Github MCP Server

GitHub MCP Server

The GitHub MCP Server connects AI tools directly to GitHub's platform. This gives AI agents, assistants, and chatbots the ability to read repositories and code files, manage issues and PRs, analyze code, and automate workflows. All through natural language interactions.

Use Cases

• Repository Management: Browse and query code, search files, analyze commits, and understand project structure across any repository you have access to.
• Issue & PR Automation: Create, update, and manage issues and pull requests. Let AI help triage bugs, review code changes, and maintain project boards.
• CI/CD & Workflow Intelligence: Monitor GitHub Actions workflow runs, analyze build failures, manage releases, and get insights into your development pipeline.
• Code Analysis: Examine security findings, review Dependabot alerts, understand code patterns, and get comprehensive insights into your codebase.
• Team Collaboration: Access discussions, manage notifications, analyze team activity, and streamline processes for your team.

Built for developers who want to connect their AI tools to GitHub context and capabilities, from simple natural language queries to complex multi-step agent workflows.

---

Remote GitHub MCP Server

The remote GitHub MCP Server is hosted by GitHub and provides the easiest method for getting up and running. If your MCP host does not support remote MCP servers, don't worry! You can use the local version of the GitHub MCP Server instead.

Prerequisites

1. A compatible MCP host with remote server support (VS Code 1.101+, Claude Desktop, Cursor, Windsurf, etc.)
2. Any applicable policies enabled

Install in VS Code

For quick installation, use one of the one-click install buttons above. Once you complete that flow, toggle Agent mode (located by the Copilot Chat text input) and the server will start. Make sure you're using VS Code 1.101 or later for remote MCP and OAuth support.

Alternatively, to manually configure VS Code, choose the appropriate JSON block from the examples below and add it to your host configuration:

{
  "servers": {
    "github": {
      "type": "http",
      "url": "https://api.githubcopilot.com/mcp/"
    }
  }
}

{
  "servers": {
    "github": {
      "type": "http",
      "url": "https://api.githubcopilot.com/mcp/",
      "headers": {
        "Authorization": "Bearer ${input:github_mcp_pat}"
      }
    }
  },
  "inputs": [
    {
      "type": "promptString",
      "id": "github_mcp_pat",
      "description": "GitHub Personal Access Token",
      "password": true
    }
  ]
}

Install in other MCP hosts

• Copilot CLI - Installation guide for GitHub Copilot CLI
• GitHub Copilot in other IDEs - Installation for JetBrains, Visual Studio, Eclipse, and Xcode with GitHub Copilot
• Claude Applications - Installation guide for Claude Desktop and Claude Code CLI
• Codex - Installation guide for OpenAI Codex
• Cursor - Installation guide for Cursor IDE
• Windsurf - Installation guide for Windsurf IDE
• Rovo Dev CLI - Installation guide for Rovo Dev CLI

Note: Each MCP host application needs to configure a GitHub App or OAuth App to support remote access via OAuth. Any host application that supports remote MCP servers should support the remote GitHub server with PAT authentication. Configuration details and support levels vary by host. Make sure to refer to the host application's documentation for more info.

Configuration

Toolset configuration

See Remote Server Documentation for full details on remote server configuration, toolsets, headers, and advanced usage. This file provides comprehensive instructions and examples for connecting, customizing, and installing the remote GitHub MCP Server in VS Code and other MCP hosts.

When no toolsets are specified, default toolsets are used.

Insiders Mode

Try new features early! The remote server offers an insiders version with early access to new features and experimental tools.

{
  "servers": {
    "github": {
      "type": "http",
      "url": "https://api.githubcopilot.com/mcp/insiders"
    }
  }
}

{
  "servers": {
    "github": {
      "type": "http",
      "url": "https://api.githubcopilot.com/mcp/",
      "headers": {
        "X-MCP-Insiders": "true"
      }
    }
  }
}

See Remote Server Documentation for more details and examples, and Insiders Features for a full list of what's available.

GitHub Enterprise

GitHub Enterprise Cloud with data residency (ghe.com)

GitHub Enterprise Cloud can also make use of the remote server.

Example for https://octocorp.ghe.com with GitHub PAT token:

{
    ...
    "github-octocorp": {
      "type": "http",
      "url": "https://copilot-api.octocorp.ghe.com/mcp",
      "headers": {
        "Authorization": "Bearer ${input:github_mcp_pat}"
      }
    },
    ...
}

Note: When using OAuth with GitHub Enterprise with VS Code and GitHub Copilot, you also need to configure your VS Code settings to point to your GitHub Enterprise instance - see Authenticate from VS Code

GitHub Enterprise Server

GitHub Enterprise Server does not support remote server hosting. Please refer to GitHub Enterprise Server and Enterprise Cloud with data residency (ghe.com) from the local server configuration.

