gutted PAT and STDIO

Author: nickytonline

Dockerfile

@@ -29,4 +29,4 @@ COPY --from=build /bin/github-mcp-server .
 # Set the entrypoint to the server binary
 ENTRYPOINT ["/server/github-mcp-server"]
 # Default arguments for ENTRYPOINT
-CMD ["stdio"]
+CMD ["http"]

README.md

@@ -247,24 +247,15 @@ For a complete overview of all installation options, see our **[Installation Gui
 ### Build from source
 
 If you don't have Docker, you can use `go build` to build the binary in the
-`cmd/github-mcp-server` directory, and use the `github-mcp-server stdio` command with the `GITHUB_PERSONAL_ACCESS_TOKEN` environment variable set to your token. To specify the output location of the build, use the `-o` flag. You should configure your server to use the built executable as its `command`. For example:
+`cmd/github-mcp-server` directory and run the HTTP transport directly:
 
-```JSON
-{
-  "mcp": {
-    "servers": {
-      "github": {
-        "command": "/path/to/github-mcp-server",
-        "args": ["stdio"],
-        "env": {
-          "GITHUB_PERSONAL_ACCESS_TOKEN": "<YOUR_TOKEN>"
-        }
-      }
-    }
-  }
-}
+```bash
+go build -o github-mcp-server ./cmd/github-mcp-server
+./github-mcp-server http --listen :8080
 ```
 
+> **Heads up:** Stdio transport and personal access tokens are no longer supported. The server must receive GitHub OAuth access tokens in the `Authorization` header on every request (for example, when running behind Pomerium).
+
 ### Run as an HTTP server
 
 The same binary can expose the MCP server over HTTP using the streamable transport. This mode is designed for deployments behind zero-trust proxies (for example, Pomerium) that exchange OAuth tokens with GitHub on a per-request basis.

cmd/github-mcp-server/main.go

@@ -1,7 +1,6 @@
 package main
 
 import (
-	"errors"
 	"fmt"
 	"os"
 	"strings"
@@ -28,37 +27,11 @@ var (
 	}
 
 	stdioCmd = &cobra.Command{
-		Use:   "stdio",
-		Short: "Start stdio server",
-		Long:  `Start a server that communicates via standard input/output streams using JSON-RPC messages.`,
+		Use:    "stdio",
+		Short:  "Start stdio server",
+		Hidden: true,
 		RunE: func(_ *cobra.Command, _ []string) error {
-			token := viper.GetString("personal_access_token")
-			if token == "" {
-				return errors.New("GITHUB_PERSONAL_ACCESS_TOKEN not set")
-			}
-
-			// If you're wondering why we're not using viper.GetStringSlice("toolsets"),
-			// it's because viper doesn't handle comma-separated values correctly for env
-			// vars when using GetStringSlice.
-			// https://github.com/spf13/viper/issues/380
-			var enabledToolsets []string
-			if err := viper.UnmarshalKey("toolsets", &enabledToolsets); err != nil {
-				return fmt.Errorf("failed to unmarshal toolsets: %w", err)
-			}
-
-			stdioServerConfig := ghmcp.StdioServerConfig{
-				Version:              version,
-				Host:                 viper.GetString("host"),
-				Token:                token,
-				EnabledToolsets:      enabledToolsets,
-				DynamicToolsets:      viper.GetBool("dynamic_toolsets"),
-				ReadOnly:             viper.GetBool("read-only"),
-				ExportTranslations:   viper.GetBool("export-translations"),
-				EnableCommandLogging: viper.GetBool("enable-command-logging"),
-				LogFilePath:          viper.GetString("log-file"),
-				ContentWindowSize:    viper.GetInt("content-window-size"),
-			}
-			return ghmcp.RunStdioServer(stdioServerConfig)
+			return fmt.Errorf("stdio transport has been removed; run `github-mcp-server http` behind your OAuth proxy")
 		},
 	}