GitHub MCP Remote Server Tools Report — 2026-02-22

[github-actions[bot]]

Generated: 2026-02-22
MCP Mode: Remote
Toolsets: All (19)
Previous Report: None (first run)

Executive Summary

This report audits the GitHub MCP remote server tools available in agentic workflows, compares them against the repository's JSON toolset mapping, and documents all discovered tools organized by toolset.

• Total Tools Discovered: 56
• Toolset Categories: 19 (2 empty: experiments, users)
• Source: pkg/workflow/data/github_toolsets_permissions.json (v2.0, authoritative)
• Changes Since Last Report: N/A — first run
• Documentation Updates: Created PR with updated tool mappings, SKILL.md, and new instructions file

Note on Discovery Method: The GitHub MCP server tools were not directly accessible as callable functions in this workflow run. Tool discovery was performed via the authoritative pkg/workflow/data/github_toolsets_permissions.json file (version 2.0, described as "updated to match actual MCP server capabilities"). The github_tool_to_toolset.json migration file was cross-referenced to identify discrepancies and newly added tools.

---

Inconsistency Detection

Toolset Integrity Checks

Check	Result
Duplicate tools across toolsets	⚠️ Minor: search_issues and search_pull_requests appear in both issues/pull_requests AND search toolsets
Miscategorized tools	None detected
Naming inconsistencies	⚠️ list_label (singular) in labels toolset vs typical plural convention list_labels
Orphaned tools	None detected
Empty toolsets	experiments (0 tools), users (0 tools)

Observations:

• The search toolset contains search_issues and search_pull_requests, which are also listed in the issues and pull_requests toolsets. These are likely aliases or cross-references to indicate search capability is available in both contexts.
• The users toolset is empty in the JSON mapping — this toolset requires a PAT and is not supported by GITHUB_TOKEN, explaining the absence of listed tools.
• experiments is intentionally empty (preview features not yet stable).

---

JSON Mapping Comparison

Comparison: github_toolsets_permissions.json (v2.0) vs github_tool_to_toolset.json (migration file)

Summary:

• Total Discrepancies Found: 31 new tools in v2.0 not in migration file, 22 old tools in migration file not in v2.0
• New Tools Added to Migration File: 31
• Legacy/Removed Tools Retained: 22 (kept for backward compatibility)

New Tools Added to Migration Mapping (31 tools)

Toolset	Tool Name	Status
context	get_copilot_space	Added to migration mapping
context	github_support_docs_search	Added to migration mapping
context	list_copilot_spaces	Added to migration mapping
repos	get_repository_tree	Added to migration mapping
issues	list_issue_types	Added to migration mapping
dependabot	get_dependabot_alert	Added to migration mapping
dependabot	list_dependabot_alerts	Added to migration mapping
discussions	get_discussion	Added to migration mapping
discussions	get_discussion_comments	Added to migration mapping
discussions	list_discussion_categories	Added to migration mapping
gists	get_gist	Added to migration mapping
labels	list_label	Added (alongside list_labels)
notifications	get_notification_details	Added to migration mapping
orgs	list_org_repository_security_advisories	Added to migration mapping
projects	get_project	Added to migration mapping
projects	get_project_field	Added to migration mapping
projects	get_project_item	Added to migration mapping
projects	list_project_fields	Added to migration mapping
projects	list_project_items	Added to migration mapping
projects	list_projects	Added to migration mapping
secret_protection	get_secret_scanning_alert	Added to migration mapping
security_advisories	get_global_security_advisory	Added to migration mapping
security_advisories	list_global_security_advisories	Added to migration mapping
security_advisories	list_repository_security_advisories	Added to migration mapping
stargazers	list_starred_repositories	Added to migration mapping
actions	actions_get	Added (renamed from get_workflow_run)
actions	actions_list	Added (renamed from list_workflow_runs)
search	search_code	Added (moved from repos toolset)
search	search_issues	Added (moved/expanded)
search	search_orgs	Added to migration mapping
search	search_pull_requests	Added (moved/expanded)

Legacy Tools (in migration file but not in v2.0 JSON)

These tools are retained in the migration mapping for backward compatibility with existing allowed: configurations:

Legacy Tool	Old Toolset	Notes
get_me	users	Still available via users toolset
get_teams	context	Replaced by Copilot space tools
get_team_members	context	Replaced by Copilot space tools
get_repository	repos	Use get_file_contents or get_repository_tree
search_code	repos→search	Moved to search toolset
create_issue	issues	Write operation still available via toolset
update_issue	issues	Write operation still available via toolset
add_reaction	issues	Write operation still available via toolset
create_issue_comment	issues	Write operation still available via toolset
get_pull_request	pull_requests	Via pull_requests toolset
create_pull_request	pull_requests	Write operation still available via toolset
list_workflows	actions	Renamed to actions_list
list_workflow_runs	actions	Renamed to actions_list
get_workflow_run	actions	Renamed to actions_get
download_workflow_run_artifact	actions	Via actions toolset
get_workflow_run_usage	actions	Via actions toolset
list_workflow_jobs	actions	Via actions toolset
list_workflow_run_artifacts	actions	Via actions toolset
create_code_scanning_alert	code_security	Write operation via toolset
create_discussion	discussions	Write operation via toolset
create_gist	gists	Write operation via toolset
list_labels	labels	Renamed to list_label
create_label	labels	Write operation via toolset
mark_notifications_read	notifications	Write operation via toolset
get_organization	orgs	Replaced by advisory-focused tools
list_organizations	orgs	Replaced by advisory-focused tools
get_user	users	Via users toolset
list_users	users	Via users toolset

Action: Created pull request with updated migration mapping and documentation.

---

Changes Since Last Report

No previous report exists. This is the first run.

---

Tools by Toolset

context Toolset

GitHub Copilot context and support documentation.

Tool Name	Purpose	Key Parameters
get_copilot_space	Get details about a specific GitHub Copilot space	space_id
github_support_docs_search	Search GitHub support documentation	query
list_copilot_spaces	List available GitHub Copilot spaces	—

repos Toolset

Repository operations. Requires contents read permission.

Tool Name	Purpose	Key Parameters
get_commit	Get details of a specific commit	owner, repo, sha
get_file_contents	Read file or directory contents from a repository	owner, repo, path, ref
get_latest_release	Get the latest release for a repository	owner, repo
get_release_by_tag	Get a release by its tag name	owner, repo, tag
get_repository_tree	Get the file tree of a repository	owner, repo, ref, recursive
get_tag	Get details of a specific tag	owner, repo, tag
list_branches	List branches in a repository	owner, repo
list_commits	List commits in a repository	owner, repo, sha, path
list_releases	List all releases for a repository	owner, repo
list_tags	List tags in a repository	owner, repo

issues Toolset

Issue management. Requires issues read/write permission.

Tool Name	Purpose	Key Parameters
issue_read	Read issue details and comments	owner, repo, issue_number
list_issue_types	List available issue types for a repository	owner, repo
list_issues	List issues in a repository	owner, repo, state, labels
search_issues	Search issues	query, owner, repo

pull_requests Toolset

Pull request operations. Requires pull-requests read/write permission.

Tool Name	Purpose	Key Parameters
list_pull_requests	List pull requests in a repository	owner, repo, state, base
pull_request_read	Read pull request details, reviews, and comments	owner, repo, pull_number
search_pull_requests	Search pull requests	query, owner, repo

actions Toolset

GitHub Actions workflows and CI/CD. Requires actions read permission.

Tool Name	Purpose	Key Parameters
actions_get	Get details of a specific workflow run	owner, repo, run_id
actions_list	List GitHub Actions workflows and workflow runs	owner, repo, workflow_id
get_job_logs	Download logs for a specific workflow job	owner, repo, job_id

code_security Toolset

Code scanning alerts. Requires security-events read/write permission.

Tool Name	Purpose	Key Parameters
get_code_scanning_alert	Get details of a specific code scanning alert	owner, repo, alert_number
list_code_scanning_alerts	List code scanning alerts for a repository	owner, repo, state, severity

dependabot Toolset

Dependabot vulnerability alerts. Requires security-events read permission.

