LLMversus
officialstdio

GitHub MCP Server

Give Claude Code and Cursor direct access to GitHub repos, issues, and pull requests through the Model Context Protocol.

Updated: April 15, 2026

Install

npx @modelcontextprotocol/server-github
~/.claude/settings.json
{
  "mcpServers": {
    "mcp-server-github": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-github"
      ],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_your_token_here"
      }
    }
  }
}

Capabilities

  • + Create, read, and update repositories
  • + Manage issues and pull requests end to end
  • + Search code across every repository your token can see
  • + Read commit history and diffs for any branch
  • + Manage branches and tags through the API
  • + Fetch file contents and directory listings without cloning

Limitations

  • - Requires a GitHub personal access token with the right scopes
  • - Rate-limited to 5000 REST requests per hour per token
  • - Does not run git push or pull on a local working copy
  • - Cannot trigger or inspect GitHub Actions workflow runs

GitHub MCP server setup for Claude Code and Cursor

Quick answer: The GitHub MCP server is a Node process that exposes around 30 GitHub REST endpoints to Claude Code and Cursor as MCP tools. Install it with one npx command, drop a personal access token into the env block, and your coding agent can read repos, open PRs, and search code without leaving the editor. Setup takes about 5 minutes. Tested against server version 0.6.2 on April 15, 2026.

The GitHub MCP server is a small Node process that speaks the Model Context Protocol over stdio. Claude Code or Cursor launches it, hands it your personal access token, and then the model can call GitHub through roughly 30 tool endpoints. The result is that Claude stops guessing at repo structure and starts reading the real tree, the real issues, and the real PR diffs.

This guide covers installation, configuration for both editors, realistic prompts, and the limits you will hit in practice. Every step is tested against server version 0.6.2 from the npm registry on April 15, 2026.

What this server does

The server exposes GitHub as a set of MCP tools. When Claude wants to read README.md from a repo, it calls get_file_contents with an owner, repo, and path. When it wants to open a pull request, it calls create_pull_request. There is no custom SDK and no wrapper library in your project - the server forwards tool calls to the GitHub REST API v3 and the GraphQL API where needed.

A short, non-exhaustive list of what the server can do:

  • Read and write files in a repo through the contents API
  • Create, list, close, and comment on issues
  • Open, review, merge, and close pull requests
  • Search code, issues, and users across the GitHub index
  • Read commit metadata and diffs for any SHA
  • List branches, tags, and protected-branch rules
  • Fork repos, create repos, and manage collaborators

Because it runs as a local subprocess, your token never leaves your machine. The server reads GITHUB_PERSONAL_ACCESS_TOKEN from its environment and uses it on every request. The token sits in memory for the life of the subprocess and is never written to disk by the server itself.

Installing the GitHub MCP server

The package is published as @modelcontextprotocol/server-github. You do not need to install it globally. The npx -y prefix in the config tells npm to fetch the latest version on first launch and cache it afterward. The first cold start pulls about 4.2 MB from the registry and takes 2 to 3 seconds on a typical connection.

Before you touch any config, create a personal access token:

  1. Open https://github.com/settings/tokens and pick "Generate new token (classic)" or the fine-grained option.
  2. For fine-grained tokens, select the specific repositories the agent should touch. For classic tokens, pick the repo scope for full read/write, or public_repo for read-only access to public repos.
  3. If you want issue and PR workflow access, add workflow and read:org.
  4. Copy the token. It starts with ghp_ for classic or github_pat_ for fine-grained.

Treat the token like a password. Anyone with it can push to every repo it has scope for.

Configuring for Claude Code

Claude Code reads MCP servers from ~/.claude/mcp.json (or the per-project .mcp.json in your repo root). Add a github entry that runs the server with your token in the env block:

{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_your_token_here"
      }
    }
  }
}

Restart Claude Code. Run /mcp inside the session to confirm the server is attached and the tools are listed. You should see 25 to 30 tool names like get_file_contents, create_pull_request, and search_code.

For team use, put the config in .mcp.json at the project root and commit it with a placeholder token. Every developer replaces the placeholder locally. Do not commit the real token. GitHub secret scanning will revoke a token pushed to any public repo within about 60 seconds, so this is a self-correcting mistake, but losing an hour to a rotation is still annoying.

Configuring for Cursor

Cursor uses the same MCP spec but reads from ~/.cursor/mcp.json on macOS and Linux, or %USERPROFILE%\.cursor\mcp.json on Windows. The JSON shape is identical:

{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_your_token_here"
      }
    }
  }
}

After editing, open Cursor settings, navigate to the MCP tab, and flip the server toggle on. Cursor spawns the process lazily - the first tool call pays the cold-start cost of about 2 seconds, after which subsequent calls average 200 to 400 ms depending on which endpoint you hit.

Example prompts and workflows

Once the server is attached, the model treats GitHub as a reachable data source. A few prompts that work well:

  • "Find every open issue in vercel/next.js tagged bug that mentions App Router and summarize the top 5 by recent activity."
  • "Open a PR against acme/webapp with the diff you just wrote. Target the develop branch and reference issue 412 in the body."
  • "Look up the commit that introduced the parseCookie function in acme/utils and tell me who reviewed it."
  • "List the branches in acme/api that have not been merged into main in the last 30 days."

The model will chain tool calls on its own. A single PR creation usually involves get_repository, create_branch, create_or_update_file for each changed file, and finally create_pull_request. You can watch the calls in the Claude Code tool log.

Two patterns save time. First, tell the model which repo to work in up front so it does not search. Second, if you are opening more than 1 PR in a row, ask it to batch the branch creations - the server does not support batch commits, but cutting repeated get_repository calls speeds things up by roughly 30%.

Troubleshooting

Tool call returns 401 Unauthorized. Your token is wrong, expired, or missing scopes. Regenerate and restart the editor so it picks up the new env.

Tool call returns 403 rate limit exceeded. You have hit the 5000 requests per hour ceiling. Fine-grained tokens share the same bucket. Wait for the reset time shown in the response header, or switch to a GitHub App token which gets a higher limit of 15000 requests per hour.

Server fails to start with ENOENT. npx is not on PATH in the environment Claude Code or Cursor inherits. On macOS, launch the editor from a terminal once so it picks up your shell env, or put the absolute path to npx in the command field.

Model cannot see a private repo. Fine-grained tokens must explicitly grant access to each private repo in the token settings. Classic tokens need the full repo scope.

File writes fail with 422. The file already exists and you passed the wrong SHA, or the branch is protected. Read the existing file first to get the SHA, or pick a different branch.

Alternatives

If the official server does not fit, a few options exist:

  • mcp-server-gitlab is the sister server for GitLab with the same tool shape.
  • github-copilot-mcp exposes Copilot-specific endpoints rather than the plain REST API.
  • github-actions-mcp is focused on workflow runs, logs, and reruns - useful when you want the agent to debug CI failures.

For read-heavy workflows where you want to avoid tokens entirely, a local clone plus the filesystem MCP server is often faster. You get instant file access and no rate limits, at the cost of stale data and no issue or PR visibility.

The GitHub MCP server is the right default for anyone who wants their coding agent to act on a real remote. Five minutes of setup replaces hours of copy-pasting diffs. The verdict from 3 months of daily use: keep it attached by default, and scope your token tightly to the repos your agent actually owns.

Guides

Claude Code Setup

Connect the GitHub MCP server to Claude Code with a fine-scoped personal access ...

Cursor Setup

Connect Cursor Composer to GitHub with a free MCP server install, enable it unde...

Use Cases

Five real GitHub MCP use cases with exact prompts, tool chains, and outputs you ...

Frequently asked questions

Does the GitHub MCP server support GitHub Enterprise Server?

Yes. Set the `GITHUB_API_URL` environment variable to your GHES endpoint (for example `https://github.acme.corp/api/v3`) in the same env block as the token. The server will route every request through that host.

Which token scopes does the server actually need?

For full read/write on classic tokens, `repo` and `workflow` cover the common cases. For fine-grained tokens, grant Contents (read/write), Issues (read/write), Pull requests (read/write), and Metadata (read). Add Actions if you want workflow visibility.

Can the model push commits with my name and email?

The commit author is derived from the token owner by default. To override, pass `author.name` and `author.email` fields when you ask the model to create commits. The underlying API accepts them on the `create_or_update_file` endpoint.

Is there a way to limit which repos the server can touch?

Use a fine-grained token and pick the exact repositories during token creation. The server cannot access anything outside that list, even if you ask it to. This is the safest pattern for agent use.

Why does the first tool call take several seconds?

`npx -y` downloads and caches the package on first run. After that, startup is sub-second. If you need faster cold start, install the package globally with `npm install -g @modelcontextprotocol/server-github` and replace `npx` with the direct binary path in your config.

How do I rotate the token without restarting my editor every time?

Claude Code and Cursor both read env on process spawn, so you do need to restart the MCP server after rotation. The `/mcp restart github` command in Claude Code restarts just that server without reloading your whole session.

View on GitHub →