22 tools from the GitLab Operations MCP Server, categorised by risk level.
View the GitLab Operations policy →list_ci_variables List all CI/CD variables for a project, including their keys, protection status, masking, and environment scopes list_groups List GitLab groups with optional search, ownership, and minimum access level filters list_pipeline_triggers List all pipeline trigger tokens for a project, including their descriptions and ownership list_project_access_tokens List all access tokens for a project, including their scopes, access levels, and expiry dates list_protected_branches List all protected branches for a project, including their push/merge access levels and force-push settings list_webhooks List all webhooks configured on a GitLab project, including their URLs, event subscriptions, and SSL verification status test_webhook Trigger a test event (push, tag_push, etc.) against a webhook to verify it is receiving and processing events correctly create_ci_variable Create a project-level CI/CD variable with optional protection (only exposed to protected branches), masking (hidden in job logs), environment scop... 2/5 create_group Create a new GitLab group or subgroup with configurable visibility and description for namespace isolation 3/5 create_pipeline_trigger Create a pipeline trigger token for cross-project pipeline triggering via the GitLab API 2/5 create_project_access_token Create a scoped, rotatable access token for a project with configurable scopes (api, read_api, read/write_repository, read/write_registry), access ... 2/5 create_webhook Create a project-level webhook with configurable event subscriptions (push, tag, MR, pipeline, etc.) and optional secret token verification 3/5 protect_branch Protect a branch (or wildcard pattern) with configurable push/merge access levels and force-push settings to enforce merge-only workflows 2/5 update_ci_variable Update an existing CI/CD variable's value, protection, masking, environment scope, or type 2/5 update_project_settings Update project-level settings: merge strategy (merge/rebase/fast-forward), squash policy, pipeline requirements, source branch cleanup, Auto DevOps... 2/5 update_webhook Update an existing webhook's URL, secret token, event subscriptions, or SSL settings 3/5 delete_ci_variable Remove a CI/CD variable from a project by key 4/5 delete_group Delete a GitLab group and all projects within it (cascading delete) 4/5 delete_pipeline_trigger Remove a pipeline trigger token, preventing any further pipeline triggers using it 4/5 delete_webhook Remove a webhook from a GitLab project 4/5 revoke_project_access_token Revoke a project access token, immediately invalidating it for all future API requests 4/5 unprotect_branch Remove protection rules from a branch, restoring default push and merge permissions 4/5 The GitLab Operations MCP server exposes 22 tools across 3 categories: Read, Write, Destructive.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the GitLab Operations server.
GitLab Operations tools are categorised as Read (7), Write (9), Destructive (6). Each category has a recommended default policy.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept