GitLab MCP server
GitLab is a complete DevOps platform that unifies source code management, CI/CD pipelines, security scanning, and more. An AI agent with access to GitLab can manage repositories, create merge requests, orchestrate CI/CD pipelines, analyze security, and coordinate development workflows without manual GitLab operations.
Setting up an MCP server
This article covers the standard steps for creating an MCP server in AI Gateway and connecting it to an AI client. The steps are the same for every integration — application-specific details (API credentials, OAuth endpoints, and scopes) are covered in the individual application pages.
Before you begin
You'll need:
- Access to AI Gateway with permission to create MCP servers
- API credentials for the application you're connecting (see the relevant application page for what to collect)
Create an MCP server
Find the API in the catalog
- Sign in to AI Gateway and select MCP Servers from the left navigation.
- Select New MCP Server.
- Search for the application you want to connect, then select it from the catalog.
Configure the server
- Enter a Name for your server — something descriptive that identifies both the application and its purpose (for example, "Zendesk Support — Prod").
- Enter a Description so your team knows what the server is for.
- Set the Timeout value. 30 seconds works for most APIs; increase to 60 seconds for APIs that return large payloads.
- Toggle Production mode on if this server will be used in a live workflow.
- Select Next.
Configure authentication
Enter the authentication details for the application. This varies by service — see the Authentication section of the relevant application page for the specific credentials, OAuth URLs, and scopes to use.
Configure security
- Set any Rate limits appropriate for your use case and the API's own limits.
- Enable Logging if you want AI Gateway to record requests and responses for auditing.
- Select Next.
Deploy
Review the summary, then select Deploy. AI Gateway provisions the server and provides a server URL you'll use when configuring your AI client.
Connect to an AI client
Once your server is deployed, you'll need to add it to the AI client your team uses. Select your client for setup instructions:
Tips
- You can create multiple MCP servers for the same application — for example, a read-only server for reporting agents and a read-write server for automation workflows.
- If you're unsure which OAuth scopes to request, start with the minimum read-only set and add write scopes only when needed. Most application pages include scope recommendations.
- You can edit a server's name, description, timeout, and security settings after deployment without redeploying.
Authentication
GitLab uses OAuth 2.0 authentication. Create an OAuth application in your GitLab settings at Settings > Applications. The authorization endpoint for gitlab.com is https://gitlab.com/oauth/authorize and the token endpoint is https://gitlab.com/oauth/token. For self-hosted GitLab, use your instance URL with the same paths. Configure scopes based on your needs: api (full API access), read_api (read-only API), read_repository (clone/pull), write_repository (push), read_registry (container registry read), write_registry (container registry write), and read_user (user profile). The API base URL is https://gitlab.com/api/v4 for gitlab.com.
Available tools
This MCP server enables repository management, merge request workflows, CI/CD pipeline orchestration, issue tracking, security operations, and analytics for GitLab projects.
| Tool | Description |
|---|---|
| Create project | Create a new GitLab project with settings |
| Get project | Retrieve project details and configuration |
| Update project | Modify project settings and metadata |
| Delete project | Remove a project |
| List projects | Retrieve projects with filtering and sorting |
| Create branch | Create a new branch in a project |
| Delete branch | Delete a branch |
| List branches | Retrieve all branches in a project |
| Protect branch | Protect a branch from direct pushes |
| Create file | Create a file in a repository |
| Update file | Modify a file in a repository |
| Delete file | Delete a file from a repository |
| Get file | Retrieve file contents from a repository |
| Create merge request | Create a merge request between branches |
| Get merge request | Retrieve merge request details and status |
| Update merge request | Modify MR title, description, or state |
| Approve merge request | Mark an MR as approved |
| Merge merge request | Merge an approved merge request |
| Close merge request | Close an MR without merging |
| Add comment | Comment on a merge request or issue |
| Create issue | Create a new issue in a project |
| Get issue | Retrieve issue details |
| List issues | Retrieve issues with filtering options |
| Update issue | Modify issue status, labels, or assignee |
| Close issue | Close an issue |
| Create pipeline | Trigger a pipeline run |
| Get pipeline | Retrieve pipeline execution status |
| List pipelines | Retrieve recent pipeline runs |
| Get job | Retrieve job details and logs |
| Get artifacts | Retrieve job artifacts and download links |
| Create release | Create a release with tag and notes |
| Get release | Retrieve release details |
| Create tag | Create a git tag for versioning |
| Scan for vulnerabilities | Trigger SAST or dependency scanning |
| Get scan results | Retrieve security scan results |
| List merge requests | Retrieve open merge requests |
| Create milestone | Create a milestone for issues and epics |
| Get milestone | Retrieve milestone details |
Tips
Generate personal access tokens for automated operations that run without user interaction and don't need to act on behalf of a specific person.
Use OAuth for integrations that act on behalf of users and should reflect their identity in audit logs.
Store CI/CD configuration in .gitlab-ci.yml at the repository root to define your pipeline steps.
Commit the .gitlab-ci.yml file before attempting to trigger pipelines via the API, or the API calls will fail to find the pipeline definition.
Check merge conflict status before attempting to merge — the API cannot resolve merge conflicts automatically, and merge will fail if conflicts exist.
Ensure approval rules pass before attempting to merge, as branches with protection rules require approvals and status checks.
Monitor API usage and implement exponential backoff for retries to respect rate limits, as GitLab enforces 600 requests per minute.
Cequence AI Gateway