TL;DR - GitHub MCP Quick Start
Most popular MCP server - Connect your AI to GitHub for repository management.
🆕 December 2025: GitHub Copilot Extensions are being deprecated in favor of MCP servers. MCP is now the standard for extending GitHub Copilot! For an introduction to MCP, see the MCP Introduction guide.
Quick Setup:
{
"mcpServers": {
"github": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxxxxxxxxxxx"
}
}
}
}What you can do:
- 🔍 Search: Find repos, code, issues, users
- 📝 Issues: Create, update, close, comment, assign
- 🔀 Pull Requests: Create, review, merge, comment
- 📁 Files: Read, create, update files in repos
- 🌿 Branches: Create, list, manage branches
- 🍴 Forks: Fork any public repository
Example conversation:
You: Create an issue in my-org/my-repo titled "Bug: Login fails on Safari"
with details about the error
Claude: I've created issue #142 in my-org/my-repo:
"Bug: Login fails on Safari"
URL: https://github.com/my-org/my-repo/issues/142💡 Full guide below with all 20+ tools, workflows, and example prompts.
Why GitHub MCP is #1
GitHub MCP Server is the most downloaded MCP server for good reason:
| Metric | Value |
|---|---|
| Maintainer | GitHub (now Agentic AI Foundation) |
| Tools | 20+ GitHub operations |
| Copilot Support | GA in VS Code (July 2025), JetBrains |
| Use Cases | Issue triage, PR management, code review, repo setup |
🚨 Important (2025): GitHub is deprecating Copilot Extensions (GitHub Apps) by November 2025 in favor of MCP servers. Migrate your extensions now!
What You Can Automate
| Task | Without MCP | With GitHub MCP |
|---|---|---|
| Create issue from chat | Copy title, paste into GitHub, add labels manually | ”Create a bug issue for login failure” |
| Review PR changes | Open GitHub, read diff, copy to Claude, paste back | ”Review PR #42 and suggest improvements” |
| Set up new repo | Click through UI, add files manually | ”Create a new React project with standard config” |
| Find old commits | Git log, search, copy hashes | ”Find commits from last month mentioning auth” |
Prerequisites
Before setting up GitHub MCP, you need:
1. Node.js (v18+)
node --version # Should be v18.0.0 or higher2. GitHub Personal Access Token
Creating a Classic Token:
- Go to GitHub Settings → Developer settings → Personal access tokens → Tokens (classic)
- Click “Generate new token (classic)”
- Give it a descriptive name:
MCP Server Access - Select scopes:
| Scope | What It Enables |
|---|---|
repo | Full access to repositories (required for private repos) |
public_repo | Access to public repositories only |
read:org | Read organization data |
gist | Create and manage gists |
read:user | Read user profile data |
Recommended minimum scopes: repo, read:org
- Click “Generate token”
- Copy immediately - you won’t see it again!
Creating a Fine-Grained Token (More Secure):
- Go to GitHub Settings → Developer settings → Personal access tokens → Fine-grained tokens
- Click “Generate new token”
- Set Resource owner (your account or org)
- Set Repository access (All or Select repositories)
- Select Permissions:
- Repository permissions: Contents (Read/Write), Issues (Read/Write), Pull requests (Read/Write)
- Account permissions: (optional based on needs)
3. MCP-Compatible Client
You need one of:
- Claude Desktop
- Cursor
- VS Code with GitHub Copilot (MCP GA as of July 2025)
- JetBrains IDEs (MCP allowlist controls available)
- Windsurf
- Cline
- Microsoft Copilot Studio (MCP support added March 2025)
For a comparison of AI coding tools, see the AI-Powered IDEs Comparison guide.
