[mcp-tools-report] GitHub MCP Remote Server Tools Report — 2026-05-17

[github-actions[bot]]

Executive Summary

• Total Tools Discovered (Read-Only Context): 54
• Total Tools in JSON Mapping: 79 (read + write)
• Toolset Categories: 22
• Report Date: 2026-05-17
• MCP Mode: Remote (read-only, X-MCP-Readonly: true)
• Source: pkg/workflow/data/github_toolsets_permissions.json
• Instructions File: .github/aw/github-mcp-server.md
• Previous Report: None (first run — cache was empty)
• Changes Since Last Report: N/A (no baseline)

Note: The MCP server is connected in read-only mode for this workflow run. Write tools (e.g. issue_write, create_pull_request, create_or_update_file) are filtered out of the runtime tool list by the X-MCP-Readonly header but remain in the JSON mapping for permissions tracking. The numbers below reflect that filtering.

Inconsistency Detection

Toolset Integrity Checks

• Duplicate Tools: ✅ None detected — each tool appears in exactly one toolset.
• Miscategorized Tools: ✅ All tools are placed in semantically appropriate toolsets.
• Naming Inconsistencies: A handful of tools follow a <resource>_write consolidation pattern (e.g. issue_write, label_write, pull_request_review_write, sub_issue_write, projects_write) while others use verb_resource (e.g. create_pull_request, merge_pull_request, dismiss_notification). This is intentional in the MCP server (consolidated CRUD vs. discrete actions) — flagged here for awareness, not as a defect.
• Orphaned Tools: The users toolset is currently empty. User search lives in search (search_users). This is documented in github-mcp-server.md L347–349.
• Server-administered toolsets: context (get_me, get_team_members, get_teams) and experiments (enable_toolset, get_toolset_tools, list_available_toolsets) are listed in the JSON but were not exposed to this read-only client session. These are typically auto-managed by the remote MCP host and may require explicit toolset enablement. Listed here as an observation only — not removed from the mapping.

✅ No actionable inconsistencies — JSON mapping remains internally consistent.

JSON Mapping Comparison

Summary

• Total Discrepancies: 0
• Missing Tools (in JSON but not observable): 25 (all explained — 23 write tools filtered by read-only mode + 2 server-administered toolsets)
• Extra Tools (in MCP but not in JSON): 0
• Moved Tools: 0

✅ JSON mapping is accurate. Every read-only tool observed in the runtime matches the JSON. All "missing" tools fall into expected categories (write operations filtered by X-MCP-Readonly, or server-administered toolsets).

Action: No update needed to pkg/workflow/data/github_toolsets_permissions.json. No pull request created.

Tools Not Observed (Explained, Not Missing)

Write tools filtered by X-MCP-Readonly: true

Toolset	Tool	Category
actions	actions_run_trigger	write
gists	create_gist, update_gist	write
issues	add_issue_comment, issue_write, sub_issue_write	write
labels	label_write	write
notifications	dismiss_notification, manage_notification_subscription, manage_repository_notification_subscription, mark_all_notifications_read	write
projects	projects_write	write
pull_requests	add_comment_to_pending_review, add_reply_to_pull_request_comment, create_pull_request, merge_pull_request, pull_request_review_write, update_pull_request, update_pull_request_branch	write
repos	create_branch, create_or_update_file, create_repository, delete_file, fork_repository, push_files	write
stargazers	star_repository, unstar_repository	write

Server-administered (toolsets not exposed to this session)

Toolset	Tool	Category
context	get_me, get_team_members, get_teams	read (server-administered)
experiments	enable_toolset, get_toolset_tools, list_available_toolsets	dynamic management

Tools by Toolset

actions

Description: GitHub Actions workflows
Source: pkg/github/actions.go

Tool	Purpose	Key Parameters
actions_get	Get details about specific Actions resources	method, owner, repo, resource_id
actions_list	List Actions resources (workflows, runs, jobs, artifacts)	method, owner, repo, resource_id
get_job_logs	Get logs for a workflow job or failed jobs in a run	owner, repo, job_id / run_id, failed_only

code_security

Description: Code scanning alerts
Source: pkg/github/code_scanning.go

Tool	Purpose	Key Parameters
get_code_scanning_alert	Get details of a specific code scanning alert	owner, repo, alertNumber
list_code_scanning_alerts	List code scanning alerts in a repository	owner, repo, state, severity, tool_name, ref

context

Description: GitHub context and environment (current user, teams) — server-administered, not visible to this session
Source: pkg/github/context_tools.go

