actions
diff --git a/‎README.md‎
Lines changed: 18 additions & 2 deletions b/‎README.md‎
Lines changed: 18 additions & 2 deletions
diff --git a/‎action.yml‎
Lines changed: 4 additions & 0 deletions b/‎action.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎dist/index.js‎
Lines changed: 3 additions & 1 deletion b/‎dist/index.js‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎dist/index.js.map‎
Lines changed: 1 addition & 1 deletion b/‎dist/index.js.map‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main.ts‎
Lines changed: 4 additions & 1 deletion b/‎src/main.ts‎
Lines changed: 4 additions & 1 deletion
@@ -168,11 +168,26 @@ steps:
       token: ${{ secrets.USER_PAT }}
 ```
 
+For enhanced security, you can use separate tokens for the AI inference endpoint
+and the GitHub MCP server:
+
+```yaml
+steps:
+  - name: AI Inference with Separate MCP Token
+    id: inference
+    uses: actions/[email protected]
+    with:
+      prompt: 'List my open pull requests and create a summary'
+      enable-github-mcp: true
+      token: ${{ secrets.AI_INFERENCE_TOKEN }}
+      github-mcp-token: ${{ secrets.GITHUB_MCP_TOKEN }}
+```
+
 When MCP is enabled, the AI model will have access to GitHub tools and can
 perform actions like searching issues and PRs.
 
-**Note:** For now, MCP integration cannot be used with the built-in token. You
-must pass a GitHub PAT into `token:` instead.
+**Note:** You can use the built-in `GITHUB_TOKEN`, or provide a separate GitHub
+PAT via `github-mcp-token` for tighter security and permissions control.
 
 ## Inputs
 
@@ -191,6 +206,7 @@ the action:
 | `endpoint`           | The endpoint to use for inference. If you're running this as part of an org, you should probably use the org-specific Models endpoint                         | `https://models.github.ai/inference` |
 | `max-tokens`         | The max number of tokens to generate                                                                                                                          | 200                                  |
 | `enable-github-mcp`  | Enable Model Context Protocol integration with GitHub tools                                                                                                   | `false`                              |
+| `github-mcp-token`   | Token to use for GitHub MCP server (defaults to the main token if not specified). Use a separate PAT for tighter security                                     | `""`                                 |
 
 ## Outputs
 
 
@@ -50,6 +50,10 @@ inputs:
     description: Enable Model Context Protocol integration with GitHub tools
     required: false
     default: 'false'
+  github-mcp-token:
+    description: The token to use for GitHub MCP server (defaults to GITHUB_TOKEN if not specified)
+    required: false
+    default: ''
 
 # Define your outputs here.
 outputs:
 
@@ -49,6 +49,9 @@ export async function run(): Promise<void> {
       throw new Error('GITHUB_TOKEN is not set')
     }
 
+    // Get GitHub MCP token (use dedicated token if provided, otherwise fall back to main token)
+    const githubMcpToken = core.getInput('github-mcp-token') || token
+
     const endpoint = core.getInput('endpoint')
 
     // Build the inference request with pre-processed messages and response format
@@ -67,7 +70,7 @@ export async function run(): Promise<void> {
     let modelResponse: string | null = null
 
     if (enableMcp) {
-      const mcpClient = await connectToGitHubMCP(inferenceRequest.token)
+      const mcpClient = await connectToGitHubMCP(githubMcpToken)
 
       if (mcpClient) {
         modelResponse = await mcpInference(inferenceRequest, mcpClient)