{"id":"kousen-gh-mcp-server","name":"gh_mcp_server","homepage":null,"repo_url":"https://github.com/kousen/gh_mcp_server","category":"devtools","subcategories":[],"tags":["mcp","github","spring-boot","java","cli-integration","issues","pull-requests","automation","stdio"],"what_it_does":"gh_mcp_server is a Spring Boot-based MCP (Model Context Protocol) server that exposes GitHub CLI (gh) operations as MCP tools. It runs as a local STDIO MCP server and performs GitHub tasks (repos, issues, pull requests, workflows, releases, files, and user info) by invoking the authenticated `gh` CLI and returning JSON results.","use_cases":["Build an MCP client workflow that can list/search repositories","Automate issue lifecycle tasks (list/create/close/comment/edit) via an AI assistant","Automate pull request tasks (list/get/create/merge/close/comment) via an AI assistant","Inspect CI/workflows and workflow runs","Manage releases (list/get/create)","Fetch repository file contents and commit history","Retrieve the authenticated GitHub user details"],"not_for":["Production-grade, multi-tenant hosted use without additional hardening (because it shells out to `gh` on the host)","Use cases requiring strict least-privilege OAuth scopes beyond what `gh` authentication already provides","Teams that need strong, documented MCP tool schemas/typing beyond what’s described in README"],"best_when":"You want a lightweight local MCP integration with GitHub powered by the existing, user-authenticated GitHub CLI, especially when avoiding Docker or a separate hosted GitHub MCP service.","avoid_when":"You need guaranteed idempotency for write operations, very explicit rate-limit/429 guidance, or a security model that limits capabilities per request beyond what the underlying `gh` auth allows.","alternatives":["Official GitHub MCP server (if available in your environment)","Direct use of GitHub REST/GraphQL APIs with an SDK and an MCP wrapper","A custom MCP server that calls GitHub APIs directly (instead of invoking `gh` CLI)","Workflow automation tools (GitHub Apps / Actions) triggered by a bot service"],"af_score":61.2,"security_score":43.0,"reliability_score":25.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T19:39:29.413683+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Uses GitHub CLI authentication (requires `gh auth login`); server itself takes no explicit OAuth flow in README"],"oauth":false,"scopes":false,"notes":"Authentication is delegated to the local `gh` CLI. As described, the server relies on whatever credentials/permissions the user already configured for `gh`."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information provided (appears to be a self-hosted MIT-licensed tool)."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":61.2,"security_score":43.0,"reliability_score":25.0,"mcp_server_quality":72.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":80.0,"rate_limit_clarity":35.0,"tls_enforcement":10.0,"auth_strength":65.0,"scope_granularity":20.0,"dependency_hygiene":45.0,"secret_handling":70.0,"security_notes":"Runs locally as an MCP STDIO server and delegates auth to `gh` CLI. README does not describe TLS/network exposure (TLS likely irrelevant for STDIO). Capability granularity is limited to whatever permissions `gh` holds (no explicit per-tool scopes described). Since it uses `ProcessBuilder`/command execution with timeout support is mentioned, injection risk depends on how arguments are constructed—details are not provided in README. Secrets are presumably handled by `gh`/environment; README does not indicate logging of secrets, but does not document secret redaction behavior.","uptime_documented":0.0,"version_stability":45.0,"breaking_changes_history":0.0,"error_recovery":55.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Write operations (create/merge/close/edit) are not described as idempotent; agents may need to deduplicate intent on their side.","The server shells out to `gh`; timeouts can occur on slow networks/large repos (README mentions 30s default per operation).","Rate limiting is handled by GitHub CLI automatically, but the MCP-layer guidance on 429/backoff behavior is not clearly documented."]}}