Skip to main content

Announcing StackOne Defender: leading open-source prompt injection guard for your agent Read More

Connect

Connectors Agent Auth MCP Connector Builder

Optimize

Tool Discovery Falcon Engine

Secure

Defender
Connectors

HRIS / HCM

Employee Onboarding Employee Offboarding

Recruiting

Application Screening Interview Scheduling

Customer Support

Ticket Triage Voice Call Summarization

Sales & CRM

Deal Risk Scoring Lead Qualification

Accounting & Finance

Invoice Processing Month-End Accruals

Marketing

Campaign Reports Lead Nurture Sequences
View all use cases

Developers

Docs Changelog Status

Learn

Blog Case Studies Events Partners
Pricing
Login Book Demo Start Free

GitHub MCP Server
for AI Agents

Production-ready GitHub MCP server with 83 extensible actions — plus built-in authentication, security, and optimized execution.

Start Free Book Demo Read Docs →
GitHub logo
GitHub MCP Server
Built by StackOne StackOne

Coverage

83 Agent Actions

Create, read, update, and delete across GitHub — and extend your agent's capabilities with custom actions.

MCP Actions → Create Actions →

Authentication

Agent Tool Authentication

Per-user OAuth in one call. Your GitHub MCP server gets session-scoped tokens with zero credentials stored on your infra.

Agent Auth →

Security

Agent Protection

Every GitHub tool response scanned for prompt injection in milliseconds — 88.7% accuracy, all running on CPU.

Prompt Injection Defense →

Performance

Max Agent Context. Min Cost.

Free up to 96% of your agent's context window to enhance reasoning and reduce cost, on every GitHub call.

Tools Discovery →

What is the GitHub MCP Server?

A GitHub MCP server lets AI agents read and write GitHub data through the Model Context Protocol — Anthropic's open standard for connecting LLMs to external tools. StackOne's GitHub MCP server ships with 83 pre-built actions, fully extensible via the Connector Builder — plus managed authentication, prompt injection defense, and optimized agent context. Connect it from MCP clients like Claude Desktop, Cursor, and VS Code, or from agent frameworks like OpenAI Agents SDK, LangChain, and Vercel AI SDK.

All GitHub MCP Tools and Actions

Every action from GitHub's API, ready for your agent. Create, read, update, and delete — scoped to exactly what you need.

Repositorys

  • Get Repository

    Retrieve detailed information about a specific repository

  • Update Repository

    Modify repository settings including name, description, visibility, and features

  • Delete Repository

    Permanently remove a repository and all its contents

Organizations

  • Get Organization

    Retrieve detailed information about a specific organization

  • Update Organization

    Update organization settings and profile information

Issues

  • Create Issue

    Create a new issue in a repository

  • List Issues

    Retrieve issues for a repository with filtering options

  • Get Issue

    Retrieve detailed information about a specific issue

  • Search Issues

    Find issues and pull requests across repositories

  • Update Issue

    Modify issue title, body, labels, assignees, or state

Issue Comments

  • Create Issue Comment

    Add a comment to an issue or pull request

  • List Issue Comments

    Get all comments on an issue

Pull Requests

  • Create Pull Request

    Propose code changes for review and merging

  • List Pull Requests

    Retrieve pull requests for a repository

  • Get Pull Request

    Retrieve detailed information about a specific pull request

  • Update Pull Request

    Modify pull request title, body, or state

Commits

  • List Commits

    Get commit history for a repository or branch

  • Get Commit

    Retrieve detailed information about a specific commit

Users

  • List Users

    Get all GitHub users

  • Get User

    Retrieve information about a specific user

  • Update User

    Modify authenticated user's profile information

Collaborators

  • Add Collaborator

    Grant repository access to a user

  • List Collaborators

    Get all users with access to a repository

  • Remove Collaborator

    Revoke repository access from a user

Workflow Runs

  • List Workflow Runs

    Retrieve GitHub Actions workflow execution history

  • Get Workflow Run

    Retrieve detailed information about a specific workflow execution (requires run_id from list_workflow_runs)

Artifacts

  • List Artifacts

    Get build artifacts generated by workflows

  • Download Artifact

    Retrieve artifact files from workflow runs (requires artifact_id from list_artifacts)

Releases

  • Create Release

    Publish a new version of software with release notes

  • List Releases

    Get all releases for a repository

  • Update Release

    Modify release details or publish draft releases

  • Delete Release

    Remove a release from the repository

Webhooks

  • Create Webhook

    Set up HTTP callbacks for repository events

  • List Webhooks

    Get all webhooks configured for a repository

Deployments

  • Create Deployment

    Record a deployment event

  • List Deployments

    Get deployment history for a repository

  • Delete Deployment

    Remove a deployment record from the repository

Git References

  • Create Git Reference

    Create a new Git reference (branch or tag) pointing to a specific commit SHA

  • Get Git Reference

    Retrieve a single Git reference by its exact fully-qualified name

  • Update Git Reference

    Update an existing Git reference to point to a new commit SHA

  • Delete Git Reference

    Delete a Git reference (branch or tag) from a repository

Teams

  • Create Team

    Create a new team in an organization

  • List Teams

    Get all teams in an organization

  • Get Team

    Retrieve information about a specific team

  • Update Team

    Modify team settings and properties

  • Delete Team

    Remove a team from an organization

Team Members

  • Add Team Member

    Add a user to a team

  • Remove Team Member

    Remove a user from a team

Other (35)

  • Create User Repository

    Create a new repository for the authenticated user

  • Create Organization Repository

    Create a new repository in an organization

  • Create Pull Request Review

    Submit a code review with comments and approval status

  • Upload Release Asset

    Attach binary files to a release

  • Create Deployment Status

    Update the status of a deployment

  • Create Or Update File

    Create a new file or update an existing file in a repository

  • Add Team Repository

    Grant team access to a repository

  • List Authenticated User Repositories

    Retrieve list of repositories for the authenticated user

  • List User Repositories

    Retrieve list of public repositories for a specific user

  • List Organization Repositories

    Retrieve list of repositories for an organization

  • List Forks

    Get all forks of a repository

  • List Branches

    Get all branches in a repository

  • Get Branch

    Retrieve information about a specific branch

  • List Authenticated User Organizations

    Retrieve list of organization memberships for the authenticated user

  • List User Organizations

    Retrieve list of public organization memberships for a specific user

  • List Organization Members

    List all users who are members of an organization

  • Get Organization Membership

    Get membership details for a user in an organization (requires organization member authentication)

  • List Authenticated User Organization Memberships

    List all organization memberships for the authenticated user with state and role details

  • Get Authenticated User

    Retrieve information about the authenticated user

  • List Workflow Jobs

    Get jobs within a workflow run (requires run_id from list_workflow_runs)

  • Get Latest Release

    Retrieve the most recent published release

  • Search Code

    Find code across GitHub repositories

  • Search Repositories

    Find repositories matching criteria

  • List Code Scanning Alerts

    Get security vulnerabilities detected by code scanning

  • List Secret Scanning Alerts

    Get exposed secrets detected in repository

  • List Dependabot Alerts

    Get vulnerability alerts for dependencies

  • Get Repository Content

    Retrieve file or directory contents from a repository

  • List Matching Git References

    List Git references in a repository matching a given ref prefix

  • Delete File

    Delete a file from a repository

  • Fork Repository

    Create a personal copy of another repository

  • Check Organization Membership

    Check if a user is a member of an organization (publicly or privately)

  • Merge Pull Request

    Integrate approved changes into the base branch

  • Cancel Workflow Run

    Stop a running workflow (requires run_id from list_workflow_runs)

  • Re-run Workflow

    Retry a failed or completed workflow (requires run_id from list_workflow_runs)

  • Trigger Workflow

    Manually trigger a workflow run

Set Up Your GitHub MCP Server in Minutes

One endpoint. Any framework. Your agent is talking to GitHub in under 10 lines of code.

MCP Clients

Agent Frameworks

Claude Desktop
{
  "mcpServers": {
    "stackone": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote@latest",
        "https://api.stackone.com/mcp?x-account-id=<account_id>",
        "--header",
        "Authorization: Basic <YOUR_BASE64_TOKEN>"
      ]
    }
  }
}

More Developer Tools MCP Servers

Azure DevOps

172+ actions

Cloudflare

137+ actions

Bitbucket

134+ actions

Supabase

128+ actions

GitLab

125+ actions

Terraform

118+ actions

OneLogin

109+ actions

All Developer Tools MCP Servers →

GitHub MCP Server Resources

MCP Code Mode: Keeping Tool Responses Out of Agent Context

Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.

11 min

Comparing BM25, TF-IDF, and Hybrid Search for MCP Tool Discovery

Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.

10 min

Indirect Prompt Injection Defense for MCP Tools: A Technical Guide

MCP tools that read emails, CRM records, and tickets are indirect prompt injection vectors. Here's how we built a two-tier defense that scans tool results in ~11ms.

12 min

GitHub MCP Server FAQ

GitHub MCP server vs direct API integration — what's the difference?
A GitHub MCP server and direct API integration serve different use cases. Direct API integration is for software-to-software — backend code calling GitHub. A GitHub MCP server is for AI agents — MCP clients like Claude and Cursor, plus framework agents built with OpenAI, LangChain, or Vercel AI — discovering and calling GitHub at runtime. StackOne provides both.
How does GitHub authentication work for AI agents?
GitHub authentication for AI agents works through a StackOne Connect Session. Create one via the dashboard or the SDK — you get an auth link and ready-to-paste config for Claude Desktop, Cursor, and other MCP clients. Your user authenticates their own GitHub account; StackOne handles token exchange, storage, and refresh. Credentials never reach the LLM, and each user is isolated via origin_owner_id.
Are GitHub MCP tools vulnerable to prompt injection?
Yes — GitHub MCP tools can be vulnerable to indirect prompt injection. Any tool that reads user-written content — documents, messages, tickets, records, or free-text fields — is a potential vector. StackOne Defender scans every tool response before it enters the agent's context — regex patterns in ~1ms, then a MiniLM classifier in ~4ms. 88.7% accuracy, CPU-only.
What is the context bloat of a GitHub agent and how do I avoid it?
Context bloat happens when GitHub tool schemas and API responses eat your GitHub agent's memory, preventing it from reasoning effectively. A single GitHub query can return a massive JSON response, and connecting multiple tools compounds the problem. Tools Discovery and Code Mode reduce context bloat — loading only relevant tools per query and keeping raw responses out of the agent's context.
Can I limit which actions my GitHub agent can access?
Yes — you can limit which actions your GitHub agent can access directly from the StackOne dashboard. Toggle actions on or off, or restrict them to specific accounts, with no code changes to your agent. Session tokens can be scoped to exact actions so if one leaks, exposure stays contained.
Can I create custom agent actions for my GitHub MCP server?
Yes — you can create custom agent actions for your GitHub MCP server using Connector Builder. It's an integration agent your coding assistant (Claude Code, Cursor, or Copilot) can invoke to research GitHub's API, generate production-ready connector YAML, test against the live API, and validate before you ship.
When should I NOT use a GitHub MCP server?
Skip a GitHub MCP server if your integration is purely software-to-software — direct GitHub API integration is simpler when no AI agent is involved. For deterministic, compliance-critical operations (financial transactions, regulatory reporting), direct API gives you predictable behavior without agent-driven decision-making. MCP shines when AI agents need to dynamically discover and call GitHub actions at runtime.
What AI frameworks and AI clients does the StackOne GitHub MCP server support?
The StackOne GitHub MCP server supports both. MCP clients (paste-and-go apps): Claude Desktop, Claude Code, Cursor, VS Code, Goose. Agent frameworks (code SDKs you build with): OpenAI Agents SDK, Anthropic, Vercel AI, Google ADK, CrewAI, Pydantic AI, LangChain, LangGraph, Azure AI Foundry.

Put your AI agents to work

All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.

Start Free Book Demo