GitLab - Prisme.ai

The GitLab app provides read/write access to the GitLab DevOps platform via its REST v4 API. It can be used either as a Builder app (automations call GitLab instructions directly) or as a remote MCP server consumed by an Knowledges agent — covering projects, issues, merge requests, pipelines, branches, commits, releases, CI/CD variables, deploy keys, webhooks, wikis, groups and users. Supports two authentication modes:

Central OAuth2 (recommended) — one OAuth Application is registered once by the Prisme.ai workspace admin; every end user signs in with their own GitLab account. Nothing to install per tenant. Requires the platform admin to grant the GitLab capability in Prisme.ai Governance (see below).
Tenant PAT — install the GitLab app in your workspace and paste a Personal Access Token. Shared across the workspace’s users; no per-user sign-in.

Project Management

Projects, issues, merge requests, labels, milestones and wikis

CI/CD & DevOps

Pipelines, jobs, environments, CI variables, deploy keys and webhooks

Central OAuth or PAT

One shared OAuth Application with per-user sign-in, or a tenant-level static PAT — both modes coexist on the same MCP endpoint

Prerequisites

A GitLab account (gitlab.com or self-hosted)
For the central OAuth mode — the platform admin has registered ONE OAuth Application at User Settings > Applications (https://gitlab.com/-/user_settings/applications) with api scope and the callback URL <api-url>/workspaces/slug:gitlab/webhooks/oauthCallback, and has stored its Client ID + Client Secret in the Secrets of the central gitlab workspace. The end user only needs to click Connect once.
For the tenant PAT mode — a Personal Access Token with api scope (Preferences > Access Tokens), pasted into the installed app instance.
Base URL (default: https://gitlab.com/api/v4 — override for self-hosted instances)

The two modes are mutually exclusive per MCP call: callers identify themselves either by being authenticated to Prisme.ai (central) or by sending the mcp-api-key header (tenant). The same workspace can serve both at the same time.

Setup (one-time, platform admin)

The central OAuth flow is set up once per environment by the Prisme.ai workspace admin. End users never touch any of this.

Open https://gitlab.com/-/user_settings/applications and click Add new application. Use these values:

Name — Prisme.ai GitLab connector (or whatever fits your branding)
Redirect URI — <api-url>/workspaces/slug:gitlab/webhooks/oauthCallback (e.g. https://api.studio.prisme.ai/v2/workspaces/slug:gitlab/webhooks/oauthCallback on production)
Scopes — api

Save and copy the Application ID + Secret (the Secret is shown only once).

Store the credentials in the gitlab workspace secrets

Open the central gitlab workspace in the Prisme.ai Builder (Studio), go to Workspace settings > Secrets and set:

gitlabOauthClientId — the Application ID from GitLab
gitlabOauthClientSecret — the Secret from GitLab

These secrets are scoped to the gitlab workspace itself — they are NOT exposed to the end users or to any tenant who installs the app.

Declare the OAuth authentication in Governance

Open Prisme.ai Governance > Capabilities > GitLab (or whichever capability your agents will use to consume the connector) and attach an authentication configuration that points at the three central webhooks of the gitlab workspace:

{
  "type": "oauth2",
  "status_url": "<api-url>/workspaces/slug:gitlab/webhooks/checkAuthStatus",
  "connect_url": "<api-url>/workspaces/slug:gitlab/webhooks/initiateOAuth",
  "disconnect_url": "<api-url>/workspaces/slug:gitlab/webhooks/disconnectOAuth"
}

Replace <api-url> with your environment’s API URL (https://api.studio.prisme.ai/v2 on production). Governance uses these URLs to (1) probe whether the calling user is already connected (status_url), (2) trigger the OAuth handshake when they are not (connect_url), and (3) revoke the session on demand (disconnect_url).

