MCP Server Policy

GITHUB MCP POLICY

Enforce policies on every tool call to the GitHub MCP Server. 83 tools listed, categorised, and ready for rules.

github/github-mcp-server 51 read 32 write 83 tools total
github repositories issues pull-requests actions

GET STARTED

Download this policy scaffold and add your rules. Intercept enforces them on every tool call before it reaches GitHub.

terminal

# Download policy scaffold

curl -o github.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/github.yaml

# Run with Intercept

intercept --policy github.yaml -- npx -y @github/github-mcp-server

Server documentation: https://github.com/github/github-mcp-server

READ TOOLS

51

WRITE TOOLS

16

DESTRUCTIVE TOOLS

1

EXECUTE TOOLS

1

FINANCIAL TOOLS

2

OTHER TOOLS

12

POLICY YAML

This scaffold lists every tool with empty rules. Add conditions — rate limits, argument validation, deny rules — then deploy with Intercept.

github.yaml 
version: "1"
description: "Policy for github/github-mcp-server"
default: "allow"
tools:
    actions_get:
        rules: []
    actions_list:
        rules: []
    get_code_scanning_alert:
        rules: []
    get_commit:
        rules: []
    get_copilot_space:
        rules: []
    get_dependabot_alert:
        rules: []
    get_discussion:
        rules: []
    get_discussion_comments:
        rules: []
    get_file_contents:
        rules: []
    get_gist:
        rules: []
    get_global_security_advisory:
        rules: []
    get_job_logs:
        rules: []
    get_label:
        rules: []
    get_latest_release:
        rules: []
    get_me:
        rules: []
    get_notification_details:
        rules: []
    get_release_by_tag:
        rules: []
    get_repository_tree:
        rules: []
    get_secret_scanning_alert:
        rules: []
    get_tag:
        rules: []
    get_team_members:
        rules: []
    get_teams:
        rules: []
    issue_read:
        rules: []
    list_branches:
        rules: []
    list_code_scanning_alerts:
        rules: []
    list_commits:
        rules: []
    list_copilot_spaces:
        rules: []
    list_dependabot_alerts:
        rules: []
    list_discussion_categories:
        rules: []
    list_discussions:
        rules: []
    list_gists:
        rules: []
    list_global_security_advisories:
        rules: []
    list_issue_types:
        rules: []
    list_issues:
        rules: []
    list_label:
        rules: []
    list_notifications:
        rules: []
    list_org_repository_security_advisories:
        rules: []
    list_pull_requests:
        rules: []
    list_releases:
        rules: []
    list_repository_security_advisories:
        rules: []
    list_secret_scanning_alerts:
        rules: []
    list_starred_repositories:
        rules: []
    list_tags:
        rules: []
    projects_get:
        rules: []
    projects_list:
        rules: []
    search_code:
        rules: []
    search_issues:
        rules: []
    search_orgs:
        rules: []
    search_pull_requests:
        rules: []
    search_repositories:
        rules: []
    search_users:
        rules: []
    add_comment_to_pending_review:
        rules: []
    add_issue_comment:
        rules: []
    add_reply_to_pull_request_comment:
        rules: []
    create_branch:
        rules: []
    create_gist:
        rules: []
    create_or_update_file:
        rules: []
    create_pull_request:
        rules: []
    create_pull_request_with_copilot:
        rules: []
    create_repository:
        rules: []
    issue_write:
        rules: []
    label_write:
        rules: []
    projects_write:
        rules: []
    push_files:
        rules: []
    update_gist:
        rules: []
    update_pull_request:
        rules: []
    update_pull_request_branch:
        rules: []
    actions_run_trigger:
        rules: []
    manage_notification_subscription:
        rules: []
    manage_repository_notification_subscription:
        rules: []
    delete_file:
        rules: []
    assign_copilot_to_issue:
        rules: []
    dismiss_notification:
        rules: []
    fork_repository:
        rules: []
    github_support_docs_search:
        rules: []
    mark_all_notifications_read:
        rules: []
    merge_pull_request:
        rules: []
    pull_request_read:
        rules: []
    pull_request_review_write:
        rules: []
    request_copilot_review:
        rules: []
    star_repository:
        rules: []
    sub_issue_write:
        rules: []
    unstar_repository:
        rules: []

RELATED POLICIES

GitLab 15 tools
repositoriesissues
Linear 23 tools
issues
Git 14 tools
repositories

FREQUENTLY ASKED QUESTIONS

What tools does the GitHub MCP server expose?

The GitHub MCP Server exposes 83 tools across 6 categories: Read, Write, Execute, Financial, Destructive, Other. Each tool can be individually controlled with Intercept policies.

How do I enforce policies on GitHub?

Download the policy scaffold, add rules (rate limits, argument validation, deny rules), then run Intercept as a proxy in front of the GitHub MCP server. Every tool call is evaluated against your YAML policy before execution.

Is the GitHub policy free to use?

Yes. All Intercept policies are open source under the Apache 2.0 licence. Download, modify, and deploy without restrictions.

ENFORCE POLICIES ON GITHUB

Open source. One binary. Zero dependencies.

VIEW ON GITHUB Browse all policies →