPDATE_TIMEOUT

Startup/background update timeout, range 5s-10m (default: 60s)

MCP quality score · maturity, not trust · methodology

freshness

completeness

installability

documentation

stability

Alternatives in Git & Code Hosting

ai.aient/mcp

MCP-native AI SRE: ask what's broken in production, get a reviewed GitHub fix PR.

ai.smithery/Hint-Services-obsidian-github-mcp

Connect AI assistants to your GitHub-hosted Obsidian vault to seamlessly access, search, and analy…

ai.smithery/saidsef-mcp-github-pr-issue-analyser

A Model Context Protocol (MCP) application for automated GitHub PR analysis and issue management.…

Install

Remote endpoint

Streamable HTTP / SSE endpoint. Add to any MCP client that supports remote servers.

https://gitlab-mcp-server.fly.dev/

Verdict API

curl -s mcpindex.ai/api/v1/trust/server/io-github-jmrplens-gitlab-mcp-server

Free-tier verdict as JSON: decision + dimensions + severity. Call it from your agent before it invokes a tool it just discovered.

Details

version: v2.2.0
category: Git & Code Hosting
quality: 100 / 100
operator: jmrplens

Provenance

Verdict history is anchored to Bitcoin via OpenTimestamps. The free tier returns the current verdict only; the anchored record is served on the authenticated tier.

Links

Repository →Website →Remote endpoint →