feat(search): add global search entity with CQRS browse_search tool (#93)

polaz · web-flow · commit 90aecdcc2f4b · 2026-01-21T20:44:42.000+02:00
Implements issue #82 - global search functionality. browse_search tool actions: - global: Search across entire GitLab instance - project: Search within a specific project (with ref support for code) - group: Search within a group and its subgroups Search scopes: projects, issues, merge_requests, milestones, snippet_titles, users, groups, blobs (code), commits, wiki_blobs, notes Features: - State filtering for issues/merge_requests (opened, closed, merged, all) - Confidential filter for issues (Premium tier) - Sorting by created_at/updated_at with asc/desc direction - Standard pagination (page, per_page) - Ref parameter for project code search All actions available in Free tier. Unit tests with 100% coverage.
diff --git a/src/config.ts b/src/config.ts
@@ -131,6 +131,7 @@ export const USE_INTEGRATIONS = process.env.USE_INTEGRATIONS !== "false";
 export const USE_RELEASES = process.env.USE_RELEASES !== "false";
 export const USE_REFS = process.env.USE_REFS !== "false";
 export const USE_MEMBERS = process.env.USE_MEMBERS !== "false";
+export const USE_SEARCH = process.env.USE_SEARCH !== "false";
 export const HOST = process.env.HOST ?? "0.0.0.0";
 export const PORT = process.env.PORT ?? 3002;
 
diff --git a/src/entities/index.ts b/src/entities/index.ts
@@ -12,5 +12,6 @@ export * from "./webhooks";
 export * from "./releases";
 export * from "./refs";
 export * from "./members";
+export * from "./search";
 
