GitHub MCP Server
The GitHub MCP server lets your AI agents interact with GitHub repositories, issues, pull requests, code, branches, and commits. Unlike other MCP server integrations that use traditional OAuth apps, GitHub uses a GitHub App, which provides fine-grained permissions and organization-level control over which repositories the app can access.
Capabilities
| Category | What Agents Can Do |
|---|---|
| Repositories | List repos, search code, view file contents, create and manage branches, list commits and tags, fork repositories |
| Issues | Search, create, update, and comment on issues |
| Pull Requests | Create, review, update, and merge pull requests; list changed files; add review comments |
| Commit Status | View CI/CD build status for commits |
| Teams | List organization teams and their members |
OAuth Setup
The GitHub integration uses a GitHub App for authentication. GitHub Apps provide finer-grained permissions than traditional OAuth apps — you choose exactly what the app can do, and organization admins control which repositories it can access.
📝 Note: GitHub Apps do not use scopes like other OAuth services. Instead, permissions are configured directly on the app when you create it. The OAuth token automatically inherits the permissions defined on the app.
Step 1: Create a GitHub App
-
Go to github.com and click your profile picture > Settings.
-
In the left sidebar, click Developer settings > GitHub Apps > New GitHub App.
- To create under an organization: go to the organization's Settings > Developer settings > GitHub Apps > New GitHub App.
-
Fill in the basic information:
| Field | What to Enter |
|---|---|
| GitHub App name | A unique name, for example "Devs AI" |
| Description | Optional description of the integration |
| Homepage URL | Your Devs.ai instance URL |
Step 2: Configure the Callback URL
- Under Identifying and authorizing users, enter the Callback URL provided by your Devs.ai platform administrator.
- Check Request user authorization (OAuth) during installation.
- Leave Expire user authorization tokens checked (recommended for security).
Step 3: Disable Webhooks
Under Webhook, uncheck the Active checkbox. The MCP server does not require webhook events.
Step 4: Set Permissions
Under Permissions, configure the following and leave everything else as "No access":
Repository Permissions:
| Permission | Access Level | What It Enables |
|---|---|---|
| Contents | Read & Write | Read and write file contents, manage branches, list commits and tags |
| Issues | Read & Write | View, create, update, and comment on issues |
| Pull requests | Read & Write | Create, review, update, and merge pull requests |
| Commit statuses | Read-only | View CI/CD build status |
| Metadata | Read-only | Basic repository information and search (automatically selected) |
Organization Permissions:
| Permission | Access Level | What It Enables |
|---|---|---|
| Members | Read-only | List teams and team members |
Step 5: Set Installation Scope
Under Where can this GitHub App be installed?, select:
- Any account — to allow other organizations to install the app.
- Only on this account — if you only need it for your own organization.
Step 6: Create and Save Credentials
- Click Create GitHub App.
- On the app settings page, copy the Client ID (displayed under "About").
- Click Generate a new client secret and copy the secret immediately — it is only shown once.
Step 7: Install the App on Your Organization
- Go to
https://github.com/apps/YOUR-APP-SLUG(the slug is the lowercase, hyphenated version of your app name). - Click Install.
- Choose the organization.
- Select All repositories or Only select repositories to control access.
- Click Install.
📝 Note: An organization admin must install the GitHub App. The admin decides which repositories the app can access. This provides an additional layer of security beyond user-level permissions.
Step 8: Configure in Devs.ai
- Navigate to Organization > Connectors in Devs.ai.
- Find the GitHub template and click Enable.
- Select OAuth as the authentication type.
- Enter your Client ID and Client Secret from Step 6.
- Select the tools you want to make available.
- Click Save.
Token Expiration
GitHub App tokens can be configured to expire or persist:
| Setting | Behavior |
|---|---|
| Expiration enabled (default) | Tokens expire after 8 hours. The platform automatically refreshes them using a refresh token. |
| Expiration opted out | Tokens never expire. No refresh is needed. |
To change this setting, go to your GitHub App's settings > Optional features > User-to-server token expiration.
OAuth Configuration Reference
| Field | Value |
|---|---|
| Authorization URL | https://github.com/login/oauth/authorize |
| Token URL | https://github.com/login/oauth/access_token |
| Scopes | None (permissions are set on the GitHub App) |