structured-world
diff --git a/‎.env.example‎
Lines changed: 12 additions & 2 deletions b/‎.env.example‎
Lines changed: 12 additions & 2 deletions
diff --git a/‎README.md‎
Lines changed: 6 additions & 2 deletions b/‎README.md‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎jest.config.js‎
Lines changed: 2 additions & 0 deletions b/‎jest.config.js‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎package.json‎
Lines changed: 6 additions & 4 deletions b/‎package.json‎
Lines changed: 6 additions & 4 deletions
diff --git a/‎src/cli/docker/docker-command.ts‎
Lines changed: 1 addition & 1 deletion b/‎src/cli/docker/docker-command.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/cli/init/wizard.ts‎
Lines changed: 1 addition & 1 deletion b/‎src/cli/init/wizard.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/config.ts‎
Lines changed: 20 additions & 1 deletion b/‎src/config.ts‎
Lines changed: 20 additions & 1 deletion
diff --git a/‎src/handlers.ts‎
Lines changed: 28 additions & 5 deletions b/‎src/handlers.ts‎
Lines changed: 28 additions & 5 deletions
diff --git a/‎src/types.ts‎
Lines changed: 8 additions & 0 deletions b/‎src/types.ts‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎src/utils/error-handler.ts‎
Lines changed: 55 additions & 1 deletion b/‎src/utils/error-handler.ts‎
Lines changed: 55 additions & 1 deletion
@@ -177,8 +177,18 @@ NO_PROXY=localhost,127.0.0.1
 # PERFORMANCE TUNING
 # ============================================================================
 
-# GitLab API timeout in milliseconds (default: 20000 = 20 seconds)
-GITLAB_API_TIMEOUT_MS=20000
+# GitLab API timeout in milliseconds (default: 10000 = 10 seconds)
+GITLAB_API_TIMEOUT_MS=10000
+
+# Retry configuration for idempotent operations (GET/HEAD/OPTIONS)
+# Enable automatic retry (default: true)
+GITLAB_API_RETRY_ENABLED=true
+# Maximum retry attempts (default: 3)
+GITLAB_API_RETRY_MAX_ATTEMPTS=3
+# Base delay for exponential backoff in ms (default: 1000)
+GITLAB_API_RETRY_BASE_DELAY_MS=1000
+# Maximum delay cap in ms (default: 4000)
+GITLAB_API_RETRY_MAX_DELAY_MS=4000
 
 # Node.js memory limit and options
 NODE_OPTIONS=--max-old-space-size=512
 
@@ -48,7 +48,7 @@ env = { "GITLAB_TOKEN" = "mytoken", "GITLAB_API_URL" = "https://gitlab.com" }
         "GITLAB_PROJECT_ID": "your_project_id", // Optional: default project
         "GITLAB_ALLOWED_PROJECT_IDS": "", // Optional: comma-separated list of allowed project IDs
         "GITLAB_READ_ONLY_MODE": "false",
-        "GITLAB_API_TIMEOUT_MS": "20000", // API timeout in milliseconds (default: 20000)
+        "GITLAB_API_TIMEOUT_MS": "10000", // API timeout in milliseconds (default: 10000)
         "USE_GITLAB_WIKI": "false", // use wiki api?
         "USE_MILESTONE": "false", // use milestone api?
         "USE_PIPELINE": "false", // use pipeline api?
@@ -517,7 +517,11 @@ When OAuth is enabled, the following endpoints are available:
   - Multiple values `123,456,789`: MCP server can access projects 123, 456, and 789 but requires explicit project ID in requests
 - `GITLAB_READ_ONLY_MODE`: When set to 'true', restricts the server to only expose read-only operations. Useful for enhanced security or when write access is not needed. Also useful for using with Cursor and it's 40 tool limit.
 - `GITLAB_DENIED_TOOLS_REGEX`: When set as a regular expression, it excludes the matching tools.
-- `GITLAB_API_TIMEOUT_MS`: API request timeout in milliseconds. (Default: `20000` - 20 seconds). If GitLab API doesn't respond within this time, the request will be aborted and a timeout error will be returned to the MCP client.
+- `GITLAB_API_TIMEOUT_MS`: API request timeout in milliseconds. (Default: `10000` - 10 seconds). If GitLab API doesn't respond within this time, the request will be aborted. For idempotent operations (GET/HEAD/OPTIONS requests), automatic retry with exponential backoff is attempted before returning a timeout error.
+- `GITLAB_API_RETRY_ENABLED`: Enable automatic retry for idempotent operations (GET/HEAD/OPTIONS). (Default: `true`). When enabled, failed requests due to timeouts, network errors, 5xx server errors, or 429 rate limits are automatically retried with exponential backoff. For 429 responses, the Retry-After header is honored when present.
+- `GITLAB_API_RETRY_MAX_ATTEMPTS`: Maximum number of retry attempts for failed requests. (Default: `3`). Set to `0` to disable retries.
+- `GITLAB_API_RETRY_BASE_DELAY_MS`: Base delay in milliseconds for exponential backoff. (Default: `1000` - 1 second). Actual delays: 1s, 2s, 4s for attempts 1, 2, 3.
+- `GITLAB_API_RETRY_MAX_DELAY_MS`: Maximum delay cap for exponential backoff. (Default: `4000` - 4 seconds). Prevents delays from growing too large.
 - `USE_GITLAB_WIKI`: When set to 'true', enables the wiki-related tools (list_wiki_pages, get_wiki_page, create_wiki_page, update_wiki_page, delete_wiki_page). Supports both project-level and group-level wikis. By default, wiki features are disabled.
 - `USE_MILESTONE`: When set to 'true', enables the milestone-related tools (list_milestones, get_milestone, create_milestone, edit_milestone, delete_milestone, get_milestone_issue, get_milestone_merge_requests, promote_milestone, get_milestone_burndown_events). By default, milestone features are disabled.
 - `USE_PIPELINE`: When set to 'true', enables the pipeline-related tools (list_pipelines, get_pipeline, list_pipeline_jobs, list_pipeline_trigger_jobs, get_pipeline_job, get_pipeline_job_output, create_pipeline, retry_pipeline, cancel_pipeline, play_pipeline_job, retry_pipeline_job, cancel_pipeline_job). By default, pipeline features are disabled.
 
@@ -38,6 +38,8 @@ module.exports = {
   moduleNameMapper: {
     "^(\\.{1,2}/.*)\\.js$": "$1",
   },
+  // Transform ESM modules from node_modules
+  transformIgnorePatterns: ["node_modules/(?!(@clack/prompts|@clack/core|sisteransi|picocolors)/)"],
   testMatch: integrationTestsEnabled
     ? ["**/tests/**/*.test.ts", "**/?(*.)+(spec|test).ts"]
     : ["**/tests/unit/**/*.test.ts"],
 
@@ -44,10 +44,12 @@
     "dev:sse": "node --env-file=.env.test -r source-map-support/register -r ts-node/register --experimental-specifier-resolution=node --experimental-print-required-tla --watch src/main.ts sse",
     "dev": "node --env-file=.env.test -r source-map-support/register -r ts-node/register --experimental-specifier-resolution=node --experimental-print-required-tla --watch src/main.ts",
     "watch": "tsc --watch",
-    "test": "yarn jest --runInBand",
-    "test:unit": "cross-env JEST_UNIT_ONLY=true yarn jest",
+    "test": "cross-env JEST_UNIT_ONLY=true yarn jest",
     "test:cov": "cross-env JEST_UNIT_ONLY=true yarn jest --coverage",
+    "test:integration": "yarn jest --testPathPattern=tests/integration --runInBand",
+    "test:all": "yarn jest --runInBand",
     "test:env-gating": "node tests/scripts/test-env-gating.js",
+    "test:help": "printf '# Test Scripts\\n  yarn test              - Unit tests only (fast, safe default)\\n  yarn test <pattern>    - Unit tests matching pattern\\n  yarn test:cov          - Unit test coverage\\n  yarn test:integration  - Integration tests (needs .env.test)\\n  yarn test:all          - Full suite (unit + integration)\\n  yarn test:env-gating   - Test environment gating\\n'",
     "cleanup:test-groups": "node scripts/cleanup-test-groups.js",
     "cleanup:test-groups:dry-run": "node scripts/cleanup-test-groups.js --dry-run",
     "cleanup:test-groups:force": "node scripts/cleanup-test-groups.js --force",
@@ -59,7 +61,7 @@
     "list-tools:dev": "node --env-file=.env.test -r source-map-support/register -r ts-node/register --experimental-specifier-resolution=node src/cli/list-tools.ts"
   },
   "dependencies": {
-    "@clack/prompts": "^0.11.0",
+    "@clack/prompts": "1.0.0-alpha.9",
     "@graphql-typed-document-node/core": "^3.2.0",
     "@modelcontextprotocol/sdk": "^1.25.3",
     "@prisma/client": "^7.3.0",
@@ -77,7 +79,7 @@
     "transliteration": "^2.6.1",
     "undici": "^7.19.0",
     "yaml": "^2.8.2",
-    "zod": "^4.3.5"
+    "zod": "^4.3.6"
   },
   "devDependencies": {
     "@eslint/js": "^9.39.2",
 
