메뉴
Reference for GitHub MCP server tools, methods, and usage patterns.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Conversational skill that interviews users to design new agentic workflows
Route gh-aw workflow design/create/debug/upgrade requests to the right prompts.
Analyze and reduce token consumption in agentic workflows — guardrail-specific entry points, measurement, and optimization techniques.
Implement secret-safe HTTP headers for MCP transport in gh-aw.
Review code that performs git or gh operations against repository checkouts in gh-aw, checking that the right credentials are available at the right time and that sparseness, shallowness and credential-free factors are properly considered.
Teach Copilot how to plan, address, and respond to pull request review feedback.
| name | github-mcp-server |
| description | Reference for GitHub MCP server tools, methods, and usage patterns. |
This file documents the GitHub MCP (Model Context Protocol) server, including tools and configuration options.
Note: This file is automatically generated and updated by the github-mcp-tools-report.md workflow. Manual edits may be overwritten.
Last Updated: [To be filled by workflow]
The GitHub MCP server provides AI agents with programmatic access to GitHub's API through the Model Context Protocol. It supports two modes of operation:
GITHUB_PERSONAL_ACCESS_TOKEN environment variable for authenticationGITHUB_TOOLSETS environment variableGITHUB_READ_ONLY environment variablehttps://api.githubcopilot.com/mcp/X-MCP-Readonly headerLocal Mode (Docker):
tools:
github:
mode: "local"
toolsets: [default] # or [repos, issues, pull_requests]
Remote Mode (Hosted):
tools:
github:
mode: "remote"
toolsets: [default] # or [repos, issues, pull_requests]
To restrict the GitHub MCP server to read-only operations:
tools:
github:
mode: "remote"
read-only: true
toolsets: [repos, issues]
Use a custom GitHub token instead of the default:
tools:
github:
mode: "remote"
github-token: "${{ secrets.CUSTOM_GITHUB_PAT }}"
toolsets: [repos, issues]
The GitHub MCP server organizes tools into logical toolsets. You can enable specific toolsets, use [default] for the recommended defaults, or use [all] to enable everything.
:::note[Why Use Toolsets?]
The allowed: pattern for listing individual GitHub tools is not recommended for new workflows. Individual tool names may change between GitHub MCP server versions, but toolsets provide a stable API. Always use toolsets: instead. See Migration from Allowed to Toolsets for guidance on updating existing workflows.
:::
:::tip[Best Practice]
Always use toolsets: for GitHub tools. Toolsets provide:
The following toolsets are enabled by default when toolsets: is not specified:
context - User and environment context (strongly recommended)repos - Repository managementissues - Issue managementpull_requests - Pull request operationsNote: The users toolset is not included by default and must be explicitly specified if needed.
| Toolset | Description | Common Tools |
|---|---|---|
context | User and environment context | get_teams, get_team_members |
repos | Repository management | get_repository, get_file_contents, search_code, list_commits |
issues | Issue management | issue_read, list_issues, create_issue, search_issues |
pull_requests | Pull request operations | pull_request_read, list_pull_requests, create_pull_request |
actions | GitHub Actions/CI/CD | list_workflows, list_workflow_runs, download_workflow_run_artifact |
code_security | Code scanning and security | list_code_scanning_alerts, get_code_scanning_alert |
dependabot | Dependency management | Dependabot alerts and updates |
discussions | GitHub Discussions | list_discussions, create_discussion |
experiments | Experimental features | Unstable/preview APIs |
gists | Gist operations | create_gist, list_gists |
labels | Label management | get_label, list_labels, create_label |
notifications | Notifications | list_notifications, mark_notifications_read |
orgs | Organization management | get_organization, list_organizations |
projects | GitHub Projects | Project board operations |
secret_protection | Secret scanning | Secret detection and management |
security_advisories | Security advisories | Advisory creation and management |
stargazers | Repository stars | Star-related operations |
users | User profiles | get_me, get_user, list_users |
search | Advanced search | Search across repos, code, users |
This section maps individual tools to their respective toolsets to help with migration from allowed: to toolsets:.
get_teams - List teams the user belongs toget_team_members - List members of a specific teamget_repository - Get repository informationget_file_contents - Read file contents from repositorysearch_code - Search code across repositorieslist_commits - List commits in a repositoryget_commit - Get details of a specific commitget_latest_release - Get the latest releaselist_releases - List all releasesissue_read - Read issue detailslist_issues - List issues in a repositorycreate_issue - Create a new issueupdate_issue - Update an existing issuesearch_issues - Search issues across repositoriesadd_reaction - Add reaction to an issue or commentcreate_issue_comment - Add a comment to an issuepull_request_read - Read pull request detailslist_pull_requests - List pull requests in a repositoryget_pull_request - Get details of a specific pull requestcreate_pull_request - Create a new pull requestsearch_pull_requests - Search pull requests across repositorieslist_workflows - List GitHub Actions workflowslist_workflow_runs - List workflow runsget_workflow_run - Get details of a specific workflow rundownload_workflow_run_artifact - Download workflow artifactslist_code_scanning_alerts - List code scanning alertsget_code_scanning_alert - Get details of a specific alertcreate_code_scanning_alert - Create a code scanning alertlist_discussions - List discussions in a repositorycreate_discussion - Create a new discussionget_label - Get label detailslist_labels - List labels in a repositorycreate_label - Create a new labelget_me - Get current authenticated user informationget_user - Get user profile informationlist_users - List userslist_notifications - List user notificationsmark_notifications_read - Mark notifications as readget_organization - Get organization detailslist_organizations - List organizationscreate_gist - Create a new gistlist_gists - List user's gistsThe remote mode uses Bearer token authentication:
Headers:
Authorization: Bearer <token> - Required for authenticationX-MCP-Readonly: true - Optional, enables read-only modeToken Source:
${{ secrets.GH_AW_GITHUB_TOKEN }} or ${{ secrets.GITHUB_TOKEN }}github-token fieldThe local mode uses environment variables:
Environment Variables:
GITHUB_PERSONAL_ACCESS_TOKEN - Required for authenticationGITHUB_READ_ONLY=1 - Optional, enables read-only modeGITHUB_TOOLSETS=<comma-separated-list> - Optional, specifies enabled toolsetsEnsure your GitHub token has appropriate permissions for the toolsets you're enabling:
repos toolsets: Requires repository read/write permissionsissues toolsets: Requires issues read/write permissionspull_requests toolsets: Requires pull requests read/write permissionsactions toolsets: Requires actions read/write permissionsdiscussions toolsets: Requires discussions read/write permissionsUse Remote Mode when:
Use Local Mode when:
If you have existing workflows using the allowed: pattern, we recommend migrating to toolsets: for better maintainability and stability. Individual tool names may change between MCP server versions, but toolsets provide a stable API that won't break your workflows.
Using allowed: (not recommended):
tools:
github:
allowed:
- get_repository
- get_file_contents
- list_commits
- list_issues
- create_issue
- update_issue
Using toolsets: (recommended):
tools:
github:
toolsets: [repos, issues]
Use this table to identify which toolset contains the tools you need:
allowed: Tools | Migrate to toolsets: |
|---|---|
get_me | users |
get_teams, get_team_members | context |
get_repository, get_file_contents, search_code, list_commits | repos |
issue_read, list_issues, create_issue, update_issue, search_issues | issues |
pull_request_read, list_pull_requests, create_pull_request | pull_requests |
list_workflows, list_workflow_runs, get_workflow_run | actions |
list_code_scanning_alerts, get_code_scanning_alert | code_security |
list_discussions, create_discussion | discussions |
get_label, list_labels, create_label | labels |
get_user, list_users | users |
| Mixed repos/issues/PRs tools | [default] |
| All tools | [all] |
allowed: listallowed: to toolsets:gh aw mcp inspect <workflow> to verify tools are availablegh aw compile to update the lock file:::note[When to Use Allowed]
The allowed: pattern is appropriate for:
For GitHub tools, always use toolsets: instead of allowed:.
:::
The allowed: field can still be used to restrict tools for custom MCP servers:
mcp-servers:
notion:
container: "mcp/notion"
allowed: ["search_pages", "get_page"] # Fine for custom MCP servers
For GitHub tools, allowed: can be combined with toolsets: to further restrict access, but this pattern is not recommended for new workflows.
Not all GitHub data is accessible through the GitHub MCP server or the GitHub REST API. Be aware of these limitations when designing workflows to avoid silent failures or incomplete results at runtime.
❌ Not available via standard API permissions:
/orgs/{org}/settings/billing/actions) require admin:org scope, which is not granted by actions:read or the default GITHUB_TOKEN.⚠️ When suggesting billing/cost workflows, always note:
Detailed GitHub Actions billing and cost data is not accessible through the standard GitHub API with
actions:readpermissions. Workflows that attempt to read per-run cost data or billing summaries will fail silently or return empty results unless anadmin:org-scoped personal access token is explicitly configured.
✅ Alternatives for cost reporting:
admin:org scope with a PAT).https://github.com/organizations/{org}/settings/billing or https://github.com/settings/billing for personal accounts to view cost data manually.list_workflow_runs and get_workflow_run (available via actions toolset) to get run duration, status, and timing — but not dollar costs.❌ Not available without explicit authorization:
GITHUB_TOKEN is scoped to the current repository's organization only.read:org permissions on those organizations.❌ Requires additional scopes:
read:org scope; the default GITHUB_TOKEN only exposes public membership.⚠️ Be aware of API rate limits:
GITHUB_TOKEN).Issue: Tool not found or not available
allowed: to restrict tools. Consider using toolsets: instead to get all related tools.gh aw mcp inspect <workflow-name> to see which tools are actually available.Issue: Missing functionality after specifying toolset
toolsets: [default, actions]) or use [all] for full accessIssue: Workflow using allowed: list is verbose and hard to maintain
toolsets: configuration using the migration guide above[default] toolset: Most workflows work well with default toolsetsactions, discussions, etc.gh aw mcp inspect: Verify which tools are actually available