---

Local GitHub MCP Server

Prerequisites

1. To run the server in a container, you will need to have Docker installed.
2. Once Docker is installed, you will also need to ensure Docker is running. The Docker image is available at ghcr.io/github/github-mcp-server. The image is public; if you get errors on pull, you may have an expired token and need to docker logout ghcr.io.
3. Lastly you will need to Create a GitHub Personal Access Token. The MCP server can use many of the GitHub APIs, so enable the permissions that you feel comfortable granting your AI tools (to learn more about access tokens, please check out the documentation).

Environment Variables (Recommended)

To keep your GitHub PAT secure and reusable across different MCP hosts:

1. Store your PAT in environment variables

   export GITHUB_PAT=your_token_here
   

   Or create a .env file:

   GITHUB_PAT=your_token_here
   

2. Protect your .env file

   # Add to .gitignore to prevent accidental commits
   echo ".env" >> .gitignore
   

3. Reference the token in configurations

   # CLI usage
   claude mcp update github -e GITHUB_PERSONAL_ACCESS_TOKEN=$GITHUB_PAT
   
   # In config files (where supported)
   "env": {
     "GITHUB_PERSONAL_ACCESS_TOKEN": "$GITHUB_PAT"
   }
   

Note: Environment variable support varies by host app and IDE. Some applications (like Windsurf) require hardcoded tokens in config files.

Token Security Best Practices

• Minimum scopes: Only grant necessary permissions

  • repo - Repository operations
  • read:packages - Docker image access
  • read:org - Organization team access

• Separate tokens: Use different PATs for different projects/environments

• Regular rotation: Update tokens periodically

• Never commit: Keep tokens out of version control

• File permissions: Restrict access to config files containing tokens

  chmod 600 ~/.your-app/config.json
  

GitHub Enterprise Server and Enterprise Cloud with data residency (ghe.com)

The flag --gh-host and the environment variable GITHUB_HOST can be used to set the hostname for GitHub Enterprise Server or GitHub Enterprise Cloud with data residency.

• For GitHub Enterprise Server, prefix the hostname with the https:// URI scheme, as it otherwise defaults to http://, which GitHub Enterprise Server does not support.
• For GitHub Enterprise Cloud with data residency, use https://YOURSUBDOMAIN.ghe.com as the hostname.

"github": {
    "command": "docker",
    "args": [
    "run",
    "-i",
    "--rm",
    "-e",
    "GITHUB_PERSONAL_ACCESS_TOKEN",
    "-e",
    "GITHUB_HOST",
    "ghcr.io/github/github-mcp-server"
    ],
    "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_token}",
        "GITHUB_HOST": "https://<your GHES or ghe.com domain name>"
    }
}

Installation

Install in GitHub Copilot on VS Code

For quick installation, use one of the one-click install buttons above. Once you complete that flow, toggle Agent mode (located by the Copilot Chat text input) and the server will start.

More about using MCP server tools in VS Code's agent mode documentation.

Install in GitHub Copilot on other IDEs (JetBrains, Visual Studio, Eclipse, etc.)

Add the following JSON block to your IDE's MCP settings.

{
  "mcp": {
    "inputs": [
      {
        "type": "promptString",
        "id": "github_token",
        "description": "GitHub Personal Access Token",
        "password": true
      }
    ],
    "servers": {
      "github": {
        "command": "docker",
        "args": [
          "run",
          "-i",
          "--rm",
          "-e",
          "GITHUB_PERSONAL_ACCESS_TOKEN",
          "ghcr.io/github/github-mcp-server"
        ],
        "env": {
          "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_token}"
        }
      }
    }
  }
}

Optionally, you can add a similar example (i.e. without the mcp key) to a file called .vscode/mcp.json in your workspace. This will allow you to share the configuration with other host applications that accept the same format.

{
  "inputs": [
    {
      "type": "promptString",
      "id": "github_token",
      "description": "GitHub Personal Access Token",
      "password": true
    }
  ],
  "servers": {
    "github": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "GITHUB_PERSONAL_ACCESS_TOKEN",
        "ghcr.io/github/github-mcp-server"
      ],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_token}"
      }
    }
  }
}

Install in Other MCP Hosts

For other MCP host applications, please refer to our installation guides:

• Copilot CLI - Installation guide for GitHub Copilot CLI
• GitHub Copilot in other IDEs - Installation for JetBrains, Visual Studio, Eclipse, and Xcode with GitHub Copilot
• Claude Code & Claude Desktop - Installation guide for Claude Code and Claude Desktop
• Cursor - Installation guide for Cursor IDE
• Google Gemini CLI - Installation guide for Google Gemini CLI
• Windsurf - Installation guide for Windsurf IDE

For a complete overview of all installation options, see our Installation Guides Index.

Note: Any host application that supports local MCP servers should be able to access the local GitHub MCP server. However, the specific configuration process, syntax and stability of the integration will vary by host application. While many may follow a similar format to the examples above, this is not guaranteed. Please refer to your host application's documentation for the correct MCP configuration syntax and setup process.

Build from source

If you don't have Docker, you can use go build to build the binary in the cmd/github-mcp-server directory, and use the github-mcp-server stdio command with the GITHUB_PERSONAL_ACCESS_TOKEN environment variable set to your token. To specify the output location of the build, use the -o flag. You should configure your server to use the built executable as its command. For example:

{
  "mcp": {
    "servers": {
      "github": {
        "command": "/path/to/github-mcp-server",
        "args": ["stdio"],
        "env": {
          "GITHUB_PERSONAL_ACCESS_TOKEN": "<YOUR_TOKEN>"
        }
      }
    }
  }
}

CLI utilities

The github-mcp-server binary includes a few CLI subcommands that are helpful for debugging and exploring the server.

• github-mcp-server tool-search "<query>" searches tools by name, description, and input parameter names. Use --max-results to return more matches. Example (color output requires a TTY; use docker run -t (or -it) when running in Docker):

docker run -it --rm ghcr.io/github/github-mcp-server tool-search "issue" --max-results 5
github-mcp-server tool-search "issue" --max-results 5

Tool Configuration

The GitHub MCP Server supports enabling or disabling specific groups of functionalities via the --toolsets flag. This allows you to control which GitHub API capabilities are available to your AI tools. Enabling only the toolsets that you need can help the LLM with tool choice and reduce the context size.

Toolsets are not limited to Tools. Relevant MCP Resources and Prompts are also included where applicable.

When no toolsets are specified, default toolsets are used.

Looking for examples? See the Server Configuration Guide for common recipes like minimal setups, read-only mode, and combining tools with toolsets.

Specifying Toolsets

To specify toolsets you want available to the LLM, you can pass an allow-list in two ways:

1. Using Command Line Argument:

   github-mcp-server --toolsets repos,issues,pull_requests,actions,code_security
   

2. Using Environment Variable:

   GITHUB_TOOLSETS="repos,issues,pull_requests,actions,code_security" ./github-mcp-server
   

The environment variable GITHUB_TOOLSETS takes precedence over the command line argument if both are provided.

Specifying Individual Tools

You can also configure specific tools using the --tools flag. Tools can be used independently or combined with toolsets and dynamic toolsets discovery for fine-grained control.

1. Using Command Line Argument:

   github-mcp-server --tools get_file_contents,issue_read,create_pull_request
   

2. Using Environment Variable:

   GITHUB_TOOLS="get_file_contents,issue_read,create_pull_request" ./github-mcp-server
   

3. Combining with Toolsets (additive):

   github-mcp-server --toolsets repos,issues --tools get_gist
   

   This registers all tools from repos and issues toolsets, plus get_gist.

4. Combining with Dynamic Toolsets (additive):

   github-mcp-server --tools get_file_contents --dynamic-toolsets
   

   This registers get_file_contents plus the dynamic toolset tools (enable_toolset, list_available_toolsets, get_toolset_tools).

Important Notes:

• Tools, toolsets, and dynamic toolsets can all be used together
• Read-only mode takes priority: write tools are skipped if --read-only is set, even if explicitly requested via --tools
• Tool names must match exactly (e.g., get_file_contents, not getFileContents). Invalid tool names will cause the server to fail at startup with an error message
• When tools are renamed, old names are preserved as aliases for backward compatibility. See Tool Renaming for details.

Using Toolsets With Docker

When using Docker, you can pass the toolsets as environment variables:

docker run -i --rm \
  -e GITHUB_PERSONAL_ACCESS_TOKEN=<your-token> \
  -e GITHUB_TOOLSETS="repos,issues,pull_requests,actions,code_security" \
  ghcr.io/github/github-mcp-server

Using Tools With Docker

When using Docker, you can pass specific tools as environment variables. You can also combine tools with toolsets:

# Tools only
docker run -i --rm \
  -e GITHUB_PERSONAL_ACCESS_TOKEN=<your-token> \
  -e GITHUB_TOOLS="get_file_contents,issue_read,create_pull_request" \
  ghcr.io/github/github-mcp-server

# Tools combined with toolsets (additive)
docker run -i --rm \
  -e GITHUB_PERSONAL_ACCESS_TOKEN=<your-token> \
  -e GITHUB_TOOLSETS="repos,issues" \
  -e GITHUB_TOOLS="get_gist" \
  ghcr.io/github/github-mcp-server

Special toolsets

"all" toolset

The special toolset all can be provided to enable all available toolsets regardless of any other configuration:

./github-mcp-server --toolsets all

Or using the environment variable:

GITHUB_TOOLSETS="all" ./github-mcp-server

"default" toolset

The default toolset default is the configuration that gets passed to the server if no toolsets are specified.

