Gene Library Courses Download Pricing Contact Sign in
gitlab logo
developer-tools Official Website

GitLab MCP Server – Projects and Merge Requests

GitLab's official MCP server gives AI assistants secure, permission-aware access to GitLab project data and supported actions. Use it for issue management, merge-request workflows, code review, pipeline investigation, and other software-development tasks tied to a GitLab instance.

#merge-requests#issue-tracking#devops

Overview

GitLab's official MCP server connects compatible AI assistants to GitLab.com,
GitLab Self-Managed, or GitLab Dedicated. It exposes structured tools for
working with current GitLab data and actions, allowing an agent to operate on
projects and collaboration workflows without relying only on pasted content or
static model knowledge.

What the MCP server enables

The available tool set integrates with common GitLab development workflows.
Depending on the GitLab version, account permissions, enabled features, and
server capabilities, an AI agent can:

  • Retrieve project information.
  • Create and inspect issues.
  • Create and inspect merge requests.
  • Retrieve merge-request commits and diffs.
  • Interact with supported GitLab API operations.
  • Work with pipelines and other GitLab resources exposed by the server.
  • Prefix tool names through an optional HTTP header to avoid naming conflicts.

When to use it

Use GitLab MCP when an agent needs live GitLab context or must perform
authorized development actions. Typical workflows include creating an issue
from a bug report, reviewing a merge request, summarizing changed files,
checking commits associated with a merge request, investigating a pipeline,
and coordinating project work from an AI coding assistant.

Connection and authentication

GitLab recommends direct HTTP transport at
https://gitlab.com/api/v4/mcp for GitLab.com. Self-Managed and Dedicated
installations use the same /api/v4/mcp path on their own instance hostname.

Authentication uses OAuth 2.0 Dynamic Client Registration. On first
connection, the MCP client registers as an OAuth application, opens a browser
authorization flow, and receives an access token after the user approves
access.

Clients that cannot connect directly over HTTP can use the documented
mcp-remote bridge over stdio. That option requires Node.js 20 or later and
still authenticates through GitLab's OAuth flow.

Key considerations

GitLab's MCP server is currently a beta feature and requires Premium or
Ultimate, GitLab Duo enabled, and beta and experimental features enabled.
Access remains limited by the signed-in user's existing GitLab permissions.
Use caution with prompt injection and connect only to trusted GitLab objects.
Review write operations before approval, especially issue creation,
merge-request creation, and other project-changing actions. Self-Managed
administrators must also ensure the instance version and feature settings
support the server.

Supported Transports

streamable_http

URL: https://gitlab.com/api/v4/mcp

stdio

Command: npx

Args:

  • -y
  • mcp-remote
  • https://gitlab.com/api/v4/mcp

Frequently Asked Questions

When should an AI agent use the GitLab MCP server?
Use it when a workflow needs current GitLab project context or authorized actions, such as creating issues, reviewing merge requests, retrieving commits or diffs, investigating pipelines, or coordinating software development work.
What does the GitLab MCP server add to an AI agent's capabilities?
It gives the agent structured, permission-aware access to live GitLab data and supported actions, allowing it to interact with projects, issues, merge requests, pipelines, and related resources instead of relying only on static model knowledge or pasted content.
What can an AI agent access or manage through GitLab MCP?
Depending on the server version and user permissions, the agent can access project information, create and retrieve issues, create and inspect merge requests, retrieve merge-request commits and diffs, and use other supported GitLab operations exposed by the MCP server.
How is authentication configured for the GitLab MCP server?
GitLab uses OAuth 2.0 Dynamic Client Registration. The MCP client registers itself, opens a browser authorization page, and receives an access token after the user approves access. No static bearer-token header is required in the standard configuration.
Which transport should be used for the GitLab MCP server?
Use direct HTTP transport with the /api/v4/mcp endpoint whenever the client supports it. Use the documented mcp-remote stdio bridge only when a client cannot connect directly to remote HTTP servers. The bridge requires Node.js 20 or later.