How to add the GitHub MCP server to Codex

Codex prompts that need GitHub issues, pull requests, repository files, or workflow runs need an MCP entry that can authenticate to GitHub when the session starts. Adding the hosted GitHub MCP Server gives Codex a named remote tool source instead of forcing every repository question through local git and shell commands.

GitHub hosts the remote server at https://api.githubcopilot.com/mcp/, and Codex stores it as a streamable HTTP server in ~/.codex/config.toml. The codex mcp add command can bind that endpoint to a bearer-token environment variable, so the saved configuration names the token source without storing the personal access token itself.

Use a GitHub personal access token with only the repository, organization, workflow, project, or gist access the intended prompts need. GitHub can filter or deny tools according to token permissions, so start with least privilege and restart Codex from a shell where GITHUB_PAT_TOKEN is still available before testing the server in a real session.

Steps to add the GitHub MCP server to Codex:

Export the GitHub personal access token in the shell that will start Codex.
```
$ export GITHUB_PAT_TOKEN=<your-github-personal-access-token>
```
The token value stays outside ~/.codex/config.toml because Codex reads it from the environment variable named in the saved MCP entry.
Add the hosted GitHub MCP Server endpoint with bearer-token authentication.
```
$ codex mcp add github --url https://api.githubcopilot.com/mcp/ --bearer-token-env-var GITHUB_PAT_TOKEN
Added global MCP server 'github'.
```
GitHub's official Codex guide uses the same remote URL, and the explicit --bearer-token-env-var flag makes the saved config usable without editing ~/.codex/config.toml by hand.

Inspect the saved MCP entry as JSON.

$ codex mcp get github --json
{
  "name": "github",
  "enabled": true,
  "disabled_reason": null,
  "transport": {
    "type": "streamable_http",
    "url": "https://api.githubcopilot.com/mcp/",
    "bearer_token_env_var": "GITHUB_PAT_TOKEN",
    "http_headers": null,
    "env_http_headers": null
  },
  "enabled_tools": null,
  "disabled_tools": null,
  "startup_timeout_sec": null,
  "tool_timeout_sec": null
}

Confirm transport.type is streamable_http, transport.url is https://api.githubcopilot.com/mcp/, and bearer_token_env_var is GITHUB_PAT_TOKEN.
Related: How to get Codex MCP server details

List configured MCP servers.

$ codex mcp list
Name    Url                                 Bearer Token Env Var  Status   Auth
github  https://api.githubcopilot.com/mcp/  GITHUB_PAT_TOKEN      enabled  Bearer token

The github row should show enabled under Status and Bearer token under Auth.
Related: How to list Codex MCP servers

Start a new Codex session from the same shell.
```
$ codex
```
If Codex starts without GITHUB_PAT_TOKEN in its environment, the server entry remains saved but GitHub tool calls cannot authenticate.
Open the MCP status view in the interactive Codex TUI.
```
/mcp
```
The github server should appear in the active session after Codex reloads the saved configuration.
Send a read-only GitHub prompt.
```
List my GitHub repositories.
```
The first successful response should use GitHub tools instead of local shell commands. A narrowly scoped token may return only the repositories and toolsets that token can access.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.