> ## Documentation Index
> Fetch the complete documentation index at: https://www.truefoundry.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Set up GitHub MCP Server

> Create a GitHub App and connect GitHub's remote MCP server to TrueFoundry with per-user OAuth access.

GitHub's remote MCP server exposes tools for repositories, issues, pull requests, users, Actions workflows, code security findings, and more. Register it in the TrueFoundry MCP Gateway when you want agents to work with GitHub through governed, per-user access.

## Prerequisites

* A TrueFoundry account with permission to add MCP servers.
* A GitHub organization or user account where you can create GitHub Apps.
* Your TrueFoundry control plane base URL.

## Create a GitHub App

<Steps>
  <Step title="Open the GitHub App creation page">
    For an organization app, open `https://github.com/organizations/<your-org>/settings/apps/new`.

    For a personal account app, open [github.com/settings/apps/new](https://github.com/settings/apps/new).
  </Step>

  <Step title="Fill in the app details">
    Use values your users can recognize:

    | Field               | Value                                                                                     |
    | ------------------- | ----------------------------------------------------------------------------------------- |
    | **GitHub App name** | `TrueFoundry GitHub MCP`                                                                  |
    | **Homepage URL**    | Your TrueFoundry control plane URL                                                        |
    | **Callback URL**    | `https://<tfy-control-plane-base-url>/api/svc/v1/llm-gateway/mcp-servers/oauth2/callback` |
  </Step>

  <Step title="Create the app">
    Click **Create GitHub App**.
  </Step>

  <Step title="Copy OAuth credentials">
    On the app settings page, copy the **Client ID**. Then click **Generate a new client secret** and copy the secret immediately because GitHub only shows it once.
  </Step>
</Steps>

## Register GitHub in TrueFoundry

<Steps>
  <Step title="Add a remote MCP server">
    In TrueFoundry, open **MCP Gateway**, click **Add MCP Server**, and select **Connect any Remote MCP Server**.
  </Step>

  <Step title="Configure the server">
    Use the default GitHub MCP URL unless you want a specific toolset mode.

    | Field                 | Value                                                                              |
    | --------------------- | ---------------------------------------------------------------------------------- |
    | **Name**              | `github`                                                                           |
    | **URL**               | `https://api.githubcopilot.com/mcp/`                                               |
    | **Description**       | `GitHub MCP server for repositories, issues, pull requests, users, and workflows.` |
    | **Authentication**    | `OAuth2`                                                                           |
    | **Grant Type**        | `Authorization Code`                                                               |
    | **Authorization URL** | `https://github.com/login/oauth/authorize`                                         |
    | **Token URL**         | `https://github.com/login/oauth/access_token`                                      |
    | **Client ID**         | Client ID from the GitHub App                                                      |
    | **Client Secret**     | Client secret from the GitHub App                                                  |
    | **JWT Source**        | `Access Token`                                                                     |
  </Step>

  <Step title="Add collaborators">
    Add users and teams that should be able to use GitHub tools. Give administrators **MCP Server Manager** and normal consumers **MCP Server User**.
  </Step>

  <Step title="Save and authorize">
    Create the server. Each user should open the server's **Tools** section and click **Connect Now** to authorize GitHub before using the tools.
  </Step>
</Steps>

## Choose GitHub Toolsets

GitHub's MCP URL can restrict or expand the available tools. Pick the narrowest URL that supports your agent workflow.

| Goal                                                                     | MCP server URL                                             |
| ------------------------------------------------------------------------ | ---------------------------------------------------------- |
| Default toolsets: `context`, `repos`, `issues`, `pull_requests`, `users` | `https://api.githubcopilot.com/mcp/`                       |
| Read-only access                                                         | `https://api.githubcopilot.com/mcp/readonly`               |
| All toolsets                                                             | `https://api.githubcopilot.com/mcp/x/all`                  |
| Specific toolsets                                                        | `https://api.githubcopilot.com/mcp/x/repos,issues,actions` |

Additional toolsets include `actions`, `code_security`, `discussions`, `gists`, `notifications`, `projects`, and `secret_protection`.

<Tip>
  For broad rollouts, start with the read-only URL and publish more capable toolsets through a [Virtual MCP Server](/docs/ai-gateway/mcp/virtual-mcp-server) for trusted teams.
</Tip>

## GitHub Enterprise

For GitHub Enterprise Cloud with data residency, use:

```txt theme={"dark"}
https://copilot-api.<subdomain>.ghe.com/mcp
```

Replace `<subdomain>` with the subdomain from your `ghe.com` organization.

GitHub Enterprise Server does not support GitHub's hosted remote MCP endpoint. For that environment, deploy `ghcr.io/github/github-mcp-server` as a hosted service or register it as a [Hosted Stdio-based MCP Server](/docs/ai-gateway/mcp/stdio-mcp-server), and authenticate with a fine-grained service account PAT using the minimum scopes required for your tools.

## Verify the Connection

For OAuth-based MCP servers, users must first open the server's **Tools** section and click **Connect Now**. After OAuth succeeds, the GitHub tools appear in the tools list. Users can then try those tools from the **Agent Playground**.

If you enabled write-capable toolsets, test them only in a sandbox repository first.

## Security Notes

* Prefer per-user OAuth so GitHub permissions follow each user's account and organization membership.
* Use `https://api.githubcopilot.com/mcp/readonly` when agents should never create or update GitHub resources.
* Keep the GitHub client secret in TrueFoundry and rotate it if it is exposed.
* Use [Auth Overrides](/docs/ai-gateway/mcp/mcp-server-auth-overrides) only when you intentionally switch to API key or PAT-based authentication.
