What is the GitHub MCP server?

The GitHub MCP server is an official Model Context Protocol server maintained by GitHub that gives AI applications access to GitHub's API. It exposes tools for managing repositories, issues, pull requests, code search, branches, and more. AI assistants like Claude can use it to create PRs, review code, search repositories, manage issues, and automate GitHub workflows directly.

How do I set up the GitHub MCP server with Claude Desktop?

Add the GitHub MCP server to your claude_desktop_config.json with your GitHub personal access token. The configuration requires the command (docker or npx), your GITHUB_PERSONAL_ACCESS_TOKEN as an environment variable, and optionally the specific repositories or organizations to scope access to. After restarting Claude Desktop, you can ask Claude to interact with your GitHub repositories.

Can the GitHub MCP server create and review pull requests?

Yes. The GitHub MCP server exposes tools for the complete PR lifecycle: creating pull requests (create_pull_request), listing PRs (list_pull_requests), getting PR details and diffs, adding review comments, merging PRs, and updating PR descriptions. Combined with a filesystem server, an AI can read code changes, generate PR descriptions, and provide code review feedback.

Is there an official GitLab MCP server?

Yes, there is a community-maintained GitLab MCP server available. It provides similar capabilities to the GitHub server — managing merge requests, issues, pipelines, and repository operations. The GitLab MCP server supports both GitLab.com and self-hosted GitLab instances, making it suitable for enterprise environments that use GitLab for source control.

What permissions does the GitHub MCP server need?

The GitHub personal access token needs scopes matching the operations you want to perform: 'repo' for full repository access (read/write code, PRs, issues), 'read:org' for organization data, 'workflow' for GitHub Actions, and 'gist' for Gist operations. For read-only use cases, you can use a fine-grained token with only read permissions on specific repositories.

Can I use MCP to automate code reviews?

Yes. By combining a version control MCP server (for accessing diffs and PR metadata) with a filesystem server (for reading the full codebase), AI assistants can perform thorough code reviews. The AI reads the PR diff, understands the broader codebase context, identifies potential issues, and posts review comments directly via the GitHub/GitLab API.

How does the Git MCP server differ from the GitHub MCP server?

The Git MCP server operates on local Git repositories using Git CLI commands — it handles commits, branches, diffs, logs, and local operations without needing network access. The GitHub MCP server interacts with GitHub's REST/GraphQL API — it manages pull requests, issues, actions, and remote repository features. Most development workflows benefit from using both together.

Can MCP servers work with monorepos?

Yes. Version control MCP servers work well with monorepos. The GitHub MCP server handles repository-level operations regardless of repo size. For local operations, the Git MCP server can run commands within specific subdirectories. Combine these with a filesystem server scoped to the relevant packages within the monorepo for an efficient workflow.

Version Control MCP Servers: GitHub, GitLab & Bitbucket Guides

Version control is the central nervous system of software development. Every line of code, every code review, every release, and every collaboration flows through Git and its hosting platforms. Version control MCP servers give AI assistants first-class access to this critical system, enabling workflows that were previously impossible or impractical -- from automated PR descriptions that actually capture the intent of changes, to cross-repository code analysis, to intelligent issue triage.

The adoption of version control MCP servers has been particularly strong among development teams. GitHub's official MCP server is consistently among the top three most-downloaded MCP packages, and organizations report that AI-assisted PR workflows alone justify their MCP investment.

Version control MCP servers connect AI applications to Git hosting platforms like GitHub, GitLab, and Bitbucket. They enable AI assistants to create pull requests, review code, manage issues, search repositories, and automate development workflows -- transforming how developers interact with their version control systems.

This guide provides comprehensive coverage of every major version control MCP server: setup instructions, available tools, workflow examples, and best practices for integrating AI into your development pipeline.

