Open Source · Written in Go · MIT License

GitLab from
Your Terminal

Work seamlessly with GitLab from the command line. Manage merge requests, issues, pipelines, releases, and more — without leaving your terminal.

Get Started View on GitHub
$ brew install PhilipKram/tap/glab
0
Commands
Go
Written In
0
Command Groups
MIT
License
Why glab

Everything GitLab, one command away

A powerful CLI that brings the full GitLab workflow to your terminal with a familiar, intuitive interface.

Merge Requests

Create, review, approve, and merge MRs without leaving your terminal. Supports draft MRs, assignees, reviewers, and labels.

glab mr create --title "Feature" --draft

Issues

Full issue lifecycle management. Create, assign, label, comment, and close issues from the command line.

glab issue list --state opened

CI/CD Pipelines

Trigger pipelines, view job logs, retry failed builds, and monitor CI status right from your terminal.

glab pipeline run --branch main

Repositories

Clone, create, fork, and manage repositories. Full support for groups and namespaces.

glab repo clone owner/repo

Familiar Interface

Follows the same command patterns as GitHub CLI (gh). If you know gh, you already know glab.

glab <noun> <verb> [flags]

OAuth & Self-Hosted

Login via browser OAuth or personal access tokens. Tokens auto-refresh when expired. Works with gitlab.com and any self-hosted instance.

glab auth login

Packages & Registries

Manage package registries (npm, Maven, PyPI, etc.) and container image repositories directly from the CLI.

glab package list --type npm

Pipeline Analytics

Analyze pipeline success rates, duration trends, slowest jobs, and flaky test detection to optimize your CI/CD.

glab pipeline stats --days 30

MCP Server

Built-in Model Context Protocol server with 74 tools, 4 resources, and 5 prompt templates for AI integration.

glab mcp install
Installation

Get started in seconds

Multiple installation methods to fit your workflow. Pick whichever suits you best.

Homebrew (macOS & Linux)

terminal 
brew tap PhilipKram/tap https://github.com/PhilipKram/Gitlab-CLI
brew install PhilipKram/tap/glab

Go Install

terminal 
# Requires Go 1.22+
go install github.com/PhilipKram/gitlab-cli@latest

Binary Download

Download pre-built binaries for Linux, macOS, and Windows from the releases page.

Available for amd64 and arm64.

Build from Source

terminal
git clone https://github.com/PhilipKram/Gitlab-CLI.git
cd Gitlab-CLI
make build
# Binary at ./bin/glab

Authentication

Authenticate with your GitLab instance. OAuth is the default — just run glab auth login and it opens your browser.

OAuth Login (Default)

The CLI starts a local server on port 7171, opens your browser for authorization, and exchanges the code for a token using PKCE — no client secret needed.

  • Browser-based OAuth with PKCE
  • Remembers settings after first run
  • Auto-refreshes expired tokens
  • Works with self-hosted instances
terminal 
# OAuth login (default) — opens your browser
glab auth login

# Login to a specific host
glab auth login --hostname gitlab.example.com

# Login with a personal access token instead
glab auth login --token glpat-xxxxxxxxxxxxxxxxxxxx

# Or set an environment variable
export GITLAB_TOKEN="glpat-xxxxxxxxxxxxxxxxxxxx"

OAuth Setup

Before your first OAuth login, create an OAuth application in your GitLab instance under Settings > Applications:

  • Redirect URI: http://localhost:7171/auth/redirect
  • Scopes: api read_user write_repository openid profile

Token Auto-Refresh

OAuth tokens expire after ~2 hours. glab automatically detects expiry and refreshes in the background using the stored refresh token.

Run glab auth status to see when your token expires. Tokens provided via environment variables are never auto-refreshed.

Command Reference

Every command at your fingertips

Comprehensive coverage of GitLab features organized into intuitive command groups.