Grant the capability to the right roles

Still in Governance, grant the GitLab capability to the roles or users who should be allowed to sign in with their own GitLab account through the central MCP. Without this grant, callers without an mcp-api-key header are rejected with 401 Authentication required.

Test the flow

From an Agent Creator agent with the GitLab capability enabled, call any tool (e.g. getCurrentUser). The agent receives a connect_url on the first call; opening it in a new window redirects the user to GitLab, then back to a callback page that closes itself after 5 seconds. Subsequent calls reuse the stored access token transparently.

Usage as App
Usage as MCP

Installation

Go to Apps in your workspace
Search for GitLab and install it
Open the app instance configuration and fill in the required fields

Configuration

Field	Description
GitLab API Base URL	Base URL of the GitLab API (default `https://gitlab.com/api/v4`). Override for self-hosted instances.
Personal Access Token	GitLab PAT with `api` scope, stored as a workspace secret. Required when calling the MCP endpoint with the `mcp-api-key` header (tenant mode). Leave empty to use the central OAuth shared by the platform admin.
MCP Endpoint	Auto-populated on install — URL of the MCP endpoint for this instance.
MCP API Key	Auto-populated on install — signed key used in the `mcp-api-key` header for tenant PAT mode. Do not modify.

OAuth credentials (Client ID / Client Secret / authorization URL / token URL / scopes) are NOT part of the app instance config anymore — they live in the Secrets of the central gitlab workspace and are shared by all callers in central mode. See the Setup section above.

Available Instructions

Every instruction resolves credentials from the workspace configuration.

Projects

Instruction	Arguments
`listProjects`	`search`, `visibility`, `owned`, `membership`, `order_by`, `sort`, `per_page`, `page`
`createProject`	`name`*, `path`, `namespace_id`, `description`, `visibility`, `default_branch`, `initialize_with_readme`
`getProject`	`id`*
`updateProject`	`id`*, `name`, `path`, `description`, `visibility`, `default_branch`
`deleteProject`	`id`*
`archiveProject`	`id`*
`unarchiveProject`	`id`*
`forkProject`	`id`*, `namespace`, `namespace_id`, `name`, `path`

Issues

Instruction	Arguments
`listIssues`	`id`*, `state`, `labels`, `milestone`, `search`, `assignee_username`, `per_page`, `page`
`createIssue`	`id`, `title`, `description`, `labels`, `assignee_ids`, `milestone_id`, `confidential`, `due_date`
`getIssue`	`id`, `iid`
`updateIssue`	`id`, `iid`, `title`, `description`, `labels`, `assignee_ids`, `milestone_id`, `state_event`
`deleteIssue`	`id`, `iid`
`closeIssue`	`id`, `iid`
`reopenIssue`	`id`, `iid`
`listIssueNotes`	`id`, `iid`, `sort`, `order_by`, `per_page`
`createIssueNote`	`id`, `iid`, `body`*, `confidential`
`getIssueNote`	`id`, `iid`, `note_id`*
`updateIssueNote`	`id`, `iid`, `note_id`, `body`
`deleteIssueNote`	`id`, `iid`, `note_id`*

Merge Requests

Instruction	Arguments
`listMergeRequests`	`id`*, `state`, `source_branch`, `target_branch`, `labels`, `search`, `per_page`
`createMergeRequest`	`id`, `source_branch`, `target_branch`, `title`, `description`, `assignee_ids`, `reviewer_ids`, `labels`, `milestone_id`, `remove_source_branch`, `squash`
`getMergeRequest`	`id`, `iid`
`updateMergeRequest`	`id`, `iid`, `title`, `description`, `target_branch`, `assignee_ids`, `labels`, `milestone_id`, `state_event`
`deleteMergeRequest`	`id`, `iid`
`mergeMergeRequest`	`id`, `iid`, `merge_commit_message`, `squash_commit_message`, `squash`, `should_remove_source_branch`, `merge_when_pipeline_succeeds`, `sha`
`approveMergeRequest`	`id`, `iid`, `sha`
`unapproveMergeRequest`	`id`, `iid`
`listMergeRequestNotes`	`id`, `iid`, `sort`, `order_by`, `per_page`
`createMergeRequestNote`	`id`, `iid`, `body`*
`getMergeRequestNote`	`id`, `iid`, `note_id`*
`updateMergeRequestNote`	`id`, `iid`, `note_id`, `body`
`deleteMergeRequestNote`	`id`, `iid`, `note_id`*