Why Version Control MCP Servers Matter

Before MCP, integrating AI with version control required custom API wrappers, bespoke scripts, or copy-pasting code into chat interfaces. Version control MCP servers solve this by providing a standardized interface that any MCP-compatible AI client can use.

The practical impact is significant:

Automated PR creation: AI reads your changes, generates meaningful PR descriptions, and creates the PR
Intelligent code review: AI accesses the full diff and codebase context to provide thorough reviews
Issue triage: AI reads issue backlogs, categorizes them, and suggests assignments
Repository search: AI searches across repositories for code patterns, dependencies, and usage examples
Workflow automation: AI manages branches, triggers CI/CD, and coordinates multi-step development tasks

GitHub MCP Server: Complete Guide

The GitHub MCP server is the most widely used version control MCP server, maintained officially by GitHub.

Installation and Configuration

The server can be run via Docker (recommended) or npx:

Docker setup for Claude Desktop:

{
  "mcpServers": {
    "github": {
      "command": "docker",
      "args": [
        "run", "-i", "--rm",
        "-e", "GITHUB_PERSONAL_ACCESS_TOKEN",
        "ghcr.io/github/github-mcp-server"
      ],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_your_token_here"
      }
    }
  }
}

npx setup:

{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@github/mcp-server"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_your_token_here"
      }
    }
  }
}

Token Configuration

Create a personal access token at GitHub Settings > Developer Settings > Personal Access Tokens:

Token Type	Scope	Use Case
Fine-grained (recommended)	Repository-specific read/write	Production use with least privilege
Classic - `repo`	Full repository access	Development and testing
Classic - `repo` + `workflow`	Repo + GitHub Actions	CI/CD automation
Classic - `repo` + `read:org`	Repo + organization data	Organization-wide operations

Available Tools

The GitHub MCP server exposes a comprehensive set of tools:

Repository Operations:

Tool	Description
`create_repository`	Create a new GitHub repository
`get_repository`	Get repository metadata
`search_repositories`	Search across GitHub repositories
`list_repository_languages`	List programming languages used
`fork_repository`	Fork a repository

Pull Request Operations:

Tool	Description
`create_pull_request`	Create a new pull request
`list_pull_requests`	List PRs with filters
`get_pull_request`	Get PR details and diff
`merge_pull_request`	Merge a pull request
`update_pull_request`	Update PR title, body, or state
`get_pull_request_diff`	Get the full diff of a PR
`get_pull_request_files`	List files changed in a PR
`create_pull_request_review`	Submit a code review

Issue Operations:

Tool	Description
`create_issue`	Create a new issue
`list_issues`	List issues with filters
`get_issue`	Get issue details
`update_issue`	Update issue fields
`add_issue_comment`	Comment on an issue
`search_issues`	Search issues across repositories

Code and Content:

Tool	Description
`search_code`	Search code across GitHub
`get_file_contents`	Read a file from a repository
`create_or_update_file`	Create or update a file
`push_files`	Push multiple files in one commit

Branch Operations:

Tool	Description
`create_branch`	Create a new branch
`list_branches`	List repository branches
`create_ref`	Create a Git reference

Workflow Examples

Automated PR Creation:

When you ask Claude to create a PR after making changes, the workflow looks like this:

Claude uses the filesystem server to read the changed files
Claude analyzes the changes and generates a descriptive PR title and body
Claude calls create_branch to create a feature branch
Claude calls push_files to push the changes
Claude calls create_pull_request with the generated description

Code Review Automation:

User: "Review PR #42 in my-org/my-repo"

Claude's workflow:
1. get_pull_request(owner="my-org", repo="my-repo", pullNumber=42)
2. get_pull_request_diff(...) — reads the full diff
3. get_file_contents(...) — reads related files for context
4. Analyzes the changes for bugs, style issues, and improvements
5. create_pull_request_review(...) — posts the review with comments

Issue Triage:

User: "Triage the open issues in my-org/my-repo"

Claude's workflow:
1. list_issues(state="open") — gets all open issues
2. Categorizes by type (bug, feature, docs, etc.)
3. Suggests labels and priority assignments
4. Optionally updates issues with labels via update_issue()

GitLab MCP Server

The GitLab MCP server provides similar functionality for GitLab-hosted repositories, supporting both GitLab.com and self-hosted instances.