Tool	Purpose	Key Parameters
get_me	Get the authenticated user details	—
get_team_members	List members of a GitHub team	org, team_slug
get_teams	List teams the authenticated user belongs to	org

copilot_spaces

Description: GitHub Copilot Spaces (remote-only)
Source: pkg/github/copilot_spaces.go (remote-only toolset)

Tool	Purpose	Key Parameters
get_copilot_space	Get content of a specific Copilot Space	owner, name
list_copilot_spaces	List Copilot Spaces accessible to the user	—

dependabot

Description: Dependabot alerts
Source: pkg/github/dependabot.go

Tool	Purpose	Key Parameters
get_dependabot_alert	Get details of a specific Dependabot alert	owner, repo, alertNumber
list_dependabot_alerts	List Dependabot alerts in a repository	owner, repo, state, severity

discussions

Description: GitHub Discussions
Source: pkg/github/discussions.go

Tool	Purpose	Key Parameters
get_discussion	Get a specific discussion by number	owner, repo, discussionNumber
get_discussion_comments	Get comments from a discussion	owner, repo, discussionNumber, after, perPage
list_discussion_categories	List discussion categories with id and name	owner, repo
list_discussions	List discussions for a repository or organisation	owner, repo, category, orderBy, direction, after, perPage

experiments

Description: Experimental features — dynamic toolset management (server-administered)
Source: pkg/github/dynamic_tools.go

Tool	Purpose	Key Parameters
enable_toolset	Dynamically enable a toolset	toolset
get_toolset_tools	Get tools available in a specific toolset	toolset
list_available_toolsets	List all available toolsets	—

gists

Description: Gist operations
Source: pkg/github/gists.go

Tool	Purpose	Key Parameters
get_gist	Get content of a particular gist by gist ID	gist_id
list_gists	List gists for a user	username, since, page, perPage
create_gist (write)	Create a new gist	description, files, public
update_gist (write)	Update an existing gist	gist_id, description, files

git

Description: Git API operations (tree, refs)
Source: pkg/github/repositories.go

Tool	Purpose	Key Parameters
get_repository_tree	Get the tree structure (files and directories) of a repository	owner, repo, tree_sha, recursive, path_filter

github_support_docs_search

Description: GitHub support documentation search (remote-only)
Source: pkg/github/support_docs.go (remote-only toolset)

Tool	Purpose	Key Parameters
github_support_docs_search	Retrieve GitHub product and support documentation	query

issues

Description: Issue management
Source: pkg/github/issues.go

Tool	Purpose	Key Parameters
issue_read	Read issue details, comments, sub-issues, or labels	method, owner, repo, issue_number
list_issue_types	List supported issue types for a repository owner (organization)	owner
list_issues	List issues in a repository with filtering and pagination	owner, repo, state, labels, orderBy, direction, after, perPage
search_issues	Search issues across GitHub using issues search syntax	query, owner, repo, sort, order, page, perPage
add_issue_comment (write)	Add a comment to an issue	owner, repo, issue_number, body
issue_write (write)	Create or update an issue	owner, repo, title, body, labels, assignees
sub_issue_write (write)	Create or manage sub-issues	owner, repo, issue_number

labels

Description: Label management
Source: pkg/github/labels.go

Tool	Purpose	Key Parameters
get_label	Get a specific label from a repository	owner, repo, name
list_label	List labels from a repository	owner, repo
label_write (write)	Create or update a label	owner, repo, name, color, description

notifications

Description: Notification management
Source: pkg/github/notifications.go

Tool	Purpose	Key Parameters
get_notification_details	Get detailed information for a specific notification	notificationID
list_notifications	List GitHub notifications for the authenticated user	filter, owner, repo, since, before, page, perPage
dismiss_notification (write)	Dismiss a specific notification	notification_id
manage_notification_subscription (write)	Manage notification subscription for a thread	thread_id, subscribed
manage_repository_notification_subscription (write)	Manage notifications for a repository	owner, repo, subscribed
mark_all_notifications_read (write)	Mark all notifications as read	last_read_at

orgs

Description: Organization operations
Source: pkg/github/security_advisories.go (list_org_repository_security_advisories is org-scoped but defined in the security_advisories file)

Tool	Purpose	Key Parameters
list_org_repository_security_advisories	List security advisories for all repos in an org	org, state, sort, direction

projects

Description: GitHub Projects (requires PAT — not supported by GITHUB_TOKEN)
Source: pkg/github/projects.go

Tool	Purpose	Key Parameters
projects_get	Get details about a project, field, item, or status update	method, owner, project_number, item_id, field_id, status_update_id
projects_list	List projects, fields, items, or status updates	method, owner, project_number, query, after, before, per_page
projects_write (write)	Create or update project items/fields	owner, project_number

pull_requests

Description: Pull request operations
Source: pkg/github/pullrequests.go

Tool	Purpose	Key Parameters
list_pull_requests	List pull requests in a repository	owner, repo, state, head, base, sort, direction
pull_request_read	Read PR details, diff, status, files, reviews, comments, check runs	method, owner, repo, pullNumber
search_pull_requests	Search pull requests using GitHub PR search syntax	query, owner, repo, sort, order
add_comment_to_pending_review (write)	Add a comment to a pending PR review	owner, repo, pull_number, review_id
add_reply_to_pull_request_comment (write)	Reply to a PR review comment	owner, repo, pull_number, comment_id, body
create_pull_request (write)	Create a new pull request	owner, repo, title, body, head, base
merge_pull_request (write)	Merge a pull request	owner, repo, pull_number, merge_method
pull_request_review_write (write)	Create or submit a PR review	owner, repo, pull_number, event, body
update_pull_request (write)	Update PR title, body, or state	owner, repo, pull_number, title, body
update_pull_request_branch (write)	Update PR branch with latest base	owner, repo, pull_number

repos

Description: Repository operations
Source: pkg/github/repositories.go

Tool	Purpose	Key Parameters
get_commit	Get details for a commit from a repository	owner, repo, sha, include_diff, page, perPage
get_file_contents	Get the contents of a file or directory	owner, repo, path, ref, sha
get_latest_release	Get the latest release in a repository	owner, repo
get_release_by_tag	Get a release by its tag name	owner, repo, tag
get_tag	Get details about a specific git tag	owner, repo, tag
list_branches	List branches in a repository	owner, repo, page, perPage
list_commits	Get list of commits of a branch	owner, repo, sha, author, path, since, until
list_releases	List releases in a repository	owner, repo, page, perPage
list_tags	List git tags in a repository	owner, repo, page, perPage
create_branch (write)	Create a new branch	owner, repo, branch, from_branch
create_or_update_file (write)	Create or update a file in a repository	owner, repo, path, content, message, branch
create_repository (write)	Create a new GitHub repository	name, description, private, auto_init
delete_file (write)	Delete a file from a repository	owner, repo, path, message, sha, branch
fork_repository (write)	Fork a repository	owner, repo, organization
push_files (write)	Push multiple files in a single commit	owner, repo, branch, files, message

search

Description: Advanced search across GitHub (keyword and semantic)
Source: pkg/github/search.go

Tool	Purpose	Key Parameters
search_code	Fast code search using GitHub's native search engine	query, sort, order, page, perPage
search_orgs	Find GitHub organizations by name, location, or metadata	query, sort, order, page, perPage
search_repositories	Find repositories by name, description, readme, topics	query, sort, order, minimal_output, page, perPage
search_users	Find GitHub users by username, real name, or profile info	query, sort, order, page, perPage
semantic_issue_similarity_search	Find issues semantically similar to a given issue	owner, repo, issue_number, threshold, per_page
semantic_issues_search	Search for issues using natural language queries	query, owner, repo, sort, order

secret_protection

Description: Secret scanning
Source: pkg/github/secret_scanning.go

Tool	Purpose	Key Parameters
get_secret_scanning_alert	Get details of a specific secret scanning alert	owner, repo, alertNumber
list_secret_scanning_alerts	List secret scanning alerts in a repository	owner, repo, state, resolution, secret_type
run_secret_scanning	Scan files, content, or diffs for exposed secrets	files, owner, repo

security_advisories

Description: Security advisories
Source: pkg/github/security_advisories.go

Tool	Purpose	Key Parameters
check_dependency_vulnerabilities	Check dependencies for known vulnerabilities	owner, repo, dependencies
get_global_security_advisory	Get a global security advisory by GHSA ID	ghsaId
list_global_security_advisories	List global security advisories from GitHub	type, severity, ecosystem, cveId, ghsaId
list_repository_security_advisories	List security advisories for a repository	owner, repo, state, sort, direction

stargazers

Description: Repository stars
Source: pkg/github/repositories.go (stargazer endpoints live in repositories.go)

