Fix getEffectiveProjectId to prioritize passed projectId over GITLAB_PROJECT_ID

[Copilot]

When GITLAB_ALLOWED_PROJECT_IDS is unset, getEffectiveProjectId was returning GITLAB_PROJECT_ID even when a different projectId was explicitly passed, preventing users from querying other projects via tools like get_project.

Changes

• index.ts: Reversed priority order to check projectId parameter before GITLAB_PROJECT_ID environment variable
• test/test-geteffectiveprojectid.ts: Added test coverage for all three configuration modes (no allowlist, single project, multiple projects)

Before

return GITLAB_PROJECT_ID || projectId;

After

if (projectId) {
  return projectId;
}
if (GITLAB_PROJECT_ID) {
  return GITLAB_PROJECT_ID;
}
throw new Error("No project ID provided and GITLAB_PROJECT_ID is not set");

This allows get_project and similar tools to accept any project ID/path when no allowlist is configured, while maintaining backward compatibility when projectId is omitted.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>getEffectiveProjectId cannot return projectId passed into the function when GITLAB_ALLOWED_PROJECT_IDS is unspecified</issue_title>
<issue_description>I want to retrieve the project ID of another project (different from GITLAB_PROJECT_ID) by the project path with namespace using get_project. It's supported by Gitlab project API: https://docs.gitlab.com/18.6/api/projects/#get-a-single-project

However, getEffectiveProjectId always returns GITLAB_PROJECT_ID when GITLAB_ALLOWED_PROJECT_IDS is unspecified. Can it have an option to return projectId passed into the function, or even let projectId have precedence over GITLAB_PROJECT_ID at https://github.com/zereight/gitlab-mcp/blob/v2.0.21/index.ts#L1307 ? Thanks.
</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes getEffectiveProjectId cannot return projectId passed into the function when GITLAB_ALLOWED_PROJECT_IDS is unspecified #298

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Juoper]

looks good to me

[ricolo]

Looks good and can fix the issue I raised

[Copilot]

Pull request overview

This PR fixes project ID resolution so an explicitly provided projectId argument takes precedence over GITLAB_PROJECT_ID when no allowlist is configured, enabling tools like get_project to query arbitrary accessible projects by ID/path.

Changes:

• Updated getEffectiveProjectId to prioritize the passed projectId over GITLAB_PROJECT_ID, and to throw a clearer error when neither is provided.
• Added a new test suite covering project ID resolution behavior across three configuration modes (no allowlist, single allowed project, multiple allowed projects).
• Ignored generated test-results*.json artifacts.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

File	Description
index.ts	Changes getEffectiveProjectId precedence and adds explicit error when no project ID source exists.
test/test-geteffectiveprojectid.ts	Adds coverage for resolution behavior under different allowlist configurations via mock GitLab + MCP server.
.gitignore	Ignores JSON test result outputs.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This test suite is not hermetic: launchServer() reads process.env.GITLAB_TOKEN_TEST and process.env.TEST_PROJECT_ID (and passes through process.env.GITLAB_ALLOWED_PROJECT_IDS unless explicitly overridden). As written, these tests will fail on environments where those vars aren’t set (or will behave differently if GITLAB_ALLOWED_PROJECT_IDS is set in the parent env). Consider setting/restoring process.env.GITLAB_TOKEN_TEST + process.env.TEST_PROJECT_ID in the before/after hooks, and explicitly setting GITLAB_ALLOWED_PROJECT_IDS: '' for the “No GITLAB_ALLOWED_PROJECT_IDS” case to override any inherited value.

[Copilot]

Now that the passed projectId takes precedence, callers that pass a URL-encoded path (which is documented for many project_id params) will start flowing through this branch more often. At least the get_project tool currently passes args.project_id straight into encodeURIComponent(...) without a prior decodeURIComponent, so an input like group%2Fproj will become double-encoded (group%252Fproj) and fail. Consider normalizing/decoding projectId before returning here (or ensuring all callers decode before calling this helper) so precedence changes don’t break URL-encoded project paths.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 132366d84f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Unblock create/fork flows when GITLAB_PROJECT_ID is only a default

This helper now makes GITLAB_PROJECT_ID a fallback instead of a lock, but the fork_repository and create_repository handlers still reject whenever that env var is present (index.ts:5316-5318 and index.ts:5388-5391). In a deployment that keeps GITLAB_PROJECT_ID only to supply a default project, project-scoped tools can now target arbitrary project_ids while create/fork always fail, so the new semantics are only applied to part of the API surface.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Seed launcher env before starting the new mock suites

These before() blocks call launchServer without first populating the parent GITLAB_TOKEN_TEST/TEST_PROJECT_ID, but test/utils/server-launcher.ts:40-57 reads both from process.env and throws if either is missing. Because this is a mock-only test, a clean local or CI run will fail before the MCP server starts unless the caller happens to have unrelated integration-test env vars exported.

Useful? React with 👍 / 👎.