Tool Name	Purpose	Key Parameters
get_dependabot_alert	Get details of a specific Dependabot alert	owner, repo, alert_number
list_dependabot_alerts	List Dependabot alerts for a repository	owner, repo, state, severity

discussions Toolset

GitHub Discussions. Requires discussions read/write permission.

Tool Name	Purpose	Key Parameters
get_discussion	Get details of a specific discussion	owner, repo, discussion_number
get_discussion_comments	Get comments for a specific discussion	owner, repo, discussion_number
list_discussion_categories	List discussion categories for a repository	owner, repo
list_discussions	List discussions in a repository	owner, repo, category_id

experiments Toolset

Experimental/preview features. Currently empty — no tools available.

gists Toolset

GitHub Gist operations.

Tool Name	Purpose	Key Parameters
get_gist	Get a specific gist by ID	gist_id
list_gists	List gists for a user	username

labels Toolset

Label management. Requires issues read/write permission.

Tool Name	Purpose	Key Parameters
get_label	Get details of a specific label	owner, repo, name
list_label	List labels in a repository	owner, repo

notifications Toolset

User notification management.

Tool Name	Purpose	Key Parameters
get_notification_details	Get details of a specific notification	thread_id
list_notifications	List user notifications	all, participating

orgs Toolset

Organization security advisories.

Tool Name	Purpose	Key Parameters
list_org_repository_security_advisories	List security advisories for repositories in an organization	org

projects Toolset

GitHub Projects (classic and new). Requires a PAT — not supported by GITHUB_TOKEN.

Tool Name	Purpose	Key Parameters
get_project	Get details of a specific project	project_id
get_project_field	Get a specific project field	project_id, field_id
get_project_item	Get a specific project item	project_id, item_id
list_project_fields	List fields defined in a project	project_id
list_project_items	List items in a project	project_id
list_projects	List GitHub Projects for a user or organization	owner, org

secret_protection Toolset

Secret scanning alerts. Requires security-events read permission.

Tool Name	Purpose	Key Parameters
get_secret_scanning_alert	Get details of a specific secret scanning alert	owner, repo, alert_number
list_secret_scanning_alerts	List secret scanning alerts for a repository	owner, repo, state

security_advisories Toolset

Security advisory management. Requires security-events read/write permission.

Tool Name	Purpose	Key Parameters
get_global_security_advisory	Get a specific global security advisory	ghsa_id
list_global_security_advisories	List advisories from the GitHub Advisory Database	ecosystem, severity, cve_id
list_repository_security_advisories	List security advisories for a specific repository	owner, repo, state

stargazers Toolset

Repository star information.

Tool Name	Purpose	Key Parameters
list_starred_repositories	List repositories starred by a user	username

users Toolset

User profile information. Currently empty in JSON mapping — requires PAT with additional scopes not available via GITHUB_TOKEN.

search Toolset

Advanced GitHub search across all resource types.

Tool Name	Purpose	Key Parameters
search_code	Search code across repositories	query, owner, repo
search_issues	Search issues and pull requests	query, sort, order
search_orgs	Search GitHub organizations	query
search_pull_requests	Search pull requests	query, sort, order
search_repositories	Search for repositories	query, sort, order
search_users	Search GitHub users	query, sort, order

---

Recommended Default Toolsets

Recommended Defaults: context, repos, issues, pull_requests

Rationale:

• context: Provides Copilot space awareness and GitHub support documentation search, useful for almost any workflow operating in a Copilot environment
• repos: Core repository access (file contents, commits, branches, releases) is needed for nearly every development workflow
• issues: Issue tracking is fundamental to development and project management workflows
• pull_requests: PR operations (listing, reading) are essential for code review and CI-adjacent workflows

Specialized Toolsets (enable explicitly when needed):

• actions — CI/CD monitoring, workflow log analysis
• discussions — Community Q&A, announcements
• search — Cross-repository search operations
• code_security, dependabot, secret_protection — Security audit workflows
• security_advisories — Advisory management and tracking
• projects — Project board management (requires PAT)
• notifications — Notification management workflows
• labels — Label automation
• gists — Gist-based workflows
• orgs — Organization-level security advisory listing
• stargazers — Star/engagement tracking
• users — User profile lookups (requires PAT)
• experiments — Preview/experimental features (currently empty)

---

Toolset Configuration Reference

tools:
  github:
    mode: "remote"  # or "local"
    toolsets: [all]  # or specific toolsets

Available toolset options: context, repos, issues, pull_requests, actions, code_security, dependabot, discussions, experiments, gists, labels, notifications, orgs, projects, secret_protection, security_advisories, stargazers, users, search, default, all

---

Notes and Observations

1. Context toolset evolution: The context toolset in v2.0 now contains GitHub Copilot-specific tools (get_copilot_space, list_copilot_spaces, github_support_docs_search) instead of the older team-access tools (get_teams, get_team_members). This reflects a shift toward Copilot-oriented context in agentic workflows.

2. Actions toolset renaming: The actions toolset tools were significantly renamed. list_workflow_runs and get_workflow_run were consolidated into actions_list and actions_get, reducing granularity but simplifying the interface.

3. Search toolset expansion: Several search operations previously embedded in other toolsets (search_code in repos, search_issues in issues) have been consolidated into the dedicated search toolset. This provides better separation of concerns.

4. Write operations: Many write tools (create_issue, update_issue, create_pull_request, etc.) are NOT listed in the v2.0 JSON mapping despite write permissions being defined. These operations are handled through the safe-outputs mechanism in agentic workflows, which provides audit trails and proper permission enforcement.

5. Projects toolset previously undocumented: The 6 project management tools were absent from the migration mapping file, indicating they may have been added in a recent MCP server update.

6. Naming consistency: Minor inconsistency — list_label (singular) instead of the more conventional list_labels (plural). This is a v2.0 API quirk to be aware of when using the allowed: pattern.

---

Methodology

• Discovery Method: Analysis of pkg/workflow/data/github_toolsets_permissions.json (v2.0, authoritative) cross-referenced with pkg/workflow/data/github_tool_to_toolset.json and skills/github-mcp-server/SKILL.md
• MCP Configuration: Remote mode with all toolsets enabled
• Categorization: Based on JSON toolset groupings from the authoritative permissions file
• Documentation: Updated to reflect current v2.0 tool names and organization

References: §22277200550

AI generated by GitHub MCP Remote Server Tools Report Generator

• expires on Mar 1, 2026, 12:45 PM UTC

[pelikhan]

/q update report to provide links to the sources of information.

[github-actions[bot]]

Q Report: Source Links Update

Analyzed the GitHub MCP Remote Server Tools Report generated by the github-mcp-tools-report workflow.

Finding: The report referenced source files (JSON mapping, instructions file, PRs) as plain text rather than clickable links.

Changes made to .github/workflows/github-mcp-tools-report.md:

• Executive Summary now includes linked Source and Instructions File fields pointing to the actual repository files
• JSON Mapping Comparison section links directly to pkg/workflow/data/github_toolsets_permissions.json
• Action field instructs the agent to include PR number and URL when creating mapping update PRs
• Methodology section includes linked references to both source files
• Report Quality guideline added: "Link Sources — always link to source files and PRs using full GitHub URLs"

A PR has been created with these changes. The next report run will produce a discussion with clickable links to all referenced sources.

🎩 Equipped by Q

[github-actions[bot]]

🤖 Beep boop! The smoke test agent was here!

Just passing through to make sure everything works. The automation is alive, the tests are running, and the code is compiling. All systems nominal! 🚀

📰 BREAKING: Report filed by Smoke Copilot

[github-actions[bot]]

🎭 The Smoke Test Spectacular has concluded!

The Copilot agent danced through 11 tests like a caffeinated robot at a hackathon. Files were created! Pages were navigated! Code was compiled! Discussions were discussed!

The only party pooper? Serena MCP decided not to show up (tooling not available). But 10/11 ain't bad! 🤖✨

*takes a bow and exits through the merge queue*

📰 BREAKING: Report filed by Smoke Copilot