A self-hosted GitHub MCP server that provides tools for managing pull requests, repository files, and Dependabot alerts using a personal access token.
Health Check (
health_check): Verify your GitHub PAT is valid and inspect current rate-limit status, authenticated login, and token scopes.List Pull Requests (
list_prs): List pull requests for any repository, filterable by state (open,closed, orall) with configurable page size.Get Pull Request (
get_pr): Fetch details for a single PR including its check-run status and mergeable state.Merge Pull Request (
merge_pr): Merge a PR using squash, merge, or rebase strategy, with an option to automatically delete the head branch after merging.List Dependabot Alerts (
list_dependabot_alerts): Retrieve Dependabot security alerts for a repository, filterable by state, with a severity-grouped summary.Get File (
get_file): Read the contents of any file in a repository via the GitHub Contents API, optionally targeting a specific branch, tag, or commit SHA.Put File (
put_file): Create or update a file in a repository via the Contents API with a commit message; idempotent when the current blob SHA is supplied for updates.
Allows listing Dependabot alerts with severity-grouped counts.
Allows AI agents to manage pull requests, repository files, and Dependabot alerts through the GitHub API.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@github-mcplist my open pull requests"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
github-mcp
Self-hosted GitHub MCP server. Personal-access-token auth, stdio transport, transport-agnostic so it works with Claude Code (any account), Codex CLI, Cursor, or any MCP-compliant client. No claude.ai OAuth dependency.
Written in Python on top of FastMCP. Slots into the same install pattern as other community Python MCP servers.
Why this exists
The official github/github-mcp-server (Go, 60+ tools) is excellent if you want a kitchen-sink server tied to a single agent platform's auth flow. This one is scoped for operators who:
Switch between multiple Claude accounts, Codex CLI, Cursor, or other MCP clients and want the same GitHub auth across all of them.
Prefer a small, audited tool surface scoped to PR + repo file + Dependabot operations.
Want a Python install that lives alongside their other MCP servers.
If neither applies, run github/github-mcp-server instead — that's the right call.
Related MCP server: github-mcp
Tool surface (v0.1.0)
Tool | Purpose |
| Verify the PAT is valid + report rate-limit headroom. First call when wiring up. |
| List pull requests with state filter. |
| Single PR with check-run status + mergeable state. |
| Squash/merge/rebase with optional branch delete. |
| Alert sweep with severity-grouped counts. |
| Read a file via the Contents API. |
| Create or update a file via the Contents API (idempotent with SHA). |
Future versions expand: workflows, releases, issues, rulesets, secret-scan alerts, branch protection, repo settings.
Secret hygiene (read this first)
v0.1.1+ reads the PAT from macOS Keychain by default. Env-var fallback is still supported for non-macOS / CI, but the Keychain path is the recommended setup because the secret never enters argv or process env — safe from ps aux, pgrep -fl, lsof, /proc/<pid>/environ, panic dumps, CI logs, debuggers, or any LLM agent running an introspection command.
# One-time setup (macOS):
security add-generic-password -s github-mcp -a "$USER" -w "<your-fine-grained-PAT>"
# Update later (e.g. after rotation):
security delete-generic-password -s github-mcp -a "$USER" 2>/dev/null
security add-generic-password -s github-mcp -a "$USER" -w "<new-PAT>"Do NOT install with an inline --env:
# BAD — bakes the PAT into ~/.claude.json + every Claude child spawn's --mcp-config argv.
# Any pgrep / ps aux dumps it.
claude mcp add github --scope user --env GITHUB_TOKEN=github_pat_... -- <command>
# GOOD — no --env block. The server reads from Keychain at call time.
claude mcp add github --scope user -- <command>PR/incident lineage: this hygiene path was added 2026-05-19 after a pgrep -fl chrome-devtools-mcp dumped a PAT-bearing claude process into a session transcript. See adelaidasofia/github-mcp Keychain migration (TODO: link PR once merged).
