GitLab.op: App instructions) — covering projects, issues, merge requests, pipelines, jobs, environments, branches, commits, tags, releases, labels, milestones, wikis, CI/CD variables, deploy keys, webhooks, groups and users. The 90+ GitLab operations are grouped into 16 entity tools, each driven by an action argument. The MCP server runs in the tenant app-instance context: it resolves the installing workspace’s own credentials and authorizes the calling agent against that workspace’s allowlist. Authentication is per-user and supports several modes:
- Per-user OAuth2 — central client (
oauthCentral, recommended) — one GitLab OAuth application is registered once by the platform maintainer; every end user signs in with their own GitLab account. Nothing to register per workspace: each one just installs the app and clicks Connect. - Per-user OAuth2 — tenant client (
oauth) — paste your own GitLab OAuth client ID/secret in the connector config app. Each user signs in with their own account against your client (authorization-code flow). - Direct access token (
accessToken) — a caller-managed GitLab token (e.g. a Personal Access Token with theapiscope), used as-is with no exchange.
Project Management
CI/CD & DevOps
Per-user auth
Who is this for?
This connector is used by three different roles. Jump to the section that matches yours — each one is self-contained.Agent builder
Platform admin
Workspace builder
Prerequisites
- A GitLab account (gitlab.com or a self-hosted instance).
- For the OAuth modes — a GitLab OAuth application created at User Settings > Applications (
https://gitlab.com/-/user_settings/applications) with theapiscope (orread_apifor read-only agents); copy its Application ID and Secret. The platform maintainer registers one app for the central mode; a workspace can also register its own for the tenant mode. - For the access-token mode — a Personal Access Token created at User Settings > Access Tokens (
https://gitlab.com/-/user_settings/personal_access_tokens) with theapiscope. - Base URL:
https://gitlab.com/api/v4.
Platform admin (Governance) — one-time platform setup
Platform admin (Governance) — one-time platform setup
<api-url> is your environment’s API URL (https://api.studio.prisme.ai/v2 on production).1. Configure the connector
Register the OAuth application at GitLab
https://gitlab.com/-/user_settings/applications and click Add new application. Set the single authorized redirect URI (callback URL) to the core workspace callback:https://api.studio.prisme.ai/v2/workspaces/slug:gitlab/webhooks/oauthCallback on production). Add the api scope (or read_api for read-only). Save and copy the Application ID and Secret (the secret is shown only once).Enter the credentials through the configuration app
gitlab workspace and launch its Configuration app — <studio>/apps/gitlab (e.g. https://studio.prisme.ai/apps/gitlab). Loaded from the core workspace, the app shows the maintainer view (org owner / editor / admin only); paste the Application ID and Secret there and Save — the app stores them in the core workspace’s secrets for you. Do not edit Studio’s raw Secrets by hand. These credentials stay in the gitlab workspace and are never exposed to tenants or end users; token exchange is proxied through the core centralTokenExchange webhook so the client secret never leaves the core workspace.Tell workspaces to use the central client
oauthCentral in the connector configuration app (no client id/secret to enter on their side). Their users then just click Connect.(Optional) Publish to the Capabilities catalog
2. Declare the capability in AI Governance
As an alternative to (or in addition to) the catalog button, you can declare GitLab as a named capability in AI Governance. Agent builders then enable that capability on their agents instead of pasting a raw MCP endpoint.Point it at the MCP endpoint
agent_id in the scope is what lets the connector identify and authorize the calling agent.Make it available to agent builders
- Agent builder (Agent Factory)
- Workspace builder (DSUL)
Agent builder
Goal: let an agent you build in Agent Factory use GitLab through MCP tools.agent_id that Agent Factory injects through the capability Scope, and that agent must appear in the connector’s authorized-agents allowlist (managed in the configuration app). The GitLab access token itself is resolved server-side from the configured auth mode.There are two ways to wire it up. Pick based on how much isolation you need.Option A — Enable the shared capability from the catalog
The fastest path: a Platform admin has already published a GitLab capability to the Capabilities catalog (see the Platform admin setup accordion above — the Add to catalog button, or §2), so you just pick it from the catalog.Open your agent in Agent Factory
Add the GitLab capability
context_id,agent_id,user_id) are already wired by the admin — nothing to paste, and the shared instance accepts every agent, so there is no allowlist step on your side.Option B — Run it from your own workspace (recommended)
For production agents, install the connector in your own workspace and point the agent at that workspace’s MCP endpoint.Install and configure the connector in your workspace
Allowlist your agent
Add the MCP capability to your agent
agent_id is what lets the connector identify and authorize your agent — without it, every call is rejected with an explicit “agent could not be identified” message. This Scope is separate from the GitLab OAuth scopes.Brief the agent in its system prompt
Whichever option you pick, wiring the capability is not enough — the agent must know the connector exists and when to reach for it. Add a short paragraph to the agent’s system prompt. Copy-pasteable starter:agent_id.api scope (full read + write) by default. To allow only read access, set the Scopes field in the configuration app to read_api. With central OAuth (oauthCentral) you do not create your own GitLab application — keep oauthCentral and enter read_api; your tenant scope overrides the platform default (the central application must allow read_api). Write calls are then rejected by GitLab with 403 Forbidden. The scope is set at the workspace level (a workspace editor can widen it); a GitLab personal access token limited to read_api is the hard-guarantee alternative.Available Tools
Tools are grouped by resource. Each MCP tool takes anaction argument selecting the operation, plus the parameters for that action. Every tool also accepts an outputFormat parameter (see Output Formats).Projects
