Connect your AI Agents to GitLab in minutes
Available tools
list_branches
List all branches in a project repository with optional search filtering and pagination support for navigating branch lists in large repositories
get_branch
Get detailed information about a specific branch by project ID and branch name, including commit details, merge status, protection status, and access permissions
create_branch
Create a new branch from a specified source branch, tag, or commit SHA with branch name and ref, enabling parallel development workflows and feature branching
delete_branch
Delete a branch from a project repository permanently, removing the branch reference but preserving commits in the repository history if they are referenced elsewhere
protect_branch
Protect a branch with push and merge access level restrictions, allowed users/groups, code owner approval requirements, and unprotect access control for enforcing branch protection policies
unprotect_branch
Remove protection from a branch to allow unrestricted access, disabling all branch protection rules and access level restrictions
list_commits
List all commits in a project repository with comprehensive filtering by ref, date range, path, author, and more, plus pagination support for exploring repository history
get_commit
Get detailed information about a specific commit by project ID and commit SHA, including message, author, committer, timestamps, parent commits, stats, and complete commit metadata
create_commit
Create a new commit with file create, update, delete, chmod, or move actions, supporting multiple file operations in a single atomic commit with custom message and branch
get_commit_diff
Get the diff of changes introduced by a specific commit, showing file modifications, additions, deletions, and detailed line-by-line changes
list_commit_comments
List all comments on a specific commit showing discussions, code review feedback, and inline comments with author, timestamps, and comment content
create_commit_comment
Create a new comment on a commit with optional inline file and line reference for code review, feedback, and commit discussions
How to set up Merge Agent Handler
In an mcp.json file, add the configuration below, and restart Cursor.
Learn more in the official documentation ↗
1{
2 "mcpServers": {
3 "agent-handler": {
4 "url": "https://ah-api-develop.merge.dev/api/v1/tool-packs/{TOOL_PACK_ID}/registered-users/{REGISTERED_USER_ID}/mcp",
5 "headers": {
6 "Authorization": "Bearer yMt*****"
7 }
8 }
9 }
10}
11Open your Claude Desktop configuration file and add the server configuration below. You'll also need to restart the application for the changes to take effect.
Make sure Claude is using the Node v20+.
Learn more in the official documentation ↗
1{
2 "mcpServers": {
3 "agent-handler": {
4 "command": "npx",
5 "args": [
6 "-y",
7 "mcp-remote@latest",
8 "https://ah-api-develop.merge.dev/api/v1/tool-packs/{TOOL_PACK_ID}/registered-users/{REGISTERED_USER_ID}/mcp",
9 "--header",
10 "Authorization: Bearer ${AUTH_TOKEN}"
11 ],
12 "env": {
13 "AUTH_TOKEN": "yMt*****"
14 }
15 }
16 }
17}Open your Windsurf MCP configuration file and add the server configuration below.
Click on the refresh button in the top right of the Manage MCP server page or in the top right of the chat box in the box icon.
Learn more in the official documentation ↗
1{
2 "mcpServers": {
3 "agent-handler": {
4 "command": "npx",
5 "args": [
6 "-y",
7 "mcp-remote@latest",
8 "https://ah-api.merge.dev/api/v1/tool-packs/<tool-pack-id>/registered-users/<registered-user-id>/mcp",
9 "--header",
10 "Authorization: Bearer ${AUTH_TOKEN}"
11 ],
12 "env": {
13 "AUTH_TOKEN": "<ah-production-access-key>"
14 }
15 }
16 }
17 }In Command Palette (Cmd+Shift+P on macOS, Ctrl+Shift+P on Windows), run "MCP: Open User Configuration".
You can then add the configuration below and press "start" right under servers. Enter the auth token when prompted.
Learn more in the official documentation ↗
1{
2 "inputs": [
3 {
4 "type": "promptString",
5 "id": "agent-handler-auth",
6 "description": "Agent Handler AUTH_TOKEN", // "yMt*****" when prompt
7 "password": true
8 }
9 ],
10 "servers": {
11 "agent-handler": {
12 "type": "stdio",
13 "command": "npx",
14 "args": [
15 "-y",
16 "mcp-remote@latest",
17 "https://ah-api-develop.merge.dev/api/v1/tool-packs/{TOOL_PACK_ID}/registered-users/{REGISTERED_USER_ID}/mcp",
18 "--header",
19 "Authorization: Bearer ${input:agent-handler-auth}"
20 ]
21 }
22 }
23}FAQs on using Merge's GitLab MCP server
FAQs on using Merge's GitLab MCP server
What is a GitLab MCP server?
It’s an MCP server that exposes data and functionality from GitLab via tools. Your agents can use these tools to gather and share commits, upload files to repositories, update issues, and more.
How can I use the GitLab MCP server?
Here are just a few use cases (these also apply to other project management MCP servers):
- Code review and merge request assistance: Summarize a merge request’s changes and flag risky diffs
- Issue triage and project hygiene: Turn bug reports or Slack threads into GitLab issues with titles, descriptions, labels, and assignees
- Release coordination: Build a release checklist by querying the set of MRs/issues targeted for a milestone
- CI/CD visibility and debugging: Check pipeline status for a branch or merge request, and pull failed job logs and summarize likely root causes and next debugging steps
- Operational workflows: Open incidents or on-call tasks in GitLab when a monitoring alert fires. And keep incident issues updated as deploys roll out and pipelines complete
- Security and compliance workflows: Review findings (for example, vulnerabilities) and create tracking issues with owners and due dates
- Cross-system automations: Sync work between GitLab and other systems. For example, create a CRM ticket when a security issue is opened, or post updates to a comms channel
What are popular tools for GitLab’s MCP server?
Here are some popular tools across data types.
Issues
- <code class="blog_inline-code">list_issues</code>
- <code class="blog_inline-code">get_issue</code>
- <code class="blog_inline-code">create_issue</code>
- <code class="blog_inline-code">update_issue</code>
Jobs
- <code class="blog_inline-code">get_job</code>
- <code class="blog_inline-code">Retry_job</code>
- <code class="blog_inline-code">play_job</code>
- <code class="blog_inline-code">erase_job</code>
Projects
- <code class="blog_inline-code">star_project</code>
- <code class="blog_inline-code">fork_project</code>
- <code class="blog_inline-code">create_project</code>
- <code class="blog_inline-code">delete_project</code>
What makes Merge Agent Handler’s GitLab MCP server better than alternative GitLab MCP servers?
Merge Agent Handler provides a standardized, enterprise-grade control plane that isn’t available in the official GitLab MCP server. This includes:
- Managed authentication and credential handling: Merge provides guided, embeddable authentication flows (Agent Handler Link) and supports both shared and individual authentication per connector, reducing security and UX complexity
- Enterprise security with DLP: All tool inputs and outputs pass through a security gateway with configurable Data Loss Prevention rules to block, redact, or mask sensitive data
- Real-time observability and auditability: Every GitLab tool call is logged with a fully searchable audit trail, enabling debugging, compliance reviews, and behavioral optimization
- Evaluation before production: Tools can be validated against expected outcomes using the Evaluation Suite before being deployed to live agents
Can I set custom security rules for GitLab tool calls in Merge Agent Handler?
Yes. Merge Agent Handler includes a Security Gateway with Data Loss Protection (DLP) that allows you to configure default and custom security rules. These rules inspect GitLab tool inputs and outputs and can block, redact, or mask sensitive data fields based on your organization’s policies.
Here are some examples:
- Prevent leaking secrets into GitLab. Block any GitLab write (issue/MR/comment/commit message) that contains API keys, bearer tokens, or credentials
- Stop PII from being stored in GitLab. Block tool calls that include SSNs or other sensitive entities in issue descriptions, comments, or fields. Or allow the call but redact the sensitive values based on your policy
- Avoid cross-customer data leakage when agents read GitLab. Mask internal identifiers (for example, customer account IDs) in GitLab read results so the agent can’t copy them into another system
- Enforce company-specific patterns and policies. Add custom regex-based rules for things like proprietary ID formats, internal ticket numbers, or other sensitive strings that show up in GitLab content
How can I start using Merge Agent Handler’s GitLab MCP server?
You can take these steps:
1. Create a Merge Agent Handler account.
2. Create a Tool Pack for the workflow you want (for example, “GitLab triage”).
3. Add the GitLab connector to that Tool Pack.
4. Configure authentication for GitLab (shared org auth vs individual end-user auth, depending on your setup).
5. Create a Registered User (this represents the identity that will execute tool calls).
6. Complete the GitLab authentication flow for that Registered User so the GitLab tools can execute.
7. Copy the MCP entry URL for your Tool Pack + Registered User and add it to your MCP client (Cursor, Claude Desktop, VSCode, Windsurf, etc.).
8. Use the Playground to run a few GitLab tool calls end-to-end and confirm you see successful responses and logs.
Explore other MCP servers built and managed by Merge
Ready to try it out?
Whether you're an engineer experimenting with agents or a product manager looking to add tools, you can get started for free now
