Main

.github/copilot-instructions.md

@@ -9,7 +9,7 @@ This is the **GitHub MCP Server**, a Model Context Protocol (MCP) server that co
 - **Type:** MCP server application with CLI interface
 - **Primary Package:** github-mcp-server (stdio MCP server - **this is the main focus**)
 - **Secondary Package:** mcpcurl (testing utility - don't break it, but not the priority)
-- **Framework:** Uses mark3labs/mcp-go for MCP protocol, google/go-github for GitHub API
+- **Framework:** Uses modelcontextprotocol/go-sdk for MCP protocol, google/go-github for GitHub API
 - **Size:** ~60MB repository, 70 Go files
 - **Library Usage:** This repository is also used as a library by the remote server. Functions that could be called by other repositories should be exported (capitalized), even if not required internally. Preserve existing export patterns.
 

.github/prompts/bug-report-review.prompt.yml

@@ -0,0 +1,32 @@
+messages:
+  - role: system
+    content: |
+      You are a triage assistant for the GitHub MCP Server repository. This is a Model Context Protocol (MCP) server that connects AI tools to GitHub's platform, enabling AI agents to manage repositories, issues, pull requests, workflows, and more.
+
+      Your job is to analyze bug reports and assess their completeness.
+
+      Analyze the issue for these key elements:
+      1. Clear description of the problem
+      2. Affected version (from running `docker run -i --rm ghcr.io/github/github-mcp-server ./github-mcp-server --version`)
+      3. Steps to reproduce the behavior
+      4. Expected vs actual behavior
+      5. Relevant logs (if applicable)
+
+      Provide ONE of these assessments:
+
+      ### AI Assessment: Ready for Review
+      Use when the bug report has most required information and can be triaged by a maintainer.
+
+      ### AI Assessment: Missing Details
+      Use when critical information is missing (no reproduction steps, no version info, unclear problem description).
+
+      ### AI Assessment: Unsure
+      Use when you cannot determine the completeness of the report.
+
+      After your assessment header, provide a brief explanation of your rating.
+      If details are missing, note which specific sections need more information.
+  - role: user
+    content: "{{input}}"
+model: openai/gpt-4o-mini
+modelParameters:
+  max_tokens: 500

.github/prompts/default-issue-review.prompt.yml

@@ -0,0 +1,31 @@
+messages:
+  - role: system
+    content: |
+      You are a triage assistant for the GitHub MCP Server repository. This is a Model Context Protocol (MCP) server that connects AI tools to GitHub's platform, enabling AI agents to manage repositories, issues, pull requests, workflows, and more.
+
+      Your job is to analyze new issues and help categorize them.
+
+      Analyze the issue to determine:
+      1. Is this a bug report, feature request, question, or something else?
+      2. Is the issue clear and well-described?
+      3. Does it contain enough information for maintainers to act on?
+
+      Provide ONE of these assessments:
+
+      ### AI Assessment: Ready for Review
+      Use when the issue is clear, well-described, and contains enough context for maintainers to understand and act on it.
+
+      ### AI Assessment: Missing Details
+      Use when the issue is unclear, lacks context, or needs more information to be actionable.
+
+      ### AI Assessment: Unsure
+      Use when you cannot determine the nature or completeness of the issue.
+
+      After your assessment header, provide a brief explanation including:
+      - What type of issue this appears to be (bug, feature request, question, etc.)
+      - What additional information might be helpful if any
+  - role: user
+    content: "{{input}}"
+model: openai/gpt-4o-mini
+modelParameters:
+  max_tokens: 500

.github/pull_request_template.md

@@ -1,11 +1,51 @@
 <!--
-    Thank you for contributing to GitHub MCP Server!
-    Please reference an existing issue: `Closes #NUMBER`
-
-    Screenshots or videos of changed behavior is incredibly helpful and always appreciated.
-    Consider addressing the following:
-    - Tradeoffs: List tradeoffs you made to take on or pay down tech debt.
-    - Alternatives: Describe alternative approaches you considered and why you discarded them.
+Copilot: Fill all sections. Prefer short, concrete answers.
+If a checkbox is selected, add a brief explanation.
 -->
 
