GitHub MCP App Shim MCP Server

Local setup required. This server has to be cloned and prepared on your machine before you register it in Claude Code.
1

Set the server up locally

Run this once to clone and prepare the server before adding it to Claude Code.

Run in terminal
pip install .
2

Register it in Claude Code

After the local setup is done, run this command to point Claude Code at the built server.

Run in terminal
claude mcp add -e "GH_CLIENT_ID=${GH_CLIENT_ID}" -e "GH_INSTALLATION_ID=${GH_INSTALLATION_ID}" -e "GH_PRIVATE_KEY_PATH=${GH_PRIVATE_KEY_PATH}" github-mcp-shim -- node "<FULL_PATH_TO_GITHUB_MCP_SHIM>/dist/index.js"

Replace <FULL_PATH_TO_GITHUB_MCP_SHIM>/dist/index.js with the actual folder you prepared in step 1.

Required:GH_CLIENT_IDGH_INSTALLATION_IDGH_PRIVATE_KEY_PATH+ 1 optional
README.md

A lightweight stdio-to-http relay for GitHub App authentication.

GitHub MCP App Shim

A lightweight stdio-to-http relay that enables the GitHub MCP Server to authenticate using a GitHub App instead of a Personal Access Token (PAT).

Why use this?

The official GitHub MCP server typically requires a static PAT. This shim allows your AI agent to use a GitHub App's fine-grained permissions and short-lived tokens, which is more secure for organizational use and avoids the 1-year expiration limit of standard tokens.

Features

  • Auto-Refresh: Automatically exchanges your App's Private Key for a fresh Installation Access Token every 50 minutes.
  • Stdio Bridge: Acts as a local stdio server for AI clients (like Claude Desktop) while communicating with GitHub's remote MCP endpoint over https.
  • Environment Driven: No secrets are hardcoded; all identifiers are passed via environment variables.

Prerequisites

  • Python 3.9+
  • A GitHub App registered in your organization with the necessary permissions (e.g., Contents: Read/Write, Metadata: Read-only).
  • The App must be installed on the target organization or repositories.

Installation

  1. Clone or copy the github_shim.py and pyproject.toml into a folder.
  2. Install the dependencies:
    pip install .
    

Finding Your Credentials

Identifier Where to find it
Client ID Found on the General settings page of your GitHub App (e.g., Iv23liABC123).
Private Key Generate and download the .pem file from the General settings page.
Installation ID Navigate to your Org Settings > Installed GitHub Apps > Click Configure next to your app. The ID is the numeric string at the end of the URL (e.g., .../installations/12345678).

Configuration

Claude Desktop

Add the following to your claude_desktop_config.json (found at ~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "github-app-agent": {
      "command": "github-mcp-shim",
      "env": {
        "GH_CLIENT_ID": "YOUR_CLIENT_ID",
        "GH_INSTALLATION_ID": "YOUR_INSTALL_ID",
        "GH_PRIVATE_KEY_PATH": "/absolute/path/to/your-app.private-key.pem",
        "GH_REMOTE_MCP_URL": "https://api.githubcopilot.com/mcp"  // optional
      }
    }
  }
}

Security Note

Keep your .pem private key file secure. Anyone with access to this file and your Client ID can impersonate your agent and access the repositories authorized during the app installation.

Environment Variables

GH_CLIENT_IDrequiredThe Client ID of your GitHub App
GH_INSTALLATION_IDrequiredThe numeric installation ID of your GitHub App
GH_PRIVATE_KEY_PATHrequiredAbsolute path to your GitHub App's private key .pem file
GH_REMOTE_MCP_URLThe remote MCP endpoint URL

Configuration

claude_desktop_config.json
{"mcpServers": {"github-app-agent": {"command": "github-mcp-shim", "env": {"GH_CLIENT_ID": "YOUR_CLIENT_ID", "GH_INSTALLATION_ID": "YOUR_INSTALL_ID", "GH_PRIVATE_KEY_PATH": "/absolute/path/to/your-app.private-key.pem", "GH_REMOTE_MCP_URL": "https://api.githubcopilot.com/mcp"}}}}

Try it

List the repositories I have access to in the organization.
Read the contents of the README.md file in the main branch of my repository.
Create a new issue in the repository with the title 'Bug report' and the description 'System crash'.
Search for pull requests assigned to me in the organization.

Frequently Asked Questions

What are the key features of GitHub MCP App Shim?

Automatically exchanges App Private Key for fresh Installation Access Tokens every 50 minutes. Acts as a local stdio server for AI clients while communicating with remote MCP endpoints. Enables fine-grained permissions and short-lived tokens for organizational security. Environment-driven configuration with no hardcoded secrets.

What can I use GitHub MCP App Shim for?

Enabling secure GitHub access for AI agents in enterprise environments. Avoiding the 1-year expiration limit of standard Personal Access Tokens. Managing organizational AI workflows with fine-grained GitHub App permissions.

How do I install GitHub MCP App Shim?

Install GitHub MCP App Shim by running: pip install .

What MCP clients work with GitHub MCP App Shim?

GitHub MCP App Shim works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep GitHub MCP App Shim docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare