GitHub’s remote MCP server exposes tools for repositories, issues, pull requests, users, Actions workflows, code security findings, and more. Register it in the TrueFoundry MCP Gateway when you want agents to work with GitHub through governed, per-user access.Documentation Index
Fetch the complete documentation index at: https://www.truefoundry.com/llms.txt
Use this file to discover all available pages before exploring further.
Prerequisites
- A TrueFoundry account with permission to add MCP servers.
- A GitHub organization or user account where you can create GitHub Apps.
- Your TrueFoundry control plane base URL.
Create a GitHub App
Open the GitHub App creation page
For an organization app, open
https://github.com/organizations/<your-org>/settings/apps/new.For a personal account app, open github.com/settings/apps/new.Fill in the app details
Use values your users can recognize:
| Field | Value |
|---|---|
| GitHub App name | TrueFoundry GitHub MCP |
| Homepage URL | Your TrueFoundry control plane URL |
| Callback URL | https://<tfy-control-plane-base-url>/api/svc/v1/llm-gateway/mcp-servers/oauth2/callback |
Register GitHub in TrueFoundry
Add a remote MCP server
In TrueFoundry, open MCP Gateway, click Add MCP Server, and select Connect any Remote MCP Server.
Configure the server
Use the default GitHub MCP URL unless you want a specific toolset mode.
| Field | Value |
|---|---|
| Name | github |
| URL | https://api.githubcopilot.com/mcp/ |
| Description | GitHub MCP server for repositories, issues, pull requests, users, and workflows. |
| Authentication | OAuth2 |
| Grant Type | Authorization Code |
| Authorization URL | https://github.com/login/oauth/authorize |
| Token URL | https://github.com/login/oauth/access_token |
| Client ID | Client ID from the GitHub App |
| Client Secret | Client secret from the GitHub App |
| JWT Source | Access Token |
Add collaborators
Add users and teams that should be able to use GitHub tools. Give administrators MCP Server Manager and normal consumers MCP Server User.
Choose GitHub Toolsets
GitHub’s MCP URL can restrict or expand the available tools. Pick the narrowest URL that supports your agent workflow.| Goal | MCP server URL |
|---|---|
Default toolsets: context, repos, issues, pull_requests, users | https://api.githubcopilot.com/mcp/ |
| Read-only access | https://api.githubcopilot.com/mcp/readonly |
| All toolsets | https://api.githubcopilot.com/mcp/x/all |
| Specific toolsets | https://api.githubcopilot.com/mcp/x/repos,issues,actions |
actions, code_security, discussions, gists, notifications, projects, and secret_protection.
GitHub Enterprise
For GitHub Enterprise Cloud with data residency, use:<subdomain> with the subdomain from your ghe.com organization.
GitHub Enterprise Server does not support GitHub’s hosted remote MCP endpoint. For that environment, deploy ghcr.io/github/github-mcp-server as a hosted service or register it as a Hosted Stdio-based MCP Server, and authenticate with a fine-grained service account PAT using the minimum scopes required for your tools.
Verify the Connection
For OAuth-based MCP servers, users must first open the server’s Tools section and click Connect Now. After OAuth succeeds, the GitHub tools appear in the tools list. Users can then try those tools from the Agent Playground. If you enabled write-capable toolsets, test them only in a sandbox repository first.Security Notes
- Prefer per-user OAuth so GitHub permissions follow each user’s account and organization membership.
- Use
https://api.githubcopilot.com/mcp/readonlywhen agents should never create or update GitHub resources. - Keep the GitHub client secret in TrueFoundry and rotate it if it is exposed.
- Use Auth Overrides only when you intentionally switch to API key or PAT-based authentication.