feat: add HTTP transport security features#9
Merged
ichoosetoaccept merged 1 commit intomainfrom Dec 24, 2025
Merged
Conversation
This was referenced Dec 24, 2025
Member
Author
This stack of pull requests is managed by Graphite. Learn more about stacking. |
Member
Author
Merge activity
|
ichoosetoaccept
changed the base branch from
12-24-chore_add_beads_issue_tracking_setup
to
graphite-base/9
Added DNS rebinding protection for StreamableHTTPServerTransport: - HTTP_ALLOWED_HOSTS: Comma-separated list of allowed hosts (default: localhost,127.0.0.1) - HTTP_ALLOWED_ORIGINS: Comma-separated list of allowed origins (default: any) - HTTP_ENABLE_DNS_REBINDING_PROTECTION: Enable/disable protection (default: true) Refactored MCP endpoint handler to reduce cognitive complexity. Added 6 new config tests for HTTP transport security.
ichoosetoaccept
force-pushed
the
12-24-feat_add_http_transport_security_features
branch
from
5ab070e to
90348e0
Compare
github-actions bot
pushed a commit
that referenced
this pull request
Dec 24, 2025
# 1.0.0 (2025-12-24) ### Bug Fixes * add `expanded` to `start` and `end` for GitLabDiscussionNoteSchema ([5024a2a](5024a2a)) * add `expanded` to `start` and `end` for GitLabDiscussionNoteSchema ([d99c483](d99c483)) * add package-lock.json to .gitignore ([067586c](067586c)) * add package-lock.json to .gitignore ([e7e49f0](e7e49f0)) * avoid error caused by line_range: null in discussion ([d50b7fd](d50b7fd)) * avoid error caused by line_range: null in discussion ([ac2cee2](ac2cee2)) * change default HOST from 0.0.0.0 to 127.0.0.1 ([zereight#289](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/289)) ([4225366](4225366)) * **ci:** add Node.js 22 setup for semantic-release ([#13](#13)) ([941a64b](941a64b)) * Correct formatting of GITLAB_API_URL environment variable in README ([06598d7](06598d7)) * Correct formatting of GITLAB_API_URL environment variable in README ([83f395d](83f395d)) * create_or_update_file now properly updates existing files ([#2](#2)) ([6f97958](6f97958)) * fix README ([f4b265b](f4b265b)) * fix README ([7323405](7323405)) * GitHub Actions workflow syntax errors ([6d6110c](6d6110c)) * GitHub Actions workflow syntax errors ([55d9a5e](55d9a5e)) * improve error handling for GitLab API rate limit exceeded ([11685d7](11685d7)) * improve error handling for GitLab API rate limit exceeded ([1a30d2c](1a30d2c)) * **list_issues:** add hint for scope all ([478df19](478df19)) * **list_issues:** add hint for scope all ([aa3b2ab](aa3b2ab)) * **list_issues:** make project_id optional ([b242522](b242522)) * **list_issues:** make project_id optional ([7cd4731](7cd4731)) * merge_requests_template can be null ([zereight#79](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/79)) ([cd8f0e5](cd8f0e5)) * merge_requests_template can be null ([zereight#79](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/79)) ([73fdd8f](73fdd8f)) * pin zod-to-json-schema to 3.24.5 to prevent breakage from v3.25.0 ([zereight#285](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/285)) ([1dfb212](1dfb212)) * remove duplicate entry for get_branch_diffs in tools list ([6bc1379](6bc1379)) * remove duplicate entry for get_branch_diffs in tools list ([8398109](8398109)) * rename to source branch ([7b8cbc0](7b8cbc0)) * rename to source branch ([5baa2d1](5baa2d1)) * **schemas:** make avatar_url nullable in GitLabUserSchema ([ab571d2](ab571d2)) * **schemas:** make avatar_url nullable in GitLabUserSchema ([3f630ca](3f630ca)) * **schemas:** make illustration nullable in GitLabPipelineSchema ([40e39d7](40e39d7)) * **schemas:** make illustration nullable in GitLabPipelineSchema ([87efa04](87efa04)) * Update Docker image repository name in workflow ([b97b264](b97b264)) * Update Docker image repository name in workflow ([29ac699](29ac699)) * Update README title and remove duplicate star history chart ([92a3e95](92a3e95)) * Update README title and remove duplicate star history chart ([126fa8c](126fa8c)) ### Features * add 405 response for GET /mcp endpoint when STREAMABLE_HTTP is enabled. https://modelcontextprotocol.io/specification/2025-06-18/basic/transports#listening-for-messages-from-the-server ([zereight#295](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/295)) ([6a03064](6a03064)) * add branch comparison functionality and update related schemas ([c834ebc](c834ebc)) * add branch comparison functionality and update related schemas ([af81bd4](af81bd4)) * add configuration files and scripts for project setup ✨ ([5b35bc1](5b35bc1)) * add configuration files and scripts for project setup ✨ ([4aac7f5](4aac7f5)) * add cookie-based authentication support for enterprise GitLab ([zereight#101](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/101)) ([402f068](402f068)), closes [zereight#100](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/100) [tou#cookie](https://github.com/tou/issues/cookie) [tou#cookie](https://github.com/tou/issues/cookie) [tou#cookie](https://github.com/tou/issues/cookie) * add cookie-based authentication support for enterprise GitLab ([zereight#101](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/101)) ([17b8574](17b8574)), closes [zereight#100](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/100) [tou#cookie](https://github.com/tou/issues/cookie) [tou#cookie](https://github.com/tou/issues/cookie) [tou#cookie](https://github.com/tou/issues/cookie) * Add create_merge_request_thread tool for diff notes ([026dd58](026dd58)) * Add create_merge_request_thread tool for diff notes ([23b0348](23b0348)) * Add createDraftNote api support, useful for bulk code review ([5f08153](5f08153)) * Add createDraftNote api support, useful for bulk code review ([73f0c48](73f0c48)) * add docker image and push to dockerhub ([6f78969](6f78969)) * add docker image and push to dockerhub ([4fd7124](4fd7124)) * add GitLab search tools (global, project, group) ([#6](#6)) ([3e2e279](3e2e279)) * add GitLab tool modules with 52 tools and comprehensive tests ([#1](#1)) ([14bc851](14bc851)) * add GITLAB_LOCK_PROJECT environment variable ([c899a7d](c899a7d)) * add GITLAB_LOCK_PROJECT environment variable ([a102e94](a102e94)) * add HTTP transport security features ([#9](#9)) ([0eed0d6](0eed0d6)) * add issue discussions support ([4c57c37](4c57c37)) * add issue discussions support ([3d06892](3d06892)) * add MCP protocol logging for agent observability ([#10](#10)) ([85c4c50](85c4c50)) * add milestone management commands to README ([5762b32](5762b32)) * add milestone management commands to README ([bd75140](bd75140)) * add my_issues and list_project_members tools ([a519a56](a519a56)) * add my_issues and list_project_members tools ([f33f330](f33f330)) * Add NPM publish workflow for automated package publishing ([zereight#208](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/208)) ([7e985af](7e985af)) * Add NPM publish workflow for automated package publishing ([zereight#208](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/208)) ([5a4d416](5a4d416)) * add OAuth2 configuration examples and update documentation for Docker deployments ([1f6f2f8](1f6f2f8)) * add OAuth2 support and update documentation ([52661c4](52661c4)) * add pagination support for CI job logs to prevent context window flooding ([2905f30](2905f30)) * add pagination support for CI job logs to prevent context window flooding ([f05d8bf](f05d8bf)) * add read-only mode support via GITLAB_READ_ONLY_MODE environment variable ([7be17b7](7be17b7)) * add read-only mode support via GITLAB_READ_ONLY_MODE environment variable ([916a65a](916a65a)) * add support for creating and updating issue notes ([dc6cc59](dc6cc59)) * add support for creating and updating issue notes ([96d5e49](96d5e49)) * add support for ignoring files in branch diff results using regex patterns ([75fd5e8](75fd5e8)) * add support for ignoring files in branch diff