Problem
We currently build our MCP server on top of the GitHub CLI (gh), which is extremely convenient for rapid development — it handles auth, pagination, and GraphQL/REST calls out of the box.
However, gh uses the user's full GitHub OAuth scope, which grants access to:
- All repositories (public and private)
- All organizations
- Account settings, SSH keys, etc.
- Essentially "everything everywhere all at once"
This is a significant security risk for a tool that only needs to read PR review threads and resolve/reply to comments on specific repos.
Proposed Solution
Migrate to fine-grained Personal Access Tokens (PATs) or similar scoped authentication:
- Research GitHub fine-grained PATs (repo-scoped, read/write permissions per resource)
- Determine the minimum permissions needed (likely just
pull_requests: read/write on specific repos)
- Replace
gh subprocess calls with direct GitHub API calls using a scoped token
- Consider using
httpx or aiohttp for direct API access
- Support token configuration via environment variable (e.g.
GITHUB_TOKEN)
Benefits
- Least-privilege access — only the permissions the tool actually needs
- Repo-scoped — users can limit access to specific repositories
- Auditable — fine-grained PATs show up in GitHub's security log
- No CLI dependency — removes the requirement for
gh to be installed and authenticated
Notes
- Not urgent —
gh works great for development and dogfooding
- Research phase needed to determine the best modern approach
- Should maintain backward compatibility with
gh as a fallback during transition
Scope
Problem
We currently build our MCP server on top of the GitHub CLI (
gh), which is extremely convenient for rapid development — it handles auth, pagination, and GraphQL/REST calls out of the box.However,
ghuses the user's full GitHub OAuth scope, which grants access to:This is a significant security risk for a tool that only needs to read PR review threads and resolve/reply to comments on specific repos.
Proposed Solution
Migrate to fine-grained Personal Access Tokens (PATs) or similar scoped authentication:
pull_requests: read/writeon specific repos)ghsubprocess calls with direct GitHub API calls using a scoped tokenhttpxoraiohttpfor direct API accessGITHUB_TOKEN)Benefits
ghto be installed and authenticatedNotes
ghworks great for development and dogfoodingghas a fallback during transitionScope
ghas fallback auth method