# GitHub

> Full GitHub API access: repos, PRs, issues, and code search.

[Canonical HTML page](https://top-mcps.com/mcp/github) · [server.json](https://top-mcps.com/mcp/github.json) · [methodology](https://top-mcps.com/about/methodology)

## At a glance

- **Maintainer:** GitHub
- **Transport:** stdio, Streamable HTTP
- **Auth model:** API key
- **Required secrets:** GITHUB_PERSONAL_ACCESS_TOKEN
- **Supported clients:** Claude, Cursor, Any MCP-compatible client
- **License:** MIT
- **Language:** Go
- **Latest version:** latest
- **Last verified:** 2026-05-31
- **GitHub stars:** 29,075 (fetched 2026-06-02T11:55:51.335Z)
- **Score:** 90/100 (rubric 2026-04 — see https://top-mcps.com/about/methodology)
- **Source:** https://github.com/github/github-mcp-server

## Tools & permissions

| Tool | Description | Args | Side effects |
|------|-------------|------|--------------|
| `get_file_contents` | Read a file from a repo at a given path and ref. | `owner: string, repo: string, path: string, ref?: string` | read |
| `search_repositories` | Search public and accessible repositories. | `query: string` | read |
| `search_code` | Search code across GitHub. | `q: string` | read |
| `create_or_update_file` | Commit a single file change to a branch. | `owner: string, repo: string, path: string, content: string, message: string, branch: string` | write |
| `create_issue` | Open a new issue on a repo. | `owner: string, repo: string, title: string, body?: string` | write |
| `create_pull_request` | Open a pull request. | `owner: string, repo: string, title: string, head: string, base: string` | write |
| `merge_pull_request` | Merge an open PR that passes branch protection. | `owner: string, repo: string, pull_number: number` | write |
| `list_issues` | List issues on a repo with filters. | `owner: string, repo: string` | read |
| `create_branch` | Create a new branch from a base ref. | `owner: string, repo: string, branch: string, from_branch?: string` | write |

## Security & scope

- **Access scope:** read-write
- **Sandbox:** Authenticates to the GitHub API using the token in `GITHUB_PERSONAL_ACCESS_TOKEN`. The blast radius equals the token scope — the MCP has whatever repo, issue, PR, and admin permissions the token grants.
- **Gotchas:**
  - Classic tokens grant every permission on the account — prefer fine-grained tokens scoped to the specific repos you want the agent to touch.
  - Branch-protection rules still apply; unprotected branches let an agent push directly to default branches.

## Quick answer

**What it does.** Provides access to GitHub repositories, issues, pull requests, commits, branches, and code search via the GitHub REST and GraphQL APIs.

**Best for:**
- Automated issue creation
- PR review and management
- Code search across repos
- Repository browsing
- CI/CD monitoring

**Not for:**
- GitLab or Bitbucket workflows
- Fully local git-only setups

## Recipes

### Open a draft PR that adds a CI-status README badge

```
On github.com/<owner>/<repo>, open a draft pull request from a new branch `readme-badge` that adds a GitHub Actions status badge for the `ci.yml` workflow to the top of README.md. Link the badge to the Actions tab. Do not merge — leave it as draft for me to review.
```

_Tested with: Claude Desktop, Claude Code, Cursor_

## Description

The official GitHub MCP connects AI models directly to the GitHub API. Create repos, open issues, manage pull requests, search code, and read file contents — all from a natural language prompt. Essential for any AI-assisted GitHub workflow.

## Why it matters

GitHub is where most code lives. This MCP lets agents interact with that code directly, without copy-pasting between interfaces.

## Key features

- Full GitHub REST API access
- Code search
- Issue and PR management
- File content reading
- Branch and commit operations
- Official GitHub support

## FAQ

### Does it require a GitHub token?

Yes. Set GITHUB_PERSONAL_ACCESS_TOKEN in your environment. Prefer a fine-grained token scoped to the specific repos you want the agent to touch — classic tokens give the agent every permission on your account.

### Can it create and merge pull requests?

Yes. It supports the full PR lifecycle: create, review, comment, update, merge, and close. Merges respect the repo's branch-protection rules, so required reviews and status checks still apply.

### Is this the official GitHub MCP?

Yes — it is maintained by GitHub at github/github-mcp-server. A couple of third-party GitHub MCPs exist, but unless you need a specific patch the official one is the right default and gets new endpoints first.

### What scopes should my token have?

For read-only code exploration: `public_repo` plus `read:org` if you need private repos. For issue and PR work add `repo`. For the GraphQL Projects v2 API add `project`. Start minimal and expand when the agent reports a 403.

### Can the agent push directly to main?

Only if your token has write access and the branch is unprotected. For agent use, protect main with required reviews or required checks and let the MCP open PRs instead. That keeps every agent change auditable.

### Does it work on GitHub Enterprise Server?

Yes. Set the `GITHUB_HOST` environment variable to your Enterprise Server URL (e.g. `https://github.mycompany.com`) alongside the token. The server routes API calls to that host instead of github.com.

## Changelog

- **2026-05-31** — Refreshed install snippets and fact sheet; verified for 2026.
- **2024-12-01** — Initial directory listing.