Setup

{
  "mcpServers": {
    "gitlab": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-gitlab"],
      "env": {
        "GITLAB_PERSONAL_ACCESS_TOKEN": "glpat-your_token_here",
        "GITLAB_API_URL": "https://gitlab.com/api/v4"
      }
    }
  }
}

For self-hosted GitLab instances, change GITLAB_API_URL to point to your instance:

{
  "GITLAB_API_URL": "https://gitlab.your-company.com/api/v4"
}

Key Capabilities

The GitLab MCP server exposes tools for:

Merge Requests: Create, list, review, approve, and merge MRs
Issues: CRUD operations, labels, milestones, and assignments
Pipelines: View CI/CD pipeline status and trigger runs
Repository: File operations, branch management, and search
Projects: List, search, and manage GitLab projects
Groups: Navigate GitLab group hierarchies

GitLab-Specific Features

GitLab's MCP server includes tools unique to GitLab's platform:

Feature	Tool	Description
CI/CD Pipelines	`list_pipelines`, `get_pipeline`	View and monitor pipeline status
Merge Request Approvals	`approve_merge_request`	Approve MRs programmatically
Project Milestones	`list_milestones`	Track milestone progress
Container Registry	`list_registry_repositories`	Browse container images
Wiki Pages	`get_wiki_page`	Access project wiki content

Bitbucket MCP Server

Community-maintained Bitbucket MCP servers provide integration with Atlassian's Bitbucket platform:

{
  "mcpServers": {
    "bitbucket": {
      "command": "npx",
      "args": ["-y", "mcp-server-bitbucket"],
      "env": {
        "BITBUCKET_USERNAME": "your_username",
        "BITBUCKET_APP_PASSWORD": "your_app_password",
        "BITBUCKET_WORKSPACE": "your_workspace"
      }
    }
  }
}

Available Operations

Pull request management (create, review, merge)
Repository browsing and search
Pipeline status monitoring
Code comments and inline reviews
Workspace and project navigation

Local Git MCP Server

For local Git operations without requiring network access, the Git MCP server operates directly on repositories on disk:

{
  "mcpServers": {
    "git": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-git"],
      "env": {}
    }
  }
}

Local Git Tools

Tool	Description
`git_status`	Show working tree status
`git_log`	View commit history
`git_diff`	Show changes between commits/branches
`git_commit`	Create a commit
`git_branch`	List or create branches
`git_checkout`	Switch branches
`git_show`	Show commit details
`git_blame`	Show line-by-line authorship

The local Git server is ideal for:

Offline development workflows
Analyzing repository history
Preparing commits before pushing
Understanding code evolution through blame and log

Comparison: Version Control MCP Servers

Feature	GitHub MCP	GitLab MCP	Bitbucket MCP	Git (Local)
Maintainer	GitHub (Official)	Community	Community	Anthropic
PR/MR Management	Full lifecycle	Full lifecycle	Full lifecycle	N/A
Issue Tracking	Full CRUD	Full CRUD	Basic	N/A
CI/CD Integration	Actions status	Pipeline management	Pipeline status	N/A
Code Search	Cross-repo search	Project search	Workspace search	Local grep
Self-Hosted	GitHub Enterprise	GitLab CE/EE	Bitbucket Server	Any Git repo
Auth Method	PAT / GitHub App	PAT	App Password	None needed
Transport	stdio	stdio	stdio	stdio
File Operations	Read/write via API	Read/write via API	Read via API	Full local access

