[GitHub Server] add_project_item adds random external issues to project

[djsplice]

Bug Description

When using the add_project_item tool to add an issue to a GitHub Project (v2), random external issues from completely unrelated repositories are also added to the project alongside the intended issue.

Environment

• MCP Server: GitHub server (from modelcontextprotocol/servers)
• Client: Windsurf IDE
• GitHub Account Type: Personal (private project)
• Project Type: GitHub Projects v2 (user-owned)

Steps to Reproduce

1. Create a new issue in your repository (e.g., djsplice/lmnt_marketplace issue Zed configs don't work #113)
2. Use the add_project_item tool to add it to a user project:

   mcp0_add_project_item({
     owner: "djsplice",
     owner_type: "user",
     project_number: 5,
     item_id: 113,
     item_type: "issue"
   })

3. Check the project board

Expected Behavior

Only the specified issue (#113 from djsplice/lmnt_marketplace) should be added to the project.

Actual Behavior

Multiple unrelated issues from external repositories are added to the project:

• ✅ Issue Zed configs don't work #113 from djsplice/lmnt_marketplace (intended)
• ❌ Issue Port over Slack server #1 "Dust should not warn about unused arguments..." (external, unknown repo)
• ❌ Issue Port over Slack server #1 "Add Markdown support" (external, unknown repo)
• ❌ Issue Create package for each server #2 "Markdown/Textile for links in RSS feed" from nakajima/aintablog (external)

See attached screenshots showing these external issues in the project.

Screenshots

The project board shows issues from nakajima/aintablog (a completely unrelated public repository from 2009) appearing alongside the intended issue.

Additional Context

• This happens consistently when adding issues to the project via the MCP tool
• The external issues appear to be from random public repositories
• The user has no connection to these external repositories
• The project is private and should only contain issues from djsplice/lmnt_marketplace
• Manually removing the external issues from the project works, but they reappear when adding new issues via MCP

Possible Cause

The add_project_item tool may be:

1. Using the wrong parameter type for item_id (issue number vs. node ID)
2. Not properly scoping the item to the specific repository
3. Having a bug in how it resolves issue numbers to actual issues

Impact

• Severity: Medium
• Workaround: Manually remove external issues from project after each addition
• Data Leak Risk: Private project board may expose unintended issues

Related API Documentation

GitHub Projects v2 API: https://docs.github.com/en/graphql/reference/mutations#addprojectv2itembyid

The mutation requires:

• projectId (ID of the project)
• contentId (node ID of the issue/PR, not the issue number)

Hypothesis: The tool may be passing the issue number (113) instead of the issue's node ID, causing GitHub to add random items.

Suggested Fix

The add_project_item tool should:

1. First query the issue to get its node ID:

   query {
     repository(owner: "djsplice", name: "lmnt_marketplace") {
       issue(number: 113) {
         id  # This is the node ID needed
       }
     }
   }

2. Then use that node ID in the addProjectV2ItemById mutation

Request

Please investigate and fix this issue. Happy to provide more details or test a fix if needed.

---

Environment Details:

• MCP Server Version: Latest (as of 2025-10-26)
• Client: Windsurf IDE with Cascade
• GitHub API: GraphQL v4

[olaservo]

Hi @djsplice is this for the archived GitHub server, or for the official GitHub Server? Please take a look at the latest official server repo for opening any issues, since the version from this repo is archived and no longer maintained: https://github.com/github/github-mcp-server