The default configuration is:

• context
• repos
• issues
• pull_requests
• users

To keep the default configuration and add additional toolsets:

GITHUB_TOOLSETS="default,stargazers" ./github-mcp-server

Insiders Mode

The local GitHub MCP Server offers an insiders version with early access to new features and experimental tools.

1. Using Command Line Argument:

   ./github-mcp-server --insiders
   

2. Using Environment Variable:

   GITHUB_INSIDERS=true ./github-mcp-server
   

When using Docker:

docker run -i --rm \
  -e GITHUB_PERSONAL_ACCESS_TOKEN=<your-token> \
  -e GITHUB_INSIDERS=true \
  ghcr.io/github/github-mcp-server

Available Toolsets

The following sets of tools are available:

Additional Toolsets in Remote GitHub MCP Server

Tools

• actions_get - Get details of GitHub Actions resources (workflows, workflow runs, jobs, and artifacts)

  • Required OAuth Scopes: repo
  • method: The method to execute (string, required)
  • owner: Repository owner (string, required)
  • repo: Repository name (string, required)
  • resource_id: The unique identifier of the resource. This will vary based on the "method" provided, so ensure you provide the correct ID:
    • Provide a workflow ID or workflow file name (e.g. ci.yaml) for 'get_workflow' method.
    • Provide a workflow run ID for 'get_workflow_run', 'get_workflow_run_usage', and 'get_workflow_run_logs_url' methods.
    • Provide an artifact ID for 'download_workflow_run_artifact' method.
    • Provide a job ID for 'get_workflow_job' method. (string, required)

• actions_list - List GitHub Actions workflows in a repository

  • Required OAuth Scopes: repo
  • method: The action to perform (string, required)
  • owner: Repository owner (string, required)
  • page: Page number for pagination (default: 1) (number, optional)
  • per_page: Results per page for pagination (default: 30, max: 100) (number, optional)
  • repo: Repository name (string, required)
  • resource_id: The unique identifier of the resource. This will vary based on the "method" provided, so ensure you provide the correct ID:
    • Do not provide any resource ID for 'list_workflows' method.
    • Provide a workflow ID or workflow file name (e.g. ci.yaml) for 'list_workflow_runs' method, or omit to list all workflow runs in the repository.
    • Provide a workflow run ID for 'list_workflow_jobs' and 'list_workflow_run_artifacts' methods. (string, optional)
  • workflow_jobs_filter: Filters for workflow jobs. ONLY used when method is 'list_workflow_jobs' (object, optional)
  • workflow_runs_filter: Filters for workflow runs. ONLY used when method is 'list_workflow_runs' (object, optional)

• actions_run_trigger - Trigger GitHub Actions workflow actions

  • Required OAuth Scopes: repo
  • inputs: Inputs the workflow accepts. Only used for 'run_workflow' method. (object, optional)
  • method: The method to execute (string, required)
  • owner: Repository owner (string, required)
  • ref: The git reference for the workflow. The reference can be a branch or tag name. Required for 'run_workflow' method. (string, optional)
  • repo: Repository name (string, required)
  • run_id: The ID of the workflow run. Required for all methods except 'run_workflow'. (number, optional)
  • workflow_id: The workflow ID (numeric) or workflow file name (e.g., main.yml, ci.yaml). Required for 'run_workflow' method. (string, optional)

• get_job_logs - Get GitHub Actions workflow job logs

  • Required OAuth Scopes: repo
  • failed_only: When true, gets logs for all failed jobs in the workflow run specified by run_id. Requires run_id to be provided. (boolean, optional)
  • job_id: The unique identifier of the workflow job. Required when getting logs for a single job. (number, optional)
  • owner: Repository owner (string, required)
  • repo: Repository name (string, required)
  • return_content: Returns actual log content instead of URLs (boolean, optional)
  • run_id: The unique identifier of the workflow run. Required when failed_only is true to get logs for all failed jobs in the run. (number, optional)
  • tail_lines: Number of lines to return from the end of the log (number, optional)