Branches

Instruction	Arguments
`listBranches`	`id`*, `search`, `per_page`
`createBranch`	`id`, `branch`, `ref`*
`getBranch`	`id`, `branch`
`deleteBranch`	`id`, `branch`

Commits

Instruction	Arguments
`listCommits`	`id`*, `ref_name`, `since`, `until`, `path`, `author`, `per_page`
`createCommit`	`id`, `branch`, `commit_message`, `start_branch`, `start_sha`, `author_email`, `author_name`, `actions`
`getCommit`	`id`, `sha`
`cherryPickCommit`	`id`, `sha`, `branch`*, `dry_run`, `message`
`revertCommit`	`id`, `sha`, `branch`*, `dry_run`

Instruction	Arguments
`listTags`	`id`*, `search`, `order_by`, `sort`, `per_page`
`createTag`	`id`, `tag_name`, `ref`*, `message`
`getTag`	`id`, `tag_name`

Releases

Instruction	Arguments
`listReleases`	`id`*, `order_by`, `sort`, `per_page`
`createRelease`	`id`, `name`, `tag_name`, `description`, `ref`, `released_at`
`getRelease`	`id`, `tag_name`
`deleteRelease`	`id`, `tag_name`

Pipelines & Jobs

Instruction	Arguments
`listPipelines`	`id`*, `status`, `ref`, `sha`, `username`, `order_by`, `sort`, `per_page`
`createPipeline`	`id`, `ref`, `variables`
`getPipeline`	`id`, `pipeline_id`
`retryPipeline`	`id`, `pipeline_id`
`cancelPipeline`	`id`, `pipeline_id`
`listPipelineJobs`	`id`, `pipeline_id`, `scope`, `per_page`
`getJob`	`id`, `job_id`
`retryJob`	`id`, `job_id`

Environments

Instruction	Arguments
`listEnvironments`	`id`*, `name`, `search`, `states`, `per_page`
`getEnvironment`	`id`, `environment_id`
`stopEnvironment`	`id`, `environment_id`

Labels

Instruction	Arguments
`listLabels`	`id`*, `with_counts`, `search`, `per_page`
`createLabel`	`id`, `name`, `color`*, `description`, `priority`
`updateLabel`	`id`*, `name`, `label_id`, `new_name`, `color`, `description`, `priority`
`deleteLabel`	`id`*, `name`, `label_id`

Milestones

Instruction	Arguments
`listMilestones`	`id`*, `state`, `search`, `per_page`
`createMilestone`	`id`, `title`, `description`, `due_date`, `start_date`
`getMilestone`	`id`, `milestone_id`
`updateMilestone`	`id`, `milestone_id`, `title`, `description`, `due_date`, `start_date`, `state_event`

Wiki

Instruction	Arguments
`listWikiPages`	`id`*, `with_content`
`createWikiPage`	`id`, `title`, `content`*, `format`
`getWikiPage`	`id`, `slug`, `render_html`, `version`

Webhooks

Instruction	Arguments
`listProjectHooks`	`id`*, `per_page`
`createProjectHook`	`id`, `url`, `token`, `push_events`, `issues_events`, `merge_requests_events`, `tag_push_events`, `note_events`, `job_events`, `pipeline_events`, `wiki_page_events`, `enable_ssl_verification`
`deleteProjectHook`	`id`, `hook_id`

CI/CD Variables

Instruction	Arguments
`listProjectVariables`	`id`*, `per_page`
`createProjectVariable`	`id`, `key`, `value`*, `variable_type`, `protected`, `masked`, `raw`, `environment_scope`, `description`
`updateProjectVariable`	`id`, `key`, `filter[environment_scope]`, `value`, `variable_type`, `protected`, `masked`, `raw`, `environment_scope`, `description`
`deleteProjectVariable`	`id`, `key`, `filter[environment_scope]`

Deploy Keys

Instruction	Arguments
`listDeployKeys`	`id`*, `per_page`
`createDeployKey`	`id`, `title`, `key`*, `can_push`
`deleteDeployKey`	`id`, `key_id`

Project Members

Instruction	Arguments
`listProjectMembers`	`id`*, `query`, `per_page`
`addProjectMember`	`id`, `user_id`, `access_level`*, `expires_at`
`removeProjectMember`	`id`, `user_id`

Users

Instruction	Arguments
`getCurrentUser`	–
`getUser`	`user_id`*
`listUsers`	`active`, `blocked`, `username`, `per_page`, `page`
`searchUsers`	`search`*, `per_page`

Groups

Instruction	Arguments
`listGroups`	`search`, `owned`, `min_access_level`, `top_level_only`, `per_page`
`createGroup`	`name`, `path`, `description`, `visibility`, `parent_id`
`getGroup`	`id`*
`updateGroup`	`id`*, `name`, `path`, `description`, `visibility`

Arguments flagged with * are required.

DSUL Examples

List the user’s own projects

- GitLab.listProjects:
    membership: true
    order_by: last_activity_at
    sort: desc
    per_page: 20
    output: myProjects

Create an issue with labels and an assignee

- GitLab.createIssue:
    id: '{{projectId}}'
    title: Investigate 500s on /api/v1/search
    description: |
      Spike of 500s since 14:00 UTC. Logs in Kibana (link).
    labels: BUG,Incident
    assignee_ids:
      - '{{oncallUserId}}'
    output: issue

Open a merge request from a feature branch

- GitLab.createBranch:
    id: '{{projectId}}'
    branch: feature/auto-deploy
    ref: main
    output: branch
- GitLab.createMergeRequest:
    id: '{{projectId}}'
    source_branch: feature/auto-deploy
    target_branch: main
    title: Automate staging deploy
    description: Closes #{{issue.iid}}
    remove_source_branch: true
    output: mr

Trigger a pipeline on a specific ref

- GitLab.createPipeline:
    id: '{{projectId}}'
    ref: main
    variables:
      - key: DEPLOY_ENV
        value: staging
    output: pipeline

The GitLab connector ships with a built-in MCP server hosted at one stable URL per environment:

<api-url>/workspaces/slug:gitlab/webhooks/mcp

The same endpoint serves two authentication modes depending on whether the caller sends an mcp-api-key header.

Plug into an Agent Creator capability (central OAuth)

The preferred path for human-facing agents. End users sign in with their own GitLab account; tokens are stored against their Prisme.ai user identity, never shared with other users of the same workspace.

Prerequisites

The platform admin has completed the Setup section above: OAuth Application registered at GitLab, gitlabOauthClientId + gitlabOauthClientSecret stored in the gitlab workspace secrets, and the GitLab capability granted in Governance to the right roles.

Open Agent Creator

Switch to Agent Creator and open the agent you want to extend.

Add the GitLab capability

Add the GitLab capability to the agent. No URL, no mcp-api-key to paste — the central endpoint is pre-wired and the caller is identified by the Prisme.ai session of whoever is talking to the agent.

Brief the agent in its system prompt

Wiring the capability is not enough — the agent also needs to know the MCP exists and when to reach for it. Copy-pasteable starter:

You have access to the GitLab MCP server. Use it whenever the user asks about GitLab content — projects, issues, merge requests, pipelines, jobs, branches, commits, tags, releases, milestones or members. Examples: "List my open merge requests", "What's failing in pipeline #1234?", "Create an issue in project X with label bug", "Show the latest release of my main project". If the user is not yet connected, call the `connect` tool to obtain a sign-in link; if they are already connected, call the relevant data tool directly. Prefer calling MCP tools directly over guessing, and confirm with the user before any destructive action (close an issue, merge or revert an MR, delete a branch, cancel a pipeline).

Refine the trigger keywords (project names, group names, label conventions) so the agent reliably picks up the right intent in your context.

First call → sign-in

On the first GitLab tool call, the agent receives a connect_url. Open it in a new window: GitLab asks the user to authorize the application, then redirects back to a callback page that closes itself after 5 seconds. The agent retries the same tool call automatically.

Use this when one shared token is preferable to per-user OAuth — typical for service-account workflows, automations triggered by a non-interactive bot user, or environments where the central OAuth admin setup is not available.

Install the GitLab app in your workspace

Open the workspace Imports panel, search for GitLab and install it.

Paste a Personal Access Token

Open the freshly installed app instance settings, set the GitLab API Base URL (if not gitlab.com) and the Personal Access Token (with api scope). Save.

Copy the MCP endpoint and API key

Still on the app instance configuration page, copy the values of MCP Endpoint and MCP API Key — both are generated automatically on install. The endpoint is the same as the central one above; the mcp-api-key identifies your tenant.

Wire into Agent Creator

Add a new capability to the agent:

If a dedicated GitLab tenant capability exists — select it and paste the MCP API Key into the mcp-api-key field.
Otherwise — select the generic custom_mcp capability, paste the MCP Endpoint into the Server URL field, then add an mcp-api-key entry to the Headers field:
```
{
  "mcp-api-key": "your-mcp-api-key"
}
```

Save

The agent now calls GitLab through the tenant PAT — every user of this agent shares the same GitLab identity (the owner of the PAT).

The signed mcp-api-key encodes the workspace ID and a getConfig webhook URL. The MCP server validates the signature and resolves the tenant PAT ({{config.token}} → {{secret.gitlabToken}}) server-side. The connect / disconnect tools are filtered out of tools/list in tenant mode — they only make sense for central OAuth.

Output Formats

Every tool accepts an outputFormat parameter that controls the MCP response shape:

verbose (default) — human-readable text for LLM consumption
structured — machine-readable JSON in structuredContent
both — both text and structured content

Available Tools

Projects

Tool	Description
`listProjects`	List GitLab projects accessible to the authenticated user. Important: by default this returns ALL accessible projects including publi…
`createProject`	Create a new project.
`getProject`	Get a project by ID or URL-encoded namespace/path.
`updateProject`	Update an existing project.
`deleteProject`	Delete a project.
`archiveProject`	Archive a project.
`unarchiveProject`	Unarchive a project.
`forkProject`	Fork a project into the authenticated user’s namespace or given namespace.

Issues

Tool	Description
`listIssues`	List issues of a project.
`createIssue`	Create a new issue in a project.
`getIssue`	Get a single issue by iid.
`updateIssue`	Update an existing issue.
`deleteIssue`	Delete an issue.
`closeIssue`	Close an issue (via state_event=close).
`reopenIssue`	Reopen a closed issue (via state_event=reopen).
`listIssueNotes`	List notes (comments) of an issue.
`createIssueNote`	Create a new note (comment) on an issue.
`getIssueNote`	Get a specific note from an issue.
`updateIssueNote`	Update an existing issue note.
`deleteIssueNote`	Delete an issue note.

Merge Requests

Tool	Description
`listMergeRequests`	List merge requests of a project.
`createMergeRequest`	Create a new merge request.
`getMergeRequest`	Get a single merge request by iid.
`updateMergeRequest`	Update an existing merge request.
`deleteMergeRequest`	Delete a merge request.
`mergeMergeRequest`	Accept and merge an open merge request.
`approveMergeRequest`	Approve a merge request.
`unapproveMergeRequest`	Unapprove a merge request.
`listMergeRequestNotes`	List notes (comments) of a merge request.
`createMergeRequestNote`	Create a note (comment) on a merge request.
`getMergeRequestNote`	Get a specific note from a merge request.
`updateMergeRequestNote`	Update an existing MR note.
`deleteMergeRequestNote`	Delete a merge request note.

Branches

Tool	Description
`listBranches`	List branches of a project repository.
`createBranch`	Create a new branch from a ref.
`getBranch`	Get a single branch.
`deleteBranch`	Delete a branch.

Commits

Tool	Description
`listCommits`	List commits of a project repository.
`createCommit`	Create a commit with one or more file actions.
`getCommit`	Get a single commit by SHA.
`cherryPickCommit`	Cherry-pick a commit onto a target branch.
`revertCommit`	Revert a commit on a target branch.

Tool	Description
`listTags`	List tags of a project repository.
`createTag`	Create a new tag from a ref.
`getTag`	Get a single tag.

Releases

Tool	Description
`listReleases`	List releases of a project.
`createRelease`	Create a new release for a tag.
`getRelease`	Get a single release by tag name.
`deleteRelease`	Delete a release.

Pipelines & Jobs

Tool	Description
`listPipelines`	List pipelines of a project.
`createPipeline`	Trigger a new pipeline for a given ref.
`getPipeline`	Get a single pipeline.
`retryPipeline`	Retry failed jobs in a pipeline.
`cancelPipeline`	Cancel running jobs in a pipeline.
`listPipelineJobs`	List jobs belonging to a pipeline.
`getJob`	Get a single CI job.
`retryJob`	Retry a single job.

Environments

Tool	Description
`listEnvironments`	List environments of a project.
`getEnvironment`	Get a single environment.
`stopEnvironment`	Stop a running environment.

Labels

Tool	Description
`listLabels`	List labels of a project.
`createLabel`	Create a new project label.
`updateLabel`	Update an existing project label (by name or id).
`deleteLabel`	Delete a project label (by name or id).

Milestones

Tool	Description
`listMilestones`	List milestones of a project.
`createMilestone`	Create a new milestone in a project.
`getMilestone`	Get a single milestone.
`updateMilestone`	Update a milestone.

Wiki

Tool	Description
`listWikiPages`	List wiki pages of a project.
`createWikiPage`	Create a new wiki page.
`getWikiPage`	Get a single wiki page by slug.

Webhooks

Tool	Description
`listProjectHooks`	List project webhooks.
`createProjectHook`	Add a new project webhook.
`deleteProjectHook`	Delete a project webhook.

CI/CD Variables

Tool	Description
`listProjectVariables`	List CI/CD variables of a project.
`createProjectVariable`	Create a new project CI/CD variable.
`updateProjectVariable`	Update an existing project CI/CD variable.
`deleteProjectVariable`	Delete a project CI/CD variable.

Deploy Keys

Tool	Description
`listDeployKeys`	List deploy keys of a project.
`createDeployKey`	Add a new deploy key to a project.
`deleteDeployKey`	Delete a deploy key from a project.

Project Members

Tool	Description
`listProjectMembers`	List direct members of a project.
`addProjectMember`	Add a user as a member to a project.
`removeProjectMember`	Remove a member from a project.

Users

Tool	Description
`getCurrentUser`	Get the currently authenticated user.
`getUser`	Get a single user by ID.
`listUsers`	List users (admin-scoped or filtered).
`searchUsers`	Search users by name, username or email.

Groups

Tool	Description
`listGroups`	List groups accessible to the authenticated user.
`createGroup`	Create a new group.
`getGroup`	Get a single group by ID or URL-encoded path.
`updateGroup`	Update a group.

OAuth Session

Tool	Description
`disconnect`	Disconnect the current GitLab OAuth session and revoke the access token at the provider (RFC 7009). Only call when the user explicitly as…
`connect`	Initiate an OAuth connection to GitLab. Returns a connect_url for the user to click. **Prefer calling data tools directly (listProjects, …

Tool Details

createIssue

Open an issue in a GitLab project.

{
  "name": "createIssue",
  "arguments": {
    "id": "123456",
    "title": "Investigate 500s on /api/v1/search",
    "description": "Spike of 500s since 14:00 UTC.",
    "labels": "BUG,Incident",
    "assignee_ids": [987654]
  }
}

Parameter	Required	Description
`id`	Yes	Project ID (numeric) or URL-encoded `namespace/project`
`title`	Yes	Issue title
`description`	No	Markdown body
`labels`	No	Comma-separated label names
`assignee_ids`	No	Array of user IDs
`milestone_id`	No	Milestone ID to associate
`confidential`	No	`true` to make the issue confidential
`due_date`	No	`YYYY-MM-DD`

createMergeRequest

{
  "name": "createMergeRequest",
  "arguments": {
    "id": "123456",
    "source_branch": "feature/auto-deploy",
    "target_branch": "main",
    "title": "Automate staging deploy",
    "description": "Closes #42",
    "remove_source_branch": true
  }
}

source_branch, target_branch and title are required. Accepts assignee_id, reviewer_ids, labels, milestone_id, squash, allow_collaboration.

createPipeline

Trigger a new pipeline on a given ref. Requires a .gitlab-ci.yml at the ref.

{
  "name": "createPipeline",
  "arguments": {
    "id": "123456",
    "ref": "main",
    "variables": [
      { "key": "DEPLOY_ENV", "value": "staging" }
    ]
  }
}

Parameter	Required	Description
`id`	Yes	Project ID
`ref`	Yes	Branch or tag to run against
`variables`	No	Array of `{key, value, variable_type?}` overrides

listProjects

List accessible projects. By default returns ALL accessible projects including public ones. Pass membership: true or owned: true to limit to the user’s own projects.

{
  "name": "listProjects",
  "arguments": {
    "membership": true,
    "order_by": "last_activity_at",
    "sort": "desc",
    "per_page": 20
  }
}

Parameter	Required	Description
`membership`	No	`true` → only projects the user is a member of
`owned`	No	`true` → only projects the user owns
`search`	No	Free-text filter on project name/path
`visibility`	No	`public` / `internal` / `private`
`order_by`	No	e.g. `last_activity_at`, `created_at`, `name`
`sort`	No	`asc` / `desc`
`per_page`	No	1-100 (default 20)

createBranch

{
  "name": "createBranch",
  "arguments": {
    "id": "123456",
    "branch": "feature/auto-deploy",
    "ref": "main"
  }
}

ref is the source branch or commit SHA. To delete a branch later use deleteBranch with {id, branch}.

mergeMergeRequest

Merge an open merge request. The MR must be in a mergeable state.

{
  "name": "mergeMergeRequest",
  "arguments": {
    "id": "123456",
    "iid": 1,
    "squash": true,
    "should_remove_source_branch": true
  }
}

Accepts merge_commit_message, squash_commit_message, sha (to fail if HEAD changed).

Error Handling

HTTP Status	Error	Solution
400	Bad request	Check argument shapes (IDs, dates, enum values)
401	Unauthorized	Verify the PAT has `api` scope, or re-authorize OAuth
403	Forbidden	The token lacks permission on this project/group — check access level
404	Not Found	Verify the project ID (numeric or URL-encoded path) and resource IID
409	Conflict	Common on merge conflicts or concurrent updates
429	Rate Limited	GitLab.com enforces 2000 req/min per-token; back off and retry
500	Server Error	Transient GitLab issue; retry after a few seconds

Common Issues

“Authentication required: please sign in to Prisme.ai before calling the GitLab MCP without an mcp-api-key header” — A caller hit the central endpoint without a valid Prisme.ai session AND without an mcp-api-key. Either sign in to Prisme.ai (central mode) or pass the tenant mcp-api-key (tenant mode). “Central OAuth config missing” — The gitlabOauthClientId / gitlabOauthClientSecret secrets of the central gitlab workspace are empty. Ask the platform admin to complete the Setup section above. “GitLab capability not granted” — The current user is signed in to Prisme.ai but has not been granted the GitLab capability in Governance. Ask the platform admin. “Invalid mcp-api-key” (tenant mode) — The mcp-api-key header does not match the central app secret. Reinstall the app instance to regenerate a signed key. “This GitLab tenant has no Personal Access Token configured” — Tenant mode was used (mcp-api-key header present) but the app instance’s token field is empty. Either fill the token or drop the header to fall back to central OAuth. “Can’t approve own MR” — A GitLab project access token’s bot user counts as the MR author and cannot approve its own merge requests. Use a different token (PAT for a human user) for the approval step. “pipeline creation 404” — The target ref has no .gitlab-ci.yml at its root. Either commit a CI config first or pick a ref that has one. Central OAuth — disconnecting a user — In central mode, the agent calls the disconnect tool (or the user opens <api-url>/workspaces/slug:gitlab/webhooks/disconnectOAuth) to revoke the access token at GitLab (RFC 7009) and delete the stored secrets. The next data tool call returns a fresh connect_url.

Project Management

CI/CD & DevOps

Central OAuth or PAT

​Prerequisites

​Setup (one-time, platform admin)

​Installation

​Configuration

​Available Instructions

​Projects

​Issues

​Merge Requests

​Branches

​Commits

​Tags

​Releases

​Pipelines & Jobs

​Environments

​Labels

​Milestones

​Wiki

​Webhooks

​CI/CD Variables

​Deploy Keys

​Project Members

​Users

​Groups

​DSUL Examples

​List the user’s own projects

​Create an issue with labels and an assignee

​Open a merge request from a feature branch

​Trigger a pipeline on a specific ref

​Plug into an Agent Creator capability (central OAuth)

​Tenant PAT (shared token, no per-user sign-in)

​Output Formats

​Available Tools

​Projects

​Issues

​Merge Requests

​Branches

​Commits

​Tags

​Releases

​Pipelines & Jobs

​Environments

​Labels

​Milestones

​Wiki

​Webhooks

​CI/CD Variables

​Deploy Keys

​Project Members

​Users

​Groups

​OAuth Session

​Tool Details

​createIssue

​createMergeRequest

​createPipeline

​listProjects

​createBranch

​mergeMergeRequest

​Error Handling

​Common Issues

​External Resources

GitLab REST API

Tool Agents

Prerequisites

Setup (one-time, platform admin)

Installation

Configuration

Available Instructions

Projects

Issues

Merge Requests

Branches

Commits

Tags

Releases

Pipelines & Jobs

Environments

Labels

Milestones

Wiki

Webhooks

CI/CD Variables

Deploy Keys

Project Members

Users

Groups

DSUL Examples

List the user’s own projects

Create an issue with labels and an assignee

Open a merge request from a feature branch

Trigger a pipeline on a specific ref

Plug into an Agent Creator capability (central OAuth)

Tenant PAT (shared token, no per-user sign-in)

Output Formats

Available Tools

Projects

Issues

Merge Requests

Branches

Commits

Tags

Releases

Pipelines & Jobs

Environments

Labels

Milestones

Wiki

Webhooks

CI/CD Variables

Deploy Keys

Project Members

Users

Groups

OAuth Session

Tool Details

createIssue

createMergeRequest

createPipeline

listProjects

createBranch

mergeMergeRequest

Error Handling

Common Issues

External Resources