results using regex patterns ([946c49a](946c49a)) * add tools for milestones ([fd1c8b9](fd1c8b9)) * add tools for milestones ([bb0da0a](bb0da0a)) * add user retrieval functions and schemas for GitLab API integration ([005b46a](005b46a)) * add user retrieval functions and schemas for GitLab API integration ([440921a](440921a)) * bump version to 1.0.61 🎉 ([ed032ba](ed032ba)) * bump version to 1.0.61 🎉 ([9a2bc5e](9a2bc5e)) * Decode project_id for GitLab API calls ([08ab135](08ab135)) * Decode project_id for GitLab API calls ([95ad321](95ad321)) * enhance CreateMergeRequest options with assignee, reviewer, and label support ([bf369a4](bf369a4)) * enhance CreateMergeRequest options with assignee, reviewer, and label support ([e692ddc](e692ddc)) * get merge request default description template on project retrieval ([808c34d](808c34d)) * get merge request default description template on project retrieval ([886faf5](886faf5)) * Gitlab list repository tree tool ([bccd5f2](bccd5f2)) * Gitlab list repository tree tool ([58f51a4](58f51a4)) * **gitlab:** GitLab Merge Request Notes and Discussions: Full CRUD + Thread Resolution ([zereight#260](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/260)) ([067cdb6](067cdb6)) * Implement add_merge_request_thread_note function for adding notes to existing MR threads ([3f2b355](3f2b355)) * Implement add_merge_request_thread_note function for adding notes to existing MR threads ([5f9aecd](5f9aecd)) * implement gitlab releases endpoint ([zereight#259](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/259)) ([9b5c118](9b5c118)) * implement list_merge_requests functionality ([cc84777](cc84777)) * implement list_merge_requests functionality ([6acecd2](6acecd2)) * Implement proxy configuration for HTTP/HTTPS/SOCKS ([7c2578f](7c2578f)) * Implement proxy configuration for HTTP/HTTPS/SOCKS ([94b206f](94b206f)) * **pipeline:** Add list_pipeline_trigger_jobs tools ([56a53b3](56a53b3)) * **pipeline:** Add list_pipeline_trigger_jobs tools ([0006e67](0006e67)) * **release:** 1.0.44 adds pipeline jobs tool ([ea06c21](ea06c21)) * **release:** 1.0.44 adds pipeline jobs tool ([4e4eb46](4e4eb46)) * rename ignored_files_regex to excluded_file_patterns and update descriptions for clarity ([fef3606](fef3606)) * rename ignored_files_regex to excluded_file_patterns and update descriptions for clarity ([159da36](159da36)) * replace GITLAB_LOCK_PROJECT with GITLAB_ALLOWED_PROJECT_IDS ([009ad97](009ad97)) * replace GITLAB_LOCK_PROJECT with GITLAB_ALLOWED_PROJECT_IDS ([6a77b04](6a77b04)) * support resolving merge request notes ([bde83c0](bde83c0)) * support resolving merge request notes ([4c349a3](4c349a3)) * support search by branch for get_merge_request ([20f6275](20f6275)) * support search by branch for get_merge_request ([eaadf24](eaadf24)) * trigger workflow after fix ([435c8f1](435c8f1)) * trigger workflow after fix ([40e2a5d](40e2a5d)) * trigger workflow after jq fix ([5c67d68](5c67d68)) * trigger workflow after jq fix ([116d1f4](116d1f4)) * trigger workflow run ([7acdff9](7acdff9)) * trigger workflow run ([c047571](c047571)) * trigger workflow with GITLAB_PERSONAL_ACCESS_TOKEN ([e967bb5](e967bb5)) * trigger workflow with GITLAB_PERSONAL_ACCESS_TOKEN ([ebec8b1](ebec8b1))
github-actions bot
pushed a commit
that referenced
this pull request
Dec 24, 2025
# [0.1.0](v0.0.0...v0.1.0) (2025-12-24) ### Bug Fixes * add `expanded` to `start` and `end` for GitLabDiscussionNoteSchema ([5024a2a](5024a2a)) * add `expanded` to `start` and `end` for GitLabDiscussionNoteSchema ([d99c483](d99c483)) * add package-lock.json to .gitignore ([067586c](067586c)) * add package-lock.json to .gitignore ([e7e49f0](e7e49f0)) * avoid error caused by line_range: null in discussion ([d50b7fd](d50b7fd)) * avoid error caused by line_range: null in discussion ([ac2cee2](ac2cee2)) * change default HOST from 0.0.0.0 to 127.0.0.1 ([zereight#289](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/289)) ([4225366](4225366)) * **ci:** add Node.js 22 setup for semantic-release ([#13](#13)) ([941a64b](941a64b)) * Correct formatting of GITLAB_API_URL environment variable in README ([06598d7](06598d7)) * Correct formatting of GITLAB_API_URL environment variable in README ([83f395d](83f395d)) * create_or_update_file now properly updates existing files ([#2](#2)) ([6f97958](6f97958)) * fix README ([f4b265b](f4b265b)) * fix README ([7323405](7323405)) * GitHub Actions workflow syntax errors ([6d6110c](6d6110c)) * GitHub Actions workflow syntax errors ([55d9a5e](55d9a5e)) * improve error handling for GitLab API rate limit exceeded ([11685d7](11685d7)) * improve error handling for GitLab API rate limit exceeded ([1a30d2c](1a30d2c)) * **list_issues:** add hint for scope all ([478df19](478df19)) * **list_issues:** add hint for scope all ([aa3b2ab](aa3b2ab)) * **list_issues:** make project_id optional ([b242522](b242522)) * **list_issues:** make project_id optional ([7cd4731](7cd4731)) * merge_requests_template can be null ([zereight#79](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/79)) ([cd8f0e5](cd8f0e5)) * merge_requests_template can be null ([zereight#79](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/79)) ([73fdd8f](73fdd8f)) * pin zod-to-json-schema to 3.24.5 to prevent breakage from v3.25.0 ([zereight#285](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/285)) ([1dfb212](1dfb212)) * remove duplicate entry for get_branch_diffs in tools list ([6bc1379](6bc1379)) * remove duplicate entry for get_branch_diffs in tools list ([8398109](8398109)) * rename to source branch ([7b8cbc0](7b8cbc0)) * rename to source branch ([5baa2d1](5baa2d1)) * **schemas:** make avatar_url nullable in GitLabUserSchema ([ab571d2](ab571d2)) * **schemas:** make avatar_url nullable in GitLabUserSchema ([3f630ca](3f630ca)) * **schemas:** make illustration nullable in GitLabPipelineSchema ([40e39d7](40e39d7)) * **schemas:** make illustration nullable in GitLabPipelineSchema ([87efa04](87efa04)) * Update Docker image repository name in workflow ([b97b264](b97b264)) * Update Docker image repository name in workflow ([29ac699](29ac699)) * Update README title and remove duplicate star history chart ([92a3e95](92a3e95)) * Update README title and remove duplicate star history chart ([126fa8c](126fa8c)) ### Features * add 405 response for GET /mcp endpoint when STREAMABLE_HTTP is enabled. https://modelcontextprotocol.io/specification/2025-06-18/basic/transports#listening-for-messages-from-the-server ([zereight#295](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/295)) ([6a03064](6a03064)) * add branch comparison functionality and update related schemas ([c834ebc](c834ebc)) * add branch comparison functionality and update related schemas ([af81bd4](af81bd4)) * add configuration files and scripts for project setup ✨ ([5b35bc1](5b35bc1)) * add configuration files and scripts for project setup ✨ ([4aac7f5](4aac7f5)) * add cookie-based authentication support for enterprise GitLab ([zereight#101](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/101)) ([402f068](402f068)), closes [zereight#100](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/100) [tou#cookie](https://github.com/tou/issues/cookie) [tou#cookie](https://github.com/tou/issues/cookie) [tou#cookie](https://github.com/tou/issues/cookie) * add cookie-based authentication support for enterprise GitLab ([zereight#101](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/101)) ([17b8574](17b8574)), closes [zereight#100](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/100) [tou#cookie](https://github.com/tou/issues/cookie) [tou#cookie](https://github.com/tou/issues/cookie) [tou#cookie](https://github.com/tou/issues/cookie) * Add create_merge_request_thread tool for diff notes ([026dd58](026dd58)) * Add create_merge_request_thread tool for diff notes ([23b0348](23b0348)) * Add createDraftNote api support, useful for bulk code review ([5f08153](5f08153)) * Add createDraftNote api support, useful for bulk code review ([73f0c48](73f0c48)) * add docker image and push to dockerhub ([6f78969](6f78969)) * add docker image and push to dockerhub ([4fd7124](4fd7124)) * add GitLab search tools (global, project, group) ([#6](#6)) ([3e2e279](3e2e279)) * add GitLab tool modules with 52 tools and comprehensive tests ([#1](#1)) ([14bc851](14bc851)) * add GITLAB_LOCK_PROJECT environment variable ([c899a7d](c899a7d)) * add GITLAB_LOCK_PROJECT environment variable ([a102e94](a102e94)) * add HTTP transport security features ([#9](#9)) ([0eed0d6](0eed0d6)) * add issue discussions support ([4c57c37](4c57c37)) * add issue discussions support ([3d06892](3d06892)) * add MCP protocol logging for agent observability ([#10](#10)) ([85c4c50](85c4c50)) * add milestone management commands to README ([5762b32](5762b32)) * add milestone management commands to README ([bd75140](bd75140)) * add my_issues and list_project_members tools ([a519a56](a519a56)) * add my_issues and list_project_members tools ([f33f330](f33f330)) * Add NPM publish workflow for automated package publishing ([zereight#208](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/208)) ([7e985af](7e985af)) * Add NPM publish workflow for automated package publishing ([zereight#208](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/208)) ([5a4d416](5a4d416)) * add OAuth2 configuration examples and update documentation for Docker deployments ([1f6f2f8](1f6f2f8)) * add OAuth2 support and update documentation ([52661c4](52661c4)) * add pagination support for CI job logs to prevent context window flooding ([2905f30](2905f30)) * add pagination support for CI job logs to prevent context window flooding ([f05d8bf](f05d8bf)) * add read-only mode support via GITLAB_READ_ONLY_MODE environment variable ([7be17b7](7be17b7)) * add read-only mode support via GITLAB_READ_ONLY_MODE environment variable ([916a65a](916a65a)) * add support for creating and updating issue notes ([dc6cc59](dc6cc59)) * add support for creating and updating issue notes ([96d5e49](96d5e49)) * add support for ignoring files in branch diff results using regex patterns ([75fd5e8](75fd5e8)) * add support for ignoring files in branch diff results using regex patterns ([946c49a](946c49a)) * add tools for milestones ([fd1c8b9](fd1c8b9)) * add tools for milestones ([bb0da0a](bb0da0a)) * add user retrieval functions and schemas for GitLab API integration ([005b46a](005b46a)) * add user retrieval functions and schemas for GitLab API integration ([440921a](440921a)) * bump version to 1.0.61 🎉 ([ed032ba](ed032ba)) * bump version to 1.0.61 🎉 ([9a2bc5e](9a2bc5e)) * Decode project_id for GitLab API calls ([08ab135](08ab135)) * Decode project_id for GitLab API calls ([95ad321](95ad321)) * enhance CreateMergeRequest options with assignee, reviewer, and label support ([bf369a4](bf369a4)) * enhance CreateMergeRequest options with assignee, reviewer, and label support ([e692ddc](e692ddc)) * get merge request default description template on project retrieval ([808c34d](808c34d)) * get merge request default description template on project retrieval ([886faf5](886faf5)) * Gitlab list repository tree tool ([bccd5f2](bccd5f2)) * Gitlab list repository tree tool ([58f51a4](58f51a4)) * **gitlab:** GitLab Merge Request Notes and Discussions: Full CRUD + Thread Resolution ([zereight#260](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/260)) ([067cdb6](067cdb6)) * Implement add_merge_request_thread_note function for adding notes to existing MR threads ([3f2b355](3f2b355)) * Implement add_merge_request_thread_note function for adding notes to existing MR threads ([5f9aecd](5f9aecd)) * implement gitlab releases endpoint ([zereight#259](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/259)) ([9b5c118](9b5c118)) * implement