// MCP TOOL REFERENCE

GITHUB TOOLS

256 tools from the GitHub MCP Server, categorised by risk level.

View the GitHub policy →
// ALL 256 GITHUB TOOLS
READ 179 tools
Read Accepted OAuth Scopes `repo`, `security_events` Read actions_get Get details of GitHub Actions resources (workflows, workflow runs, jobs, and artifacts) Read actions_list List GitHub Actions workflows in a repository Read affects Filter advisories by affected package or version (e.g. "package1,package2@1.0.0"). (string, optional) Read after Forward pagination cursor from previous pageInfo.nextCursor. (string, optional) Read after_id The ID of the sub-issue to be prioritized after (either after_id OR before_id should be specified) (number,... Read alertNumber The number of the alert. (number, required) Read author Author username or email address to filter commits by (string, optional) Read autoInit Initialize with README (boolean, optional) Read base New base branch name (string, optional) Read base_branch Starting point for the new branch (optional) (string, optional) Read before Backward pagination cursor from previous pageInfo.prevCursor (rare). (string, optional) Read before_id The ID of the sub-issue to be prioritized before (either after_id OR before_id should be specified) (number... Read body New description (string, optional) Read branch Branch to push to (string, required) Read branch_name Name of the new branch (string, required) Read category Optional filter by discussion category ID. If provided, only discussions with this category are listed. (st... Read commitish Branch name, tag, or commit SHA to checkout in the new worktree (optional) (string, optional) Read content Content of the file (string, required) Read custom_instructions Optional custom instructions to guide the agent beyond the issue body. Use this to provide additional conte... Read cveId Filter by CVE ID. (string, optional) Read cwes Filter by Common Weakness Enumeration IDs (e.g. ["79", "284", "22"]). (string[], optional) Read description Repository description (string, optional) Read direction The direction to sort the results by. (string, optional) Read discussionNumber Discussion Number (number, required) Read dismiss_notification Dismiss notification Read draft Mark pull request as draft (true) or ready for review (false) (boolean, optional) Read duplicate_of Issue number that this issue is a duplicate of. Only used when state_reason is 'duplicate'. (number, optional) Read ecosystem Filter by package ecosystem. (string, optional) Read event Review action to perform. (string, optional) Read expectedHeadSha The expected SHA of the pull request's HEAD ref (string, optional) Read field_id The field's ID. Required for 'get_project_field' method. (number, optional) Read fields Field IDs to include when listing project items (e.g. ["102589", "985201"]). CRITICAL: Always provide to ge... Read files Array of file objects to push, each object with path (string) and content (string) (object[], required) Read filter Filter notifications to, use default unless specified. Read notifications are ones that have already been a... Read fork_repository Fork repository Read from_branch Source branch (defaults to repo default) (string, optional) Read get Get details of a specific pull request. Read get_code_scanning_alert Get code scanning alert Read get_comments Get comments on a pull request. Use this if user doesn't specifically want review comments. Use with pagina... Read get_commit Get commit details Read get_dependabot_alert Get dependabot alert Read get_diff Get the diff of a pull request. Read get_discussion Get discussion Read get_discussion_comments Get discussion comments Read get_file_contents Get file or directory contents Read get_files Get the list of files changed in a pull request. Use with pagination parameters to control the number of re... Read get_gist Get Gist Content Read get_global_security_advisory Get a global security advisory Read get_job_logs Get GitHub Actions workflow job logs Read get_label Get a specific label from a repository. Read get_labels Get labels assigned to the issue. Read get_latest_release Get latest release Read get_me Get my user profile Read get_notification_details Get notification details Read get_release_by_tag Get a release by tag name Read get_repository_tree Get repository tree Read get_review_comments Get review threads on a pull request. Each thread contains logically grouped review comments made on the sa... Read get_reviews Get the reviews on a pull request. When asked for review comments, use get_review_comments method. Read get_secret_scanning_alert Get secret scanning alert Read get_status Get status of a head commit in a pull request. This reflects status of builds and checks. Read get_sub_issues Get sub-issues of the issue. Read get_tag Get tag details Read get_team_members Get team members Read get_teams Get teams Read ghsaId Filter by GitHub Security Advisory ID (format: GHSA-xxxx-xxxx-xxxx). (string, optional) Read git_diff Git diff Read git_diff_staged Git diff staged Read git_diff_unstaged Git diff unstaged Read git_init Git init Read git_list_repositories Git list repositories Read git_log Git log Read git_pull Git pull Read git_show Git show Read git_status Git status Read git_worktree_list Git worktree list Read git_worktree_prune Git worktree prune Read head Filter by head user/org and branch (string, optional) Read include_diff Whether to include file diffs and stats in the response. Default is true. (boolean, optional) Read inputs Inputs the workflow accepts. Only used for 'run_workflow' method. (object, optional) Read isWithdrawn Whether to only return withdrawn advisories. (boolean, optional) Read item_id The project item ID. Required for 'update_project_item' and 'delete_project_item' methods. (number, optional) Read item_owner The owner (user or organization) of the repository containing the issue or pull request. Required for 'add_... Read item_repo The name of the repository containing the issue or pull request. Required for 'add_project_item' method. (s... Read job_id The unique identifier of the workflow job. Required when getting logs for a single job. (number, optional) Read labels Filter by labels (string[], optional) Read lastReadAt Describes the last point that notifications were checked (optional). Default: Now (string, optional) Read line The line of the blob in the pull request diff that the comment applies to. For multi-line comments, the las... Read list_branches List branches Read list_code_scanning_alerts List code scanning alerts Read list_commits List commits Read list_dependabot_alerts List dependabot alerts Read list_discussion_categories List discussion categories Read list_discussions List discussions Read list_gists List Gists Read list_global_security_advisories List global security advisories Read list_issue_types List available issue types Read list_issues List issues Read list_label List labels from a repository Read list_notifications List notifications Read list_org_repository_security_advisories List org repository security advisories Read list_pull_requests List pull requests Read list_releases List releases Read list_repository_security_advisories List repository security advisories Read list_secret_scanning_alerts List secret scanning alerts Read list_starred_repositories List starred repositories Read list_tags List tags Read max_count Maximum number of commits to show (default: 10) (number, optional) Read message Commit message (string, required) Read milestone Milestone number (number, optional) Read minimal_output Return minimal repository information (default: true). When false, returns full GitHub API repository objec... Read name Repository name (string, required) Read notificationID The ID of the notification thread. (string, required) Read order Sort order (string, optional) Read orderBy Order issues by field. If provided, the 'direction' also needs to be provided. (string, optional) Read org The organization login. (string, required) Read organization Organization to fork to (string, optional) Read owner Repository owner (string, required) Read page Page number for pagination (min 1) (number, optional) Read path Path to file/directory (string, optional) Read path_filter Optional path prefix to filter the tree results (e.g., 'src/' to only show files in the src directory) (str... Read per_page Results per page (max 50) (number, optional) Read perPage Results per page for pagination (min 1, max 100) (number, optional) Read private Whether repo should be private (boolean, optional) Read project_number The project's number. (number, required) Read projects_get Get details of GitHub Projects resources Read projects_list List GitHub Projects resources Read public Whether the gist is public (boolean, optional) Read published Filter by publish date or date range (ISO 8601 date or range). (string, optional) Read pull_request_number The pull request number (use when item_type is 'pull_request' for 'add_project_item' method). Provide eithe... Read pull_request_read Get details for a single pull request Read pullNumber Pull request number (number, required) Read query User search query. Examples: 'john smith', 'location:seattle', 'followers:>100'. Search is automatically sc... Read reason Reason for locking the worktree (optional) (string, optional) Read recursive Setting this parameter to true returns the objects or subtrees referenced by the tree. Default is false (bo... Read ref Accepts optional git refs such as `refs/tags/{tag}`, `refs/heads/{branch}` or `refs/pull/{pr_number}/head` ... Read remote Remote name (default: origin) (string, optional) Read repo Repository name (string, required) Read repo_path Path to Git repository (optional if default repository is configured) (string, optional) Read request_copilot_review Request Copilot review Read Required OAuth Scopes `repo` Read resolution Filter by resolution (string, optional) Read resource_id The unique identifier of the resource. This will vary based on the "method" provided, so ensure you provide... Read return_content Returns actual log content instead of URLs (boolean, optional) Read reviewers GitHub usernames to request reviews from (string[], optional) Read revision The revision (commit hash, branch name, tag) to show (string, required) Read search_code Search code Read search_issues Search issues Read search_orgs Search organizations Read search_pull_requests Search pull requests Read search_repositories Search repositories Read search_users Search users Read severity Filter by severity. (string, optional) Read sha Commit SHA, branch or tag name to list commits of. If not provided, uses the default branch of the reposito... Read side The side of the diff to comment on. LEFT indicates the previous state, RIGHT indicates the new state (strin... Read since Only show notifications updated after the given time (ISO 8601 format) (string, optional) Read sort Sort users by number of followers or repositories, or when the person joined GitHub. (string, optional) Read star_repository Star repository Read state Filter by advisory state. (string, optional) Read state_reason Reason for the state change. Ignored unless state is changed. (string, optional) Read status The status of the project. Used for 'create_project_status_update' method. (string, optional) Read status_update_id The node ID of the project status update. Required for 'get_project_status_update' method. (string, optional) Read tag Tag name (string, required) Read tail_lines Number of lines to return from the end of the log (number, optional) Read target Target branch or commit to compare with (string, required) Read team_slug Team slug (string, required) Read threadID The ID of the notification thread (string, required) Read title New title (string, optional) Read tool_name The name of the tool used for code scanning. (string, optional) Read tree_sha The SHA1 value or ref (branch or tag) name of the tree. Defaults to the repository's default branch (string... Read unstar_repository Unstar repository Read user Username to get teams for. If not provided, uses the authenticated user. (string, optional) Read username Username to list starred repositories for. Defaults to the authenticated user. (string, optional) Read verbose Show verbose output (optional, default: false) (boolean, optional) Read workflow_id The workflow ID (numeric) or workflow file name (e.g., main.yml, ci.yaml). Required for 'run_workflow' meth... Read workflow_jobs_filter Filters for workflow jobs. **ONLY** used when method is 'list_workflow_jobs' (object, optional) Read workflow_runs_filter Filters for workflow runs. **ONLY** used when method is 'list_workflow_runs' (object, optional) Read worktree Path to the worktree directory to unlock (string, required) Read worktree_path Path where the new worktree should be created (string, required)
WRITE 61 tools
Write add_comment_to_pending_review Add review comment to the requester's latest pending pull request review Write add_issue_comment Add comment to issue Write add_reply_to_pull_request_comment Add reply to pull request comment Write assign_copilot_to_issue Assign Copilot to issue Write assignees Usernames to assign to this issue (string[], optional) Write color Label color as 6-character hex code without '#' prefix (e.g., 'f29513'). Required for 'create', optional fo... Write comment_id Review comment ID to update or delete. Use the CommentID field from get_review_comments. (number, required) Write commentId The ID of the comment to reply to. Use the CommentID field from get_review_comments. (number, required) Write commit_message Extra detail for merge commit (string, optional) Write commit_title Title for merge commit (string, optional) Write commitID SHA of commit to review (string, optional) Write create_branch Create branch Write create_gist Create Gist Write create_or_update_file Create or update file Write create_pull_request Open new pull request Write create_repository Create repository Write detach Create a detached HEAD worktree (optional, default: false) (boolean, optional) Write filename Filename to update or create (string, required) Write gist_id ID of the gist to update (string, required) Write git_add Git add Write git_apply_patch_file Git apply patch file Write git_apply_patch_string Git apply patch string Write git_checkout Git checkout Write git_commit Git commit Write git_create_branch Git create branch Write git_push Git push Write git_worktree_add Git worktree add Write git_worktree_lock Git worktree lock Write git_worktree_unlock Git worktree unlock Write issue_comment_write