Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: structured-world/gitlab-mcp
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v6.45.1
Choose a base ref
...
head repository: structured-world/gitlab-mcp
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v6.46.0
Choose a head ref
  • 2 commits
  • 14 files changed
  • 2 contributors

Commits on Jan 25, 2026

  1. feat(context): add whoami action for token introspection (#203) (#205) 

    * feat(context): add whoami action for token introspection and capability discovery

Add new `whoami` action to manage_context tool that provides comprehensive
information about current authentication status, token capabilities, and
available tools. This enables AI agents to understand access limitations
and provide actionable guidance to users.

Key features:
- User identity info (fetched via REST API)
- Token info (name, scopes, expiry, validity)
- Server config (host, version, tier)
- Capabilities summary (available/filtered tools breakdown)
- Current context (preset, profile, scope)
- Warnings (expiring token, limited scopes, read-only mode)
- Recommendations (create token, renew, upgrade tier)

Dynamic Token Refresh:
- Re-introspects token on each whoami call
- Detects permission changes without server restart
- Automatically refreshes tool registry when scopes change
- Sends tools/list_changed notification to MCP clients
- Returns scopesRefreshed=true when tools were updated

Implementation:
- Add WhoamiSchema to discriminated union schema
- Add comprehensive types (WhoamiResult, WhoamiUserInfo, etc.)
- New whoami.ts with main logic and token refresh flow
- Add refreshTokenScopes() to ConnectionManager
- Add getFilterStats() to RegistryManager with FilterStats interface
- Integrate sendToolsListChangedNotification for hot-reload
- 34 unit tests covering various scenarios

Author: Pavel Oliynyk <[email protected]>

Closes #203

* refactor(context): use shared isOAuthEnabled from oauth module

- Replace local isOAuthMode() with shared isOAuthEnabled()
- Add tests for ConnectionManager.refreshTokenScopes method
- Add isOAuthEnabled mock to whoami tests

* refactor(context): simplify buildContextInfo scope assignment

- Remove @author tag to follow codebase conventions
- Simplify scope assignment using nullish coalescing
- Remove unused RuntimeScope import

* test(context): fix unrealistic filteredByScopes mock value

Set filteredByScopes to 35 to reflect that write_repository
scope without api filters most tools requiring GraphQL access.
    @polaz
    polaz authored Jan 25, 2026
    Configuration menu
    Copy the full SHA
    fc0c568 View commit details
    Browse the repository at this point in the history

  2. chore(release): 6.46.0 [skip ci] 

    ## [6.46.0](v6.45.1...v6.46.0) (2026-01-25)

### Features

* **context:** add whoami action for token introspection ([#203](#203)) ([#205](#205)) ([fc0c568](fc0c568))
    @semantic-release-bot
    semantic-release-bot committed Jan 25, 2026
    Configuration menu
    Copy the full SHA
    1081ead View commit details
    Browse the repository at this point in the history
Loading