Git Repo Auth MCP
Provides a tool to mint short-lived, scoped GitHub App installation tokens for git and API access, supporting repository and permission scoping.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Git Repo Auth MCPMint a short-lived token for repo my-repo with read permissions"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Git Repo Auth MCP
Your AI can build things. This lets it save them — safely.
When you ask an AI to build something, that work has to live somewhere. Developers keep theirs on GitHub — but GitHub expects you to create and manage digital keys, and that's where most people give up.
This bridge handles the keys for you. Connect your GitHub account once. After that, every time your AI needs to save work, it gets a fresh key that opens only the one door it needs — and the key expires in an hour.
That's actually safer than what most professionals do. The common shortcut is one master key that opens everything and lasts for years. Here, there's no master key to lose — and if you ever want out, one click disconnects everything.
You never see a key. You never touch a key. You just ask, and it saves to GitHub.
Want this with nearly zero effort?
You don't have to run anything. The hosted bridge is live:
New to all this? Start here: https://gitauth.klappy.dev/start — connected in about a minute, no card for the trial.
Developer? The fast path: https://gitauth.klappy.dev/start-developers
The deal: a real free trial, then plans from $1/month. Pricing and limits render live from the same rulebook the server enforces.
Who you're dealing with: the hosted service is operated by Covenynt Ventures LLC — that's the name on Stripe receipts and in the terms.
Rather hold your own keys? https://gitauth.klappy.dev/self-host — same code as this repo, $0 forever.
Related MCP server: GitHub MCP App Shim
The technical version
Connect GitHub once. Your agent mints its own short-lived, scoped tokens after that.
A Cloudflare Worker that bridges MCP's OAuth to GitHub App installation tokens. Users click "Connect," log in with GitHub, and choose which account to bind. From then on, their MCP session can call one tool — github_token — which returns a ≤1-hour token scoped to their installation, optionally down-scoped per request.
Currently GitHub; forge-agnostic by design.
How the bridge works
An MCP client (Claude, etc.) connects to
/mcpand is sent through a standard OAuth 2.1 flow (dynamic client registration, PKCE) served by this worker.Inside that flow, the user logs in with GitHub. The worker checks which installations of this GitHub App the user actually controls (
GET /user/installations— GitHub filters by both app and user).Zero installations → the user is sent to install the app on their repos. One → bound automatically. Several → a picker.
The grant is bound to that installation ID. Every later
github_tokencall mints for that installation only. GitHub enforces the walls: a token minted for one installation physically cannot touch another's repositories.
Security model — read before trusting
What is never stored. No GitHub tokens, ever. Installation tokens are minted on demand and die within the hour. The GitHub user token from login is used for two GET requests and discarded. The worker's state is: its own OAuth grants (hashed, in KV) and 10-minute pending records during account selection.
What the operator holds. One GitHub App private key — their own, in worker secrets. Users never hand over keys. This is the standard model every CI service uses.
Blast radius, honestly. If this worker is compromised, the attacker gains minting capability over the repos of every account that installed the app — not their keys, not their accounts, but their installed scope, within the app's permission ceiling. Your kill switch as a user is first-class and unilateral: uninstall the app, and minting for your account ends instantly; outstanding tokens die within the hour. If that trust trade doesn't fit you, self-host your own instance (below) — it's the same code.
"No Administration" ≠ "cannot escalate." The recommended grant (Contents RW, PRs RW, Workflows RW, Metadata R) excludes Administration. But Workflows write means a token holder can modify CI, and CI runs with the repo's own credentials. The path is accepted, not eliminated: CI changes land in PRs and audit logs under the app's [bot] identity. Users who don't want the trade can simply not grant the app repos where it matters — or the operator can drop the Workflows permission app-wide.
Per-request enforcement. The permission ceiling, repository scoping, one-hour expiry, and bot provenance are all enforced by GitHub, not by this code.
Connect (as a user)
Add this server to your MCP client — the hosted bridge endpoint is:
https://gitauth.klappy.dev/mcp(Self-hosting? Substitute your own deployment's /mcp.)
Your client will walk you through GitHub login and installation binding. Then ask your agent to call github_token when it needs git or API access.
github_token parameters (both optional): repositories (names, no owner) and permissions (e.g. {"contents":"read"}) — each must be within what the app was granted and where it's installed.
Operate (run your own bridge)
Create a GitHub App (Settings → Developer settings → GitHub Apps → New). Webhook off. Permissions: Contents RW, Pull requests RW, Workflows RW (optional — see security model), Metadata R. Nothing else; explicitly not Administration. Make the app public if others should be able to install it.
Enable user OAuth on the app: set Callback URL to
https://<deployment>/callback, then generate a client secret (App settings → Client secrets). Note the Client ID.Generate the private key. Paste it as-is — the worker auto-converts GitHub's PKCS#1 format to the PKCS#8 that WebCrypto needs. (Manual fallback if ever needed:
openssl pkcs8 -topk8 -inform PEM -in key.pem -nocrypt.) The key never transits chat in any format.Set the slug in
wrangler.jsonc(GH_APP_SLUG, fromgithub.com/apps/<slug>) and create a KV namespace for theOAUTH_KVbinding if the committed ID isn't yours:wrangler kv namespace create OAUTH_KV.Secrets (never committed, never pasted in chat):
wrangler secret put GH_APP_ID wrangler secret put GH_APP_PRIVATE_KEY # the PKCS#8 PEM wrangler secret put GITHUB_CLIENT_ID wrangler secret put GITHUB_CLIENT_SECRETDeploy:
npm install && npm run deployKeep any existing PAT until the first real token mints. Retiring the fallback before validating the replacement is how lockouts happen.
Retired in v0.2: MCP_AUTH_TOKEN (replaced by per-user OAuth) and GH_APP_INSTALLATION_ID (now bound per grant).
Development
npm install
npm run typecheck
npm test
npm run dev # local; dummy values in .dev.vars (gitignored)Troubleshooting & project journal
Field-observed failures and fixes live in docs/troubleshooting.md — start there if a token "doesn't work." The evidence behind each entry is the project journal under odd/ledger/: dated DOLCHEO records of what was observed, learned, and decided. New observations go to the journal first, then get distilled into troubleshooting.
License
Deliberately not yet licensed (all rights reserved by default) — a licensing decision is pending and will be made once, deliberately. Open an issue if you need clarity before then.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/klappy/git-repo-auth-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server