Authentication
glab auth loginOAuth login (opens browser)
glab auth login --tokenLogin with personal access token
glab auth logoutLog out of a GitLab instance
glab auth statusView auth status & token expiry
glab auth tokenPrint the stored auth token
Repositories
glab repo clone <path>Clone a repository
glab repo create <name>Create a new repository
glab repo fork [path]Fork a repository
glab repo view [path]View repository info
glab repo listList repositories
glab repo archive [path]Archive a repository
glab repo delete <path>Delete a repository
Merge Requests
glab mr createCreate a new merge request
glab mr listList merge requests
glab mr view <id>View MR details
glab mr merge <id>Merge a merge request
glab mr close <id>Close a merge request
glab mr reopen <id>Reopen a closed MR
glab mr approve <id>Approve a merge request
glab mr checkout <id>Check out the MR branch
glab mr diff <id>View the diff
glab mr comment <id>Add a comment (inline supported)
glab mr edit <id>Edit MR properties
glab mr discussions <id>List discussion threads
glab mr resolve <id>Resolve a discussion thread
glab mr unresolve <id>Unresolve a discussion thread
Issues
glab issue createCreate a new issue
glab issue listList issues
glab issue view <id>View issue details
glab issue close <id>Close an issue
glab issue reopen <id>Reopen an issue
glab issue comment <id>Add a comment
glab issue edit <id>Edit issue properties
glab issue delete <id>Delete an issue
CI/CD Pipelines
glab pipeline listList pipelines
glab pipeline view <id>View pipeline details
glab pipeline runTrigger a new pipeline
glab pipeline cancel <id>Cancel running pipeline
glab pipeline retry <id>Retry failed pipeline
glab pipeline delete <id>Delete a pipeline
glab pipeline jobs <id>List jobs in a pipeline
glab pipeline job-log <id>View job log output
glab pipeline retry-job <id>Retry a specific failed job
glab pipeline cancel-job <id>Cancel a specific running job
glab pipeline artifacts <id>Download job artifacts
glab pipeline statsPipeline success/failure stats
glab pipeline trendsDuration trends over time
glab pipeline slowest-jobsFind slowest jobs
glab pipeline flakyDetect flaky jobs
Releases
glab release create <tag>Create a release
glab release listList releases
glab release view <tag>View release details
glab release delete <tag>Delete a release
glab release download <tag>List downloadable assets
glab release upload <tag>Upload an asset
CI/CD Variables
glab variable listList CI/CD variables
glab variable get <key>Get a variable value
glab variable set <key> <val>Create or set a variable
glab variable update <key>Update an existing variable
glab variable delete <key>Delete a variable
glab variable exportExport variables to JSON
glab variable importImport variables from JSON
Packages & Registries
glab package listList packages
glab package view <id>View package details
glab package delete <id>Delete a package
glab package download <id>Download package assets
glab registry listList container repositories
glab registry tags <name>List image tags
glab registry view <name>View repository details
glab registry delete <name>Delete image tags
Environments & Deployments
glab environment listList environments
glab environment view <id>View environment details
glab environment stop <id>Stop an environment
glab environment delete <id>Delete an environment
glab deployment listList deployments
glab deployment view <id>View deployment details
Snippets, Labels & Projects
glab snippet createCreate a snippet
glab snippet listList snippets
glab snippet view <id>View a snippet
glab label createCreate a label
glab label listList labels
glab project listList projects
glab project viewView project details
glab project membersList project members
Utilities
glab api <endpoint>Authenticated API requests
glab browse [path]Open project in browser
glab config get <key>Get a config value
glab config set <key> <val>Set a config value
glab config listList all config values
glab completion <shell>Generate shell completions
glab upgradeUpgrade glab to latest
glab upgrade --checkCheck for newer version
glab mcp serveStart MCP server for AI tools
glab mcp installRegister with Claude Code/Desktop
glab mcp statusCheck MCP registration status

Global Flag: --repo, -R Select a GitLab repository using HOST/OWNER/REPO format. When omitted, glab resolves the host from the git remote, falls back to the default host, then to the first authenticated host.

