io.github.zereight/gitlab-mcp

io.github.zereight/gitlab-mcp·v2.1.21·Git & Code Hosting

GitLab MCP server for projects, merge requests, issues, pipelines, wiki, releases, and more.

Trust verdict · v1 advisory · method

NOT YET SCREENEDno verdict on file

Verdict not yet evaluated for this tool. The semantic screen takes adversarial cases first; coverage rolls out as the corpus expands (15/150 labels to graduation). The deterministic conformance probe is built but has not yet run on the public corpus, so a recorded verdict here is REVIEW or UNVERIFIED, never a clearing ALLOW. Until a verdict is recorded, an agent should treat this tool as not-yet-cleared and fall back to its own checks. Method: the eval, four-state verdict, honest limits.

Own this server? Screen its description →

Environment variables

GITLAB_PERSONAL_ACCESS_TOKEN

requiredsecret

GitLab personal access token for local stdio use. Create a token with the GitLab scopes needed by the tools you plan to use, such as api or read_api.

GITLAB_JOB_TOKEN

secret

Optional GitLab CI job token to use instead of a personal access token when running inside GitLab CI.

GITLAB_AUTH_COOKIE_PATH

Optional path to a GitLab authentication cookie file for cookie-based authentication.

GITLAB_API_URL

GitLab API base URL. Use https://gitlab.com/api/v4 for GitLab.com or your self-managed GitLab API URL.

GITLAB_ALLOWED_PROJECT_IDS

Optional comma-separated list of GitLab project IDs that this server is allowed to access.

GITLAB_READ_ONLY_MODE

Set to true to expose only read-only tools and block write operations.

USE_GITLAB_WIKI

Set to true to enable GitLab wiki tools.

GITLAB_TOOLSETS

Optional comma-separated list of toolsets to enable, such as projects, issues, merge_requests, pipelines, releases, users, groups, wiki, or search.

GITLAB_TOOLS

Optional comma-separated list of individual tool names to add on top of enabled toolsets.

GITLAB_DENIED_TOOLS_REGEX

Optional regular expression used to hide matching tools from the server.

GITLAB_TOOL_POLICY_APPROVE

Optional comma-separated list of tool names that require explicit approval before execution.

GITLAB_TOOL_POLICY_HIDDEN

Optional comma-separated list of tool names to hide from tools/list.

NODE_TLS_REJECT_UNAUTHORIZED

Set to 0 only when you intentionally need to connect to a GitLab instance with invalid or self-signed TLS certificates.

GITLAB_CA_CERT_PATH

Optional path to a custom CA certificate file for self-managed GitLab instances.

MCP quality score · maturity, not trust · methodology

freshness

completeness

installability

documentation

stability

Alternatives in Git & Code Hosting

ai.aient/mcp

MCP-native AI SRE: ask what's broken in production, get a reviewed GitHub fix PR.

ai.smithery/Hint-Services-obsidian-github-mcp

Connect AI assistants to your GitHub-hosted Obsidian vault to seamlessly access, search, and analy…

ai.smithery/saidsef-mcp-github-pr-issue-analyser

A Model Context Protocol (MCP) application for automated GitHub PR analysis and issue management.…

Install

Claude Desktop (claude_desktop_config.json)

{
  "mcpServers": {
    "gitlab-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "@zereight/mcp-gitlab"
      ],
      "env": {
        "GITLAB_PERSONAL_ACCESS_TOKEN": "<your-gitlab_personal_access_token>",
        "GITLAB_JOB_TOKEN": "<your-gitlab_job_token>",
        "GITLAB_AUTH_COOKIE_PATH": "<gitlab_auth_cookie_path>",
        "GITLAB_API_URL": "https://gitlab.com/api/v4",
        "GITLAB_ALLOWED_PROJECT_IDS": "<gitlab_allowed_project_ids>",
        "GITLAB_READ_ONLY_MODE": "false",
        "USE_GITLAB_WIKI": "false",
        "GITLAB_TOOLSETS": "<gitlab_toolsets>",
        "GITLAB_TOOLS": "<gitlab_tools>",
        "GITLAB_DENIED_TOOLS_REGEX": "<gitlab_denied_tools_regex>",
        "GITLAB_TOOL_POLICY_APPROVE": "<gitlab_tool_policy_approve>",
        "GITLAB_TOOL_POLICY_HIDDEN": "<gitlab_tool_policy_hidden>",
        "NODE_TLS_REJECT_UNAUTHORIZED": "<node_tls_reject_unauthorized>",
        "GITLAB_CA_CERT_PATH": "<gitlab_ca_cert_path>"
      }
    }
  }
}

Cursor (.cursor/mcp.json)

{
  "mcpServers": {
    "gitlab-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "@zereight/mcp-gitlab"
      ],
      "env": {
        "GITLAB_PERSONAL_ACCESS_TOKEN": "<your-gitlab_personal_access_token>",
        "GITLAB_JOB_TOKEN": "<your-gitlab_job_token>",
        "GITLAB_AUTH_COOKIE_PATH": "<gitlab_auth_cookie_path>",
        "GITLAB_API_URL": "https://gitlab.com/api/v4",
        "GITLAB_ALLOWED_PROJECT_IDS": "<gitlab_allowed_project_ids>",
        "GITLAB_READ_ONLY_MODE": "false",
        "USE_GITLAB_WIKI": "false",
        "GITLAB_TOOLSETS": "<gitlab_toolsets>",
        "GITLAB_TOOLS": "<gitlab_tools>",
        "GITLAB_DENIED_TOOLS_REGEX": "<gitlab_denied_tools_regex>",
        "GITLAB_TOOL_POLICY_APPROVE": "<gitlab_tool_policy_approve>",
        "GITLAB_TOOL_POLICY_HIDDEN": "<gitlab_tool_policy_hidden>",
        "NODE_TLS_REJECT_UNAUTHORIZED": "<node_tls_reject_unauthorized>",
        "GITLAB_CA_CERT_PATH": "<gitlab_ca_cert_path>"
      }
    }
  }
}

Cline (cline_mcp_settings.json)

npx -y @zereight/mcp-gitlab

Verdict API

curl -s mcpindex.ai/api/v1/trust/server/io-github-zereight-gitlab-mcp

Free-tier verdict as JSON: decision + dimensions + severity. Call it from your agent before it invokes a tool it just discovered.

Details

version: v2.1.21
category: Git & Code Hosting
quality: 85 / 100
operator: zereight

Provenance

Verdict history is anchored to Bitcoin via OpenTimestamps. The free tier returns the current verdict only; the anchored record is served on the authenticated tier.

Links

Repository →