Tool	Purpose	Key Parameters
list_starred_repositories	List repositories starred by a user	username, sort, direction, page, perPage
star_repository (write)	Star a repository	owner, repo
unstar_repository (write)	Unstar a repository	owner, repo

users

Description: User information (empty — user search lives in search via search_users)
Source: pkg/github/search.go (for search_users)

No tools registered in this toolset; intentionally retained as a placeholder per existing repo convention.

Recommended Default Toolsets

Current defaults (documented in github-mcp-server.md L46): context, repos, issues, pull_requests

Recommendation: ✅ Keep current defaults. They cover the four foundational categories every workflow needs.

Toolset	Why it's in defaults
context	Identity/team awareness (get_me, get_teams) — agents reference their actor in nearly every workflow
repos	File reads, commit/branch/tag enumeration — fundamental for any code-aware automation
issues	Read + write on issues and comments — present in triage, dispatch, and labeling workflows
pull_requests	PR reads + reviews + creates — the second highest-volume workflow type after issues

Consideration for future inclusion: search could be a candidate for defaults given its broad utility (search_code, search_issues, search_pull_requests), but adding it expands the tool surface and increases token budget for system prompts. Recommendation: keep search opt-in for now.

Specialized toolsets (enable explicitly):

• actions — workflow introspection / triggering
• code_security, dependabot, secret_protection, security_advisories — security workflows (require security-events permission)
• copilot_spaces, github_support_docs_search — remote-mode-only
• discussions — community discussion workflows
• experiments — dynamic toolset reconfiguration
• gists, git, labels, notifications, orgs, stargazers — narrow-purpose
• projects — requires PAT (incompatible with GITHUB_TOKEN)
• users — empty, no tools registered

Notes and Observations

1. Read-only context limits direct validation: This run is in X-MCP-Readonly: true mode, so write tools cannot be directly probed. Future runs without the read-only header could verify the write-side of the mapping directly.
2. context and experiments not exposed: Neither toolset surfaced in this session. They are likely server-administered (toolset enablement / identity passthrough). Worth verifying against a live non-read-only client if discrepancies are suspected.
3. stargazers source location: Stargazer endpoints are defined in pkg/github/repositories.go in the upstream server, not a separate file — already correctly noted in the existing mapping.
4. orgs placement of list_org_repository_security_advisories: This tool lives in security_advisories.go upstream but is registered under the orgs toolset. Already correctly captured in the JSON mapping.
5. No upstream-vs-local drift detected: The JSON mapping in pkg/workflow/data/github_toolsets_permissions.json (version 2.2) matches the observed surface and the documented surface in github-mcp-server.md — all three are in sync.

Toolset Configuration Reference

tools:
  github:
    mode: gh-proxy        # preferred (pre-authenticated gh CLI)
    # mode: local         # Docker-based gh mcp subprocess
    # mode: remote        # https://api.githubcopilot.com/mcp/ (requires PAT/GitHub App)
    toolsets: [default]   # or [all] / [repos, issues, pull_requests] / [default, discussions, actions]

Toolset options: context, repos, issues, pull_requests, actions, code_security, copilot_spaces, dependabot, discussions, experiments, gists, git, github_support_docs_search, labels, notifications, orgs, projects, search, secret_protection, security_advisories, stargazers, users, default, all.

Methodology

• Discovery: Tool-list introspection of the GitHub MCP remote server exposed to this agent session
• MCP configuration: Remote mode + read-only (X-MCP-Readonly: true) + all toolsets enabled
• Comparison source: pkg/workflow/data/github_toolsets_permissions.json v2.2
• Cache: First run — baseline saved to /tmp/gh-aw/cache-memory/github-mcp-tools.json for diffing in subsequent runs
• MCP server source: github/github-mcp-server

References:

• §25991076152

Generated by 📊 GitHub MCP Remote Server Tools Report Generator · ● 9.9M · ◷

• expires on May 20, 2026, 12:46 PM UTC

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-05-20T12:46:11.446Z.

Closed by Workflow