Clearly Specify Required GitHub Token Permissions per Action #128
Labels
enhancement
New feature or request
Comments
|
Hi @Samk13 ! I’d love to work on this issue. Could you please assign it to me? |
aryasoni98
added a commit
to aryasoni98/github-mcp-server
that referenced
this issue
Apr 7, 2025
aryasoni98
added a commit
to aryasoni98/github-mcp-server
that referenced
this issue
Apr 11, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature or problem you’d like to solve
Currently, the MCP server documentation instructs users to enable the permissions that you feel comfortable granting your AI tools when creating a GitHub Personal Access Token. However, it does not specify precisely which permissions are required for each available command, such as get_issue, create_issue, get_file_contents etc... This ambiguity forces users to cross-reference GitHub's documentation, increasing setup time and potentially causing misconfiguration.
Proposed solution
Explicitly list the required GitHub Personal Access Token permissions alongside each command/action within the MCP server documentation. For example:
merge_pull_request - Merge a pull request
owner: Repository owner (string, required)repo: Repository name (string, required)pullNumber: Pull request number (number, required)commit_title: Title for the merge commit (string, optional)commit_message: Message for the merge commit (string, optional)merge_method: Merge method (string, optional)merge_pull_requestAccess Token Required Permissions:Contents(R) – Read accessDiscussions(RW) – Read/Write accessFollowers(R) – Read accessHow will it benefit GitHub MCP Server and its users?
Providing this information directly within the MCP documentation next to each action would make it clear what permissions need to be activated, reduce confusion, and improve security by clearly communicating which permissions are necessary for each action.
The text was updated successfully, but these errors were encountered: