Fix mcp scope permission for gitlab search api (!208869) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

In our MCP Feedback Issue, a user reported an mcp access scope issue for our gitlab_search_tool.

🛠️  Using tool: gitlab_search from mcp server GitLab
 ⋮
 ● Running gitlab_search with the param:
 ⋮  {
 ⋮    "scope": "blobs",
 ⋮    "search": "test"
 ⋮  }

The search failed due to insufficient scope permissions. The GitLab access token
needs additional scopes (ai_workflows api read_api) to perform this search operation.

You'll need to update your GitLab access token with the required permissions to
search for "apis handler" content in your repositories.

The following resolves this issue by giving the lib/search/api read access for tools with mcp access token scope.

References

&19476

Screenshots or screen recordings

Before	After

How to set up and validate locally

Follow the steps for MCP Server setup here: https://docs.gitlab.com/development/mcp_server/
Perform a tool request regarding gitlab_search

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Oct 16, 2025 by Nathan Weinshenker

Fix mcp scope permission for gitlab search api

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports