Skip to content

fix(runners): send job status filter as a GitLab list argument#536

Merged
polaz merged 6 commits into
mainfrom
fix/#535
Jun 22, 2026
Merged

fix(runners): send job status filter as a GitLab list argument#536
polaz merged 6 commits into
mainfrom
fix/#535

Conversation

@polaz

@polaz polaz commented Jun 22, 2026

Copy link
Copy Markdown
Member

Closes #535. Bundles four maintenance items into a single PR.

1. server.json marketing copy is now auto-generated (most important)

The MCP Registry listing is driven by server.json's description, which read:

GitLab MCP server with 58 tools for projects, MRs, pipelines, and more

That undersells the server next to the README hero line. prepare-release.sh
now generates the description from the live tool / operation / entity counts:

58 CQRS tools exposing 230 GitLab operations across 26 entity types

This mirrors the README and stays under the MCP Registry's 100-char description
limit (67 chars here, and well under even with 3-digit counts).

2. All marketing READMEs are committed at release

prepare-release.sh renders the README to three shipping locations (core npm
page, GitHub repo landing, db npm page), but the release sync job only staged
the core README. The root and db READMEs drifted a release behind: their
download badge still pointed at 9.0.0 while the core page was on 9.1.0. The sync
job now stages all three, and they are regenerated here to the current version.

3. graphql 16 -> 17 (Dependabot #532 / #533)

  • graphql 16.14.2 -> 17.0.1, graphql-tag 2.12.6 -> 2.12.7 (its peer range
    now covers graphql 17). The package engine already requires Node >=24, which
    graphql 17 supports, so there is no engine regression.
  • Also refreshed: @clack/prompts 1.5.1 -> 1.6.0, plus @cloudflare/workers-types
    and @types/node patch bumps (within ^25).
  • Left for a separate Dependabot pass (major bumps, out of range): @types/node
    26 and nx 23.

This supersedes Dependabot PRs #532 and #533; both will be closed.

4. Runner job-status query fix

Found while running the full integration suite. browse_runners action
list_jobs declared $statuses: CiJobStatus, but GitLab's jobs(statuses:)
argument is [CiJobStatus!]. GitLab rejects the query with "List dimension
mismatch on variable $statuses" whenever a runner with executed jobs exists,
independent of the value sent. This is a pre-existing bug (the query text is
identical on graphql 16 and 17, so it is not caused by the upgrade) that only
surfaced once the test instance had a runner with jobs. Fixed by declaring the
variable as [CiJobStatus!] and wrapping the single-status filter in a list.

Testing

  • Full unit suite: 5206 passed (163 suites).
  • Full integration suite against a live GitLab Ultimate instance: 443 passed
    (39 suites) on graphql 17, including the previously failing runner drill-down.
  • yarn build and yarn lint clean.
  • prepare-release.sh 9.1.0 runs clean: 58 tools (32 read-only, 230 actions), 26 entities.

Summary by CodeRabbit

  • New Features

    • Runner job filtering now supports filtering by multiple job statuses simultaneously
  • Documentation

    • Updated version references to 9.1.0 in installation instructions
  • Chores

    • Updated dependencies including GraphQL to v17.0.0 and type definitions
    • Enhanced server metadata with detailed statistics on available tools and operations

polaz added 3 commits June 22, 2026 10:29
GitLab's runner jobs(statuses:) argument is [CiJobStatus!], but the
ListRunnerJobs query declared $statuses as a singular CiJobStatus. GitLab
rejects the query with "List dimension mismatch on variable $statuses"
whenever a runner with executed jobs exists, so browse_runners list_jobs
failed against real data regardless of whether a status filter was passed.

Declare the variable as [CiJobStatus!] and wrap the single-status filter in
a list before sending. The unit test now asserts the value reaches GitLab as
["FAILED"] rather than the bare enum.

Closes #535
- graphql 16.14.2 -> 17.0.1 (resolves Dependabot #532 / #533). Node engine
  already requires >=24, which graphql 17 supports.
- graphql-tag 2.12.6 -> 2.12.7 so its peer range covers graphql 17.
- @clack/prompts 1.5.1 -> 1.6.0.
- @cloudflare/workers-types and @types/node patch refresh (within ^25).

Verified with the full unit suite (5206 tests) and full integration suite
(443 tests) against a live GitLab instance.
…READMEs

The MCP Registry listing is driven by server.json's description, which read
"GitLab MCP server with 58 tools for projects, MRs, pipelines, and more". That
undersells the server next to the README hero line. prepare-release.sh now
generates the description from the live tool / operation / entity counts as
"<tools> CQRS tools exposing <operations> GitLab operations across <entities>
entity types", mirroring the README and staying under the registry's 100-char
description limit.

prepare-release.sh renders the README to all three shipping locations (core npm
page, GitHub repo landing, db npm page), but the release sync job only staged
the core README, so the root and db pages drifted a release behind (download
badge still on 9.0.0 while core was 9.1.0). Stage all three so the public counts
and version stay consistent across npm, GitHub, and the db page.

server.json and the root/db READMEs are regenerated here to the current counts.
@coderabbitai

coderabbitai Bot commented Jun 22, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 4332c8de-85b6-4cbe-a5b5-242e185cdae8

📥 Commits

Reviewing files that changed from the base of the PR and between 1683857 and 3a3ce88.

