What are MCP servers?

MCP (Model Context Protocol) servers extend AI coding assistants like Claude Code, Cursor, and VS Code with additional capabilities — from database access to web browsing to file manipulation.

How do I configure MCP servers?

Visit stackmcp.dev/stacks to browse curated server stacks with ready-to-copy configuration files for 6 AI editors.

How to Set Up and Use the GitHub MCP Server — Complete Guide

The GitHub MCP server gives your AI coding assistant direct access to the GitHub API -- PRs, issues, code search, file operations, and workflow dispatch -- so you stop tab-switching between your editor and github.com. It ships 20 tools at ~10,300 tokens, making it one of the most efficient MCP servers available.

TL;DR: Install with npx -y @modelcontextprotocol/server-github, authenticate with a fine-grained PAT, and your assistant can create PRs, review diffs, triage issues, and search code across repos without leaving your editor.

GitHub MCP | npm | Tools: 20 | ~10,300 tokens

graph LR
    A[Your Editor] --> B[AI Assistant]
    B --> C[GitHub MCP Server]
    C --> D[GitHub API]
    D --> E[Repos / PRs / Issues]

What the Server Exposes

Repository operations: search_repositories, create_repository, fork_repository, get_file_contents, create_or_update_file, push_files

Branch management: create_branch, list_commits

Issue tracking: create_issue, list_issues, update_issue, add_issue_comment, search_issues

Pull requests: create_pull_request, get_pull_request, list_pull_requests, merge_pull_request, get_pull_request_diff, get_pull_request_reviews, create_pull_request_review

Code search: search_code

At ~5% of a 200K context window, you can comfortably run it alongside 3-4 other servers. Compare to heavier servers like Supabase MCP (~12,875 tokens) and you get full GitHub API coverage at lower cost.

Prerequisites

You need a GitHub Personal Access Token (PAT).

Fine-grained tokens (recommended)

Go to GitHub Settings > Developer Settings > Fine-grained tokens. Set these permissions:

Contents: Read and write
Issues: Read and write
Pull requests: Read and write
Metadata: Read-only
Workflows: Read and write (only if you need GitHub Actions)

Classic tokens (simpler)

Create one with repo scope. Broader access, simpler setup. Classic tokens grant access to all repositories -- you cannot scope to specific repos.

Setup by Client

Claude Code

{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_your_token_here"
      }
    }
  }
}

Or via CLI: claude mcp add github -- npx -y @modelcontextprotocol/server-github

See the full Claude Code setup guide for details on config scoping and permissions.

Cursor

Create .cursor/mcp.json:

{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_your_token_here"
      }
    }
  }
}

Reload after saving. See the Cursor setup guide for project vs global config.

VS Code (GitHub Copilot)

{
  "mcp": {
    "servers": {
      "github": {
        "command": "npx",
        "args": ["-y", "@modelcontextprotocol/server-github"],
        "env": {
          "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_your_token_here"
        }
      }
    }
  }
}

Real-World Workflows

Review a PR and leave comments

"Review PR #142 on our-org/api-service. Focus on error handling and potential breaking changes. Leave review comments on specific lines."

Calls get_pull_request_diff to read changes
Analyzes code for issues
Uses create_pull_request_review to submit line-level comments

Processes a 500-line diff faster than you can scroll through it.

Create a branch and open a PR

"Create branch 'feat/user-preferences' from main, push changes in src/lib/preferences.ts, and open a PR titled 'Add user preferences panel'."

Calls create_branch, push_files, create_pull_request
Returns the PR URL without leaving your editor

Triage issues by label

"Find all open issues labeled 'bug' in our-org/core-library. Summarize each and suggest priority order."

Calls search_issues with filters
Retrieves bodies and comments
Turns a 45-minute triage session into a 5-minute review

Search for deprecated API usage

"Search for all usages of 'legacyAuthMiddleware' across all repos in our-org."

Calls search_code scoped to your organization
Surfaces every file and repo still referencing the deprecated method

Batch issue creation

"Create these issues in our-org/mobile-app: 'Implement offline mode' (feature, mobile), 'Fix crash on upload > 10MB' (bug, critical), 'Add analytics for onboarding' (feature, analytics)."

Calls create_issue for each with titles, labels, and assignees
Batch operations that take 5 minutes in the UI happen in one conversational turn

Common Gotchas

Token scope mismatch

The most common failure. If the assistant can read issues but not create them, your token is missing write access. Check permissions in your token settings.

GitHub API rate limits

Authenticated requests: 5,000/hour REST, 30/minute code search. Be specific with queries -- searching one repo is one call, searching an entire org is many.

Organization access restrictions

Some orgs require token approval. Check org settings under "Personal access tokens" and request approval.

Large file operations

push_files works through the GitHub API, not git. Files over 100MB fail. For large commits, use git directly. The MCP server is best for targeted file changes.

Stale npx cache

Force the latest version: npx -y @modelcontextprotocol/server-github@latest

For more debugging tips, see the MCP troubleshooting guide.

Security Considerations

Least privilege: Use fine-grained tokens scoped to specific repos when possible
Never commit tokens: Add config files to .gitignore. Use placeholder values in committed configs
Rotate regularly: Set 90-day expiration on fine-grained tokens
Review actions: The assistant can push code and merge PRs -- review proposed actions before confirming destructive operations

For a comprehensive security checklist, see how to secure your MCP server setup.

Pairing with Other Servers

Playwright MCP: Push changes, then verify the result by navigating a browser to your preview deployment
Supabase MCP: Full dev loop -- create a DB branch, apply migration, generate types, push to GitHub, open a PR
Sentry MCP: Pull a stack trace from Sentry, find the code via GitHub, open a PR with the fix
Context7 MCP: Ensures the assistant uses correct, current API patterns when writing code for PRs

For a comparison with the GitLab alternative, see GitHub MCP vs GitLab MCP.

Getting Started

Generate a fine-grained PAT, add the config block to your editor, reload, and test with "List my open PRs." The setup takes under two minutes and the payoff is immediate -- every developer interacts with GitHub daily.

For pre-configured stacks that include GitHub MCP, see the Backend Developer, Fullstack Web, or Open Source Maintainer stacks.