| Tool | Description |
|---|---|
projects | Projects (repositories) and their settings, members, webhooks and CI/CD variables. Actions: list (pass membership:true or owned:true for my projects), get, create, update, delete, fork, archive, unarchive, listMembers, addMember, removeMember, listHooks, createHook, deleteHook, listVariables, createVariable, updateVariable, deleteVariable. |
Issues
| Tool | Description |
|---|---|
issues | Issues and their notes. Actions: list (one project), listAll (across all accessible projects — use for “my issues” with scope:assigned_to_me/created_by_me), listGroup, get, create, update, close, reopen, delete, listNotes, getNote, createNote, updateNote, deleteNote. |
Merge Requests
| Tool | Description |
|---|---|
mergeRequests | Merge requests and their notes. Actions: list, listAll (use for “my MRs” / reviews via scope + reviewer_username), listGroup, get, create, update, delete, approve, unapprove, merge, listNotes, getNote, createNote, updateNote, deleteNote. |
Repository
| Tool | Description |
|---|---|
branches | Repository branches. Actions: list, get, create, delete. |
commits | Repository commits. Actions: list, get, create (multi-file action), cherryPick, revert. |
tags | Repository tags. Actions: list, get, create. |
releases | Project releases. Actions: list, get, create, delete. |
CI/CD
| Tool | Description |
|---|---|
pipelines | CI/CD pipelines. Actions: list, get, create (trigger a run), retry, cancel. |
pipelineJobs | CI/CD jobs within a pipeline. Actions: list, get, retry. |
environments | CI/CD environments. Actions: list, get, stop. |
deployKeys | Project deploy keys. Actions: list, create, delete. |
Planning
| Tool | Description |
|---|---|
labels | Project labels. Actions: list, create, update, delete. |
milestones | Project milestones. Actions: list, get, create, update. |
wikiPages | Project wiki pages. Actions: list, get, create. |
Organization
| Tool | Description |
|---|---|
groups | Groups (namespaces). Actions: list (pass owned:true for my groups), get, create, update. |
users | Users. Actions: list, get, search, getCurrent. |
Output Formats
Every tool accepts anoutputFormat parameter that controls the MCP response shape:verbose(default) — human-readable text for LLM consumptionstructured— machine-readable JSON instructuredContentboth— both text and structured content
Tool Details
issues (create)
Open an issue in a GitLab project.| Parameter | Required | Description |
|---|---|---|
action | Yes | create |
id | Yes | Project ID (numeric) or URL-encoded namespace/project |
title | Yes | Issue title |
description | No | Markdown body |
labels | No | Comma-separated label names |
assignee_ids | No | Array of user IDs |
milestone_id | No | Milestone ID to associate |
confidential | No | true to make the issue confidential |
due_date | No | YYYY-MM-DD |
mergeRequests (create)
source_branch, target_branch and title are required. Accepts assignee_ids, reviewer_ids, labels, milestone_id, squash.pipelines (create)
Trigger a new pipeline on a given ref. Requires a.gitlab-ci.yml at the ref.| Parameter | Required | Description |
|---|---|---|
action | Yes | create |
id | Yes | Project ID |
ref | Yes | Branch or tag to run against |
variables | No | Array of {key, value, variable_type?} overrides |
projects (list)
List accessible projects. By default returns ALL accessible projects including public ones. Passmembership: true or owned: true to limit to the user’s own projects.| Parameter | Required | Description |
|---|---|---|
action | Yes | list |
membership | No | true → only projects the user is a member of |
owned | No | true → only projects the user owns |
search | No | Free-text filter on project name/path |
visibility | No | public / internal / private |
order_by | No | e.g. last_activity_at, created_at, name |
sort | No | asc / desc |
per_page | No | 1-100 (default 20) |
mergeRequests (merge)
Merge an open merge request. The MR must be in a mergeable state.merge_commit_message, squash_commit_message, merge_when_pipeline_succeeds, sha (to fail if HEAD changed).Error Handling
| HTTP Status | Error | Solution |
|---|---|---|
| 400 | Bad request | Check argument shapes (IDs, dates, enum values) |
| 401 | Unauthorized | Sign in again (OAuth modes), or verify the access token has the api scope |
| 403 | Forbidden | The token lacks permission on this project/group — check the access level |
| 404 | Not Found | Verify the project id (numeric or URL-encoded path) and resource iid |
| 409 | Conflict | Common on merge conflicts or concurrent updates |
| 429 | Rate Limited | GitLab.com enforces ~2000 req/min per token; back off and retry |
| 500 | Server Error | Transient GitLab issue; retry after a few seconds |
Common Issues
“This agent is not authorized to use this connector” — The calling agent is not in the allowlist. Open the configuration app → Authorized agents → tick this agent (id is shown in the error) or enable Allow all agents, and Save. The Install capability button does this for you. “The calling agent could not be identified” — The MCP capability Scope does not declareagent_id, so Agent Factory never injects the agent identity. Set the Scope to context_id,agent_id,user_id on the capability (this is separate from the GitLab OAuth scopes), then allow the agent in the config app.
“GitLab is not connected for this user” — No per-user OAuth token is stored for the caller. Open the configuration app (OAuth mode) and click Connect, or use the agent’s connect flow.
“GitLab token refresh failed … must reconnect” — The stored refresh token was rejected by GitLab (revoked / expired). The connection is dropped automatically; the user must reconnect from the config app.
“GitLab is not authenticated / OAuth is not configured” — Neither a tenant OAuth client nor the central platform client is available. Set the OAuth client ID/secret in the config app (tenant mode), or ask the platform maintainer to provision the central OAuth client from the core workspace’s config app.
“Can’t approve own MR” — A user counts as the MR author and cannot approve its own merge requests. Connect with a different GitLab account (or use an accessToken from another user) for the approval step.
“pipeline creation 404” — The target ref has no .gitlab-ci.yml at its root. Commit a CI config first, or pick a ref that has one.