docs: document strict toolset validation in README and server configuration guide

macarronesc · macarronesc · commit a6bc5f6703b9 · 2026-03-10T13:31:52.000Z
diff --git a/README.md b/README.md
@@ -422,6 +422,24 @@ To specify toolsets you want available to the LLM, you can pass an allow-list in
 
 The environment variable `GITHUB_TOOLSETS` takes precedence over the command line argument if both are provided.
 
+#### Strict Toolset Validation
+
+You can enable strict validation to fail fast when configuration includes unknown toolset names.
+
+1. **Using Command Line Argument**:
+
+  ```bash
+  github-mcp-server --toolsets repos,issues --strict-toolsets
+  ```
+
+2. **Using Environment Variable**:
+
+  ```bash
+  GITHUB_TOOLSETS="repos,issues" GITHUB_STRICT_TOOLSETS=true ./github-mcp-server
+  ```
+
+When enabled, startup returns an error if any configured toolset name is invalid.
+
 #### Specifying Individual Tools
 
 You can also configure specific tools using the `--tools` flag. Tools can be used independently or combined with toolsets and dynamic toolsets discovery for fine-grained control.
@@ -469,6 +487,7 @@ When using Docker, you can pass the toolsets as environment variables:
 docker run -i --rm \
   -e GITHUB_PERSONAL_ACCESS_TOKEN=<your-token> \
   -e GITHUB_TOOLSETS="repos,issues,pull_requests,actions,code_security" \
+  -e GITHUB_STRICT_TOOLSETS=true \
   ghcr.io/github/github-mcp-server
 ```
 
diff --git a/docs/server-configuration.md b/docs/server-configuration.md
@@ -12,6 +12,7 @@ We currently support the following ways in which the GitHub MCP Server can be co
 | Exclude Tools | `X-MCP-Exclude-Tools` header | `--exclude-tools` flag or `GITHUB_EXCLUDE_TOOLS` env var |
 | Read-Only Mode | `X-MCP-Readonly` header or `/readonly` URL | `--read-only` flag or `GITHUB_READ_ONLY` env var |
 | Dynamic Mode | Not available | `--dynamic-toolsets` flag or `GITHUB_DYNAMIC_TOOLSETS` env var |
+| Strict Toolset Validation | Not available | `--strict-toolsets` flag or `GITHUB_STRICT_TOOLSETS` env var |
 | Lockdown Mode | `X-MCP-Lockdown` header | `--lockdown-mode` flag or `GITHUB_LOCKDOWN_MODE` env var |
 | Insiders Mode | `X-MCP-Insiders` header or `/insiders` URL | `--insiders` flag or `GITHUB_INSIDERS` env var |
 | Scope Filtering | Always enabled | Always enabled |
@@ -124,6 +125,58 @@ The examples below use VS Code configuration format to illustrate the concepts.
 
 ---
 
+### Strict Toolset Validation (Local Only)
+
+**Best for:** Users who want startup to fail fast on invalid toolset names (for example, catching typos in CI or shared config files).
+
+When enabled, the local server validates configured toolsets at startup and returns an error if any toolset name is unknown.
+
+<table>
+<tr><th>Local Server Only</th></tr>
+<tr valign="top">
+<td>
+
+```json
+{
+  "type": "stdio",
+  "command": "go",
+  "args": [
+    "run",
+    "./cmd/github-mcp-server",
+    "stdio",
+    "--toolsets=issues,pull_requests",
+    "--strict-toolsets"
+  ],
+  "env": {
+    "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_token}"
+  }
+}
+```
+
+**Using environment variable instead of flag:**
+```json
+{
+  "type": "stdio",
+  "command": "go",
+  "args": [
+    "run",
+    "./cmd/github-mcp-server",
+    "stdio",
+    "--toolsets=issues,pull_requests"
+  ],
+  "env": {
+    "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_token}",
+    "GITHUB_STRICT_TOOLSETS": "true"
+  }
+}
+```
+
+</td>
+</tr>
+</table>
+
+---
+
 ### Enabling Toolsets + Tools
 
 **Best for:** Users who want broad functionality from some areas, plus specific tools from others.