Security Best Practices

Token Management

Use fine-grained tokens: Scope access to specific repositories rather than granting broad access
Rotate tokens regularly: Set expiration dates and rotate tokens every 90 days
Store tokens securely: Use environment variables or secret managers, never hardcode in config files
Audit token usage: Review GitHub's token activity log periodically

Access Control

{
  "mcpServers": {
    "github-readonly": {
      "command": "npx",
      "args": ["-y", "@github/mcp-server", "--read-only"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_readonly_token"
      }
    }
  }
}

Use read-only tokens for code review and analysis tasks
Limit repository access to only the repos needed for the current workflow
Consider separate tokens for different AI assistants or use cases
For organizations, use GitHub App installations instead of personal tokens

Preventing Unintended Changes

MCP clients like Claude Desktop prompt users before executing write operations. Additional safeguards include:

Configure branch protection rules on your repositories
Require PR reviews before merging (even for AI-created PRs)
Use CI/CD checks to validate changes before they reach production
Set up CODEOWNERS files to ensure human review on critical paths

For comprehensive security guidance, see our MCP Security Model guide.

Advanced Workflows

Multi-Repository Operations

AI agents can operate across multiple repositories by configuring multiple GitHub MCP server instances or using a single token with multi-repo access:

User: "Find all uses of the deprecated UserService.getById() method
       across our organization's repositories"

Claude's workflow:
1. search_code(query="UserService.getById org:my-org", ...)
2. Returns matches across multiple repos
3. Creates issues in each affected repo documenting the deprecation
4. Optionally creates PRs with the updated method calls

CI/CD Integration

Version control MCP servers integrate with developer tools MCP servers to create end-to-end deployment workflows:

Code change: AI writes code using filesystem server
Commit and push: Git server commits changes and pushes to remote
PR creation: GitHub server creates a PR with automated description
CI monitoring: AI monitors GitHub Actions status
Review and merge: AI addresses review feedback and merges when approved

Connecting to Your Development Environment

The most productive setup combines version control servers with complementary MCP servers:

Filesystem server for reading and writing local files
GitHub/GitLab server for remote repository operations
Local Git server for commit history and branch management
Browser automation server for testing deployed changes

Troubleshooting

Authentication Failures

Verify your token has not expired
Check token scopes match the operations you are attempting
For GitHub Enterprise, ensure the token is created on the correct instance
Test the token manually: curl -H "Authorization: token ghp_xxx" https://api.github.com/user

Rate Limiting

GitHub API has rate limits (5,000 requests/hour for authenticated users). If you hit limits:

Reduce the frequency of polling operations
Use webhooks instead of polling for PR/issue updates
Consider using a GitHub App with higher rate limits
Cache responses where possible

Large Repository Performance

For repositories with thousands of files or extensive history:

Scope operations to specific paths when possible
Use targeted search instead of listing all files
Limit log history with date ranges
Consider using the local Git server for history operations (faster than API)

Real-World Integration Patterns

Pattern 1: Automated Changelog Generation

AI assistants can generate changelogs by analyzing commit history:

User: "Generate a changelog for the v2.3 release"

Claude's workflow:
1. (Git) git_log(since="v2.2", until="v2.3") — get all commits
2. Categorize commits by type (feature, fix, refactor, docs)
3. Group by component or area of the codebase
4. Generate a structured changelog:

## v2.3.0 (2026-02-25)

### New Features
- Add webhook system for real-time notifications (#234)
- Support OAuth 2.0 for API authentication (#241)

### Bug Fixes
- Fix race condition in concurrent file uploads (#238)
- Resolve timezone handling in scheduled reports (#240)

### Improvements
- Reduce API response time by 40% with query optimization (#236)
- Update dependencies to address security advisories (#239)

Pattern 2: Repository Health Check

Regular automated analysis of repository health:

User: "Run a health check on our main repository"