-Closes:
+## Summary
+<!-- In 1–2 sentences: what does this PR do? -->
+
+## Why
+<!-- Why is this change needed? Link issues or discussions. -->
+Fixes #
+
+## What changed
+<!-- Bullet list of concrete changes. -->
+- 
+- 
+
+## MCP impact
+<!-- Select one or more. If selected, add 1–2 sentences. -->
+- [ ] No tool or API changes
+- [ ] Tool schema or behavior changed
+- [ ] New tool added
+
+## Prompts tested (tool changes only)
+<!-- If you changed or added tools, list example prompts you tested. -->
+<!-- Include prompts that trigger the tool and describe the use case. -->
+<!-- Example: "List all open issues in the repo assigned to me" -->
+- 
+
+## Security / limits
+<!-- Select if relevant. Add a short note if checked. -->
+- [ ] No security or limits impact
+- [ ] Auth / permissions considered
+- [ ] Data exposure, filtering, or token/size limits considered
+
+## Tool renaming
+- [ ] I am renaming tools as part of this PR (e.g. a part of a consolidation effort)
+   - [ ] I have added the new tool aliases in `deprecated_tool_aliases.go` 
+- [ ] I am not renaming tools as part of this PR
+
+Note: if you're renaming tools, you *must* add the tool aliases. For more information on how to do so, please refer to the [official docs](https://github.com/github/github-mcp-server/blob/main/docs/tool-renaming.md).
+
+## Lint & tests
+<!-- Check what you ran. If not run, explain briefly. -->
+- [ ] Linted locally with `./script/lint`
+- [ ] Tested locally with `./script/test`
+
+## Docs
+
+- [ ] Not needed
+- [ ] Updated (README / docs / examples)

.github/workflows/ai-issue-assessment.yml

@@ -0,0 +1,30 @@
+name: AI Issue Assessment
+
+on:
+  issues:
+    types: [opened, labeled]
+
+jobs:
+  ai-issue-assessment:
+    if: >
+      (github.event.action == 'opened' && github.event.issue.labels[0] == null) ||
+      (github.event.action == 'labeled' && github.event.label.name == 'bug')
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      models: read
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Run AI assessment
+        uses: github/ai-assessment-comment-labeler@e3bedc38cfffa9179fe4cee8f7ecc93bffb3fee7 # v1.0.1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          ai_review_label: 'bug, enhancement'
+          issue_number: ${{ github.event.issue.number }}
+          issue_body: ${{ github.event.issue.body }}
+          prompts_directory: '.github/prompts'
+          labels_to_prompts_mapping: 'bug,bug-report-review.prompt.yml|default,default-issue-review.prompt.yml'

.github/workflows/code-scanning.yml

@@ -14,6 +14,8 @@ env:
 jobs:
   analyze:
     name: Analyze (${{ matrix.language }})
+    # Only run on the main repository, not on forks
+    if: github.repository == 'github/github-mcp-server'
     runs-on: ${{ fromJSON(matrix.runner) }}
     permissions:
       actions: read
@@ -46,6 +48,9 @@ jobs:
           queries: "" # Default query suite
           packs: github/ccr-${{ matrix.language }}-queries
           config: |
+            paths-ignore:
+              - third-party
+              - third-party-licenses.*.md
             default-setup:
               org:
                 model-packs: [ ${{ github.event.inputs.code_scanning_codeql_packs }} ]

.github/workflows/conformance.yml

@@ -0,0 +1,69 @@
+name: Conformance Test
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  conformance:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v6
+        with:
+          # Fetch full history to access merge-base
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: "go.mod"
+
+      - name: Download dependencies
+        run: go mod download
+
+      - name: Run conformance test
+        id: conformance
+        run: |
+          # Run conformance test, capture stdout for summary
+          script/conformance-test > conformance-summary.txt 2>&1 || true
+
+          # Output the summary
+          cat conformance-summary.txt
+
+          # Check result
+          if grep -q "RESULT: ALL TESTS PASSED" conformance-summary.txt; then
+            echo "status=passed" >> $GITHUB_OUTPUT
+          else
+            echo "status=differences" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Generate Job Summary
+        run: |
+          # Add the full markdown report to the job summary
+          echo "# MCP Server Conformance Report" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "Comparing PR branch against merge-base with \`origin/main\`" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+
+          # Extract and append the report content (skip the header since we added our own)
+          tail -n +5 conformance-report/CONFORMANCE_REPORT.md >> $GITHUB_STEP_SUMMARY
+
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "---" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+
+          # Add interpretation note
+          if [ "${{ steps.conformance.outputs.status }}" = "passed" ]; then
+            echo "✅ **All conformance tests passed** - No behavioral differences detected." >> $GITHUB_STEP_SUMMARY
+          else
+            echo "⚠️ **Differences detected** - Review the diffs above to ensure changes are intentional." >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "Common expected differences:" >> $GITHUB_STEP_SUMMARY
+            echo "- New tools/toolsets added" >> $GITHUB_STEP_SUMMARY
+            echo "- Tool descriptions updated" >> $GITHUB_STEP_SUMMARY
+            echo "- Capability changes (intentional improvements)" >> $GITHUB_STEP_SUMMARY
+          fi

.github/workflows/docker-publish.yml

@@ -54,7 +54,7 @@ jobs:
       # multi-platform images and export cache
       # https://github.com/docker/setup-buildx-action
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
 
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
@@ -70,7 +70,7 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
@@ -87,7 +87,7 @@ jobs:
             type=raw,value=latest,enable=${{ github.ref_type == 'tag' && startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-') }}
 
       - name: Go Build Cache for Docker
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: go-build-cache
           key: ${{ runner.os }}-go-build-cache-${{ hashFiles('**/go.sum') }}

.github/workflows/license-check.yml

@@ -1,9 +1,22 @@
-# Create a github action that runs the license check script and fails if it exits with a non-zero status
+# Automatically fix license files on PRs that need updates
+# Tries to auto-commit the fix, or comments with instructions if push fails
 
 name: License Check
-on: [push, pull_request]
+on:
+  pull_request:
+    branches:
+      - main  # Only run when PR targets main
+    paths:
+      - "**.go"
+      - go.mod
+      - go.sum
+      - ".github/licenses.tmpl"
+      - "script/licenses*"
+      - "third-party-licenses.*.md"
+      - "third-party/**"
 permissions:
-  contents: read
+  contents: write
+  pull-requests: write
 
 jobs:
   license-check:
@@ -13,9 +26,88 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v6
 
+      # Check out the actual PR branch so we can push changes back if needed
+      - name: Check out PR branch
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: gh pr checkout ${{ github.event.pull_request.number }}
+
       - name: Set up Go
         uses: actions/setup-go@v6
         with:
           go-version-file: "go.mod"
-      - name: check licenses
-        run: ./script/licenses-check
+
+      # actions/setup-go does not setup the installed toolchain to be preferred over the system install,
+      # which causes go-licenses to raise "Package ... does not have module info" errors.
+      # For more information, https://github.com/google/go-licenses/issues/244#issuecomment-1885098633
+      - name: Regenerate licenses
+        env:
+          CI: "true"
+        run: |
+          export GOROOT=$(go env GOROOT)
+          export PATH=${GOROOT}/bin:$PATH
+          ./script/licenses
+
+      - name: Check for changes
+        id: changes
+        continue-on-error: true
+        run: script/licenses-check
+
+      - name: Commit and push fixes
+        if: steps.changes.outcome == 'failure'
+        continue-on-error: true
+        id: push
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add third-party-licenses.*.md third-party/
+          git commit -m "chore: regenerate license files" -m "Auto-generated by license-check workflow"
+          git push
+
+      - name: Check if already commented
+        if: steps.changes.outcome == 'failure' && steps.push.outcome == 'failure'
+        id: check_comment
+        uses: actions/github-script@v8
+        with:
+          script: |
+            const { data: comments } = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number
+            });
+
+            const alreadyCommented = comments.some(comment => 
+              comment.user.login === 'github-actions[bot]' &&
+              comment.body.includes('## ⚠️ License files need updating')
+            );
+
+            core.setOutput('already_commented', alreadyCommented ? 'true' : 'false');
+
+      - name: Comment with instructions if cannot push
+        if: steps.changes.outcome == 'failure' && steps.push.outcome == 'failure' && steps.check_comment.outputs.already_commented == 'false'
+        uses: actions/github-script@v8
+        with:
+          script: |
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body: `## ⚠️ License files need updating
+
+            The license files are out of date. I tried to fix them automatically but don't have permission to push to this branch.
+
+            **Please run:**
+            \`\`\`bash
+            script/licenses
+            git add third-party-licenses.*.md third-party/
+            git commit -m "chore: regenerate license files"
+            git push
+            \`\`\`
+
+            Alternatively, enable "Allow edits by maintainers" in the PR settings so I can fix it automatically.`
+            });
+
+      - name: Fail check if changes needed
+        if: steps.changes.outcome == 'failure'
+        run: exit 1
+