GitHub

​

search_repositories

"Find popular machine learning repositories in Python with over 1000 stars"

​

get_file_contents

"Show me the README.md from owner/repo"

​

create_or_update_file

"Update the README.md in owner/repo to add installation instructions"

​

create_branch

"Create a new branch called 'feature-auth' from main in owner/repo"

​

list_commits

"Show me recent commits on the main branch of owner/repo"

​

search_code

"Find all TODO comments in my repositories"

​

create_repository

"Create a new private repository called 'my-project' with a README"

​

list_issues

"Show me all open bugs in owner/repo"

​

issue_write

"Create a bug report in owner/repo about login issues with priority high label"

​

search_issues

"Find all high-priority bugs assigned to me across all repositories"

​

add_issue_comment

"Add a comment to issue #123 in owner/repo with debugging steps"

​

list_pull_requests

"Show me all open pull requests in owner/repo"

​

create_pull_request

"Create a pull request from feature-auth to main with title 'Add authentication'"

​

pull_request_read

"Show me the diff for pull request #45 in owner/repo"

​

merge_pull_request

"Merge pull request #45 in owner/repo using squash method"

​

pull_request_review_write

"Approve pull request #45 in owner/repo with comment 'LGTM!'"

​

list_workflows

"Show me all workflows in owner/repo"

​

list_workflow_runs

"Show me the latest CI workflow runs in owner/repo"

​

get_workflow_run

"Show me the status of workflow run #12345 in owner/repo"

​

get_job_logs

"Show me logs for failed jobs in workflow run #12345"

​

run_workflow

"Trigger the deploy workflow on main branch in owner/repo"

​

rerun_workflow_run

"Rerun workflow #12345 in owner/repo"

​

list_code_scanning_alerts

"Show me all open high-severity code scanning alerts in owner/repo"

​

list_dependabot_alerts

"Show me critical Dependabot alerts in owner/repo"

​

list_secret_scanning_alerts

"Show me all open secret scanning alerts in owner/repo"

​

list_global_security_advisories

"Find security advisories for npm packages with high severity"

​

list_discussions

"Show me all discussions in owner/repo"

​

get_discussion

"Show me discussion #5 in owner/repo"

​

get_discussion_comments

"Show me comments on discussion #5 in owner/repo"

​

list_projects

"Show me all projects in my organization"

​

get_project

"Show me project #1 details"

​

list_project_items

"Show me all items in project #1"

​

add_project_item

"Add issue #123 to project #1"

​

list_notifications

"Show me my unread GitHub notifications"

​

mark_all_notifications_read

"Mark all my GitHub notifications as read"

​

dismiss_notification

"Dismiss notification thread #12345 as done"

​

list_gists

"Show me all my gists"

​

create_gist

"Create a public gist with my API configuration example"

​

update_gist

"Update my gist abc123 with the latest code"

​

list_label

"Show me all labels in owner/repo"

​

label_write

"Create a label called 'priority:high' with red color in owner/repo"

​

search_orgs

"Find organizations related to machine learning"

​

get_me

"Show me my GitHub profile information"

​

search_users

"Find users with over 100 followers in San Francisco"

​

get_teams

"Show me all teams I'm a member of"

​

get_team_members

"Show me members of the engineering team in my-org"

​

list_releases

"Show me all releases for owner/repo"

​

get_latest_release

"What's the latest release of owner/repo?"

​

get_release_by_tag

"Show me details of the v2.0.0 release"

​

list_tags

"List all version tags in owner/repo"

​

list_starred_repositories

"Show me my starred repositories"

​

star_repository

"Star the owner/repo repository"

​

unstar_repository

"Unstar owner/repo"

• Start with read-only access
• Add write permissions as needed
• Avoid admin scopes unless necessary
• Use separate tokens for different purposes

• 30-90 days for active use
• 7 days for testing/development
• Shorter periods for higher security
• Set calendar reminders to regenerate

• Never commit .env files
• Use .gitignore properly
• Scan repositories for exposed tokens
• Use GitHub secret scanning

• Enable 2FA on your GitHub account
• Use authenticator app (not SMS)
• Save recovery codes securely
• Many organizations require 2FA

• Review GitHub audit logs
• Check for unexpected API calls
• Rotate tokens if suspicious
• Revoke unused tokens

401 Unauthorized - Bad credentials

• Verify token is copied correctly (no extra spaces)
• Check if token has expired in GitHub settings
• Confirm token hasn’t been revoked
• Ensure required scopes are granted
• Generate a new token if needed
• Update token in Studio: Settings → MCP Servers → GitHub

"Test my GitHub connection"

403 API rate limit exceeded

• Wait for rate limit reset (shown in error message)
• Check current quota: “Show my GitHub API rate limit”
• Reduce number of requests in workflows
• Use pagination instead of fetching all results
• Cache repository data locally
• Consider GitHub Enterprise for higher limits

"What's my GitHub API rate limit and when does it reset?"

