GitHub MCP server guide

Overview

The official GitHub MCP server provides access to the GitHub API, allowing AI agents to interact with GitHub repositories, issues, pull requests, and more.

Metadata

Expand to view the MCP server's metadata

Server metadata

Name: github
Type: container
Description: Provides integration with GitHub's APIs
Tier: Official
Status: Active
Transport: stdio
Image: ghcr.io/github/github-mcp-server:v0.14.0
Has Provenance: Yes

Permissions:
  Network:
    Allow Host: .github.com, .githubusercontent.com
    Allow Port: 443
Repository URL: https://github.com/github/github-mcp-server
Popularity: 22113 stars, 5000 pulls
Last Updated: 2025-09-02T02:31:28Z

Tools:
  - add_comment_to_pending_review
  - add_issue_comment
  - add_sub_issue
  - assign_copilot_to_issue
  - cancel_workflow_run
  - create_and_submit_pull_request_review
  - create_branch
  - create_gist
  - create_issue
  - create_or_update_file
  - create_pending_pull_request_review
  - create_pull_request
  - create_repository
  - delete_file
  - delete_pending_pull_request_review
  - delete_workflow_run_logs
  - dismiss_notification
  - download_workflow_run_artifact
  - fork_repository
  - get_code_scanning_alert
  - get_commit
  - get_dependabot_alert
  - get_discussion
  - get_discussion_comments
  - get_file_contents
  - get_global_security_advisory
  - get_issue
  - get_issue_comments
  - get_job_logs
  - get_latest_release
  - get_me
  - get_notification_details
  - get_pull_request
  - get_pull_request_comments
  - get_pull_request_diff
  - get_pull_request_files
  - get_pull_request_reviews
  - get_pull_request_status
  - get_release_by_tag
  - get_secret_scanning_alert
  - get_tag
  - get_team_members
  - get_teams
  - get_workflow_run
  - get_workflow_run_logs
  - get_workflow_run_usage
  - list_branches
  - list_code_scanning_alerts
  - list_commits
  - list_dependabot_alerts
  - list_discussion_categories
  - list_discussions
  - list_gists
  - list_global_security_advisories
  - list_issue_types
  - list_issues
  - list_notifications
  - list_org_repository_security_advisories
  - list_pull_requests
  - list_releases
  - list_repository_security_advisories
  - list_secret_scanning_alerts
  - list_sub_issues
  - list_tags
  - list_workflow_jobs
  - list_workflow_run_artifacts
  - list_workflow_runs
  - list_workflows
  - manage_notification_subscription
  - manage_repository_notification_subscription
  - mark_all_notifications_read
  - merge_pull_request
  - push_files
  - remove_sub_issue
  - reprioritize_sub_issue
  - request_copilot_review
  - rerun_failed_jobs
  - rerun_workflow_run
  - run_workflow
  - search_code
  - search_issues
  - search_orgs
  - search_pull_requests
  - search_repositories
  - search_users
  - submit_pending_pull_request_review
  - update_gist
  - update_issue
  - update_pull_request
  - update_pull_request_branch

Environment Variables:
  - GITHUB_PERSONAL_ACCESS_TOKEN (required): GitHub personal access token with appropriate permissions
  - GITHUB_HOST: GitHub Enterprise Server hostname (optional)
  - GITHUB_TOOLSETS: Comma-separated list of toolsets to enable (e.g., 'repos,issues,pull_requests'). If not set, all toolsets are enabled. See the README for available toolsets.
  - GITHUB_DYNAMIC_TOOLSETS: Set to '1' to enable dynamic toolset discovery
  - GITHUB_READ_ONLY: Set to '1' to enable read-only mode, preventing any modifications to GitHub resources

Tags:
  api, create, fork, github, list, pull-request, push, repository, search, update, issues

Example Command:
  thv run github

Usage

UI

Select the github MCP server in the ToolHive registry. In the Secrets section, add your GitHub personal access token to authenticate with the GitHub API, or select an existing secret that contains the token.

