ghe-mcp-gateway
Enables natural language admin tasks for GitHub Enterprise Cloud, like listing private repos, access reviews, and secret scanning, with read-only safety by default.
README
ghe-mcp-gateway
An MCP (Model Context Protocol) server that exposes GitHub Enterprise administration operations as agent tools. Point Claude (Code or Desktop) at it and ask things like "list private repos in the org with no recent pushes" or "who has admin on payments-api?" - the model calls the GitHub API through typed, permissioned tools instead of raw curl.
Built as a working reference for GitHub Enterprise Cloud administration: repository management, access governance, audit-log review, webhook management, and secret-scanning triage.
Why
Admin work is repetitive API calls (access reviews, alert triage, config audits). Wrapping the GitHub REST/GraphQL API as MCP tools lets an agent do the legwork while keeping a human in the loop - and keeps writes behind an explicit safety switch.
Tools (21)
| Category | Tools |
|---|---|
| Repository admin | list_repositories, get_repository |
| Access & teams | list_organization_members, list_teams, list_team_members, list_repo_collaborators, get_repo_permission, list_team_repos, set_repo_collaborator_permission, set_team_repo_permission |
| Branch protection | get_branch_protection, set_branch_protection*, list_org_rulesets, get_org_ruleset |
| Security (GHAS) | list_secret_scanning_alerts, list_code_scanning_alerts, list_dependabot_alerts, resolve_secret_scanning_alert* |
| Audit log | get_org_audit_log |
| Webhooks | list_org_webhooks |
| Escape hatch | graphql_query |
* write operation - blocked unless GITHUB_MCP_READ_ONLY=false.
Companion skill
.claude/skills/github-admin/SKILL.md packages these
tools into admin playbooks - access review/certification, leaked-secret response, repo
onboarding & governance, security-posture audit, and access changes. Open Claude Code in this
repo and the /github-admin skill is available; it drives the MCP tools with a read-first,
least-privilege, confirm-before-write discipline.
Setup
uv sync # create venv + install deps
cp .env.example .env # then add your GITHUB_TOKEN
Suggested token scopes (classic): repo, read:org, admin:org, read:audit_log,
admin:org_hook, security_events. For GitHub Enterprise Server, set GITHUB_API_URL to
https://<host>/api/v3.
Run
# stdio server (how MCP clients launch it)
uv run github-admin-mcp
# quick manual check with the MCP Inspector
uv run mcp dev src/github_admin_mcp/server.py
Register with Claude Code
claude mcp add github-admin -- uv run --directory /Users/mikeholzinger/src/github_mcp github-admin-mcp
(or add an entry to your client's MCP config pointing at the same command).
60-second demo
# 1. add your token (read-only by default - safe)
cp .env.example .env && $EDITOR .env # set GITHUB_TOKEN
# 2. register the server + open Claude Code in this repo
claude mcp add github-admin -- uv run --directory "$PWD" github-admin-mcp
claude
# 3. the /github-admin skill is now available. Try, in natural language:
# "Run an access review on the <org> organization"
# "Audit the security posture of <org>/<repo>"
# "Who has admin on <org>/<repo>?"
# The skill calls the MCP tools read-only and reports an auditor-ready summary.
Safety
- Read-only by default (
GITHUB_MCP_READ_ONLY=true); mutating tools refuse until you opt in. - No credentials in code - token comes from the environment.
.envis git-ignored.
Layout
src/github_admin_mcp/
client.py # async REST + GraphQL client (auth, pagination, GHES-aware, read-only guard)
server.py # FastMCP server; one @mcp.tool() per operation
docs/
GITHUB_API_REFERENCE.md # the endpoint research this server is built on
Example GitHub Actions workflows
Healthcare-oriented admin automation lives in .github/workflows/ with the logic in
scripts/ (Python + requests). All follow least-privilege permissions: and pin actions.
| Workflow | Trigger | What it does |
|---|---|---|
Access Review (access-review.yml) |
Monthly cron + manual | Certifies repo access org-wide; flags outside collaborators, admin grants, write-on-archived; emits a JSON evidence artifact (13-mo retention) and files a tracking issue. |
Secret Scanning Alerts (secret-scanning-alerts.yml) |
secret_scanning_alert event + hourly sweep |
Real-time + safety-net notification to a security Slack channel. Sends metadata only - never the secret value. |
Repository Governance (repo-governance.yml) |
Org repo-created → repository_dispatch + weekly sweep |
Enforces the branch-protection baseline (PR + 2 reviews, Code Owner, signed commits, no force-push/delete, conversation resolution, Dependabot). Dry-run by default; auto-applies to brand-new repos. |
Required CI config: secret ORG_ADMIN_TOKEN (org PAT/App), secret SECURITY_SLACK_WEBHOOK,
and variable GITHUB_ORG. The scripts honor GITHUB_API_URL for GitHub Enterprise Server.
Roadmap
- Branch-protection / rulesets tools, team-repo access management
- Secret-scanning alert resolution, code-scanning + Dependabot alerts
- Audit-log streaming config; enterprise-level endpoints
- A companion Claude skill that drives these tools for common admin playbooks
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.