GitHub integration

GitHub integration for AI agents.

Let your AI agents act on GitHub — issues, pull requests, and repositories — through a brokered, audited connection. Open Connector runs the OAuth, seals the token in an encrypted vault, and serves GitHub tools to your agent over MCP or a typed API — credentials injected server-side, every call audited, nothing leaving your infrastructure. Open source (AGPL-3.0) and self-hostable.

View source on GitHubAll integrations →
What your agents can do

Real GitHub actions, brokered and audited.

Your user connects GitHub once; your agent can then open and comment on issues, manage pull requests, read and search repositories, and more — scoped to the OAuth permissions you grant and the tool allowlist you configure. Every action is least-privilege and written to a tamper-evident audit trail.

  1. 1

    Your user grants GitHub access once (OAuth) — the token lands in the vault.

  2. 2

    Your agent calls a tool over MCP or the typed API; Open Connector injects the credential server-side.

  3. 3

    Every brokered call appends a hash-chained audit record — nothing leaves your infra.

FAQ

GitHub integration, answered

How do AI agents use GitHub through Open Connector?
Your user connects their GitHub account once (OAuth). Open Connector stores the token in an encrypted vault and exposes GitHub tools to your agent over MCP or a typed API. The agent calls a tool; Open Connector injects the credential server-side and records the call. The agent never sees a raw GitHub token.
Is this a GitHub MCP server?
Yes. Open Connector can serve GitHub as a named MCP server with a scoped tool allowlist and a per-user mcp_url, so any MCP client (Claude, Cursor, or your own agent) connects and calls GitHub tools with credentials brokered server-side.
What can agents do with the GitHub integration?
Open and comment on issues, manage pull requests, read and search repositories, and more — scoped to the OAuth permissions you grant and the tool allowlist you configure. Every action is least-privilege and written to the tamper-evident audit trail.
Where do GitHub OAuth tokens live?
In your own infrastructure. When you self-host Open Connector, the GitHub token is sealed in an AES-256-GCM vault in your Postgres and injected server-side at call time — it never leaves your environment.

Give your agents GitHub — keep the keys.

Open source, self-hostable, with GitHub credentials that never leave your infrastructure. Run it from source today.

View source on GitHubHow the MCP gateway works →