Claude's workflow:
1. (GitHub) get_repository() — repo metadata
2. (GitHub) list_pull_requests(state="open") — open PR count and age
3. (GitHub) list_issues(state="open") — open issue count
4. (GitHub) search_code("TODO|FIXME|HACK") — tech debt indicators
5. (Git) git_log(last_30_days) — commit frequency
6. (GitHub) list_branches() — stale branch identification

Health Report:
- Open PRs: 12 (3 older than 7 days — recommend review)
- Open Issues: 45 (8 marked as bugs — prioritize)
- Tech Debt: 23 TODO comments, 7 FIXME markers
- Commit frequency: 8.3 commits/day (healthy)
- Stale branches: 5 branches with no activity in 30+ days

Pattern 3: Cross-Repository Dependency Analysis

For organizations with many repositories:

User: "Which of our repos depend on the auth-library
       and might be affected by the breaking change in v3?"

Claude's workflow:
1. (GitHub) search_code("auth-library", org="our-org")
2. For each matching repo:
   a. (GitHub) get_file_contents("package.json")
   b. Check the version constraint for auth-library
   c. Determine if the breaking change affects this version
3. Generate a dependency impact report with affected repos
4. Optionally create issues in each affected repo

Code Review Best Practices with MCP

Structured Review Process

The most effective AI code reviews follow a structured approach:

Step 1 -- Context Gathering:

Read the PR description and linked issue
Understand the intent and scope of the change

Step 2 -- Code Analysis:

Read the full diff
Read related files for broader context
Check for consistency with project conventions

Step 3 -- Review Categories:

Category	What to Check	Priority
Correctness	Logic errors, edge cases, null handling	Critical
Security	Input validation, auth checks, injection risks	Critical
Performance	N+1 queries, unnecessary computations, memory leaks	High
Maintainability	Code clarity, naming, documentation	Medium
Testing	Test coverage, edge case tests, test quality	High
Style	Linting compliance, formatting consistency	Low

Step 4 -- Feedback Delivery:

Post inline comments on specific lines
Provide a summary with overall assessment
Suggest specific improvements with code examples
Distinguish between blocking issues and suggestions

Review Automation Pipeline

Organizations can set up automated review pipelines:

# GitHub Actions workflow for AI-assisted review
name: AI Code Review
on:
  pull_request:
    types: [opened, synchronize]

jobs:
  ai-review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run AI Code Review
        uses: your-org/ai-review-action@v1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          mcp-config: .github/mcp-review-config.json

Managing Secrets and Sensitive Data

Token Rotation Strategy

Token Type	Rotation Period	Automation
Fine-grained PAT	90 days	GitHub API + secret rotation
Classic PAT	90 days	Manual rotation with calendar reminder
GitHub App keys	365 days	Automated via GitHub App settings
Deploy keys	180 days	CI/CD pipeline managed

Environment-Specific Configurations

{
  "mcpServers": {
    "github-dev": {
      "command": "npx",
      "args": ["-y", "@github/mcp-server"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_DEV_TOKEN}"
      }
    },
    "github-prod-readonly": {
      "command": "npx",
      "args": ["-y", "@github/mcp-server", "--read-only"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_PROD_READONLY_TOKEN}"
      }
    }
  }
}

Use separate tokens for development (read-write access to dev repos) and production (read-only access for monitoring and analysis).

Performance Considerations

API Call Optimization

The GitHub API has rate limits of 5,000 requests per hour for authenticated users. Optimize usage by:

Batching operations: Use push_files to commit multiple files in one API call instead of individual file commits
Caching repository metadata: Read repo info once per session, not per tool call
Scoped searches: Use repository-specific queries instead of organization-wide searches when possible
Conditional requests: Use ETags to avoid fetching unchanged data

Handling Large Repositories

For repositories with thousands of files or extensive commit history:

Challenge	Solution
Large diffs	Request diffs for specific files, not entire PRs
Deep commit history	Use date ranges or commit count limits
Many open PRs/issues	Filter by labels, assignees, or date
Code search across org	Scope to specific repos when possible
Binary files in repos	Skip binary file operations

Branch Management Strategies

AI assistants with version control MCP access can enforce branching strategies and help teams maintain clean Git workflows.