Installation & Configuration
Claude Desktop
Add to your claude_desktop_config.json:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%/Claude/claude_desktop_config.json
{
"mcpServers": {
"github": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxxxxxxxxxxx"
}
}
}
}Cursor
Add to your Cursor MCP settings or .cursor/mcp.json:
{
"mcpServers": {
"github": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxxxxxxxxxxx"
}
}
}
}GitHub Enterprise
For GitHub Enterprise, add the API URL:
{
"mcpServers": {
"github-enterprise": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxxxxxxxxxxx",
"GITHUB_API_URL": "https://github.yourcompany.com/api/v3"
}
}
}
}Docker Installation
For isolated environments:
{
"mcpServers": {
"github": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-e", "GITHUB_PERSONAL_ACCESS_TOKEN=ghp_xxxxxxxxxxxx",
"ghcr.io/modelcontextprotocol/server-github"
]
}
}
}Verify Installation
After restarting your AI client, test with:
You: Search for the most starred TypeScript repositories on GitHub
Claude: I found these popular TypeScript repositories:
1. microsoft/TypeScript (95k+ stars) - The TypeScript language
2. denoland/deno (92k+ stars) - A JavaScript runtime
...Available Tools
The GitHub MCP server provides 20+ tools. Here’s the complete reference:
Repository Management
| Tool | Description | Example Prompt |
|---|---|---|
search_repositories | Search GitHub repos by query | ”Find Python machine learning repos with 1000+ stars” |
create_repository | Create a new repository | ”Create a private repo called ‘my-project‘“ |
get_file_contents | Read file(s) from a repo | ”Show me the README from facebook/react” |
create_or_update_file | Create or update a file | ”Add a .gitignore for Node.js to my repo” |
push_files | Push multiple files at once | ”Create initial project structure with src/, tests/, docs/“ |
fork_repository | Fork a repository | ”Fork the lodash repository to my account” |
Branch Management
| Tool | Description | Example Prompt |
|---|---|---|
create_branch | Create a new branch | ”Create a branch called ‘feature/auth’ from main” |
list_branches | List all branches | ”What branches exist in this repo?” |
get_branch | Get branch details | ”Show me the latest commit on develop” |
Issue Management
| Tool | Description | Example Prompt |
|---|---|---|
create_issue | Create a new issue | ”Create a bug issue for the login crash” |
list_issues | List issues with filters | ”Show open bugs assigned to me” |
get_issue | Get issue details | ”What’s the status of issue #42?” |
update_issue | Update issue (title, body, state) | “Close issue #42 with a comment” |
add_issue_comment | Add comment to issue | ”Add a comment to issue #15 asking for more details” |
search_issues | Search issues across repos | ”Find all issues mentioning ‘memory leak‘“ |
Pull Request Management
| Tool | Description | Example Prompt |
|---|---|---|
create_pull_request | Create a new PR | ”Create a PR from feature/auth to main” |
list_pull_requests | List PRs with filters | ”Show PRs awaiting my review” |
get_pull_request | Get PR details | ”What changes are in PR #20?” |
get_pull_request_diff | Get the diff of a PR | ”Show me the code changes in PR #20” |
merge_pull_request | Merge a PR | ”Merge PR #20 with squash” |
update_pull_request | Update PR (title, body) | “Update PR #20 title to ‘Add authentication‘“ |
Code Search
| Tool | Description | Example Prompt |
|---|---|---|
search_code | Search code across GitHub | ”Find all uses of ‘deprecated_function’ in my org” |
User Information
| Tool | Description | Example Prompt |
|---|---|---|
get_me | Get authenticated user info | ”What’s my GitHub username?” |
Practical Workflows
Workflow 1: Automated Issue Triage
Scenario: You receive bug reports and want AI to help organize them. For more on AI-assisted workflows, see the AI-Powered Workflows guide.
You: List all open issues in my-org/my-app that don't have labels
Claude: I found 12 unlabeled issues. Here are the first 5:
- #156: App crashes on startup
- #157: Button alignment issue
- #158: Feature request: dark mode
- #159: Performance slow on mobile
- #160: Documentation outdated
You: Add appropriate labels to each one. Use 'bug', 'enhancement',
'documentation', or 'performance' based on the content.