• Use specific filters to reduce result sets
• Fetch only needed fields
• Combine related operations

403 Forbidden - Resource not accessible

• Identify required scope from error message
• Create new PAT with additional scopes
• Update token in Studio configuration
• For org repos, check organization permissions
• Verify you’re a collaborator on private repos

• Create issues: repo or public_repo
• Create PRs: repo
• Push code: repo
• Manage Actions: workflow
• Read security: security_events
• Manage projects: project

"Do I have write access to owner/repo?"

404 Repository not found

• Verify repository name format: “owner/repo” (not just “repo”)
• Check repository spelling and capitalization
• Confirm repository exists and you have access
• For private repos, ensure PAT has repo scope
• Check if repository was renamed or deleted
• Verify organization name if applicable

"Show me all repositories I have access to"

"Search for repositories matching 'project-name'"

422 Branch protection rule violation

• Create pull request instead of direct push
• Ensure all required status checks pass
• Get required approvals from reviewers
• Resolve merge conflicts
• Check branch protection rules: Settings → Branches
• Request admin override if urgent (not recommended)

• Minimum number of reviews (usually 1-2)
• All status checks passing
• No merge conflicts
• Linear history
• Signed commits

"What are the branch protection rules for main in owner/repo?"

Merge conflict - manual resolution required

• View conflicting files: “Show merge conflicts for PR #123”
• Pull latest changes to your branch
• Resolve conflicts in your local editor or GitHub UI
• Push resolved changes
• Ask Studio to suggest conflict resolution strategy

• Keep feature branches up to date with main
• Merge main into feature branches regularly
• Communicate with team about overlapping work
• Use smaller, focused PRs
• Pull before pushing changes

"Show me the conflicting files in PR #123 and suggest resolution"

413 Request Entity Too Large

• Use Git LFS for files >100MB
• Break large files into smaller chunks
• Use external storage (S3, Azure Blob) for binaries
• Check repository size limits
• Use GitHub Releases for distributing large files

• File size: 100MB (recommended max), 50MB (warning)
• Repository size: 1GB (recommended max), 5GB (soft limit)
• API response: 10MB max
• Release assets: 2GB max each

# In local repository
git lfs install
git lfs track "*.psd"
git add .gitattributes

422 Workflow does not support manual triggering

• Check workflow file for workflow_dispatch trigger
• Add workflow_dispatch to workflow YAML
• Commit updated workflow file
• Try triggering again after update

# In .github/workflows/your-workflow.yml
on:
  workflow_dispatch:
    inputs:
      environment:
        description: 'Environment to deploy'
        required: true
        default: 'staging'

"Which workflows in owner/repo support manual triggering?"

403 You have exceeded a secondary rate limit

• Slow down request frequency
• Add delays between operations
• Batch operations where possible
• Avoid rapid polling (use webhooks instead)
• Wait for the specified retry-after period

• Max 100 concurrent requests
• Max 900 points/minute (varies by endpoint)
• Content creation limits (issues, PRs, comments)

• Use pagination efficiently
• Cache responses when appropriate
• Implement exponential backoff
• Use conditional requests (ETags)

422 Push rejected - force push not allowed

• Create new commits instead of rewriting history
• Use pull requests for changes
• Contact repository admin if force push truly needed
• Create new branch if history is broken

• Use revert commits instead of amending
• Create fix commits on top of problematic commits
• Use git merge instead of git rebase for shared branches

"Create a revert commit for the problematic change instead of force pushing"

• Version Control: Track every change to your code
• Collaboration: Work with teams around the world
• Code Review: Review and discuss code before merging
• Project Management: Issues, projects, milestones
• CI/CD: Automate testing and deployment with GitHub Actions
• Open Source: Host and contribute to open source projects

• Repository (Repo): Project container with code and history
• Commit: Snapshot of changes at a point in time
• Branch: Parallel version of your code
• Pull Request (PR): Proposed changes for review
• Issue: Bug reports and feature requests
• Fork: Personal copy of someone else’s repository
• Star: Bookmark repositories you like

1. Create repository or fork existing
2. Clone to local machine
3. Create branch for feature
4. Make changes and commit
5. Push branch to GitHub
6. Open pull request
7. Review and discuss changes
8. Merge when approved

• Command-line tool (git)
• Tracks changes in code
• Works locally on your computer
• Creates commit history
• Manages branches
• Created by Linus Torvalds in 2005

• Web-based Git repository hosting
• Collaboration features (PRs, reviews)
• Issue tracking and project management
• CI/CD with GitHub Actions
• Security features (Dependabot, code scanning)
• Social features (stars, follows, profiles)
• Owned by Microsoft

• Git = Your local word processor
• GitHub = Google Docs (cloud-based, collaborative)

• Git provides version control locally
• GitHub provides collaboration remotely
• Together they enable modern software development

• Direct API authentication
• Fine-grained scope control
• Supports all GitHub features
• Works with any client
• No redirect flows needed
• Can set expiration dates

• Must be stored securely
• Manual creation and management
• No automatic refresh
• User needs GitHub account access

• No password exposure
• Automatic token management
• Easy revocation
• Built-in consent screens

• Requires OAuth app setup
• More complex flow
• May need redirect URLs
• Less control over scopes