Examples

Real-world workflows

Common patterns for day-to-day GitLab usage, straight from the terminal.

Complete MR Workflow

Create, review, comment on, and merge a merge request — all without leaving the terminal.

  • Create draft MRs with assignees & labels
  • Check out branches for local review
  • Leave inline diff comments
  • Squash merge with source branch cleanup
terminal 
# Create a merge request from current branch
glab mr create --title "Add user authentication" \
  --description "Implements OAuth2 login flow" \
  --assignee @alice --reviewer @bob \
  --label feature,auth --draft

# List open MRs assigned to you
glab mr list --state opened

# Check out a teammate's MR for review
glab mr checkout 42

# Leave an inline comment on the diff
glab mr comment 42 --body "Consider refactoring this" \
  --file "src/auth.go" --line 57

# Approve and merge
glab mr approve 42
glab mr merge 42 --squash --remove-source-branch

CI/CD Pipeline Monitoring

Trigger, monitor, and debug CI/CD pipelines without opening the GitLab web UI.

  • Trigger pipelines with variables
  • Watch pipeline status in real-time
  • Debug failed jobs with log output
terminal
# Trigger a pipeline on main
glab pipeline run --branch main --variables DEPLOY_ENV=staging

# Watch pipeline status
glab pipeline list --ref main --limit 5

# Debug a failed job
glab pipeline jobs 12345
glab pipeline job-log 67890

Issue Tracking

Manage bugs, features, and tasks from the command line — create, assign, label, and close issues.

  • Create issues with labels & assignees
  • Filter issues by state and label
  • Close with comments referencing MRs
terminal
# Create a bug report
glab issue create --title "Login page broken on Safari" \
  --label bug,P1 --assignee @alice

# Find issues by label
glab issue list --label bug --state opened

# Close with a comment
glab issue comment 42 --body "Fixed in !99"
glab issue close 42

Advanced Usage

Work with remote projects, raw API access, JSON output for scripting, and self-upgrade.

  • Target any project with -R flag
  • Direct API access with glab api
  • JSON output for scripting
  • Self-upgrade with checksum verification
terminal
# Target a project on any GitLab instance
glab issue list -R gitlab.example.com/group/project
glab mr list --state opened -R gitlab.example.com/team/app

# Direct API access with specific host
glab api '/projects?membership=true' --hostname gitlab.example.com

# :id auto-resolves to current project
glab api '/projects/:id/pipelines?per_page=5'

# Get MR data as JSON
glab mr list --json | jq '.[].title'

# GraphQL queries
glab api graphql --method POST \
  --body '{"query":"{ currentUser { name } }"}'

# Upgrade to the latest version
glab upgrade --yes
Configuration

Fully customizable

Configuration stored in ~/.config/glab/. Override with the GLAB_CONFIG_DIR environment variable.

Global Keys

KeyDescription
editorPreferred text editor
pagerPreferred pager program
browserPreferred web browser
protocolGit protocol: https or ssh
git_remoteDefault git remote name

Per-Host Keys

KeyDescription
client_idOAuth application ID
redirect_uriOAuth redirect URI
oauth_scopesOAuth scopes
protocolGit protocol for this host
api_hostAPI hostname override

Environment Variables

VariableDescription
GITLAB_TOKENAuthentication token (overrides stored config)
GLAB_TOKENAuthentication token (alternative)
GITLAB_HOSTDefault GitLab hostname (default: gitlab.com)
GLAB_CONFIG_DIRConfiguration directory path
per-host config 
# Store OAuth client ID for a self-hosted instance
glab config set client_id <app-id> --host gitlab.example.com

# Store custom redirect URI
glab config set redirect_uri http://localhost:8080/callback --host gitlab.example.com

# Store custom OAuth scopes
glab config set oauth_scopes "api read_user write_repository" --host gitlab.example.com
Remote MCP Server

Expose GitLab tools over HTTP

Run the MCP server as a standalone HTTP service so remote AI clients can connect over the network. Supports shared-token auth, per-user OAuth, persistent tokens across restarts, Docker deployment, and reverse proxy setups.

quick start 
# Start HTTP server (auto-generates a bearer token, printed to stderr)
glab mcp serve --transport http

# Custom host, port, and token
glab mcp serve --transport http --host 0.0.0.0 --port 9090 --token my-secret

# Stateless mode (simpler, no session tracking)
glab mcp serve --transport http --stateless

# Register the remote server with Claude Code
glab mcp install --transport http --host myserver.example.com --port 8080 --token my-secret

Authentication modes

Shared Token (default)

A single bearer token shared by all clients. If you omit --token, a random 64-character hex token is generated and printed to stderr. The token is persisted to ~/.config/glab/mcp_token so clients stay authenticated across server restarts.

Authorization: Bearer <token>

Per-User OAuth

When --client-id is set, each user authenticates individually via GitLab OAuth. The server implements the MCP authorization spec (RFC 8414, dynamic client registration, PKCE). MCP clients like Claude Code handle the flow automatically.

glab mcp serve --transport http --client-id <app-id>
per-user OAuth setup 
# 1. Create a GitLab OAuth application with redirect URI:
#    http://<server-host>:<port>/auth/redirect

# 2. Start the server with your OAuth app ID
glab mcp serve --transport http \
  --client-id my-oauth-app-id \
  --gitlab-host gitlab.example.com

# 3. Behind a reverse proxy? Set the external URL for correct callbacks
glab mcp serve --transport http \
  --client-id my-oauth-app-id \
  --gitlab-host gitlab.example.com \
  --external-url https://mcp.example.com

# Each user's GitLab API calls use their own OAuth token and permissions

HTTP Transport Flags

FlagDefaultDescription
--transportstdioTransport mode: stdio or http
--hostlocalhostHTTP listen address
--port8080HTTP listen port
--token(auto)Bearer token (auto-generated and persisted if empty)
--no-authfalseDisable bearer token authentication
--statelessfalseStateless HTTP mode (no session tracking)
--base-path/mcpHTTP endpoint path
--client-idGitLab OAuth application ID (enables per-user OAuth)
--gitlab-hostfrom configGitLab hostname for OAuth
--external-urlPublic base URL for OAuth callbacks behind a reverse proxy

Docker deployment

Deploy the remote MCP server as a Docker container for production environments.

Docker 
# Build the Docker image
docker build -t glab-mcp .

# Run with shared token auth (-v persists credentials across restarts)
docker run -p 8080:8080 -v glab-mcp-data:/config \
  -e GITLAB_TOKEN=glpat-xxxxxxxxxxxx \
  glab-mcp --token my-secret

# Run with per-user OAuth
docker run -p 8080:8080 -v glab-mcp-data:/config \
  glab-mcp \
  --client-id my-oauth-app-id \
  --gitlab-host gitlab.example.com \
  --external-url https://mcp.example.com

Reverse proxy

For production deployments, run behind a reverse proxy that provides TLS termination, rate limiting, and access logging. Use --external-url so OAuth callbacks resolve to the public hostname.

nginx.conf 
# Proxy all MCP traffic (including SSE streams and OAuth endpoints)
location /mcp {
    proxy_pass http://127.0.0.1:8080/mcp;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_buffering off;           # required for SSE
    proxy_cache off;
    proxy_read_timeout 86400s;     # long timeout for SSE streams
}

# Forward OAuth endpoints when using --client-id
location /oauth {
    proxy_pass http://127.0.0.1:8080/oauth;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
}
location /auth {
    proxy_pass http://127.0.0.1:8080/auth;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
}
location /.well-known {
    proxy_pass http://127.0.0.1:8080/.well-known;
    proxy_set_header Host $host;
}