📒 Files selected for processing (2)
  • packages/gitlab-mcp/src/entities/runners/schema-readonly.ts
  • packages/gitlab-mcp/tests/unit/entities/runners/registry.test.ts

📝 Walkthrough

Walkthrough

Fixes the list_jobs GraphQL $statuses variable from a scalar CiJobStatus to [CiJobStatus!] and updates the Zod schema and unit test accordingly. Updates prepare-release.sh to generate server.json's description from live tool/operation/entity counts. Extends the release-PR sync job to stage all rendered READMEs and package.json files. Bumps graphql to v17, graphql-tag, and several minor dependencies.

Changes

Runner list_jobs statuses type fix

Layer / File(s) Summary
GraphQL type contract, schema validation, and test
packages/gitlab-mcp/src/graphql/runners.ts, packages/gitlab-mcp/src/entities/runners/schema-readonly.ts, packages/gitlab-mcp/tests/unit/entities/runners/registry.test.ts
ListRunnerJobsVars.statuses changes from string | null to string[] | null; the LIST_RUNNER_JOBS query variable changes from CiJobStatus to [CiJobStatus!]; the Zod schema switches from a single enum to z.array(enum); the unit test passes statuses as an array with a comment explaining GitLab rejects non-list input.

Release tooling, metadata, and dependency updates

Layer / File(s) Summary
Auto-generated server.json description
packages/gitlab-mcp/scripts/prepare-release.sh, packages/gitlab-mcp/server.json
prepare-release.sh now passes ACTION_COUNT and ENTITY_COUNT into the jq template to produce the description "${TOOL_COUNT} CQRS tools exposing ${ACTION_COUNT} GitLab operations across ${ENTITY_COUNT} entity types". server.json reflects the generated output.
Release-PR staging fix and README badge updates
.github/workflows/release-please.yml, README.md, packages/gitlab-mcp-db/README.md
The sync-release-pr workflow git add step is extended to stage root package.json, root README.md, and packages/gitlab-mcp-db/README.md. Both README files update their Claude Desktop badge URLs from 9.0.0 to 9.1.0.
Dependency version bumps
packages/gitlab-mcp/package.json, packages/gitlab-mcp-db/package.json, package.json
graphql upgraded from ^16.x to ^17.0.0; graphql-tag, @clack/prompts, @cloudflare/workers-types, and @types/node bumped to newer versions across packages; form-data ^4.0.6 added as a new root dependency.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

  • structured-world/gitlab-mcp#359: Introduces the release-please.yml workflow and post-release flow that this PR further modifies for metadata staging.
  • structured-world/gitlab-mcp#474: Prior work to compute ACTION_COUNT in prepare-release.sh that this PR extends with ENTITY_COUNT for the server.json description.
  • structured-world/gitlab-mcp#477: Original addition of the runners GraphQL/schema layer and list_jobs status filtering that this PR fixes for array input.

Suggested labels

dependencies, javascript, released

🐇 A hop and a fix for the status array snag,
The description now tells of each tool in the bag.
READMEs are staged so they never fall behind,
And graphql seventeen is the new find!
✨ From scalar to list — what a wonderful spring! 🌸

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly identifies the primary fix (runner job-status query bug) and is specific to the main changeset.
Linked Issues check ✅ Passed The PR implements all four coding objectives from issue #535: auto-generating server.json description, staging all three READMEs in release workflow, upgrading graphql to 17 with passing tests, and fixing the runner list_jobs query to accept array statuses.
Out of Scope Changes check ✅ Passed All changes are directly aligned with issue #535 objectives: server.json generation, README staging, graphql upgrade with dependency bumps, and runner query fix.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/#535

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions

Copy link
Copy Markdown

Test Coverage Report

Overall Coverage: 96.84%

Metric Percentage
Statements 96.2%
Branches 87.97%
Functions 94.83%
Lines 96.84%

View detailed coverage report

@codecov

codecov Bot commented Jun 22, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

The resolved form-data 4.0.5 is in the vulnerable range (>= 4.0.0, < 4.0.6) for
the CRLF-injection-via-multipart-field-names advisory (GHSA, high). Pin it to
>=4.0.6 in root resolutions so the dev/CI tree no longer trips the alert.