Review the optional environment variables to customize the server's behavior. For example, you might want to limit the active toolsets or enable read-only mode. Refer to the documentation for the current list of toolsets.

Security tip

Enable outbound network filtering on the Network Isolation tab to restrict the server's network access using the default profile contained in the registry.

GitHub Enterprise

If you're working with a GitHub Enterprise instance, enter the instance URL in the GITHUB_HOST environment variable and update the network isolation settings to allow access to the enterprise domain.

CLI

Run with the default configuration. ToolHive will prompt you to enter your GitHub personal access token:

thv run github

Create a secret named github containing your GitHub personal access token and run the server with the --secret flag:

thv secret set github
thv run --secret github,target=GITHUB_PERSONAL_ACCESS_TOKEN github

Or, use the GitHub CLI to populate the secret with your token:

gh auth token | thv secret set github
thv run --secret github,target=GITHUB_PERSONAL_ACCESS_TOKEN github

Enable network isolation using the default profile from the registry (appropriate for github.com) to restrict the server's network access:

thv run --isolate-network github

Limit the active toolsets (useful to avoid context overload) and enable read-only mode. Refer to the documentation for the current list of toolsets.

thv run -e GITHUB_TOOLSETS=repos,issues,pull_requests -e GITHUB_READ_ONLY=1 github

Enable the MCP server's dynamic tool discovery feature (currently in beta):

thv run -e GITHUB_DYNAMIC_TOOLSETS=1 github

GitHub Enterprise

Create a custom permission profile for your GitHub Enterprise instance:

github-enterprise-profile.json

{
  "network": {
    "outbound": {
      "insecure_allow_all": false,
      "allow_host": ["github.your-enterprise.com"],
      "allow_port": [443]
    }
  }
}

Then run the server with the profile:

thv run \
  -e GITHUB_HOST=https://github.your-enterprise.com \
  --isolate-network --permission-profile github-enterprise-profile.json \
  github

Kubernetes

Create a Kubernetes secret containing your GitHub personal access token:

kubectl -n toolhive-system create secret generic github-token --from-literal=token=<YOUR_TOKEN>

Create a Kubernetes manifest to deploy the GitHub MCP server using your secret:

github.yaml

apiVersion: toolhive.stacklok.dev/v1alpha1
kind: MCPServer
metadata:
  name: github
  namespace: toolhive-system
spec:
  image: ghcr.io/github/github-mcp-server:v0.13.0
  transport: stdio
  port: 8080
  permissionProfile:
    type: builtin
    name: network
  secrets:
    - name: github-token
      key: token
      targetEnvName: GITHUB_PERSONAL_ACCESS_TOKEN

Apply the manifest to your Kubernetes cluster:

kubectl apply -f github.yaml

To customize the server's behavior, add environment variables to the spec section of your manifest. For example, to limit the active toolsets or enable read-only mode, add:

github.yaml

spec:
  # ...
  env:
    - name: GITHUB_TOOLSETS
      value: 'repos,issues,pull_requests'
    - name: GITHUB_READ_ONLY
      value: '1'

Refer to the documentation for the current list of toolsets.

GitHub Enterprise

If you're working with a GitHub Enterprise instance, add the GITHUB_HOST environment variable to the spec section of your manifest:

spec:
  # ...
  env:
    - name: GITHUB_HOST
      value: 'https://github.your-enterprise.com'

Sample prompts

Here are some sample prompts you can use to interact with the GitHub MCP server:

• "List all repositories for the organization my-org"
• "Create a new issue in the repository my-org/my-repo with the title 'Bug report' and the body 'There is a bug in the code'"
• "Get the latest pull requests for the repository my-org/my-repo"

Recommended practices

• Scope your GitHub personal access token to the minimum permissions required for your use case.
• Regularly rotate your GitHub personal access token and update the secret in ToolHive.
• Enable network isolation to restrict the server's outbound network access.
• Limit the active toolsets to reduce context overload and improve performance, or use dynamic tool discovery if supported by your client.