From 2f9e0ddc0cf4c11077c96b672ec727258f19e570 Mon Sep 17 00:00:00 2001 From: JoannaaKL Date: Tue, 11 Nov 2025 16:21:00 +0100 Subject: [PATCH 1/2] Add lockdown mode to docs --- README.md | 19 +++++++++++++++++++ docs/installation-guides/README.md | 1 + 2 files changed, 20 insertions(+) diff --git a/README.md b/README.md index 39fcb5afb..70491f6fd 100644 --- a/README.md +++ b/README.md @@ -1256,6 +1256,25 @@ docker run -i --rm \ ghcr.io/github/github-mcp-server ``` +## Lockdown Mode + +Lockdown mode limits the content that the server will surface from public repositories. When enabled, requests that fetch issue details will return an error if the issue was created by someone who does not have push access to the repository. Private repositories are unaffected, and collaborators can still access their own issues. + +```bash +./github-mcp-server --lockdown-mode +``` + +When running with Docker, set the corresponding environment variable: + +```bash +docker run -i --rm \ + -e GITHUB_PERSONAL_ACCESS_TOKEN= \ + -e GITHUB_LOCKDOWN_MODE=1 \ + ghcr.io/github/github-mcp-server +``` + +At the moment lockdown mode applies to the issue read toolset, but it is designed to extend to additional data surfaces over time. + ## i18n / Overriding Descriptions The descriptions of the tools can be overridden by creating a diff --git a/docs/installation-guides/README.md b/docs/installation-guides/README.md index 237dcd70b..e177100ca 100644 --- a/docs/installation-guides/README.md +++ b/docs/installation-guides/README.md @@ -94,4 +94,5 @@ After installation, you may want to explore: - **Toolsets**: Enable/disable specific GitHub API capabilities - **Read-Only Mode**: Restrict to read-only operations - **Dynamic Tool Discovery**: Enable tools on-demand +- **Lockdown Mode**: Hide public issue details created by non-collaborators From a3fb96f2e83526a30a2ff030a6d1e95063f9d961 Mon Sep 17 00:00:00 2001 From: JoannaaKL Date: Tue, 11 Nov 2025 16:43:42 +0100 Subject: [PATCH 2/2] Update docs/installation-guides/README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- docs/installation-guides/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/installation-guides/README.md b/docs/installation-guides/README.md index e177100ca..4406f5b98 100644 --- a/docs/installation-guides/README.md +++ b/docs/installation-guides/README.md @@ -94,5 +94,5 @@ After installation, you may want to explore: - **Toolsets**: Enable/disable specific GitHub API capabilities - **Read-Only Mode**: Restrict to read-only operations - **Dynamic Tool Discovery**: Enable tools on-demand -- **Lockdown Mode**: Hide public issue details created by non-collaborators +- **Lockdown Mode**: Hide public issue details created by users without push access