Skip to content

Adds get_repository_file mcp tool

Nathan Weinshenkerrequested to merge
mcp_get_repository_file into master

What does this MR do and why?

The MR supports the get_repository_file as a tool. The tool retrieves any of the repository files through the Gitlab api/v4/mcp endpoints.

TODO: Implement Duo Context Exclusion support across all MCP tools that handle file paths or git diffs. The following MCP tools need to be updated to properly handle Duo Context Exclusion, ensuring that sensitive or excluded files and diffs are appropriately filtered out before being passed to the AI model:

  • File access tools
  • Git diff tools
  • Repository browsing tools
  • Other path-based MCP tools

See the reference link for the full list of tools that will handle the list of Duo Exclusion rules.

Related: #566140

References

#566236

Screenshots or screen recordings

Access Get Repository File Results
mcp Screenshot 2025-09-03 at 6.37.28 PM.png
api, mcp Screenshot 2025-09-03 at 6.37.18 PM.png

How to set up and validate locally

  1. First, perform the following prerequisite steps detailed in the MCP Server development docs

  2. Create a new project access token on a GitLab Enabled project in GDK

    1. Ensure scope mcp and api
    2. Have the Reported role assign to the token

  3. (Optional) If connecting with the Claude Desktop configuration isn't cooperating, you can adjust the mcp-remote@0.1.17 package to rely on the previous version.

    You also have to modify the protocolVersion` to 2025-03-26 in the following file to support the older MCP version: lib/api/mcp/handlers/initialize_request.rb

        "GitLab-GDK-New-Approach": {
      "command": "npx",
      "args": [
        "mcp-remote@0.1.17",
        "https://gdk.test:3443/api/v4/mcp_server",
        "--debug",
        "--static-oauth-client-metadata '{\"scope\": \"mcp\"}'",
        "--header",
        "Authorization: Bearer ${AUTH_TOKEN}"
      ],
      "env": {       
        "NODE_TLS_REJECT_UNAUTHORIZED": "0",
        "AUTH_TOKEN": "GL_PROJECT_TOKEN" # project token with mcp and api access
      }
    }

  4. After ensuring the MCP server is set up, provide a query for a file on your local GDK. You should see a successful result in the. Screenshot section.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Nathan Weinshenker

Merge request reports