 // All entities now use the registry pattern with embedded handlers
diff --git a/src/entities/search/index.ts b/src/entities/search/index.ts
@@ -0,0 +1,8 @@
+// Search entity - GitLab global and scoped search
+export * from "./schema-readonly";
+export {
+  searchToolRegistry,
+  getSearchReadOnlyToolNames,
+  getSearchToolDefinitions,
+  getFilteredSearchTools,
+} from "./registry";
diff --git a/src/entities/search/registry.ts b/src/entities/search/registry.ts
@@ -0,0 +1,127 @@
+import * as z from "zod";
+import { BrowseSearchSchema } from "./schema-readonly";
+import { ToolRegistry, EnhancedToolDefinition } from "../../types";
+import { isActionDenied } from "../../config";
+import { gitlab, paths, toQuery } from "../../utils/gitlab-api";
+
+/**
+ * Search tools registry - 1 read-only CQRS tool
+ *
+ * browse_search (Query): global, project, group
+ *
+ * Search is read-only by design - no manage_search tool needed.
+ */
+export const searchToolRegistry: ToolRegistry = new Map<string, EnhancedToolDefinition>([
+  // ============================================================================
+  // browse_search - CQRS Query Tool (discriminated union schema)
+  // TypeScript automatically narrows types in each switch case
+  // ============================================================================
+  [
+    "browse_search",
+    {
+      name: "browse_search",
+      description:
+        'SEARCH GitLab resources. Actions: "global" searches entire instance, "project" searches within a project, "group" searches within a group. Scopes: projects, issues, merge_requests, milestones, users, groups, blobs (code), commits, wiki_blobs, notes.',
+      inputSchema: z.toJSONSchema(BrowseSearchSchema),
+      gate: { envVar: "USE_SEARCH", defaultValue: true },
+      handler: async (args: unknown): Promise<unknown> => {
+        const input = BrowseSearchSchema.parse(args);
+
+        // Runtime validation: reject denied actions even if they bypass schema filtering
+        if (isActionDenied("browse_search", input.action)) {
+          throw new Error(`Action '${input.action}' is not allowed for browse_search tool`);
+        }
+
+        switch (input.action) {
+          case "global": {
+            // TypeScript knows: input has scope, search, and optional filters
+            const { scope, ...params } = input;
+
+            // Build query params excluding action (not an API parameter)
+            const query = toQuery(params, ["action"]);
+
+            // Global search endpoint
+            const results = await gitlab.get<unknown[]>("search", {
+              query: { ...query, scope },
+            });
+
+            return {
+              scope,
+              count: results.length,
+              results,
+            };
+          }
+
+          case "project": {
+            // TypeScript knows: input has project_id, scope, search, and optional filters
+            const { project_id, scope, ref, ...params } = input;
+
+            // Build query params excluding action (project_id, scope, ref are already destructured)
+            const query = toQuery(params, ["action"]);
+
+            // Project-scoped search endpoint
+            const results = await gitlab.get<unknown[]>(`${paths.project(project_id)}/search`, {
+              query: { ...query, scope, ...(ref && { ref }) },
+            });
+
+            return {
+              project_id,
+              scope,
+              count: results.length,
+              results,
+            };
+          }
+
+          case "group": {
+            // TypeScript knows: input has group_id, scope, search, and optional filters
+            const { group_id, scope, ...params } = input;
+
+            // Build query params excluding action (group_id, scope are already destructured)
+            const query = toQuery(params, ["action"]);
+
+            // Group-scoped search endpoint
+            const results = await gitlab.get<unknown[]>(`${paths.group(group_id)}/search`, {
+              query: { ...query, scope },
+            });
+
+            return {
+              group_id,
+              scope,
+              count: results.length,
+              results,
+            };
+          }
+
+          /* istanbul ignore next -- unreachable with Zod discriminatedUnion */
+          default:
+            throw new Error(`Unknown action: ${(input as { action: string }).action}`);
+        }
+      },
+    },
+  ],
+]);
+
+/**
+ * Get read-only tool names from the registry
+ * Search is entirely read-only, so all tools are read-only
+ */
+export function getSearchReadOnlyToolNames(): string[] {
+  return ["browse_search"];
+}
+
+/**
+ * Get all tool definitions from the registry
+ */
+export function getSearchToolDefinitions(): EnhancedToolDefinition[] {
+  return Array.from(searchToolRegistry.values());
+}
+
+/**
+ * Get filtered tools based on read-only mode
+ * Since search is read-only, this always returns all tools
+ */
+export function getFilteredSearchTools(readOnlyMode: boolean = false): EnhancedToolDefinition[] {
+  // Search is always read-only, so readOnlyMode doesn't affect filtering
+  void readOnlyMode;
+  return getSearchToolDefinitions();
+}
diff --git a/src/entities/search/schema-readonly.ts b/src/entities/search/schema-readonly.ts
@@ -0,0 +1,96 @@
+import { z } from "zod";
+import { PaginationOptionsSchema } from "../shared";
+import { requiredId } from "../utils";
+
+// ============================================================================
+// Search scope enum - GitLab API search scopes
+// ============================================================================
+
+export const SearchScopeSchema = z
+  .enum([
+    "projects",
+    "issues",
+    "merge_requests",
+    "milestones",
+    "snippet_titles",
+    "users",
+    "groups",
+    "blobs",
+    "commits",
+    "wiki_blobs",
+    "notes",
+  ])
+  .describe("Search scope determining what type of resources to search");
+
+// ============================================================================
+// Base search parameters shared across all scopes
+// ============================================================================
+
+const BaseSearchParams = z.object({
+  search: z.string().min(1).describe("Search query string (minimum 1 character)"),
+  state: z
+    .enum(["opened", "closed", "merged", "all"])
+    .optional()
+    .describe("Filter by state (for issues and merge_requests scopes)"),
+  confidential: z
+    .boolean()
+    .optional()
+    .describe("Filter by confidentiality (for issues scope, Premium only)"),
+  order_by: z.enum(["created_at", "updated_at"]).optional().describe("Sort results by field"),
+  sort: z.enum(["asc", "desc"]).optional().describe("Sort direction"),
+});
+
+// ============================================================================
+// browse_search - CQRS Query Tool (discriminated union schema)
+// Actions: global, project, group
+// Uses z.discriminatedUnion() for type-safe action handling.
+// ============================================================================
+
+// --- Action: global ---
+const GlobalSearchSchema = z
+  .object({
+    action: z.literal("global").describe("Search across entire GitLab instance"),
+    scope: SearchScopeSchema,
+  })
+  .merge(BaseSearchParams)
+  .merge(PaginationOptionsSchema);
+
+// --- Action: project ---
+const ProjectSearchSchema = z
+  .object({
+    action: z.literal("project").describe("Search within a specific project"),
+    project_id: requiredId.describe(
+      "Project ID or URL-encoded path (e.g., 'group/project' or '123')"
+    ),
+    scope: SearchScopeSchema,
+    ref: z.string().optional().describe("Branch/tag reference for code search (blobs, commits)"),
+  })
+  .merge(BaseSearchParams)
+  .merge(PaginationOptionsSchema);
+
+// --- Action: group ---
+const GroupSearchSchema = z
+  .object({
+    action: z.literal("group").describe("Search within a specific group and its subgroups"),
+    group_id: requiredId.describe("Group ID or URL-encoded path (e.g., 'my-group' or '123')"),
+    scope: SearchScopeSchema,
+  })
+  .merge(BaseSearchParams)
+  .merge(PaginationOptionsSchema);
+
+// --- Discriminated union combining all actions ---
+export const BrowseSearchSchema = z.discriminatedUnion("action", [
+  GlobalSearchSchema,
+  ProjectSearchSchema,
+  GroupSearchSchema,
+]);
+
+// ============================================================================
+// Type exports
+// ============================================================================
+
+export type SearchScope = z.infer<typeof SearchScopeSchema>;
+export type BrowseSearchInput = z.infer<typeof BrowseSearchSchema>;
+export type GlobalSearchInput = z.infer<typeof GlobalSearchSchema>;
+export type ProjectSearchInput = z.infer<typeof ProjectSearchSchema>;
+export type GroupSearchInput = z.infer<typeof GroupSearchSchema>;
diff --git a/src/registry-manager.ts b/src/registry-manager.ts
@@ -29,6 +29,7 @@ import {
 import { releasesToolRegistry, getReleasesReadOnlyToolNames } from "./entities/releases/registry";
 import { refsToolRegistry, getRefsReadOnlyToolNames } from "./entities/refs/registry";
 import { membersToolRegistry, getMembersReadOnlyToolNames } from "./entities/members/registry";
+import { searchToolRegistry, getSearchReadOnlyToolNames } from "./entities/search/registry";
 import {
   GITLAB_READ_ONLY_MODE,
   GITLAB_DENIED_TOOLS_REGEX,
@@ -46,6 +47,7 @@ import {
   USE_RELEASES,
   USE_REFS,
   USE_MEMBERS,
+  USE_SEARCH,
   getToolDescriptionOverrides,
 } from "./config";
 import { ToolAvailability } from "./services/ToolAvailability";
@@ -152,6 +154,10 @@ class RegistryManager {
       this.registries.set("members", membersToolRegistry);
     }
 
