readme

- Add mcp_config to inputs table
- Add example section showing how to use mcp_config with sequential-thinking MCP server
- Include clear explanation that custom servers override built-in servers

Co-authored-by: ashwin-ant <ashwin-ant@users.noreply.github.com>

README.md

@@ -82,6 +82,7 @@ jobs:
 | `allowed_tools`       | Additional tools for Claude to use (the base GitHub tools will always be included)                                   | No       | ""        |
 | `disallowed_tools`    | Tools that Claude should never use                                                                                   | No       | ""        |
 | `custom_instructions` | Additional custom instructions to include in the prompt for Claude                                                   | No       | ""        |
+| `mcp_config`          | Additional MCP configuration (JSON string) that merges with the built-in GitHub MCP servers                          | No       | ""        |
 | `assignee_trigger`    | The assignee username that triggers the action (e.g. @claude). Only used for issue assignment                        | No       | -         |
 | `trigger_phrase`      | The trigger phrase to look for in comments, issue/PR bodies, and issue titles                                        | No       | `@claude` |
 
@@ -89,6 +90,61 @@ jobs:
 
 > **Note**: This action is currently in beta. Features and APIs may change as we continue to improve the integration.
 
+### Using Custom MCP Configuration
+
+The `mcp_config` input allows you to add custom MCP (Model Context Protocol) servers to extend Claude's capabilities. These servers merge with the built-in GitHub MCP servers.
+
+#### Basic Example: Adding a Sequential Thinking Server
+
+```yaml
+- uses: anthropics/claude-code-action@beta
+  with:
+    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+    mcp_config: |
+      {
+        "mcpServers": {
+          "sequential-thinking": {
+            "command": "npx",
+            "args": [
+              "-y",
+              "@modelcontextprotocol/server-sequential-thinking"
+            ]
+          }
+        }
+      }
+    allowed_tools: "mcp__sequential-thinking__sequentialthinking" # Important: Each MCP tool from your server must be listed here, comma-separated
+    # ... other inputs
+```
+
+#### Passing Secrets to MCP Servers
+
+For MCP servers that require sensitive information like API keys or tokens, use GitHub Secrets in the environment variables:
+
+```yaml
+- uses: anthropics/claude-code-action@beta
+  with:
+    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+    mcp_config: |
+      {
+        "mcpServers": {
+          "custom-api-server": {
+            "command": "npx",
+            "args": ["-y", "@example/api-server"],
+            "env": {
+              "API_KEY": "${{ secrets.CUSTOM_API_KEY }}",
+              "BASE_URL": "https://api.example.com"
+            }
+          }
+        }
+      }
+    # ... other inputs
+```
+
+**Important**:
+
+- Always use GitHub Secrets (`${{ secrets.SECRET_NAME }}`) for sensitive values like API keys, tokens, or passwords. Never hardcode secrets directly in the workflow file.
+- Your custom servers will override any built-in servers with the same name.
+
 ## Examples
 
 ### Ways to Tag @claude

action.yml

@@ -39,6 +39,10 @@ inputs:
     description: "Direct instruction for Claude (bypasses normal trigger detection)"
     required: false
     default: ""
+  mcp_config:
+    description: "Additional MCP configuration (JSON string) that merges with the built-in GitHub MCP servers"
+    required: false
+    default: ""
 
   # Auth configuration
   anthropic_api_key:
@@ -92,6 +96,7 @@ runs:
         ALLOWED_TOOLS: ${{ inputs.allowed_tools }}
         CUSTOM_INSTRUCTIONS: ${{ inputs.custom_instructions }}
         DIRECT_PROMPT: ${{ inputs.direct_prompt }}
+        MCP_CONFIG: ${{ inputs.mcp_config }}
         OVERRIDE_GITHUB_TOKEN: ${{ inputs.github_token }}
         GITHUB_RUN_ID: ${{ github.run_id }}
 

src/create-prompt/index.ts

@@ -31,13 +31,24 @@ const BASE_ALLOWED_TOOLS = [
   "Write",
   "mcp__github_file_ops__commit_files",
   "mcp__github_file_ops__delete_files",
-  "mcp__github_file_ops__update_claude_comment",
 ];
 const DISALLOWED_TOOLS = ["WebSearch", "WebFetch"];
 
-export function buildAllowedToolsString(customAllowedTools?: string): string {
+export function buildAllowedToolsString(
+  eventData: EventData,
+  customAllowedTools?: string,
+): string {
   let baseTools = [...BASE_ALLOWED_TOOLS];
 
+  // Add the appropriate comment tool based on event type
+  if (eventData.eventName === "pull_request_review_comment") {
+    // For inline PR review comments, only use PR comment tool
+    baseTools.push("mcp__github__update_pull_request_comment");
+  } else {
+    // For all other events (issue comments, PR reviews, issues), use issue comment tool
+    baseTools.push("mcp__github__update_issue_comment");
+  }
+
   let allAllowedTools = baseTools.join(",");
   if (customAllowedTools) {
     allAllowedTools = `${allAllowedTools},${customAllowedTools}`;
@@ -436,15 +447,33 @@ ${sanitizeContent(context.directPrompt)}
 </direct_prompt>`
     : ""
 }
-${`<comment_tool_info>
-IMPORTANT: You have been provided with the mcp__github_file_ops__update_claude_comment tool to update your comment. This tool automatically handles both issue and PR comments.
+${
+  eventData.eventName === "pull_request_review_comment"
+    ? `<comment_tool_info>
+IMPORTANT: For this inline PR review comment, you have been provided with ONLY the mcp__github__update_pull_request_comment tool to update this specific review comment.
 
