GitLab MCP | OAuth GitLab connector for AI agents

CALL ANY TOOL

Read repos, manage issues and MRs, inspect pipelines, and create project variables. Same toolkit, every framework, no auth plumbing.

gitlab_issues_list

List issues

List issues in a project with optional filters for state, assignee, labels, and milestone.

Parameters

Name

Type

Required

Description

project_id

string

Required

Project ID or URL-encoded path

state

string

Optional

Issue state: opened, closed, all

assignee_username

string

Optional

Filter by assignee username

labels

string

Optional

Comma-separated label names

gitlab_issue_create

Create issue

gitlab_merge_requests_list

List merge requests

gitlab_pipelines_list

List pipelines

gitlab_project_get

Get project

gitlab_label_create

Create label

Build your Agent

Drop the toolkit in, point it at the user, and your agent can manage GitLab issues, MRs, and CI pipelines from the first run.

Copied

import { ScalekitClient } from "@scalekit-sdk/node";
import { DynamicStructuredTool } from "@langchain/core/tools";
import { createReactAgent } from "@langchain/langgraph/prebuilt";
import { z } from "zod";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["gitlab"], toolNames: ["gitlab_issues_list", "gitlab_merge_requests_list", "gitlab_pipelines_list"] },
  pageSize: 100,
});

const lcTools = tools.map((t) => new DynamicStructuredTool({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  schema: z.object({}).passthrough(),
  func: async (args) => {
    const { data } = await sk.tools.executeTool({
      toolName: t.tool.definition.name,
      identifier: "user_123",
      params: args,
    });
    return JSON.stringify(data);
  },
}));

const agent = createReactAgent({ llm, tools: lcTools });

Copied

import { ScalekitClient } from "@scalekit-sdk/node";
import OpenAI from "openai";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["gitlab"], toolNames: ["gitlab_issues_list", "gitlab_merge_requests_list", "gitlab_pipelines_list"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  type: "function",
  function: {
    name: t.tool.definition.name,
    description: t.tool.definition.description,
    parameters: t.tool.definition.input_schema,
  },
}));

const resp = await openai.responses.create({
  model: "gpt-4o", input: prompt, tools: llmTools,
});

import { ScalekitClient } from "@scalekit-sdk/node";
import Anthropic from "@anthropic-ai/sdk";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["gitlab"], toolNames: ["gitlab_issues_list", "gitlab_merge_requests_list", "gitlab_pipelines_list"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  input_schema: t.tool.definition.input_schema,
}));

const msg = await anthropic.messages.create({
  model: "claude-sonnet-4-6", max_tokens: 1024,
  tools: llmTools,
  messages: [{ role: "user", content: prompt }],
});

Copied

import { Agent } from "@google/adk/agents";
import {
  MCPToolset, StreamableHTTPConnectionParams,
} from "@google/adk/tools/mcp";

const toolset = new MCPToolset({
  connectionParams: new StreamableHTTPConnectionParams({
    url: "https://mcp.scalekit.com/gitlab",
    headers: { Authorization: `Bearer ${userScopedToken}` },
  }),
});

const agent = new Agent({
  name: "agent", model: "gemini-2.0-flash",
  tools: await toolset.getTools(),
});

Try these prompts

Paste any prompt into your agent to start managing GitLab DevOps workflows.

Search & recall

Copy the prompt

Copied

List all open issues assigned to me in [project].

Copy the prompt

Copied

Show me all failing CI pipelines in the last 24 hours.

Copy the prompt

Copied

Find all MRs waiting for review in [project].

Copy the prompt

Copied

What issues are labeled [bug] in [project]?

Action & creation

Copy the prompt

Copied

Create an issue in [project]: [title] — [description].

Copy the prompt

Copied

Add label [backend] to issue #[id] in [project].

Copy the prompt

Copied

Assign MR #[id] to [username].

Copy the prompt

Copied

Create a project variable [KEY]=[value] in [project].

CI/CD & pipelines

Copy the prompt

Copied

Which pipeline stages are failing in [project] on main?

Copy the prompt

Copied

List all pending MRs with pipeline status failed.

Copy the prompt

Copied

Show me recent pipeline runs for [branch name].

Copy the prompt

Copied

What are the open milestones in [project]?

SEE HOW AUTH WORKS

Users authorize GitLab once. Their account credentials stay vaulted, every call is checked, and every action is logged.

1

Authorize

Your user connects

GitLab

once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access

Who:

user ‘A’

when:

Once per user

access:

Limited to user

2

Store

Their

GitLab

token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection

vault:

encrypted

scope:

per-user

tokens:

auto-refreshed

3

Resolve

When your agent calls a

GitLab

tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs

speed:

~40ms

check:

before every call

seen by:

nobody

4

Audit

Every

GitLab

tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it

history:

90 days

export:

SIEM-ready

logged:

every call

Test other agents

Same per-user auth pattern across other devops agents and MCP connectors. Working code, live demos, fork what fits.

ENGINEERING

Engineering standup agent

Aggregate GitHub and GitLab activity, link to Jira, and post a daily standup digest to Slack. No async updates.

ENGINEERING

DevOps assistant agent

Triage GitHub incidents, open Linear tickets, and notify the on-call channel in Slack with context already attached.

Why Scalekit

Secure your agent's access. Connectors ship in minutes

Other connector libraries treat auth as a demo afterthought. Scalekit starts with user identity, scope enforcement, and audit.

01.

MR actions lose developer attribution

A shared GitLab service account looks fine in a demo. In production, every MR comment, pipeline trigger, and variable change logs as the bot. Developer attribution breaks. CI audit trails break. Scalekit resolves the developer's own token, so GitLab's audit log reflects the actual author.

// shared bot token
token = "sk_gitlab_shared_xxx"
audit → bot_service_account
developer_filter → broken

// scalekit · per-user
token = resolve(user_id)
audit → user_abc
scope → enforced ✓

02.

Authentication is not authorization

03.

Multi-tenancy is architectural

04.

GitLab today. GitHub, Jira, Linear tomorrow.

“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”

Venu Madhav Kattagoni

Head of Engineering / Von

FAQs

Frequently Asked Questions

Does the agent access GitLab as the user or as a shared key?

As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.

Where is the GitLab oauth 2.0 stored?

In Scalekit's managed AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.

Can I limit what the agent is allowed to do in GitLab?

Yes. Pass a tool name filter to listScopedTools so the DevOps agent only sees the subset you authorize. Pre-API-call scope checks block out-of-policy actions before the request reaches GitLab.

What happens when a user revokes GitLab access?

The connection is invalidated on the next tool call. Subsequent requests for that user fail closed with a clear error. Other users in the tenant remain unaffected. The event is logged for audit.

Does the agent respect GitLab project and group roles?

Yes. Every API call runs as the authorizing user with their GitLab role. Maintainer, Developer, and Reporter scopes all apply. Cross-group access stays denied at the GitLab layer.

GitLab

Tools your devops agent reaches for on GitLab, scoped per user.