Adding GitHub MCP Server to Codex connects a Codex session to GitHub's hosted MCP endpoint, so prompts can use GitHub tools for repositories, pull requests, issues, and workflows instead of relying on shell commands alone.
GitHub's current Codex setup uses the remote streamable HTTP server at https://api.githubcopilot.com/mcp/. In Codex, codex mcp add writes that server definition into ~/.codex/config.toml, and codex mcp get github --json shows a streamable_http transport with bearer_token_env_var = "GITHUB_PAT_TOKEN" when the entry is saved correctly.
This flow requires a GitHub personal access token with only the repository or organization access that the intended prompts actually need. Keep the token in the shell environment instead of the config file, and restart Codex from a shell where GITHUB_PAT_TOKEN is still exported or the server remains configured but cannot authenticate to GitHub.
Related: How to get Codex MCP server details
Related: How to list Codex MCP servers
Related: How to remove a Codex MCP server
Steps to add GitHub MCP server to Codex:
- Export a GitHub personal access token in the same shell session that will start Codex.
$ export GITHUB_PAT_TOKEN=<your-github-personal-access-token>
The token value stays outside ~/.codex/config.toml because Codex reads it from the environment variable named in the saved MCP entry.
- Add the hosted GitHub MCP Server URL to Codex and tell Codex which environment variable holds the bearer token.
$ codex mcp add github --url https://api.githubcopilot.com/mcp/ --bearer-token-env-var GITHUB_PAT_TOKEN Added global MCP server 'github'.
GitHub's official Codex guide uses the same remote URL, and the explicit --bearer-token-env-var flag makes the saved config usable without editing ~/.codex/config.toml by hand.
- Retrieve the saved MCP entry in JSON to confirm that Codex stored a remote streamable HTTP server with the correct token variable name.
$ codex mcp get github --json { "name": "github", "enabled": true, "disabled_reason": null, "transport": { "type": "streamable_http", "url": "https://api.githubcopilot.com/mcp/", "bearer_token_env_var": "GITHUB_PAT_TOKEN", "http_headers": null, "env_http_headers": null }, "enabled_tools": null, "disabled_tools": null, "startup_timeout_sec": null, "tool_timeout_sec": null }The decisive fields are transport.type = streamable_http, the GitHub URL, and bearer_token_env_var = GITHUB_PAT_TOKEN.
- List configured MCP servers and confirm that the GitHub entry is enabled for bearer-token authentication.
$ codex mcp list Name Url Bearer Token Env Var Status Auth github https://api.githubcopilot.com/mcp/ GITHUB_PAT_TOKEN enabled Bearer token
The success state for this page is the github row with enabled under Status and Bearer token under Auth.
- Start or restart Codex from the shell where GITHUB_PAT_TOKEN is exported.
$ codex
If Codex starts from a shell that does not export GITHUB_PAT_TOKEN, the server entry stays configured but GitHub tool calls fail until the token is available again.
- Send a GitHub prompt that proves the new server is available in the session.
List my GitHub repositories.
GitHub's current Codex installation guide uses this prompt as its first verification check, and the remote server exposes GitHub's default toolsets when no narrower tool configuration is added.
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