• get_code_scanning_alert - Get code scanning alert

  • Required OAuth Scopes: security_events
  • Accepted OAuth Scopes: repo, security_events
  • alertNumber: The number of the alert. (number, required)
  • owner: The owner of the repository. (string, required)
  • repo: The name of the repository. (string, required)

• list_code_scanning_alerts - List code scanning alerts

  • Required OAuth Scopes: security_events
  • Accepted OAuth Scopes: repo, security_events
  • owner: The owner of the repository. (string, required)
  • ref: The Git reference for the results you want to list. (string, optional)
  • repo: The name of the repository. (string, required)
  • severity: Filter code scanning alerts by severity (string, optional)
  • state: Filter code scanning alerts by state. Defaults to open (string, optional)
  • tool_name: The name of the tool used for code scanning. (string, optional)

• get_me - Get my user profile

  • No parameters required

• get_team_members - Get team members

  • Required OAuth Scopes: read:org
  • Accepted OAuth Scopes: admin:org, read:org, write:org
  • org: Organization login (owner) that contains the team. (string, required)
  • team_slug: Team slug (string, required)

• get_teams - Get teams

  • Required OAuth Scopes: read:org
  • Accepted OAuth Scopes: admin:org, read:org, write:org
  • user: Username to get teams for. If not provided, uses the authenticated user. (string, optional)

• assign_copilot_to_issue - Assign Copilot to issue

  • Required OAuth Scopes: repo
  • base_ref: Git reference (e.g., branch) that the agent will start its work from. If not specified, defaults to the repository's default branch (string, optional)
  • custom_instructions: Optional custom instructions to guide the agent beyond the issue body. Use this to provide additional context, constraints, or guidance that is not captured in the issue description (string, optional)
  • issue_number: Issue number (number, required)
  • owner: Repository owner (string, required)
  • repo: Repository name (string, required)

• request_copilot_review - Request Copilot review

  • Required OAuth Scopes: repo
  • owner: Repository owner (string, required)
  • pullNumber: Pull request number (number, required)
  • repo: Repository name (string, required)

• get_dependabot_alert - Get dependabot alert

  • Required OAuth Scopes: security_events
  • Accepted OAuth Scopes: repo, security_events
  • alertNumber: The number of the alert. (number, required)
  • owner: The owner of the repository. (string, required)
  • repo: The name of the repository. (string, required)

• list_dependabot_alerts - List dependabot alerts

  • Required OAuth Scopes: security_events
  • Accepted OAuth Scopes: repo, security_events
  • owner: The owner of the repository. (string, required)
  • repo: The name of the repository. (string, required)
  • severity: Filter dependabot alerts by severity (string, optional)
  • state: Filter dependabot alerts by state. Defaults to open (string, optional)

• get_discussion - Get discussion

  • Required OAuth Scopes: repo
  • discussionNumber: Discussion Number (number, required)
  • owner: Repository owner (string, required)
  • repo: Repository name (string, required)

• get_discussion_comments - Get discussion comments

  • Required OAuth Scopes: repo
  • after: Cursor for pagination. Use the endCursor from the previous page's PageInfo for GraphQL APIs. (string, optional)
  • discussionNumber: Discussion Number (number, required)
  • owner: Repository owner (string, required)
  • perPage: Results per page for pagination (min 1, max 100) (number, optional)
  • repo: Repository name (string, required)

• list_discussion_categories - List discussion categories

  • Required OAuth Scopes: repo
  • owner: Repository owner (string, required)
  • repo: Repository name. If not provided, discussion categories will be queried at the organisation level. (string, optional)

• list_discussions - List discussions

  • Required OAuth Scopes: repo
  • after: Cursor for pagination. Use the endCursor from the previous page's PageInfo for GraphQL APIs. (string, optional)
  • category: Optional filter by discussion category ID. If provided, only discussions with this category are listed. (string, optional)
  • direction: Order direction. (string, optional)
  • orderBy: Order discussions by field. If provided, the 'direction' also needs to be provided. (string, optional)
  • owner: Repository owner (string, required)
  • perPage: Results per page for pagination (min 1, max 100) (number, optional)
  • repo: Repository name. If not provided, discussions will be queried at the organisation level. (string, optional)

• create_gist - Create Gist

  • Required OAuth Scopes: gist
  • content: Content for simple single-file gist creation (string, required)
  • description: Description of the gist (string, optional)
  • filename: Filename for simple single-file gist creation (string, required)
  • public: Whether the gist is public (boolean, optional)

• get_gist - Get Gist Content

  • gist_id: The ID of the gist (string, required)

Documentation truncated — see the full README on GitHub.