.env.example

NODE_ENV=development
LOG_LEVEL=info

MCP_SERVER_NAME=gitlab-mcp
# Optional override. By default, server version is read from package.json at startup.
# MCP_SERVER_VERSION=1.1.0

# Base API URL(s). Supports comma-separated multi-instance URLs.
# Each URL will be normalized to /api/v4 automatically.
GITLAB_API_URL=https://gitlab.com/api/v4

# For stdio/local mode. In REMOTE_AUTHORIZATION mode this can stay empty.
GITLAB_PERSONAL_ACCESS_TOKEN=

# Optional built-in OAuth (PKCE)
GITLAB_USE_OAUTH=false
GITLAB_OAUTH_CLIENT_ID=
GITLAB_OAUTH_CLIENT_SECRET=
GITLAB_OAUTH_GITLAB_URL=
GITLAB_OAUTH_REDIRECT_URI=http://127.0.0.1:8765/callback
GITLAB_OAUTH_SCOPES=api
GITLAB_OAUTH_TOKEN_PATH=~/.gitlab-mcp-oauth-token.json
GITLAB_OAUTH_AUTO_OPEN_BROWSER=true

# Tool/runtime policy
GITLAB_READ_ONLY_MODE=false
GITLAB_ALLOWED_PROJECT_IDS=
GITLAB_ALLOWED_TOOLS=
GITLAB_DENIED_TOOLS_REGEX=
GITLAB_ALLOW_GRAPHQL_WITH_PROJECT_SCOPE=false

# Output tuning
GITLAB_RESPONSE_MODE=json
GITLAB_MAX_RESPONSE_BYTES=200000
GITLAB_HTTP_TIMEOUT_MS=20000
GITLAB_ERROR_DETAIL_MODE=

# Optional auth/runtime enhancements
GITLAB_AUTH_COOKIE_PATH=
GITLAB_COOKIE_WARMUP_PATH=/user
GITLAB_TOKEN_SCRIPT=
GITLAB_TOKEN_SCRIPT_TIMEOUT_MS=10000
GITLAB_TOKEN_CACHE_SECONDS=300
GITLAB_TOKEN_FILE=
GITLAB_ALLOW_INSECURE_TOKEN_FILE=false

# Cloudflare/proxy compatibility
GITLAB_CLOUDFLARE_BYPASS=false
GITLAB_USER_AGENT=
GITLAB_ACCEPT_LANGUAGE=en-US,en;q=0.9

# TLS safety guard (must acknowledge if disabled)
NODE_TLS_REJECT_UNAUTHORIZED=
GITLAB_ALLOW_INSECURE_TLS=false
GITLAB_CA_CERT_PATH=
HTTP_PROXY=
HTTPS_PROXY=

# Feature toggles
USE_GITLAB_WIKI=true
USE_MILESTONE=true
USE_PIPELINE=true
USE_RELEASE=true

# Remote auth/session controls (for Streamable HTTP)
REMOTE_AUTHORIZATION=false
ENABLE_DYNAMIC_API_URL=false
SESSION_TIMEOUT_SECONDS=3600
MAX_SESSIONS=1000
MAX_REQUESTS_PER_MINUTE=300

# HTTP server
HTTP_HOST=127.0.0.1
HTTP_PORT=3333
HTTP_JSON_ONLY=false
SSE=false