Lazy Tech Talk Logo
BMACSUPPORT LAZY TECH TALK
0%
Fact Checked ✓
guides
Depth0%

ConnectClaudeCodetoGitHubwithMCP:AutomatedPRReviewGuide

Set up an automated AI pull request reviewer using Claude Code and the GitHub MCP server. Full developer guide with webhook setup, review prompt engineering, and bot deployment.

Author
Lazy Tech Talk EditorialApr 18
Connect Claude Code to GitHub with MCP: Automated PR Review Guide

Claude Code MCP Integration — Series

4 Parts
01TradingView MCP
02Notion MCP
03GitHub MCP← YOU
04Slack MCP

📋 At a Glance

  • Difficulty: Advanced
  • Time required: 60-90 minutes
  • Prerequisites:
    • GitHub account with a repository you control
    • GitHub Personal Access Token (PAT) with repo, pull_requests, and read:user scopes
    • Claude Code installed (claude CLI, version 1.5+)
    • Node.js 18+ installed
    • Basic familiarity with GitHub Actions (for automated triggering)
  • Works on: Windows 10/11 (WSL2 recommended), macOS, Linux

Why Use Claude Code for Automated PR Review?

An AI-powered PR reviewer catches entire categories of issues that traditional linters miss: logical bugs, security anti-patterns, performance regressions, and violations of team-specific conventions. Unlike linters that check syntax rules, Claude understands intent. It can identify when a function is technically valid but architecturally wrong, when error handling is missing in a non-obvious code path, or when a database query will cause an N+1 problem at scale.

The GitHub MCP connection makes this significantly more powerful than piping a diff into an API call. Claude can fetch context from other files, look at the PR description and linked issues, check if similar patterns exist elsewhere in the codebase, and write back structured, actionable review comments — exactly as a senior engineer would.

How Do I Set Up the GitHub MCP Server?

Setting up the GitHub MCP involves installing the official GitHub MCP server, generating a secure access token, and wiring it into Claude Code's MCP configuration.

1. Generate a GitHub Personal Access Token

What: Create a scoped access token that the MCP server uses to authenticate GitHub API requests. Why: Without a PAT, the MCP server cannot read your repositories, access PR data, or post review comments. Scoping it correctly is critical — you should grant only the minimum permissions required. How:

  1. Go to GitHub → Settings → Developer settings → Personal access tokens → Fine-grained tokens.
  2. Click "Generate new token".
  3. Set a descriptive name (e.g., claude-mcp-reviewer) and an expiration (90 days recommended).
  4. Under Repository access, select "Only select repositories" and choose the repos Claude should review.
  5. Under Permissions, enable:
    • Pull requests: Read and Write
    • Contents: Read-only
    • Issues: Read-only
    • Metadata: Read-only
  6. Click Generate token and copy it immediately.
# Set your token as an environment variable
export GITHUB_PERSONAL_ACCESS_TOKEN="github_pat_xxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Verify: > ✅ Test your token: curl -H "Authorization: Bearer $GITHUB_PERSONAL_ACCESS_TOKEN" https://api.github.com/user — you should see your GitHub user profile JSON.

2. Install the GitHub MCP Server

What: Install GitHub's official MCP server package. Why: This server translates Claude Code's MCP tool calls into authenticated GitHub REST and GraphQL API requests, handles pagination, and formats responses for Claude's context window. How:

# Install the official GitHub MCP server
npm install -g @github/mcp-server

# Verify installation
github-mcp-server --version

Verify: > ✅ The version string (e.g., github-mcp-server v1.x.x) should print without errors. Run github-mcp-server --help to see available tool definitions.

3. Configure Claude Code's MCP Settings

What: Add the GitHub MCP server endpoint to Claude Code's MCP configuration. Why: Claude Code reads its MCP config to know which servers are available and how to connect to them. Without this, Claude cannot invoke GitHub tools. How: Edit your Claude MCP config:

  • macOS/Linux: ~/.claude/mcp_servers.json
  • Windows: %USERPROFILE%\.claude\mcp_servers.json
{
  "mcpServers": {
    "github": {
      "command": "github-mcp-server",
      "args": ["stdio"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "github_pat_xxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      }
    }
  }
}

⚠️ On production systems, reference the token via an environment variable rather than hardcoding it: "GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_PERSONAL_ACCESS_TOKEN}"

Verify: > ✅ Restart Claude Code and run: claude mcp list — you should see github listed with its available tools (list_pull_requests, get_pull_request_diff, create_review_comment, etc.).

4. Test Claude's GitHub Access Interactively

What: Run a manual Claude Code session to confirm read and write access to your repository. Why: Before automating, verify the integration works correctly in an interactive session to catch any permissions or configuration issues early. How:

claude

Then enter:

List the last 5 open pull requests in the [owner]/[repo] repository, 
including their titles, authors, and number of changed files.

Verify: > ✅ Claude should return a formatted list of PRs. Check your GitHub repository to confirm the results match.

5. Build a Review Prompt Template

What: Create a reusable, structured prompt that Claude uses to review every pull request consistently. Why: Ad-hoc prompts produce inconsistent reviews. A structured template ensures Claude always checks the same categories (security, performance, code style, test coverage) and formats its feedback in a way that is useful for the PR author. How: Create a file called review_prompt.md in your project root:

# Claude PR Review Instructions

You are a senior software engineer reviewing a pull request.
Analyze the provided diff and codebase context, then provide a structured review.

## Review Categories
1. **Security**: SQL injection, XSS, hardcoded secrets, insecure dependencies
2. **Performance**: N+1 queries, missing indexes, inefficient loops
3. **Correctness**: Logic errors, edge cases, null pointer risks
4. **Test Coverage**: Are critical paths tested?
5. **Code Style**: Naming conventions, function length, DRY violations
6. **Architecture**: Is this change consistent with existing patterns?

## Output Format
For each issue found, provide:
- **File**: path/to/file.ext
- **Line**: line number
- **Severity**: BLOCKING | SUGGESTION | NITPICK
- **Issue**: Clear description of the problem
- **Fix**: Specific, actionable recommendation

Verify: > ✅ The file exists and contains a structured prompt. Reference this file when asking Claude to review a PR.

6. Automate with GitHub Actions

What: Create a GitHub Actions workflow that automatically triggers Claude to review every new PR. Why: Manual triggering defeats the purpose of an automated reviewer. A GitHub Actions workflow fires on pull_request events and posts Claude's output as a review comment automatically. How: Create .github/workflows/claude-review.yml:

name: Claude Code PR Review

on:
  pull_request:
    types: [opened, synchronize]

jobs:
  claude-review:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
      contents: read

    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - uses: actions/setup-node@v4
        with:
          node-version: '20'

      - name: Install Claude Code + GitHub MCP
        run: |
          npm install -g @anthropic-ai/claude-code
          npm install -g @github/mcp-server

      - name: Configure MCP
        run: |
          mkdir -p ~/.claude
          echo '{"mcpServers":{"github":{"command":"github-mcp-server","args":["stdio"],"env":{"GITHUB_PERSONAL_ACCESS_TOKEN":"${{ secrets.GITHUB_TOKEN }}"}}}}'  > ~/.claude/mcp_servers.json

      - name: Run Claude PR Review
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
          GITHUB_PERSONAL_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          claude --print "$(cat review_prompt.md)
          Review PR #${{ github.event.pull_request.number }} in ${{ github.repository }}.
          Post your review comments directly on the PR."

Verify: > ✅ Open a test PR, wait for the Action to run, and check the PR Conversation tab for Claude's review comment.

When Claude Code GitHub MCP Is NOT the Right Choice

  1. Security-sensitive or classified codebases:

    • Limitation: All PR diffs and file contents are sent to Anthropic's API.
    • Why it's not suitable: May violate compliance requirements (HIPAA, SOC2, classified) for sensitive codebases.
    • Alternative: Use a self-hosted model (e.g., Llama 3 via Ollama) with a locally-run MCP server.

  2. Very large pull requests (500+ files):

    • Limitation: Very large PRs may need to be chunked, losing cross-file context.
    • Alternative: Enforce PR size limits via a GitHub Actions size check before Claude reviews.

  3. Replacing human code review entirely:

    • Limitation: Claude misses subtle domain-specific bugs and cannot provide mentorship.
    • Alternative: Use Claude as a first-pass reviewer before human reviewers, not as a replacement.

  4. High-frequency commit workflows (50+ PRs/day):

    • Limitation: API costs scale linearly. At $0.05-0.15 per review, 50 PRs/day costs $75-225/month.
    • Alternative: Gate Claude review on PR labels (e.g., needs-ai-review) to control costs.

#Frequently Asked Questions

Can Claude approve or merge a pull request via MCP? Yes — the GitHub MCP server exposes tools for submitting formal GitHub reviews with APPROVE, REQUEST_CHANGES, or COMMENT status. However, enabling Claude to APPROVE or merge PRs in production without human oversight is strongly discouraged. Treat Claude's review as a first pass, not a final gate.

Will this work on private repositories? Yes, as long as your Personal Access Token has the appropriate fine-grained permissions for private repos. Review your organization's data policy before enabling cloud AI access to proprietary code.

How much does this cost to run per pull request? A typical PR review costs approximately $0.05-0.20 in Claude API credits. Claude Haiku is significantly cheaper ($0.01-0.03 per review) if budget is a concern, though review quality is lower than Sonnet or Opus.

#Quick Verification Checklist

  • Fine-grained GitHub PAT created with minimal required scopes.
  • PAT stored as environment variable (not hardcoded).
  • @github/mcp-server installed globally via npm.
  • Claude Code mcp_servers.json updated with github server configuration.
  • claude mcp list shows github with its available tools.
  • Manual test confirms Claude can list PRs from your repository.
  • Manual test confirms Claude can post and delete a review comment.
  • review_prompt.md created with structured review categories.
  • GitHub Actions workflow created and tested on a real PR.
  • ANTHROPIC_API_KEY added to GitHub repository Secrets.

Related Reading

Last updated: April 18, 2026

Lazy Tech Talk Newsletter

Get the next MCP integration guide in your inbox

Harit
Meet the Author

Harit

Editor-in-Chief at Lazy Tech Talk. Independent verification, technical accuracy, and zero-bias reporting.

Twitter →Full Editorial Bio →

Keep Reading

All Guides →

RESPECTS

Submit your respect if this protocol was helpful.

COMMUNICATIONS

⚠️ Guest Mode: Your communication will not be linked to a verified profile.Login to verify.

No communications recorded in this log.

Premium Ad Space

Reserved for high-quality tech partners