Claude: I've labeled the issues:
- #156: Added 'bug' label
- #157: Added 'bug' label
- #158: Added 'enhancement' label
- #159: Added 'performance' label
- #160: Added 'documentation' label
Would you like me to also add priority labels?Workflow 2: Code Review Assistant
Scenario: Review a pull request and provide feedback.
You: Review the changes in PR #42 in my-org/my-app.
Focus on security and performance issues.
Claude: I've analyzed PR #42 "Add user authentication". Here's my review:
**Security Issues (2 found):**
1. Line 45: Password is logged to console (security risk)
```javascript
console.log('Password:', password); // Remove this!- Line 78: SQL query uses string concatenation (SQL injection risk)
const query = `SELECT * FROM users WHERE id = ${userId}`; // Should use parameterized query
Performance Issues (1 found):
- Line 120: N+1 query inside a loop
Suggestions:
- Add rate limiting to login endpoint
- Use bcrypt for password hashing
Would you like me to add these as PR comments?
You: Yes, add comments for each issue
Claude: Done! I’ve added 4 comments to PR #42:
- Comment on line 45 about console.log
- Comment on line 78 about SQL injection
- Comment on line 120 about N+1 query
- General review comment with suggestions
### Workflow 3: New Project Setup
**Scenario**: Create a complete project structure with AI. For more on building AI applications, see the [Building Your First AI Application guide](/tech-articles/building-first-ai-application/).
```text
You: Create a new TypeScript project called "api-service" with:
- README with project description
- MIT license
- Node .gitignore
- Basic TypeScript config
- Package.json with common scripts
- src/index.ts with hello world
Claude: I'll create the repository and files:
1. ✅ Created repository 'api-service'
2. ✅ Added README.md with project description
3. ✅ Added LICENSE (MIT)
4. ✅ Added .gitignore for Node.js
5. ✅ Added tsconfig.json
6. ✅ Added package.json with scripts
7. ✅ Added src/index.ts
Repository URL: https://github.com/yourusername/api-service
To get started:
```bash
git clone https://github.com/yourusername/api-service
cd api-service
npm install
npm run dev
### Workflow 4: Release Preparation
**Scenario**: Prepare for a release by reviewing recent changes.
```text
You: Summarize all merged PRs in my-org/my-app since version 2.0.0
and help me write release notes
Claude: I found 15 merged PRs since tag v2.0.0:
**Features (6):**
- #201: Add dark mode support
- #205: Implement user preferences
- #208: Add export to PDF
- #212: New dashboard widgets
- #215: API rate limiting
- #218: Webhook notifications
**Bug Fixes (7):**
- #202: Fix login timeout
- #206: Resolve memory leak
...
**Documentation (2):**
- #210: Update API docs
- #216: Add migration guide
Here's a draft for your release notes:
## Version 2.1.0 Release Notes
### 🚀 New Features
- **Dark Mode**: Toggle between light and dark themes
- **User Preferences**: Customize your experience
...
Would you like me to create this as a GitHub release?
You: Yes, create the release as v2.1.0
Claude: Created release v2.1.0!
URL: https://github.com/my-org/my-app/releases/tag/v2.1.0Workflow 5: Cross-Repository Analysis
Scenario: Search for patterns across multiple repositories.