• PATs are recommended for simplicity
• Full API feature support
• Better control over permissions
• Easier configuration

• ✅ Visible to everyone on the internet
• ✅ Anyone can clone and fork
• ✅ Great for open source projects
• ✅ Unlimited free public repos
• ✅ Builds your profile and portfolio
• ⚠️ All code and history is public

• ✅ Only you and collaborators can access
• ✅ Better for proprietary code
• ✅ Unlimited free private repos (all plans)
• ✅ Unlimited collaborators (all plans)
• ⚠️ Doesn’t contribute to public profile

• ✅ Visible to all organization members
• ✅ Not visible to outside world
• ✅ Good for company-wide tools
• ⚠️ Requires GitHub Enterprise

• Public: Open source, learning projects, portfolios
• Private: Client work, proprietary code, experiments
• Internal: Company libraries, internal tools

• Settings → Danger Zone → Change visibility
• Public → Private: Anytime, free
• Private → Public: Consider implications first

• Prevents accidental changes to important branches
• Ensures code quality through reviews
• Maintains clean commit history
• Enforces CI/CD checks
• Reduces production incidents

1. Require Pull Requests: No direct pushes
2. Require Reviews: At least 1-2 approvals
3. Require Status Checks: All CI tests must pass
4. Require Up-to-Date Branches: Must be current with base
5. Restrict Force Pushes: Prevent history rewriting
6. Restrict Deletions: Prevent accidental deletion
7. Require Signed Commits: Verify author identity (optional)

• Require linear history (no merge commits)
• Dismiss stale reviews on new commits
• Require review from code owners
• Restrict who can push (admins only)
• Include administrators in rules

• Always: main, master, production, release branches
• Usually: development, staging branches
• Rarely: feature, personal branches
• Never: experimental, temporary branches

1. Repository Settings → Branches
2. Click “Add branch protection rule”
3. Enter branch name pattern (e.g., main)
4. Select protection options
5. Save changes

• Run tests on pull requests
• Deploy on merge to main
• Publish releases
• Scheduled jobs (nightly builds, cleanup)
• Custom automation (notifications, labeling)

• Workflow: Automated process (defined in YAML)
• Job: Set of steps that run on same runner
• Step: Individual task (run command, use action)
• Runner: Server that runs workflows (GitHub-hosted or self-hosted)
• Action: Reusable unit of code

• CI (Continuous Integration): Test every commit
• CD (Continuous Deployment): Deploy to production
• Code Quality: Linting, formatting, security scans
• Automated Testing: Unit, integration, e2e tests
• Release Management: Build, tag, publish releases
• Notifications: Slack messages, emails

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  schedule:
    - cron: '0 0 * * *'  # Daily at midnight
  workflow_dispatch:  # Manual trigger

• Unlimited minutes
• Linux, Windows, macOS runners
• Matrix builds
• Concurrent workflows

• 2,000 minutes/month
• Resets monthly
• Additional minutes can be purchased

• Catch bugs before production
• Share knowledge across team
• Maintain code quality standards
• Mentor junior developers
• Enforce best practices

• Small & Focused: One feature or fix per PR
• Clear Title: Describe what changes
• Good Description: Explain why changes made
• Add Tests: Prove changes work
• Update Docs: Keep documentation current
• Link Issues: Reference related issues
• Add Screenshots: For UI changes

• Read Description: Understand the goal
• Check Tests: Ensure proper coverage
• Look for Bugs: Edge cases, error handling
• Check Style: Follows team conventions
• Consider Design: Is it the right approach?
• Be Constructive: Suggest improvements nicely
• Approve Fast: Don’t block unnecessarily

• Approve: Changes look good, ready to merge
• Request Changes: Issues that must be fixed
• Comment: Suggestions, questions, discussion

"Review PR #123 and suggest improvements to error handling"
"Summarize the changes in PR #123 for me"
"Check if PR #123 has adequate test coverage"
"Approve PR #123 with comment about good documentation"

• Categorize issues and PRs
• Track priority and status
• Filter and search effectively
• Automate workflows
• Generate metrics and reports

• bug - Something isn’t working
• feature - New functionality request
• enhancement - Improvement to existing feature
• documentation - Documentation updates
• question - Need clarification

• priority:critical - Needs immediate attention
• priority:high - Important, address soon
• priority:medium - Normal priority
• priority:low - Nice to have

• in-progress - Currently being worked on
• blocked - Waiting on something
• needs-review - Ready for review
• needs-triage - Needs initial review

• effort:small - <1 day
• effort:medium - 1-3 days
• effort:large - >3 days

• frontend - UI/UX changes
• backend - Server-side changes
• devops - Infrastructure
• security - Security-related

• Use consistent naming (lowercase, hyphens)
• Use colors meaningfully (red=critical, green=feature)
• Don’t create too many (20-30 is plenty)
• Document label meanings
• Use emoji for visual distinction

"Label issue #123 as high priority bug"
"Show me all high-priority frontend bugs"
"Create labels for our sprint workflow"
"Find issues without labels"