Update or delete issue comment Write issue_number The issue number (use when item_type is 'issue' for 'add_project_item' method). Provide either issue_number... Write issue_read Get issue details Write issue_write Create or update issue. Write item_type The item's type, either issue or pull_request. Required for 'add_project_item' method. (string, optional) Write label_write Write operations on repository labels. Write maintainer_can_modify Allow maintainer edits (boolean, optional) Write manage_notification_subscription Manage notification subscription Write manage_repository_notification_subscription Manage repository notification subscription Write mark_all_notifications_read Mark all notifications as read Write merge_method Merge method (string, optional) Write merge_pull_request Merge pull request Write method The write operation to perform on pull request review. (string, required) Write modified Filter by publish or update date or date range (ISO 8601 date or range). (string, optional) Write owner_type Owner type (user or org). If not provided, will be automatically detected. (string, optional) Write patch_file Path to the patch file (string, required) Write patch_string Patch string to apply (string, required) Write projects_write Modify GitHub Project items Write pull_request_comment_write Update or delete pull request review comment Write pull_request_review_write Write operations (create, submit, delete) on pull request reviews. Write push_files Push files to repository Write replace_parent When true, replaces the sub-issue's current parent issue. Use with 'add' method only. (boolean, optional) Write secret_type A comma-separated list of secret types to return. All default secret patterns are returned. To return gener... Write sub_issue_id The ID of the sub-issue to add. ID is not the same as issue number (number, required) Write sub_issue_write Change sub-issue Write subjectType The level at which the comment is targeted (string, required) Write target_date The target date of the status update in YYYY-MM-DD format. Used for 'create_project_status_update' method. ... Write type Advisory type. (string, optional) Write update_gist Update Gist Write update_pull_request Edit pull request Write update_pull_request_branch Update pull request branch Write updated Filter by update date or date range (ISO 8601 date or range). (string, optional)
DESTRUCTIVE 6 tools
Destructive action Action to perform: ignore, watch, or delete the repository notification subscription. (string, required) Destructive delete_file Delete file Destructive force Force removal even if worktree is dirty or locked (optional, default: false) (boolean, optional) Destructive git_reset Git reset Destructive git_worktree_remove Git worktree remove Destructive updated_field Object consisting of the ID of the project field to update and the new value for the field. To clear the fi...
EXECUTE 10 tools
Execute actions_run_trigger Trigger GitHub Actions workflow actions Execute base_ref Git reference (e.g., branch) that the agent will start its work from. If not specified, defaults to the rep... Execute dry_run Show what would be pruned without actually pruning (optional, default: false) (boolean, optional) Execute failed_only When true, gets logs for all failed jobs in the workflow run specified by run_id. Requires run_id to be pro... Execute new_branch Create a new branch with this name in the worktree (optional) (string, optional) Execute new_name New name for the label (used only with 'update' method to rename) (string, optional) Execute run_id The unique identifier of the workflow run. Required when failed_only is true to get logs for all failed job... Execute start_date The start date of the status update in YYYY-MM-DD format. Used for 'create_project_status_update' method. (... Execute startLine For multi-line comments, the first line of the range that the comment applies to (number, optional) Execute startSide For multi-line comments, the starting side of the diff that the comment applies to. LEFT indicates the prev...
// FAQ
How many tools does the GitHub MCP server have? +

The GitHub MCP server exposes 256 tools across 4 categories: Read, Write, Destructive, Execute.

How do I enforce policies on GitHub tools? +

Route the GitHub server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard — they are enforced on every call before it reaches the server.

What risk categories do GitHub tools fall into? +

GitHub tools are categorised as Read (179), Write (61), Destructive (6), Execute (10). Each category has a recommended default policy.

Let agents act without letting them run wild.

Route your MCP servers through PolicyLayer and every tool call is checked against your policy before it runs — allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

SECURE YOUR MCP →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.