You: Find all repositories in my-org that use the deprecated
'request' npm package and haven't been updated in 6 months
Claude: I searched your organization and found 4 repositories
using the deprecated 'request' package:
1. **my-org/legacy-api** (last updated: 8 months ago)
- request@2.88.0 in package.json
- 12 files importing request
2. **my-org/old-webhook** (last updated: 14 months ago)
- request@2.88.2 in package.json
- 3 files importing request
3. **my-org/data-sync** (last updated: 6 months ago)
- request-promise@4.2.6 (depends on request)
- 5 files using request-promise
4. **my-org/integration-tests** (last updated: 10 months ago)
- request@2.88.0 (dev dependency)
- 8 test files using request
Would you like me to create issues in each repo
to track the migration to 'node-fetch' or 'axios'?Example Prompts
Repository Operations
# Search repositories
"Search GitHub for React component libraries with over 5000 stars"
"Find TypeScript projects related to AI that were updated in the last month"
# Create repository
"Create a new private repository called 'internal-tools' with a README"
"Create a public repo 'awesome-mcp' with description 'Curated list of MCP servers'"
# Fork repository
"Fork the vercel/next.js repository to my account"
# Get file contents
"Show me the package.json from facebook/react"
"Read the src/index.ts file from my-org/my-project on the develop branch"Issue Management
# Create issues
"Create an issue in my-org/app titled 'Add dark mode support' with a detailed description of the feature request"
"Create a bug report in project-x for the login crash, include the error stack trace"
# List and filter issues
"Show all open bugs in my-org/app assigned to me"
"List issues in my-project labeled 'high-priority' that are unassigned"
"Find all issues in my-org mentioning 'performance' created this week"
# Update issues
"Close issue #42 with a comment explaining the fix"
"Add labels 'bug' and 'priority:high' to issue #50"
"Assign issue #55 to username 'johndoe'"
# Comment on issues
"Add a comment to issue #30 asking for reproduction steps"
"Comment on issue #35 that this is a duplicate of #20"Pull Request Operations
# Create PRs
"Create a pull request from my feature/auth branch to main with the title 'Add authentication system'"
"Create a PR from develop to main titled 'Release v2.0' with a list of all changes"
# List and review PRs
"Show all PRs in my-org/app that need my review"
"What are the changes in PR #42?"
"Review PR #50 for code quality issues"
# Manage PRs
"Merge PR #42 using squash merge"
"Add @johndoe as a reviewer to PR #55"
"Close PR #60 with a comment explaining why it's being declined"Code Search
# Search code
"Find all files in my-org that import 'moment' library"
"Search for uses of 'TODO' comments in my-project/src"
"Find all TypeScript files in my-org/app that export a function called 'formatDate'"
"Search for any hardcoded passwords in my-org (for security audit)"Workflow Prompts
# Issue triage
"Go through all new issues in my-org/app from the last week and add appropriate labels"
# PR review
"Review the last 3 merged PRs in my-project and summarize the changes"
# Repository analysis
"Analyze my-org/app and identify potential security vulnerabilities in the dependencies"
# Documentation
"Read the source code of my-project and generate API documentation for the public functions"
# Release management
"List all commits since tag v1.0.0 and help me write changelog entries"For tips on prompting AI effectively, see the Prompt Engineering Fundamentals guide.
Advanced Configuration
Multiple GitHub Accounts
Use different servers for work and personal GitHub:
{
"mcpServers": {
"github-work": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_work_token"
}
},
"github-personal": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_personal_token"
}
}
}
}Combining with Git MCP
For complete version control integration, combine with Git MCP:
{
"mcpServers": {
"github": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxxx"
}
},
"git": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-git", "--repository", "/path/to/repo"]
}
}
}Now you can:
- Use GitHub MCP for remote operations (issues, PRs, repo management)
- Use Git MCP for local operations (status, diff, log, blame)
Combining with Filesystem MCP
For code analysis workflows:
{
"mcpServers": {
"github": { ... },
"filesystem": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-filesystem", "/Users/me/projects"]
}
}
}Workflow example:
You: Read the local changes in /projects/my-app/src/auth.ts,
then create a PR for them in my-org/my-app
Claude: I'll analyze your local changes and create a PR...
[Reads local file]
[Creates branch on GitHub]
[Pushes changes]
[Creates PR]
Done! PR #72 created: https://github.com/my-org/my-app/pull/72Rate Limits & Best Practices
GitHub API Rate Limits
| Limit Type | Requests | Time Window |
|---|---|---|
| Authenticated | 5,000 | Per hour |
| Search API | 30 | Per minute |
| Content API | 5,000 | Per hour |
Best Practices
| ✅ Do | ❌ Don’t |
|---|---|
| Use specific repository queries | Search all of GitHub unnecessarily |
| Cache results in conversation | Repeat same API calls |
| Use fine-grained tokens | Use tokens with full permissions |
| Create separate tokens for MCP | Use your main personal token |
| Scope tokens to needed repos | Give access to all repositories |
Handling Rate Limits
If you hit rate limits:
You: I'm getting rate limit errors
Claude: GitHub API rate limit exceeded. Here's what you can do:
1. Wait for the limit to reset (usually within the hour)
2. Use more specific queries to reduce API calls
3. Consider caching results for repeated lookups
4. Check if you need all the data you're requestingTroubleshooting
Issue: “Bad Credentials”
Symptoms: Server fails with authentication error
Solutions:
- Check token hasn’t expired
- Verify token is copied correctly (no extra spaces)
- Ensure token has required scopes
- Try regenerating the token
Issue: “Not Found”
Symptoms: Can’t access a repository
Solutions:
- Verify repository name is correct (owner/repo)
- Check if repo is private and token has
reposcope - Confirm you have access to the repository
- For org repos, ensure token has
read:orgscope
Issue: “Rate Limit Exceeded”
Symptoms: Operations fail with 403 error
Solutions:
- Wait for rate limit reset (check headers)
- Reduce number of operations
- Use more specific queries
- Consider upgrading to GitHub Pro for higher limits
Issue: “Server Not Connecting”
Symptoms: MCP server doesn’t appear in AI client
Solutions:
- Validate JSON configuration syntax
- Ensure Node.js is installed and in PATH
- Restart the AI client completely
- Check for error messages in client logs
Security Considerations
Token Security
| Best Practice | Why |
|---|---|
| Use fine-grained tokens | Limit access to specific repos |
| Set token expiration | Reduce risk if token is compromised |
| Don’t commit config files | Tokens in git history are exposed |
| Use environment variables | More secure than hardcoding |
| Create dedicated MCP token | Easy to revoke if needed |
| Review token permissions | Only grant what’s needed |
For more on AI security best practices, see the Understanding AI Safety, Ethics, and Limitations guide.
Safe Operations
| Safe to Automate | Use Caution | Avoid Automating |
|---|---|---|
| Reading files | Creating PRs | Force pushing |
| Searching repos | Merging PRs | Deleting branches |
| Listing issues | Closing issues | Deleting repos |
| Adding comments | Creating releases | Changing settings |
Audit Trail
GitHub maintains a complete audit trail of API actions. You can:
- View Security Log in GitHub Settings
- See all API-initiated actions
- Identify and revoke problematic tokens
2025 Security Updates
| Update | Details |
|---|---|
| CVE-2025-68143 | Fixed in v2025.9.25 - git_init vulnerability removed |
| OAuth 2.0 Resource Servers | MCP servers now classified as OAuth resource servers |
| Token Binding | Clients must explicitly bind tokens to specific servers |
| Protocol Version Header | All HTTP requests require MCP-Protocol-Version header |
⚠️ Security Best Practice: Always update to the latest MCP server version. The protocol now has enhanced protections against token theft and confused deputy attacks.
Related MCP Servers
| Server | Complements GitHub MCP By… |
|---|---|
| Git MCP | Local repository operations |
| Filesystem MCP | Reading local code files |
| Sentry MCP | Linking errors to issues |
| Slack MCP | Notifying team of changes |
Summary
The GitHub MCP Server is now the official standard for GitHub AI integrations:
- ✅ 20+ tools for complete GitHub coverage
- ✅ Natural language for all operations
- ✅ GitHub Copilot - MCP replaces deprecated Extensions (Nov 2025)
- ✅ VS Code GA - Native MCP support since July 2025
- ✅ Security-first with enhanced OAuth 2.0 and token binding
- ✅ Agentic AI Foundation - Now part of Linux Foundation governance
Common workflows enabled:
- Automated issue triage and labeling
- AI-assisted code review with Copilot
- One-command project setup
- Cross-repository analysis
- Release note generation
2025 Migration Note: If you’re using GitHub Copilot Extensions (GitHub Apps), migrate to MCP servers before November 2025.
Next: Learn about Playwright MCP Server → for browser automation with AI.
Questions about GitHub MCP? Check the official documentation or join the MCP Discord.