promptgarten 🌱
🌍 ES

Add-ons & integrations Β· MCP

GitHub MCP Server

βœ“ Officialβ˜… 31.389

MCP server maintained by GitHub itself for repos, pull requests, issues, code search, and CI/CD insights β€” remote or local, with OAuth login.

The GitHub MCP Server connects agents directly to the GitHub platform β€” in two operating modes. The remote server is hosted by GitHub itself at https://api.githubcopilot.com/mcp/ and, per the README, is the easiest way to get started: sign in via OAuth in the browser (the token then stays only in memory), or alternatively via a Personal Access Token (PAT) in the Authorization: Bearer header. Anyone who wants to keep everything local can start the server as a Docker container (ghcr.io/github/github-mcp-server) with a PAT or OAuth callback β€” or build it themselves from source via go build.

Capabilities are organized into toolsets that can be individually enabled and disabled: repos (repository operations), issues, pull_requests, actions (CI/CD), code_security (code and secret scanning), plus dependabot, discussions, gists, projects, orgs, users, notifications, and labels. Without specifying anything, context, repos, issues, pull_requests, and users are active by default. The selection is controlled via the --toolsets flag or the GITHUB_TOOLSETS environment variable; individual tools can be enabled via GITHUB_TOOLS. A --read-only flag disables all write-capable tools β€” useful when the agent should only analyze, not change anything.

This lets an agent triage issues, create and review pull requests, inspect CI runs, and search code across repos β€” with official vendor support from GitHub rather than a community-built workaround.

πŸ”§ SETUP

  1. Easiest path (remote): register the hosted server in your MCP client as an HTTP server: `{"servers": {"github": {"type": "http", "url": "https://api.githubcopilot.com/mcp/"}}}` β€” sign in then via OAuth in the browser
  2. Alternatively with a Personal Access Token instead of OAuth: additionally configure the header `"Authorization": "Bearer <PAT>"`
  3. Local instead of remote: `docker run -i --rm -e GITHUB_PERSONAL_ACCESS_TOKEN=<your-token> ghcr.io/github/github-mcp-server`
  4. Restrict toolsets as needed, e.g. `--toolsets repos,issues,pull_requests,actions` or via the environment variable `GITHUB_TOOLSETS="repos,issues,pull_requests"`
  5. For pure analysis tasks, set the `--read-only` flag β€” write-capable tools are then skipped

βœ… WHEN TO USE IT?

PR and issue work straight from the agent

"Summarize the open issues labeled 'bug', prioritize them, and for the most critical one create a branch with a draft PR" β€” all via the official GitHub tools, without switching to the browser.

Diagnosing CI/CD failures

Using the `actions` toolset, fetch the failed workflow run from the latest push, analyze the logs, and have a fix suggested directly.

β›” WHEN NOT TO?

Local git operations in the working directory

The server talks to the GitHub API β€” it can't see commits, branches, and diffs in a local, not-yet-pushed working state.

Better: Do local git work via the agent's normal git CLI; use the GitHub MCP Server for the platform side (PRs, issues, actions) instead.

The agent should only read but gets full write access

With standard toolsets and a broadly scoped PAT, the agent can change issues, PRs, and more β€” more permissions than necessary are an unnecessary risk.

Better: Set `--read-only`, keep toolsets minimal, and use a fine-grained PAT with as few scopes as possible.

SOURCES