For non-macOS environments, fall back to env:
export GITHUB_TOKEN=<your-PAT> # set in shell rc, NOT in argvMinimum scopes for the v0.1 tool surface: Contents R/W, Pull requests R/W, Dependabot R.
Install
Open Claude Code, paste:
/plugin marketplace add adelaidasofia/github-mcp
/plugin install github-mcp@github-mcpgit clone https://github.com/adelaidasofia/github-mcp ~/.claude/github-mcp
cd ~/.claude/github-mcp
uv tool install --editable .Or as a one-off without persistent install:
cd ~/.claude/github-mcp
uv run github-mcpAuth
The server reads the GitHub PAT from environment, in this precedence:
GITHUB_TOKENGH_TOKEN
Fine-grained tokens recommended.
Scope matrix
Permission | Access | Unlocks |
Metadata | Read | Baseline (auto-required when any other repo permission is set) |
Contents | Read and write |
|
Pull requests | Read and write |
|
Dependabot alerts | Read |
|
Administration | Read and write | Future: rulesets, branch protection, |
Workflows | Read and write | Future: read/update |
Actions | Read and write | Future: trigger and inspect workflow runs |
Secret scanning alerts | Read | Future: fleet-wide secret-scan sweep |
Code scanning alerts | Read | Future: CodeQL fleet sweep |
v0.1 floor: Metadata + Contents (R/W) + Pull requests (R/W) + Dependabot alerts (R) is enough to use every tool in this release.
Future-proof: granting the full table now means new MCP tools can ship without rotating the PAT. Equivalent to checking "all repository permissions" in the fine-grained PAT UI. Trade-off: broader blast radius if the token leaks. Reasonable for a personal-dev token on an encrypted laptop with FileVault; reconsider for shared or production deployments.
The MCP introspects scopes via health_check — call it after wiring up to confirm what your token actually has.
Optional: GITHUB_API_BASE for GitHub Enterprise Server. Defaults to https://api.github.com.
Wire into an MCP client
Claude Code
Add to ~/.claude/.mcp.json (or any .mcp.json in the project root):
{
"mcpServers": {
"github": {
"command": "uv",
"args": ["run", "--project", "/Users/<you>/.claude/github-mcp", "github-mcp"],
"env": {
"GITHUB_TOKEN": "${GITHUB_TOKEN}"
}
}
}
}Codex CLI
Add to ~/.codex/config.toml:
[mcp_servers.github]
command = "uv"
args = ["run", "--project", "/Users/<you>/.claude/github-mcp", "github-mcp"]
[mcp_servers.github.env]
GITHUB_TOKEN = "${GITHUB_TOKEN}"Cursor
~/.cursor/mcp.json follows the Claude Code shape. Same env block.
Any other MCP-compliant client
Configure it to spawn the github-mcp command and pipe stdio. The server speaks standard MCP over stdio.
Verify
GITHUB_TOKEN=ghp_yourpat uv run github-mcpThe server will wait on stdin for MCP traffic. In another shell, exercise health_check via your client.
Test
uv pip install -e ".[dev]"
uv run pytest tests/ -vTelemetry
This plugin sends a single anonymous install signal to myceliumai.co the first time it loads in a Claude Code session on a given machine.
What is sent:
Plugin name (e.g.
slack-mcp)Plugin version (e.g.
0.1.0)
What is NOT sent:
No user identifiers, names, emails, tokens, or API keys
No file paths, message content, or anything from your work
No IP address is stored after dedup processing
Why: Helps the maintainer know which plugins people actually install, so attention goes to the ones that get used.
Opt out: Set the environment variable MYCELIUM_NO_PING=1 before launching Claude Code. The hook will skip the network call entirely. Already-pinged installs leave a sentinel at ~/.mycelium/onboarded-<plugin> — delete it if you want to reset state.
License
MIT.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/adelaidasofia/github-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server