git-mcp
Provides tools for interacting with GitHub, enabling AI agents to manage repositories, issues, pull requests, users, and other GitHub resources on behalf of an authenticated user.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@git-mcpshow my recent pull requests"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
git-mcp
A remote MCP server that connects Claude to GitHub on behalf of each end user.
Auth — runs Claude's custom-connector OAuth flow against a GitHub OAuth App (FastMCP
GitHubProvider). Each user logs into GitHub through Claude.Proxy — proxies the official
github/github-mcp-server(run inhttpmode), forwarding each request with the authenticated user's GitHub token. All of GitHub's official MCP tools are exposed to Claude, executed as that user.
Claude custom connector ──HTTPS /mcp──▶ FastMCPProxy (this app)
auth = GitHubProvider (OAuth App) → per-user GitHub token (get_access_token().token)
client_factory (per request) → Authorization: Bearer <user token>
▼
github-mcp-server (official, http mode, 127.0.0.1:8082)
▼
GitHub API (as the user)Stack
Python 3.12+ · uv · ruff · ty · pytest · fastmcp (pinned).
Related MCP server: GitHub MCP Connector
Setup
make install-dev # uv sync + pre-commit hooks
cp .env.example .env # then fill in the valuesCreate the GitHub OAuth App
GitHub → Settings → Developer settings → OAuth Apps → New OAuth App.
Homepage URL: your
BASE_URL(e.g.https://your-app.herokuapp.com)Authorization callback URL:
<BASE_URL>/auth/callback
Copy the Client ID / secret into .env (GITHUB_OAUTH_CLIENT_ID, GITHUB_OAUTH_CLIENT_SECRET).
Develop
make lint # ruff check + format check + ty
make test # pytest -n auto
make format # auto-fix + format + tyRun locally
The app spawns github-mcp-server http as a subprocess, so you need the binary on
PATH (or set GITHUB_MCP_BINARY). Easiest is a local build/binary from the
releases; alternatively run the
backend yourself in Docker via make run-backend and point BACKEND_MCP_URL at it
(then comment out the subprocess spawn for local testing).
make run-dev # binds 0.0.0.0:$PORT (default 8000), serves /mcpTest the OAuth + tool flow with the MCP Inspector:
npx @modelcontextprotocol/inspector
# connect to http://localhost:8000/mcp → completes GitHub OAuth → lists toolsDeploy to Heroku (container)
Both processes share localhost, so they run in one dyno via a multi-stage image.
heroku create your-app
heroku stack:set container -a your-app
heroku config:set -a your-app \
GITHUB_OAUTH_CLIENT_ID=... \
GITHUB_OAUTH_CLIENT_SECRET=... \
BASE_URL=https://your-app.herokuapp.com \
JWT_SIGNING_KEY="$(openssl rand -hex 32)" \
GITHUB_TOOLSETS=repos,issues,pull_requests,users,context \
GITHUB_SCOPES="repo read:org read:user"
git push heroku mainProvision Redis so OAuth state survives Heroku's daily dyno cycling — without it every
connected client must re-authenticate each day. The add-on sets REDIS_URL automatically:
heroku addons:create heroku-redis:mini -a your-appBASE_URL and the OAuth App callback (<BASE_URL>/auth/callback) must match the
deployed URL exactly.
Add to Claude
Add https://your-app.herokuapp.com/mcp as a custom connector (Streamable HTTP).
Claude runs the OAuth flow; after you authorize the GitHub OAuth App, the GitHub tools
become available, acting as your GitHub user.
Authentication
OAuth and key-based auth are independent and can run together on one deployment:
GitHub OAuth (set the OAuth App credentials + a gate via
ALLOWED_GITHUB_ORGorALLOW_UNGATED=1) — for interactive clients like Claude Desktop / claude.ai. Each user acts as themselves via their own GitHub token.Key-based (set
MCP_API_KEYS+GITHUB_BACKEND_TOKEN) — for a headless app/agent. Clients sendAuthorization: Bearer <key>and act as the configured backend PAT; a valid key is its own gate (no org check).Both — the server serves the OAuth flow and accepts the static keys, so a Claude Desktop connector and a built app can use the same URL at once. Key requests are tagged internally so they forward the backend PAT and skip the org gate, while OAuth requests forward the user's token and are org-gated as usual.
At least one of the two must be configured or the server refuses to start.
Pinning
Keep both moving pieces pinned:
fastmcp(proxy/auth API moves across versions; targets v3.4.2+).ghcr.io/github/github-mcp-serverimage (pin a digest in theDockerfile).
Configuration
See .env.example. Notable: GITHUB_TOOLSETS (or all), READ_ONLY=1 to force
read-only tools, GITHUB_SCOPES for the OAuth scopes the proxied tools need.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/tutorcruncher/github-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server