github-webhook-mcp

Real-time GitHub webhook notifications for Claude via Cloudflare Worker + Durable Object.

Architecture

GitHub ──POST──▶ Cloudflare Worker ──▶ Durable Object (SQLite)
                                           │
                                           ├── MCP tools (Streamable HTTP)
                                           ├── WebSocket real-time stream
                                           │
                          ┌────────────────┘
                          │
     Desktop / Codex: .mcpb local bridge ──▶ polling via MCP tools
     Claude Code CLI: .mcpb local bridge ──▶ WebSocket → channel notifications

• Cloudflare Worker receives GitHub webhooks, verifies signatures, stores events in a Durable Object with SQLite.
• Local MCP bridge (.mcpb) proxies tool calls to the Worker and optionally connects via WebSocket for real-time channel notifications.
• No local webhook receiver or tunnel required.

Prerequisites

Component	Required
Node.js 18+	MCP server
Cloudflare account	Worker deployment (self-hosting)

Getting Started

1. Install the GitHub App

Install the GitHub Webhook MCP app on your GitHub organization or account:

1. Visit the GitHub App installation page
2. Select the organization or account to install on
3. Choose which repositories to grant access to (or all repositories)
4. Approve the requested permissions

Note: When the app requests new permissions after an update, you must approve them in your GitHub notification or the app's installation settings. Webhooks will not be delivered until permissions are accepted.

Important: Do not create a separate repository webhook for the same endpoint. The GitHub App handles all webhook delivery — a repository webhook would cause duplicate or malformed requests.

2. Set up the MCP client

Continue to the Installation guide to connect your AI assistant to the webhook service.

Installation

See the Installation wiki page for the full setup guide, including:

• Quick Start with the preview instance
• MCP Client Setup for Claude Desktop, Claude Code CLI, and Codex
• Self-Hosting Guide for Cloudflare Workers deployment

Usage Examples

Example 1: Check pending webhook status

User prompt:

"Are there any new GitHub notifications?"

Expected output: The AI calls get_pending_status and returns a summary:

You have 3 pending webhook events:
- 2 push events
- 1 pull_request event

Example 2: Inspect a specific event

User prompt:

"Show me the details of the latest pull request event."

Expected output: The AI calls list_pending_events to find the PR event, then get_event with the event ID to retrieve the full payload:

PR #42 "Fix login timeout" was opened by @alice in repo acme/web-app
  Branch: fix/login-timeout → main
  Status: open
  Changed files: 3

Example 3: Process events after review

User prompt:

"I've reviewed all the push notifications, mark them as done."

Expected output: The AI calls list_pending_events to find push events, then mark_processed for each one:

Marked 2 push events as processed:
- Push to main by @bob (3 commits)
- Push to develop by @alice (1 commit)

Example 4: Monitor CI status via webhooks

User prompt:

"Did the CI checks pass on my latest PR?"

Expected output: The AI calls list_pending_events to find check_run events related to the PR, then get_event for details:

CI results for PR #42 "Fix login timeout":
- build (ubuntu-latest): ✓ passed
- lint: ✓ passed
- test (node-18): ✓ passed
All checks passed.

MCP Tools

Tool	Description
get_pending_status	Lightweight snapshot of pending event counts by type
list_pending_events	Summaries of pending events (no full payloads)
get_event	Full payload for a single event by ID
get_webhook_events	Full payloads for all pending events
mark_processed	Mark an event as processed

Event Retention

Stored events are purged automatically to bound Durable Object storage. The Worker runs a time-based sweep on a Durable Object Alarm (daily), so cleanup happens even for tenants that never call mark_processed:

Event class	Retention window	Env var	Default
Processed (mark_processed called)	older than the window is deleted	PURGE_AFTER_DAYS	3 days
Unprocessed (never marked)	older than the window is deleted	UNPROCESSED_PURGE_AFTER_DAYS	90 days

• The longer window for unprocessed events is intentional: unprocessed means user-unseen, so the safety margin before dropping is wide (the 3-day vs 90-day asymmetry is by design).
• The sweep runs via a Durable Object Alarm on a daily cadence and reschedules itself, so it fires independently of consumption. Processed events are also purged immediately on mark_processed for promptness; the Alarm sweep is the guarantee that covers abandoned tenants.
• Both windows are configurable in worker/wrangler.toml ([vars]). Setting a value to 0 purges that class immediately on sweep.
• Known limitation: the windows bound event age, not volume. A high-rate, never-consumed tenant can still reach Cloudflare's 1 GB-per-DO ceiling before the 90-day window applies. A volume-based hard cap is tracked separately.

Monorepo Structure

worker/       — Cloudflare Worker + Durable Objects
local-mcp/    — Local stdio MCP bridge (TypeScript, dev)
mcp-server/   — .mcpb package for Claude Desktop
shared/       — Shared types and utilities

Privacy Policy

Events are stored in a Cloudflare Durable Object (edge storage). The local MCP bridge proxies tool calls to the Worker and does not store event data locally.

• Extension privacy policy: https://smgjp.com/privacy-policy-github-webhook-mcp/

Support

• GitHub Issues: https://github.com/Liplus-Project/github-webhook-mcp/issues
• Wiki (EN / JA)
• Requirements: docs/0-requirements.md

Related

• Liplus-Project/liplus-language — Li+ language specification