@@ -148,7 +148,7 @@ export async function initDocker(): Promise<void> {
     placeholder: "3333",
     initialValue: "3333",
     validate: value => {
-      const num = parseInt(value, 10);
+      const num = parseInt(value ?? "", 10);
       if (isNaN(num) || num < 1 || num > 65535) {
         return "Port must be a number between 1 and 65535";
       }
 
@@ -63,7 +63,7 @@ export async function runWizard(): Promise<void> {
       message: "Enter your GitLab instance URL:",
       placeholder: "https://gitlab.example.com",
       validate: value => {
-        const result = validateGitLabUrl(value);
+        const result = validateGitLabUrl(value ?? "");
         return result.valid ? undefined : result.error;
       },
     });
 
@@ -146,7 +146,26 @@ export const SSL_PASSPHRASE = process.env.SSL_PASSPHRASE;
 export const TRUST_PROXY = process.env.TRUST_PROXY;
 
 // API timeout configuration (in milliseconds)
-export const API_TIMEOUT_MS = parseInt(process.env.GITLAB_API_TIMEOUT_MS ?? "20000", 10);
+// Default 10s allows time for retries within a reasonable total response time
+const parsedTimeoutMs = parseInt(process.env.GITLAB_API_TIMEOUT_MS ?? "10000", 10);
+export const API_TIMEOUT_MS =
+  Number.isFinite(parsedTimeoutMs) && parsedTimeoutMs > 0 ? parsedTimeoutMs : 10000;
+
+// Retry configuration for idempotent operations (GET/HEAD/OPTIONS requests by default)
+// Retries on: timeouts, network errors, 5xx server errors, 429 rate limits
+export const API_RETRY_ENABLED = process.env.GITLAB_API_RETRY_ENABLED !== "false";
+
+const parsedMaxAttempts = parseInt(process.env.GITLAB_API_RETRY_MAX_ATTEMPTS ?? "3", 10);
+export const API_RETRY_MAX_ATTEMPTS =
+  Number.isFinite(parsedMaxAttempts) && parsedMaxAttempts >= 0 ? parsedMaxAttempts : 3;
+
+const parsedBaseDelay = parseInt(process.env.GITLAB_API_RETRY_BASE_DELAY_MS ?? "1000", 10);
+export const API_RETRY_BASE_DELAY_MS =
+  Number.isFinite(parsedBaseDelay) && parsedBaseDelay > 0 ? parsedBaseDelay : 1000;
+
+const parsedMaxDelay = parseInt(process.env.GITLAB_API_RETRY_MAX_DELAY_MS ?? "4000", 10);
+export const API_RETRY_MAX_DELAY_MS =
+  Number.isFinite(parsedMaxDelay) && parsedMaxDelay > 0 ? parsedMaxDelay : 4000;
 
 // Rate limiting configuration
 // Per-IP rate limiting (for anonymous requests) - enabled by default
 
@@ -6,6 +6,8 @@ import {
   handleGitLabError,
   GitLabStructuredError,
   isStructuredToolError,
+  createTimeoutError,
+  parseTimeoutError,
 } from "./utils/error-handler";
 
 interface JsonSchemaProperty {
@@ -91,6 +93,20 @@ function extractActionFromError(error: unknown): string | undefined {
   return undefined;
 }
 
+/**
+ * Check if a tool operation is idempotent (safe to retry)
+ * browse_* tools are always idempotent (read-only)
+ * list_*, get_*, and download_* tools are also idempotent
+ */
+function isIdempotentOperation(toolName: string): boolean {
+  return (
+    toolName.startsWith("browse_") ||
+    toolName.startsWith("list_") ||
+    toolName.startsWith("get_") ||
+    toolName.startsWith("download_")
+  );
+}
+
 /**
  * Convert an error to a structured GitLab error response
  * Extracts tool name and action from context, parses API errors
@@ -113,17 +129,24 @@ function toStructuredError(
 
   if (!(error instanceof Error)) return null;
 
-  // Try to parse GitLab API error from message
-  const parsed = parseGitLabApiError(error.message);
-  if (!parsed) return null;
-
-  // Extract action: prefer from error cause, then from tool args
+  // Extract action early - needed for both timeout and API errors
   let action = extractActionFromError(error);
   if (!action && toolArgs && typeof toolArgs.action === "string") {
     action = toolArgs.action;
   }
   action ??= "unknown";
 
+  // Check for timeout error first (before parseGitLabApiError)
+  const timeoutMs = parseTimeoutError(error.message);
+  if (timeoutMs !== null) {
+    const retryable = isIdempotentOperation(toolName);
+    return createTimeoutError(toolName, action, timeoutMs, retryable);
+  }
+
+  // Try to parse GitLab API error from message
+  const parsed = parseGitLabApiError(error.message);
+  if (!parsed) return null;
+
   return handleGitLabError(
     { status: parsed.status, message: parsed.message },
     toolName,
 
@@ -33,6 +33,14 @@ export interface FeatureGate {
 export interface EnhancedToolDefinition extends ToolDefinition {
   handler: (args: unknown) => Promise<unknown>;
   gate?: FeatureGate; // Optional - tools without gate are always enabled
+  /**
+   * Mark the tool as idempotent (safe to retry on failure).
+   * If not specified, idempotency is inferred from tool name:
+   * - browse_*, list_*, get_*, download_* are considered idempotent (read-only)
+   * - manage_* are considered non-idempotent (write operations)
+   * Set explicitly to override the default behavior.
+   */
+  idempotent?: boolean;
 }
 
 // Tool registry type for storing enhanced tool definitions
 
@@ -133,6 +133,17 @@ export interface ApiError extends StructuredError {
   gitlab_error?: string;
 }
 
+/**
+ * Timeout error for API requests that exceeded the timeout limit
+ */
+export interface TimeoutError extends StructuredError {
+  error_code: "TIMEOUT";
+  /** Timeout duration in milliseconds */
+  timeout_ms: number;
+  /** Whether the request can be retried (idempotent operation) */
+  retryable: boolean;
+}
+
 /**
  * Union type of all structured errors
  */
@@ -141,7 +152,8 @@ export type GitLabStructuredError =
   | TierRestrictedError
   | PermissionDeniedError
   | NotFoundError
-  | ApiError;
+  | ApiError
+  | TimeoutError;
 
 // ============================================================================
 // Tier Restriction Detection
@@ -849,6 +861,48 @@ export function createValidationError(
   };
 }
 
+// ============================================================================
+// Timeout Error Helper
+// ============================================================================
+
+/**
+ * Create a timeout error response
+ *
+ * @param tool - Tool name that triggered the timeout
+ * @param action - Action that was attempted
+ * @param timeoutMs - Timeout duration in milliseconds
+ * @param retryable - Whether the operation is idempotent and can be retried
+ */
+export function createTimeoutError(
+  tool: string,
+  action: string,
+  timeoutMs: number,
+  retryable: boolean = false
+): TimeoutError {
+  const retryHint = retryable
+    ? " This is a read-only operation - you can safely retry."
+    : " This is a write operation - check if it completed before retrying.";
+
+  return {
+    error_code: "TIMEOUT",
+    tool,
+    action,
+    timeout_ms: timeoutMs,
+    retryable,
+    message: `Request timed out after ${timeoutMs}ms`,
+    suggested_fix: `The GitLab server is slow to respond. Try again later or increase GITLAB_API_TIMEOUT_MS.${retryHint}`,
+  };
+}
+
+/**
+ * Parse timeout error from error message
+ * Returns timeout value in ms if the error is a timeout error, null otherwise
+ */
+export function parseTimeoutError(errorMessage: string): number | null {
+  const match = errorMessage.match(/GitLab API timeout after (\d+)ms/);
+  return match ? parseInt(match[1], 10) : null;
+}
+
 // ============================================================================
 // Custom Error Class
 // ============================================================================
Original file line number	Diff line number	Diff line change
`@@ -148,7 +148,7 @@ export async function initDocker(): Promise<void> {`
`148`	`148`	`placeholder: "3333",`
`149`	`149`	`initialValue: "3333",`
`150`	`150`	`validate: value => {`
`151`		`- const num = parseInt(value, 10);`
	`151`	`+ const num = parseInt(value ?? "", 10);`
`152`	`152`	`if (isNaN(num) \|\| num < 1 \|\| num > 65535) {`
`153`	`153`	`return "Port must be a number between 1 and 65535";`
`154`	`154`	`}`