js-yaml's quadratic-merge-key DoS (medium) is left as-is: the only consumer is
@istanbuljs/load-nyc-config (dev coverage tooling, parses trusted local config),
its sole patch lives in js-yaml 4.x, and forcing that major would break the 3.x
safeLoad API the loader relies on.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@package.json`:
- Line 17: The `form-data` dependency in the `resolutions` field uses an
unbounded semver range `>=4.0.6` which permits major version upgrades and
increases the risk of breaking changes on lockfile refreshes. Change the version
specifier from `>=4.0.6` to `^4.0.6` in the `resolutions` object to establish a
bounded range that maintains the security floor while preventing accidental
major-version upgrades. This follows semantic versioning best practices by
allowing patch and minor version updates while locking the major version at 4.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: d258c41d-df28-4c88-b13d-7cb71f431d59

📥 Commits

Reviewing files that changed from the base of the PR and between 95a4a05 and 52ef396.

⛔ Files ignored due to path filters (1)
  • yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (1)
  • package.json

Comment thread package.json Outdated
@greptile-apps

greptile-apps Bot commented Jun 22, 2026

Copy link
Copy Markdown

Greptile Summary

This PR bundles four maintenance items: a bug fix for the runner job-status GraphQL query (the core change), auto-generation of the server.json description from live counts, a fix for staging all three README locations on release, and a graphql 16→17 upgrade.

  • Runner query fix: $statuses was declared as a bare CiJobStatus scalar but GitLab's jobs(statuses:) argument expects [CiJobStatus!]; the PR corrects the variable type in the query, the TypeScript interface, and the Zod schema (now accepting an array), fixing a "List dimension mismatch" rejection that blocked any runner with executed jobs.
  • Release automation: prepare-release.sh now generates the server.json description from computed counts and renders all three shipping READMEs; the release workflow stages all three so the root and db pages no longer lag a version behind.
  • Dependencies: graphql bumped to 17.0.1 with compatible graphql-tag 2.12.7; form-data ^4.0.6 added as a monorepo resolution to pin a transitive dependency brought in by the upgrade.

Confidence Score: 5/5

Safe to merge — the runner query fix is a well-scoped, API-contract correction backed by a passing integration suite, and all other changes are release automation and dependency bumps.

All changes are targeted and correct: the GraphQL type fix matches GitLab's documented schema, the schema change adopts the prior review's recommendation cleanly, and the release script changes are additive with no logic that could silently corrupt artifacts. The full unit and integration suites pass.

No files require special attention.

Important Files Changed

Filename Overview
packages/gitlab-mcp/src/graphql/runners.ts Fixes the ListRunnerJobs query: changes $statuses variable type from CiJobStatus to [CiJobStatus!] and updates the TypeScript interface from string to string[], matching GitLab's actual API contract.
packages/gitlab-mcp/src/entities/runners/schema-readonly.ts Updates ListRunnerJobsSchema to accept statuses as an array of enums rather than a single enum, enabling multi-status filtering and matching the adopted recommendation from a previous review thread.
packages/gitlab-mcp/tests/unit/entities/runners/registry.test.ts Test updated to pass statuses as an array (["FAILED", "CANCELED"]) and assert the variable is forwarded as-is to the GraphQL query.
packages/gitlab-mcp/scripts/prepare-release.sh server.json description now auto-generated with live tool/operation/entity counts; renders README to all three shipping locations instead of just the core package page.
.github/workflows/release-please.yml Release PR sync step now stages root and db READMEs in addition to the core README, preventing them from drifting a release behind.
packages/gitlab-mcp/package.json Bumps graphql 16→17, graphql-tag 2.12.6→2.12.7, @clack/prompts 1.5.1→1.6.0, and patch bumps to @cloudflare/workers-types and @types/node.
package.json Adds form-data ^4.0.6 to the monorepo root resolutions map to pin the transitive dependency version brought in by the graphql 17 upgrade.

Reviews (2): Last reviewed commit: "fix(runners): accept multiple job status..." | Re-trigger Greptile

Comment thread packages/gitlab-mcp/src/entities/runners/registry.ts Outdated
GitLab's jobs(statuses:) argument is [CiJobStatus!], so it natively filters by
more than one status. The list_jobs schema now takes an array of statuses
instead of a single value, and the handler forwards it straight through. Callers
can request e.g. ["FAILED", "CANCELED"] in one query.
@polaz

polaz commented Jun 22, 2026

Copy link
Copy Markdown
Member Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jun 22, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@polaz

polaz commented Jun 22, 2026

Copy link
Copy Markdown
Member Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jun 22, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@polaz polaz merged commit c1b37f9 into main Jun 22, 2026
19 checks passed
@polaz polaz deleted the fix/#535 branch June 22, 2026 11:54
@sw-release-bot sw-release-bot Bot mentioned this pull request Jun 22, 2026
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Upgrade graphql to 17, fix runner job-status query, and auto-generate server.json marketing copy

1 participant