stateful-auth-for-the-github-mcp-server
Verified Safeby SirKanaad26
Overview
Enables AI agents, assistants, and chatbots to interact with GitHub for repository management, issue/PR automation, CI/CD insights, code analysis, and team collaboration through natural language.
Installation
docker run -i --rm -e GITHUB_PERSONAL_ACCESS_TOKEN ghcr.io/github/github-mcp-serverEnvironment Variables
- GITHUB_PERSONAL_ACCESS_TOKEN
- GITHUB_HOST
- GITHUB_TOOLSETS
- GITHUB_TOOLS
- GITHUB_READ_ONLY
- GITHUB_LOCKDOWN_MODE
- GITHUB_DYNAMIC_TOOLSETS
Security Notes
The server implements a robust stateful authorization policy, locking sessions to a single repository to prevent cross-repo access within a conversation. Client IDs are hashed to avoid logging sensitive data like Personal Access Tokens (PATs). Extensive documentation details security best practices, access controls (PATs, OAuth, GitHub Apps, SSO), and a 'Lockdown Mode' for public repositories. No 'eval' or similar dangerous patterns are found in the application's core logic; the 'wasm_exec.js' is standard Go WebAssembly runtime. Test scripts may contain placeholder tokens, but the core application and documentation emphasize secure token handling.
Similar Servers
github-mcp-server
The GitHub MCP Server enables AI agents, assistants, and chatbots to interact with GitHub's platform for repository management, issue/PR automation, CI/CD intelligence, code analysis, and team collaboration through natural language.
octocode-mcp
The Octocode Research server enables AI agents to perform expert code forensics and deep-dive research across local filesystems (LSP, ripgrep, file I/O) and external GitHub repositories (code search, repo structure, pull requests, package search). It's optimized for architectural analysis, pattern discovery, and implementation planning.
gh-mcp
A GitHub CLI extension to seamlessly run the github-mcp-server in a Docker container using existing `gh` authentication.
mcp-server-for-Github
Provides comprehensive GitHub workflow automation for AI-powered development teams, including Actions monitoring, advanced PR management, intelligent code search, and complete file management.