GitHub MCP connector for AI agents

CALL ANY TOOL

Manage repos, issues, pull requests, branches, and files via GitHub MCP's OAuth 2.1 interface. Same toolkit, every framework, no auth plumbing.

github_mcp_repos_list

List repositories

List repositories accessible to the authorized GitHub user with metadata including language, stars, and last push.

Parameters

Name

Type

Required

Description

type

string

Optional

Filter by type: all, owner, member

sort

string

Optional

Sort by: created, updated, pushed, full_name

limit

integer

Optional

Max repos to return

github_mcp_issue_create

Create issue

github_mcp_pr_get

Get pull request

github_mcp_files_get

Get file content

github_mcp_branch_create

Create branch

Build your Agent

Drop the toolkit in, point it at the user, and your agent can manage GitHub repos, issues, and PRs via GitHub MCP from the first run.

import { ScalekitClient } from "@scalekit-sdk/node";
import { DynamicStructuredTool } from "@langchain/core/tools";
import { createReactAgent } from "@langchain/langgraph/prebuilt";
import { z } from "zod";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["githubmcp"], toolNames: ["github_mcp_repos_list", "github_mcp_issue_create", "github_mcp_pr_get"] },
  pageSize: 100,
});

const lcTools = tools.map((t) => new DynamicStructuredTool({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  schema: z.object({}).passthrough(),
  func: async (args) => {
    const { data } = await sk.tools.executeTool({
      toolName: t.tool.definition.name,
      identifier: "user_123",
      params: args,
    });
    return JSON.stringify(data);
  },
}));

const agent = createReactAgent({ llm, tools: lcTools });

import { ScalekitClient } from "@scalekit-sdk/node";
import OpenAI from "openai";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["githubmcp"], toolNames: ["github_mcp_repos_list", "github_mcp_issue_create", "github_mcp_pr_get"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  type: "function",
  function: {
    name: t.tool.definition.name,
    description: t.tool.definition.description,
    parameters: t.tool.definition.input_schema,
  },
}));

const resp = await openai.responses.create({
  model: "gpt-4o", input: prompt, tools: llmTools,
});

import { ScalekitClient } from "@scalekit-sdk/node";
import Anthropic from "@anthropic-ai/sdk";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["githubmcp"], toolNames: ["github_mcp_repos_list", "github_mcp_issue_create", "github_mcp_pr_get"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  input_schema: t.tool.definition.input_schema,
}));

const msg = await anthropic.messages.create({
  model: "claude-sonnet-4-6", max_tokens: 1024,
  tools: llmTools,
  messages: [{ role: "user", content: prompt }],
});

import { Agent } from "@google/adk/agents";
import {
  MCPToolset, StreamableHTTPConnectionParams,
} from "@google/adk/tools/mcp";

const toolset = new MCPToolset({
  connectionParams: new StreamableHTTPConnectionParams({
    url: "https://mcp.scalekit.com/githubmcp",
    headers: { Authorization: `Bearer ${userScopedToken}` },
  }),
});

const agent = new Agent({
  name: "agent", model: "gemini-2.0-flash",
  tools: await toolset.getTools(),
});

Try these prompts

Paste any prompt into your engineering agent to start managing GitHub workflows via GitHub MCP.

Search & recall

Copy the prompt

Copied

List all open PRs in [repo] waiting for review more than [N] days.

Copy the prompt

Copied

Get the content of [file path] from the [branch] branch.

Copy the prompt

Copied

List all open issues labeled [bug] in [repo].

Action & create

Copy the prompt

Copied

Create an issue in [repo]: [title] with labels [labels].

Copy the prompt

Copied

Create a new branch [branch name] from main in [repo].

Copy the prompt

Copied

Get the full diff and review status for PR #[number] in [repo].

SEE HOW AUTH WORKS

Users authorize GitHub MCP once. Their GitHub credentials stay vaulted, every repository action runs under their permissions, and every call is logged.

1

Authorize

Your user connects

GitHub MCP

once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access

Who:

user ‘A’

when:

Once per user

access:

Limited to user

2

Store

Their

GitHub MCP

token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection

vault:

encrypted

scope:

per-user

tokens:

auto-refreshed

3

Resolve

When your agent calls a

GitHub MCP

tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs

speed:

~40ms

check:

before every call

seen by:

nobody

4

Audit

Every

GitHub MCP

tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it

history:

90 days

export:

SIEM-ready

logged:

every call

Test other agents

Same per-user auth pattern across other developer tool and collaboration connectors.

No items found.

Why Scalekit

Secure your agent's access. Connectors ship in minutes

Other connector libraries treat auth as a demo afterthought. Scalekit starts with user identity, scope enforcement, and audit.

01.

Shared tokens break per-user analytics

A shared token looks fine in a demo. In production every call looks like a service account. Scalekit resolves the real user credential so attribution, audit, and scope stay accurate.

// shared token
 audit → bot_service_account
 user_filter → broken

 // scalekit
 audit → user_abc
 scope → enforced ✓

02.

Authentication is not authorization

03.

Multi-tenancy is architectural

04.

GitHub MCP today. Others tomorrow.

“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”

Venu Madhav Kattagoni

Head of Engineering / Von

FAQs

Frequently Asked Questions

How does GitHub MCP differ from the standard GitHub connector?

GitHub MCP uses OAuth 2.1 with dynamic client registration — the same protocol as Scalekit's MCP auth stack — giving finer-grained token scoping and DCR-compatible tooling.

Does the agent access GitHub as the user or a shared token?

As the user. Each developer authorizes once and Scalekit resolves their credential. All commits, issues, and PRs are attributed to that user.

Where is the GitHub OAuth token stored?

In Scalekit's AES-256 vault, namespaced per tenant. Tokens never appear in prompts or LLM context.

Can I restrict the agent to read-only repository access?

Yes. Use listScopedTools to allow file reads and issue listing without granting branch creation or PR management.

What happens when a developer revokes GitHub MCP access?

The connection is invalidated on the next tool call. Subsequent requests fail closed. Other developers remain unaffected.

GitHub MCP

Tools your agent reaches for on GitHub MCP, scoped per user.