+    if (USE_SEARCH) {
+      this.registries.set("search", searchToolRegistry);
+    }
+
     // All entity registries have been migrated to the new pattern!
   }
 
@@ -235,6 +241,10 @@ class RegistryManager {
       readOnlyTools.push(...getMembersReadOnlyToolNames());
     }
 
+    if (USE_SEARCH) {
+      readOnlyTools.push(...getSearchReadOnlyToolNames());
+    }
+
     return readOnlyTools;
   }
 
@@ -394,6 +404,7 @@ class RegistryManager {
     const useReleases = process.env.USE_RELEASES !== "false";
     const useRefs = process.env.USE_REFS !== "false";
     const useMembers = process.env.USE_MEMBERS !== "false";
+    const useSearch = process.env.USE_SEARCH !== "false";
 
     // Build registries map based on dynamic feature flags
     const registriesToUse = new Map<string, ToolRegistry>();
@@ -416,6 +427,7 @@ class RegistryManager {
     if (useReleases) registriesToUse.set("releases", releasesToolRegistry);
     if (useRefs) registriesToUse.set("refs", refsToolRegistry);
     if (useMembers) registriesToUse.set("members", membersToolRegistry);
+    if (useSearch) registriesToUse.set("search", searchToolRegistry);
 
     // Dynamically load description overrides
     const descOverrides = getToolDescriptionOverrides();
@@ -483,6 +495,7 @@ class RegistryManager {
       releasesToolRegistry,
       refsToolRegistry,
       membersToolRegistry,
+      searchToolRegistry,
     ];
 
     for (const registry of allRegistries) {
diff --git a/src/services/ToolAvailability.ts b/src/services/ToolAvailability.ts
@@ -681,6 +681,16 @@ export class ToolAvailability {
         update_group: { tier: "free", minVersion: 8.0, notes: "member_role_id requires Ultimate" },
       },
     },
+
+    // Search (read-only)
+    browse_search: {
+      default: { tier: "free", minVersion: 8.0 },
+      actions: {
+        global: { tier: "free", minVersion: 8.0, notes: "Global search across GitLab instance" },
+        project: { tier: "free", minVersion: 8.0, notes: "Project-scoped search" },
+        group: { tier: "free", minVersion: 10.5, notes: "Group-scoped search" },
+      },
+    },
   };
 
   /**
diff --git a/tests/unit/entities/search/registry.test.ts b/tests/unit/entities/search/registry.test.ts
diff --git a/tests/unit/entities/search/schema-readonly.test.ts b/tests/unit/entities/search/schema-readonly.test.ts
