Add NO_PROXY support for corporate firewall environments

[Copilot]

HTTP_PROXY/HTTPS_PROXY were supported but NO_PROXY was not, preventing bypass of proxy for self-hosted GitLab instances.

Changes

Core Implementation

• Added shouldBypassProxy() in gitlab-client-pool.ts with standard pattern matching:
  • Exact hostname/IP (localhost, 192.168.1.1)
  • Domain suffix (.internal.com)
  • Port-specific (example.com:443)
  • Wildcard (*)
  • Case-insensitive
• Modified createAgentsForUrl() to skip proxy agent creation when host matches NO_PROXY patterns
• Added noProxy parameter to GitLabClientPoolOptions interface

Configuration

• Environment variable: NO_PROXY
• CLI argument: --no-proxy
• Passed through getConfig() in index.ts to GitLabClientPool constructor

Usage

{
  "env": {
    "HTTP_PROXY": "http://proxy.corp.com:8080",
    "HTTPS_PROXY": "http://proxy.corp.com:8080",
    "NO_PROXY": "localhost,127.0.0.1,.internal.com,gitlab.mycompany.com"
  }
}

Requests to gitlab.mycompany.com bypass proxy while external requests use it.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• nonexistent-proxy.example.com
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/gitlab-mcp/gitlab-mcp/build/index.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Support NO_PROXY settings</issue_title>
<issue_description>This would allow support for those behind corporate firewalls with self-hosted gitlab instances. While there is logic for HTTP_PROXY/HTTPS_PROXY there does not see to be logic for setting NO_PROXY. </issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Support NO_PROXY settings #348

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Fachher]

Simple unset HTTP_PROXY and HTTPS_PROXY will solve the problem.
{ "gitlab": { "command": "npx", "args": ["-y", "@zereight/mcp-gitlab@2.0.33"], "env": { "HTTP_PROXY": "", "HTTPS_PROXY": "", "GITLAB_API_URL": "https://<GITLAB_URL_BASEURL>/api/v4", "GITLAB_PROJECT_ID": "10796,10795,10792", "GITLAB_ALLOWED_PROJECT_IDS": "10796,10795,10792", "GITLAB_READ_ONLY_MODE": "false", "USE_GITLAB_WIKI": "false", "USE_MILESTONE": "false", "USE_PIPELINE": "false" } } }

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[Copilot]

Pull request overview

Adds NO_PROXY support so the server can bypass configured HTTP(S) proxies for self-hosted/corporate GitLab hosts while still using proxies for external requests.

Changes:

• Implemented noProxy option and shouldBypassProxy() matching in GitLabClientPool, and skip proxy agent creation when matched.
• Plumbed NO_PROXY / --no-proxy from index.ts into the client pool.
• Added unit + integration tests and documented the new env/CLI options in README.md.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
gitlab-client-pool.ts	Adds noProxy support and bypass logic during agent creation.
index.ts	Reads NO_PROXY config and passes it to GitLabClientPool.
README.md	Documents HTTP_PROXY / HTTPS_PROXY / NO_PROXY usage and patterns.
test/no-proxy-test.ts	New NO_PROXY pattern-matching unit tests for agent selection.
test/no-proxy-integration-test.ts	New integration tests validating bypass vs proxy usage with mock servers.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

shouldBypassProxy() parses NO_PROXY entries with pattern.split(':'), which breaks IPv6 literals (e.g., ::1) and bracketed IPv6+port forms (e.g., [::1]:443). This will cause proxy bypass to fail for IPv6 hosts. Consider parsing port by taking the last : only when the suffix is a numeric port and the host is not an IPv6 literal (or explicitly support [v6]:port syntax).

[Copilot]

These new NO_PROXY unit tests are not currently executed by npm test/npm run test:mock (the test script enumerates specific files). Unless they’re wired into the test scripts, they won’t prevent regressions in CI. Consider adding this file (and the integration test) to the test:mock script or switching to a glob-based tsx --test test/**/*.ts approach.

[Copilot]

This integration test file is not included in the current test:mock/test:all scripts (which run a fixed list of test files). If it’s meant to be part of the automated suite, it should be added to the test scripts; otherwise it’s easy for NO_PROXY behavior to regress without detection.