๐ A safe-by-default, beginner-friendly hub for MCP servers. Connect AI IDEs like Claude Desktop and Cursor to real-world developer tools. Read-only by desig
๐ mcp-server-hub
A safe-by-default, beginner-friendly hub for MCP (Model Context Protocol) servers that connect AI coding assistants to real-world developer tools.
Give your AI IDE โ Claude Desktop, Cursor, Windsurf, or any MCP client โ read-only access to GitHub repositories, issues, pull requests, and source files. No write operations. No risk.
Key Features
- ๐ก๏ธ Read-only by design โ every tool is strictly read-only. No creates, no deletes, no mutations.
- ๐ Secret-safe โ tokens are never logged, never leaked in errors, and automatically redacted.
- โ Input validation โ all inputs validated with Zod before any API call.
- ๐งฉ Plug and play โ one command to build, one config block to connect.
- ๐ Beginner-friendly โ clean code, clear docs, and a simple project structure.
Table of Contents
- Available Servers
- Tech Stack
- Prerequisites
- Getting Started
- Connect to Your AI IDE
- Tool Reference
- Architecture
- Environment Variables
- Available Scripts
- Security
- Troubleshooting
- Roadmap
- Contributing
- License
Available Servers
| Server | Description | Status |
|--------|-------------|--------|
| github-helper | Read-only access to GitHub repos, issues, PRs, and files | โ
v0.1.0 |
| supabase-helper | Supabase database and auth inspection | ๐๏ธ Planned |
| vercel-helper | Vercel deployment and project info | ๐๏ธ Planned |
| cloudflare-helper | Cloudflare Workers and DNS info | ๐๏ธ Planned |
Only
github-helperis implemented. Future servers are planned but not yet built.
Tech Stack
- Language: TypeScript (strict mode)
- Runtime: Node.js 18+
- Package Manager: pnpm (workspace monorepo)
- Validation: Zod
- Environment: dotenv
- MCP SDK:
@modelcontextprotocol/sdk - Transport: Stdio (local subprocess โ no network server needed)
Prerequisites
Before starting, make sure you have:
- Node.js v18 or later
- pnpm v8 or later โ install with
npm install -g pnpm - A GitHub Personal Access Token (classic or fine-grained)
Getting Started
1. Clone the Repository
git clone https://github.com/kwaqtech/mcp-server-hub.git
cd mcp-server-hub
2. Install Dependencies
pnpm install
This installs all dependencies across the monorepo (shared utilities + github-helper server).
3. Build
pnpm build
This compiles TypeScript to JavaScript for all packages. The compiled output goes to dist/ in each package.
4. Configure Your GitHub Token
cp servers/github-helper/.env.example servers/github-helper/.env
Edit servers/github-helper/.env and replace the placeholder:
GITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
๐ก Tip: Use a fine-grained token with read-only access to public repos. This is the safest option.
5. Test It Locally
Run the server directly to verify it starts:
node servers/github-helper/dist/index.js
You should see [INFO] github-helper MCP server starting... on stderr. Press Ctrl+C to stop. If you see an error about GITHUB_TOKEN, double-check your .env file.
Connect to Your AI IDE
Claude Desktop
-
Open your Claude Desktop config file:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
- macOS:
-
Add the
github-helperserver:
{
"mcpServers": {
"github-helper": {
"command": "node",
"args": ["/absolute/path/to/mcp-server-hub/servers/github-helper/dist/index.js"],
"env": {
"GITHUB_TOKEN": "your_token_here"
}
}
}
}
- Replace
/absolute/path/to/mcp-server-hubwith the actual path on your system. - Replace
your_token_herewith your GitHub Personal Access Token. - Restart Claude Desktop.
Cursor
- Open Cursor Settings โ MCP Servers, or edit
.cursor/mcp.jsonin your project:
{
"mcpServers": {
"github-helper": {
"command": "node",
"args": ["/absolute/path/to/mcp-server-hub/servers/github-helper/dist/index.js"],
"env": {
"GITHUB_TOKEN": "your_token_here"
}
}
}
}
- Restart Cursor or reload the MCP configuration.
Verify the Connection
Once connected, try asking your AI assistant:
- "What is the description of the
facebook/reactrepo?" - "Show me the open issues on
nodejs/node" - "Get the README from
modelcontextprotocol/typescript-sdk" - "List the pull requests on
vercel/next.js" - "Show me the contents of
package.jsoninexpressjs/express"
Tool Reference
github_get_repo_info
Get metadata about a GitHub repository.
| Parameter | Type | Required | Description |
|-----------|------|----------|-------------|
| owner | string | โ
| Repository owner (user or organization) |
| repo | string | โ
| Repository name |
Returns: Repository name, URL, description, language, stars, forks, open issues, watchers, default branch, creation date, license, topics, and archive/private status.
github_get_readme
Fetch the raw README content of a repository.
| Parameter | Type | Required | Description |
|-----------|------|----------|-------------|
| owner | string | โ
| Repository owner |
| repo | string | โ
| Repository name |
Returns: The full README text (markdown).
github_list_issues
List issues in a repository with optional filters. Automatically excludes pull requests.
| Parameter | Type | Required | Default | Description |
|-----------|------|----------|---------|-------------|
| owner | string | โ
| โ | Repository owner |
| repo | string | โ
| โ | Repository name |
| state | "open" | "closed" | "all" | โ | "open" | Filter by issue state |
| labels | string | โ | โ | Comma-separated label names |
| per_page | number (1โ100) | โ | 10 | Results per page |
| page | number | โ | 1 | Page number |
Returns: Issue number, title, state, author, labels, comment count, creation date, and URL for each issue.
github_list_pull_requests
List pull requests in a repository with optional state filter.
| Parameter | Type | Required | Default | Description |
|-----------|------|----------|---------|-------------|
| owner | string | โ
| โ | Repository owner |
| repo | string | โ
| โ | Repository name |
| state | "open" | "closed" | "all" | โ | "open" | Filter by PR state |
| per_page | number (1โ100) | โ | 10 | Results per page |
| page | number | โ | 1 | Page number |
Returns: PR number, title, state, draft status, author, branch info, creation/merge date, and URL.
github_get_file_content
Read the content of a file from a repository.
| Parameter | Type | Required | Default | Description |
|-----------|------|----------|---------|-------------|
| owner | string | โ
| โ | Repository owner |
| repo | string | โ
| โ | Repository name |
| path | string | โ
| โ | File path (e.g., src/index.ts) |
| ref | string | โ | default branch | Branch, tag, or commit SHA |
Returns: The raw file content as text.
Architecture
Project Structure
mcp-server-hub/
โโโ AGENTS.md # AI agent rules (source of truth)
โโโ README.md # This file
โโโ SECURITY.md # Security policy & vulnerability reporting
โโโ CONTRIBUTING.md # Contribution guidelines
โโโ LICENSE # MIT License
โโโ package.json # Root monorepo scripts
โโโ pnpm-workspace.yaml # Defines packages/* and servers/* workspaces
โโโ tsconfig.base.json # Shared strict TypeScript configuration
โโโ .gitignore # Ignores node_modules, dist, .env
โโโ .env.example # Root env template
โ
โโโ docs/ # Documentation
โ โโโ getting-started.md
โ โโโ claude-desktop.md
โ โโโ cursor.md
โ โโโ security-guide.md
โ โโโ troubleshooting.md
โ
โโโ packages/
โ โโโ shared/ # @mcp-server-hub/shared
โ โโโ package.json
โ โโโ tsconfig.json
โ โโโ src/
โ โโโ index.ts # Barrel export
โ โโโ env.ts # Safe env loading + Zod validation
โ โโโ logger.ts # stderr logger with secret redaction
โ โโโ errors.ts # Typed error classes (safe messages)
โ โโโ responses.ts # MCP response builders
โ
โโโ servers/
โโโ github-helper/ # @mcp-server-hub/github-helper
โโโ package.json
โโโ tsconfig.json
โโโ README.md
โโโ .env.example
โโโ src/
โโโ index.ts # Entry point โ McpServer + stdio transport
โโโ config.ts # Zod-validated GITHUB_TOKEN config
โโโ github-client.ts # Read-only GitHub REST API client
โโโ tools/
โโโ get-repo-info.ts
โโโ get-readme.ts
โโโ list-issues.ts
โโโ list-pull-requests.ts
โโโ get-file-content.ts
How It Works
โโโโโโโโโโโโโโโโ stdio โโโโโโโโโโโโโโโโโโโโ HTTPS โโโโโโโโโโโโโโโโ
โ AI IDE โ โโโโโโโโโโโโโโบ โ github-helper โ โโโโโโโโโโโบ โ GitHub API โ
โ (Claude, โ MCP JSON โ MCP Server โ GET only โ api.github โ
โ Cursor) โ โ โ โ .com โ
โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ
- Your AI IDE launches the server as a subprocess.
- Communication happens over stdio using the MCP JSON protocol.
- When the AI calls a tool, the server validates input with Zod.
- The server makes a read-only GET request to the GitHub REST API.
- The response is formatted as structured text and returned to the AI.
- All logging goes to stderr (never to stdout, which is reserved for MCP).
Key Design Decisions
| Decision | Rationale |
|----------|-----------|
| McpServer (high-level API) | Official recommended class from @modelcontextprotocol/sdk. Handles capability negotiation automatically. |
| Stdio transport | Standard for local MCP servers. No HTTP server to configure or expose. |
| All logging to stderr | MCP uses stdout for protocol messages. Any stdout pollution breaks the protocol. |
| Automatic secret redaction | The logger detects and redacts GitHub PAT patterns (ghp_*, github_pat_*, etc.) in any log message. |
| Safe error classes | Error messages never contain raw upstream details. toSafeError() wraps unknown errors into generic messages. |
| Zod for everything | Config validation and tool input schemas both use Zod for consistent, declarative validation. |
Shared Package (@mcp-server-hub/shared)
Reusable utilities shared across all servers:
| Module | Purpose |
|--------|---------|
| env.ts | loadEnv(), requireEnv(), validateEnv() โ safe env loading that never exposes values in errors |
| logger.ts | logInfo(), logWarn(), logError(), logDebug() โ logs to stderr with automatic token redaction |
| errors.ts | NotFoundError, AuthError, RateLimitError, UpstreamError, toSafeError() โ typed, safe errors |
| responses.ts | textResponse(), errorResponse() โ consistent MCP tool response format |
Environment Variables
Required
| Variable | Description | How to Get |
|----------|-------------|------------|
| GITHUB_TOKEN | GitHub Personal Access Token | github.com/settings/tokens |
Token Permissions Guide
| Use Case | Recommended Token Scope |
|----------|------------------------|
| Public repos only | No scopes needed (or public_repo for classic tokens) |
| Private repos | repo scope (classic) or fine-grained with read-only repo access |
Important Rules
- โ Never commit
.envfiles (already in.gitignore) - โ Never hardcode tokens in source code
- โ
Use
.env.exampleas a template โ it only contains placeholders - โ
When configuring in AI IDEs, pass tokens via the
envconfig field
Available Scripts
Run these from the repository root:
| Command | Description |
|---------|-------------|
| pnpm install | Install all dependencies across the monorepo |
| pnpm build | Compile TypeScript for all packages and servers |
| pnpm typecheck | Type-check all packages without emitting files |
| pnpm lint | Run linting across all packages (not yet configured) |
| pnpm test | Run tests (not yet configured) |
Run these from servers/github-helper/:
| Command | Description |
|---------|-------------|
| pnpm start | Start the compiled github-helper server |
| pnpm build | Compile this server only |
| pnpm typecheck | Type-check this server only |
Security
Security Model
All v0.x servers follow these rules:
- โ Every tool is read-only โ no tool can create, modify, or delete anything
- โ All inputs are validated with Zod before any API call
- โ Tokens are loaded from environment variables, never hardcoded
- โ Error messages are sanitized โ they never contain tokens, headers, or stack traces
- โ The logger automatically redacts known secret patterns (GitHub PATs, Bearer tokens)
- โ All API calls use HTTPS
- โ No data is stored, cached, or forwarded beyond the MCP response
Forbidden Operations
These tool patterns are strictly forbidden in v0.x:
delete_* update_* create_* merge_* execute_*
run_shell run_command push_commit write_file edit_file
Reporting Vulnerabilities
See SECURITY.md for responsible disclosure instructions.
Troubleshooting
"GITHUB_TOKEN is required"
Your .env file is missing or empty. Copy the template and add your token:
cp servers/github-helper/.env.example servers/github-helper/.env
# Edit .env and add your token
"Cannot find module" when starting
The project hasn't been built. Run:
pnpm build
Server not appearing in Claude Desktop
- Make sure you restarted Claude Desktop after editing the config.
- Verify the path to
dist/index.jsis absolute, not relative. - Confirm
nodeis in your system PATH.
401 Unauthorized / 403 Forbidden
- Your token may be expired โ regenerate at github.com/settings/tokens.
- You may have hit the API rate limit (5,000 requests/hour). Wait and retry.
- Private repos require a token with
reposcope.
404 Not Found
- Check for typos in the owner/repo name.
- The file path doesn't exist in that repository.
- Private repos require proper token permissions.
For more, see docs/troubleshooting.md.
Roadmap
- [x]
github-helperโ read-only GitHub MCP server - [ ] Add ESLint for consistent code style
- [ ] Add unit tests for tools and shared utilities
- [ ]
supabase-helperโ read-only Supabase inspection - [ ]
vercel-helperโ read-only Vercel deployment info - [ ]
cloudflare-helperโ read-only Cloudflare Workers/DNS info
Contributing
See CONTRIBUTING.md for development setup and guidelines.
Quick version:
git clone https://github.com/kwaqtech/mcp-server-hub.git
cd mcp-server-hub
pnpm install
pnpm build
All contributions must follow the read-only security model. Do not submit write-capable tools.
License
MIT โ see LICENSE.