Feature Branch Workflow

User: "Create a feature branch for the payment refactoring,
       following our naming conventions"

Claude's workflow:
1. (Git) git_branch() — list existing branches for context
2. (GitHub) get_issue("PROJ-456") — read the linked issue
3. (Git) git_checkout("main") — start from main
4. (Git) git_branch("feature/PROJ-456-payment-refactoring")
5. (Git) git_checkout("feature/PROJ-456-payment-refactoring")
6. Report: "Created and checked out feature/PROJ-456-payment-refactoring
   from main (commit abc1234)"

Release Branch Management

For teams following a release branching model:

User: "Prepare the v2.4 release branch"

Claude's workflow:
1. (GitHub) list_pull_requests(state="merged", base="main", since="v2.3")
   — list all merged PRs since last release
2. (Git) git_branch("release/v2.4") — create release branch
3. (GitHub) list_issues(milestone="v2.4", state="open")
   — check for incomplete items in milestone
4. Generate release notes from merged PR descriptions
5. Flag any open blockers or incomplete work items
6. (GitHub) create_pull_request(head="release/v2.4", base="main")

Stale Branch Cleanup

User: "Clean up stale branches in the repository"

Claude's workflow:
1. (GitHub) list_branches() — get all branches
2. (Git) git_log(each_branch) — check last commit date
3. (GitHub) list_pull_requests(head=each_branch) — check for open PRs
4. Categorize branches:
   - Active: commits in the last 14 days or open PRs
   - Stale: no commits in 30+ days, no open PRs
   - Merged: branch has been merged and can be safely deleted
5. Present the list for approval before deletion
6. (GitHub) delete merged branches with user confirmation

Monorepo-Specific Patterns

Working with monorepos introduces unique challenges that version control MCP servers handle well.

Targeted Operations

For large monorepos, scope operations to specific packages or services:

User: "What changed in the payments service since the last release?"

Claude's workflow:
1. (Git) git_log(path="packages/payments/", since="v2.3")
   — scoped commit history
2. (Git) git_diff("v2.3..HEAD", path="packages/payments/")
   — changes specific to payments
3. (GitHub) search_code("payments", repo="org/monorepo")
   — find cross-references
4. Summarize changes, categorized by type (features, fixes, refactors)

Affected Service Detection

When changes span multiple packages:

User: "Which services are affected by PR #67?"

Claude's workflow:
1. (GitHub) get_pull_request_files(67) — get changed files
2. Map changed files to packages/services
3. (Filesystem) Read dependency configs (package.json, tsconfig.json)
4. Identify transitive dependencies
5. Report: "Direct changes: auth-service, shared-utils
   Potentially affected: api-gateway, user-service (depend on shared-utils)"

Migration Guide: Switching Between Platforms

AI assistants can help teams migrate between version control platforms by coordinating operations across multiple MCP servers.

GitHub to GitLab Migration

Migration workflow:
1. (GitHub) list_issues(state="all") — export all issues
2. (GitHub) list_pull_requests(state="all") — export PR history
3. (GitLab) create_project(name, description) — create target project
4. (GitLab) create_issues(imported_issues) — recreate issues
5. Map GitHub labels to GitLab labels
6. Generate a migration report with completion status

Label and Workflow Standardization

User: "Standardize labels across all repositories in our org"

Claude's workflow:
1. (GitHub) For each repo in the organization:
   a. list_labels() — get current labels
2. Compare against the standard label set
3. Identify missing, extra, and misnamed labels
4. Generate a standardization plan
5. (GitHub) create_label / update_label for each repo
6. Report: "Standardized labels across 15 repositories.
   Added 'priority:critical' to 8 repos, renamed 'wontfix' to
   'status:wont-fix' in 12 repos."