Wardn Hub

GitHub MCP Server

io.github.github/github-mcp-server

Overview

Connect AI assistants to GitHub to manage repositories, issues, pull requests, Actions workflows, code search, security alerts, notifications, and collaboration workflows.

WebsiteRepository

Documentation

Overview

GitHub MCP Server connects MCP-compatible AI tools to GitHub. It supports repository browsing, file and code search, issues, pull requests, Actions, releases, notifications, organizations, discussions, projects, security alerts, Dependabot, gists, stargazers, Copilot-related remote tools, and configurable tool discovery.

Targets

The hosted streamable HTTP endpoint is https://api.githubcopilot.com/mcp/. It can authenticate through an MCP host's GitHub OAuth integration or through an Authorization bearer token. Remote configuration can use URL paths such as /readonly, /insiders, and /x/{toolset}, plus headers including X-MCP-Toolsets, X-MCP-Tools, X-MCP-Exclude-Tools, X-MCP-Readonly, X-MCP-Lockdown, X-MCP-Insiders, and X-MCP-Features.

The local package is the OCI image ghcr.io/github/github-mcp-server. The default documented container launch uses Docker over stdio with command docker and args run, -i, --rm, -p, 127.0.0.1:8085:8085, -e, GITHUB_OAUTH_CALLBACK_PORT, ghcr.io/github/github-mcp-server. For PAT authentication, set GITHUB_PERSONAL_ACCESS_TOKEN to an empty secret value in config and pass it with Docker -e. The image entrypoint defaults to the stdio command. The binary also supports a local HTTP command with default port 8082.

Configuration

Core local configuration includes GITHUB_PERSONAL_ACCESS_TOKEN, GITHUB_HOST, GITHUB_TOOLSETS, GITHUB_TOOLS, GITHUB_EXCLUDE_TOOLS, GITHUB_READ_ONLY, GITHUB_LOCKDOWN_MODE, GITHUB_INSIDERS, GITHUB_FEATURES, OAuth client/scopes/callback variables, logging variables, HTTP variables, and server name/title overrides. Toolsets available locally include context, repos, issues, pull_requests, users, actions, code_quality, code_security, copilot, dependabot, discussions, gists, git, labels, notifications, orgs, projects, secret_protection, security_advisories, stargazers, all, default, copilot_spaces, github_support_docs_search. User-controllable feature flags include remote_mcp_ui_apps, csv_output, ifc_labels, issues_granular, pull_requests_granular, file_blame, issue_dependencies.

Security and Limitations

GitHub permissions are enforced by GitHub's API and by the token/app/OAuth scopes granted. Local Docker OAuth must publish the callback port to loopback only. GHES does not support the GitHub-hosted remote server and should use the local server with GITHUB_HOST. Classic PATs are scope-filtered at startup; fine-grained PATs and GitHub App tokens rely on API permission enforcement. Read-only and lockdown modes can reduce risk, and excluded tools take precedence over requested tools.