list_merge_requests functionality ([cc84777](cc84777)) * implement list_merge_requests functionality ([6acecd2](6acecd2)) * Implement proxy configuration for HTTP/HTTPS/SOCKS ([7c2578f](7c2578f)) * Implement proxy configuration for HTTP/HTTPS/SOCKS ([94b206f](94b206f)) * **pipeline:** Add list_pipeline_trigger_jobs tools ([56a53b3](56a53b3)) * **pipeline:** Add list_pipeline_trigger_jobs tools ([0006e67](0006e67)) * **release:** 1.0.44 adds pipeline jobs tool ([ea06c21](ea06c21)) * **release:** 1.0.44 adds pipeline jobs tool ([4e4eb46](4e4eb46)) * rename ignored_files_regex to excluded_file_patterns and update descriptions for clarity ([fef3606](fef3606)) * rename ignored_files_regex to excluded_file_patterns and update descriptions for clarity ([159da36](159da36)) * replace GITLAB_LOCK_PROJECT with GITLAB_ALLOWED_PROJECT_IDS ([009ad97](009ad97)) * replace GITLAB_LOCK_PROJECT with GITLAB_ALLOWED_PROJECT_IDS ([6a77b04](6a77b04)) * support resolving merge request notes ([bde83c0](bde83c0)) * support resolving merge request notes ([4c349a3](4c349a3)) * support search by branch for get_merge_request ([20f6275](20f6275)) * support search by branch for get_merge_request ([eaadf24](eaadf24)) * trigger workflow after fix ([435c8f1](435c8f1)) * trigger workflow after fix ([40e2a5d](40e2a5d)) * trigger workflow after jq fix ([5c67d68](5c67d68)) * trigger workflow after jq fix ([116d1f4](116d1f4)) * trigger workflow run ([7acdff9](7acdff9)) * trigger workflow run ([c047571](c047571)) * trigger workflow with GITLAB_PERSONAL_ACCESS_TOKEN ([e967bb5](e967bb5)) * trigger workflow with GITLAB_PERSONAL_ACCESS_TOKEN ([ebec8b1](ebec8b1))
github-actions bot
pushed a commit
that referenced
this pull request
Apr 1, 2026
# [2.1.0](v2.0.19...v2.1.0) (2026-04-01) ### Bug Fixes * add knip config, pre-commit hook, fix Zod compatibility, and remove unused code ([#38](#38)) ([a34d956](a34d956)) * change default HOST from 0.0.0.0 to 127.0.0.1 ([zereight#289](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/289)) ([4225366](4225366)) * **ci:** add Node.js 22 setup for semantic-release ([#13](#13)) ([941a64b](941a64b)) * **ci:** add permissions and secrets inherit for reusable workflow ([#15](#15)) ([2a41bfc](2a41bfc)) * **ci:** checkout release tag in npm-publish workflow ([#21](#21)) ([8094cd1](8094cd1)) * **ci:** remove persist-credentials false for semantic-release ([#14](#14)) ([e9d9db1](e9d9db1)) * correct bin format in package.json ([#26](#26)) ([91a1e98](91a1e98)) * create_or_update_file now properly updates existing files ([#2](#2)) ([6f97958](6f97958)) * use Node.js 24 for npm OIDC trusted publishing ([#25](#25)) ([5bcb716](5bcb716)) * use ubuntu-latest for npm publish (OIDC requires GitHub-hosted runners) ([#24](#24)) ([28155bc](28155bc)) * use workflow_run trigger for npm-publish (GITHUB_TOKEN releases don't emit events) ([#39](#39)) ([b544db2](b544db2)) ### Features * add 405 response for GET /mcp endpoint when STREAMABLE_HTTP is enabled. https://modelcontextprotocol.io/specification/2025-06-18/basic/transports#listening-for-messages-from-the-server ([zereight#295](https://github.com/detailobsessed/efficient-gitlab-mcp/issues/295)) ([6a03064](6a03064)) * add GitLab search tools (global, project, group) ([#6](#6)) ([3e2e279](3e2e279)) * add GitLab tool modules with 52 tools and comprehensive tests ([#1](#1)) ([14bc851](14bc851)) * add HTTP transport security features ([#9](#9)) ([0eed0d6](0eed0d6)) * add MCP protocol logging for agent observability ([#10](#10)) ([85c4c50](85c4c50)) * add MCP Registry support with mcpName and server.json ([#30](#30)) ([19dd31e](19dd31e)) * add npm version badge to README ([#23](#23)) ([1c2cc84](1c2cc84))
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Added DNS rebinding protection for StreamableHTTPServerTransport:
Refactored MCP endpoint handler to reduce cognitive complexity.
Added 6 new config tests for HTTP transport security.