mcp-github

claude mcp add mcp-github -- node /opt/mcp/mcp-github/build/index.js
# env: GITHUB_TOKEN (a PAT with repo + workflow scope)

It gives an agent the operational half of GitHub: open and edit issues, list and trigger and rerun workflows, pull job logs, manage Environments, and set secrets and variables. The logs part is the point. An agent that can read why a run failed can usually tell you what to change.

The one detail worth knowing

Setting an Actions secret is not a plain PUT. GitHub stores secrets encrypted, so the server first fetches the repo public key, seals the value with libsodium crypto_box_seal, then uploads the sealed bytes with the key id. Get that wrong and the secret lands as garbage that fails silently at run time. Every request also pins X-GitHub-Api-Version, so a server-side default change does not quietly move the contract under me.