-Tool usage example for mcp__github_file_ops__update_claude_comment:
+Tool usage example for mcp__github__update_pull_request_comment:
 {
+  "owner": "${context.repository.split("/")[0]}",
+  "repo": "${context.repository.split("/")[1]}",
+  "commentId": ${eventData.commentId || context.claudeCommentId},
   "body": "Your comment text here"
 }
-Only the body parameter is required - the tool automatically knows which comment to update.
-</comment_tool_info>`}
+All four parameters (owner, repo, commentId, body) are required.
+</comment_tool_info>`
+    : `<comment_tool_info>
+IMPORTANT: For this event type, you have been provided with ONLY the mcp__github__update_issue_comment tool to update comments.
+
+Tool usage example for mcp__github__update_issue_comment:
+{
+  "owner": "${context.repository.split("/")[0]}",
+  "repo": "${context.repository.split("/")[1]}",
+  "commentId": ${context.claudeCommentId},
+  "body": "Your comment text here"
+}
+All four parameters (owner, repo, commentId, body) are required.
+</comment_tool_info>`
+}
 
 Your task is to analyze the context, understand the request, and provide helpful responses and/or implement code changes as needed.
 
@@ -458,7 +487,7 @@ Follow these steps:
 1. Create a Todo List:
    - Use your GitHub comment to maintain a detailed task list based on the request.
    - Format todos as a checklist (- [ ] for incomplete, - [x] for complete).
-   - Update the comment using mcp__github_file_ops__update_claude_comment with each task completion.
+   - Update the comment using ${eventData.eventName === "pull_request_review_comment" ? "mcp__github__update_pull_request_comment" : "mcp__github__update_issue_comment"} with each task completion.
 
 2. Gather Context:
    - Analyze the pre-fetched data provided above.
@@ -488,11 +517,11 @@ ${context.directPrompt ? `   - DIRECT INSTRUCTION: A direct instruction was prov
         - Look for bugs, security issues, performance problems, and other issues
         - Suggest improvements for readability and maintainability
         - Check for best practices and coding standards
-        - Reference specific code sections with file paths and line numbers${eventData.isPR ? "\n      - AFTER reading files and analyzing code, you MUST call mcp__github_file_ops__update_claude_comment to post your review" : ""}
+        - Reference specific code sections with file paths and line numbers${eventData.isPR ? "\n      - AFTER reading files and analyzing code, you MUST call mcp__github__update_issue_comment to post your review" : ""}
       - Formulate a concise, technical, and helpful response based on the context.
       - Reference specific code with inline formatting or code blocks.
       - Include relevant file paths and line numbers when applicable.
-      - ${eventData.isPR ? "IMPORTANT: Submit your review feedback by updating the Claude comment using mcp__github_file_ops__update_claude_comment. This will be displayed as your PR review." : "Remember that this feedback must be posted to the GitHub comment using mcp__github_file_ops__update_claude_comment."}
+      - ${eventData.isPR ? "IMPORTANT: Submit your review feedback by updating the Claude comment. This will be displayed as your PR review." : "Remember that this feedback must be posted to the GitHub comment."}
 
    B. For Straightforward Changes:
       - Use file system tools to make the change locally.
@@ -547,8 +576,8 @@ ${context.directPrompt ? `   - DIRECT INSTRUCTION: A direct instruction was prov
 
 Important Notes:
 - All communication must happen through GitHub PR comments.
-- Never create new comments. Only update the existing comment using mcp__github_file_ops__update_claude_comment.
-- This includes ALL responses: code reviews, answers to questions, progress updates, and final results.${eventData.isPR ? "\n- PR CRITICAL: After reading files and forming your response, you MUST post it by calling mcp__github_file_ops__update_claude_comment. Do NOT just respond with a normal response, the user will not see it." : ""}
+- Never create new comments. Only update the existing comment using ${eventData.eventName === "pull_request_review_comment" ? "mcp__github__update_pull_request_comment" : "mcp__github__update_issue_comment"} with comment_id: ${context.claudeCommentId}.
+- This includes ALL responses: code reviews, answers to questions, progress updates, and final results.${eventData.isPR ? "\n- PR CRITICAL: After reading files and forming your response, you MUST post it by calling mcp__github__update_issue_comment. Do NOT just respond with a normal response, the user will not see it." : ""}
 - You communicate exclusively by editing your single comment - not through any other means.
 - Use this spinner HTML when work is in progress: <img src="https://github.com/user-attachments/assets/5ac382c7-e004-429b-8e35-7feb3e8f9c6f" width="14px" height="14px" style="vertical-align: middle; margin-left: 4px;" />
 ${eventData.isPR && !eventData.claudeBranch ? `- Always push to the existing branch when triggered on a PR.` : `- IMPORTANT: You are already on the correct branch (${eventData.claudeBranch || "the created branch"}). Never create new branches when triggered on issues or closed/merged PRs.`}
@@ -636,6 +665,7 @@ export async function createPrompt(
 
     // Set allowed tools
     const allAllowedTools = buildAllowedToolsString(
+      preparedContext.eventData,
       preparedContext.allowedTools,
     );
     const allDisallowedTools = buildDisallowedToolsString(

src/entrypoints/prepare.ts

@@ -84,12 +84,13 @@ async function run() {
     );
 
     // Step 11: Get MCP configuration
+    const additionalMcpConfig = process.env.MCP_CONFIG || "";
     const mcpConfig = await prepareMcpConfig(
       githubToken,
       context.repository.owner,
       context.repository.repo,
       branchInfo.currentBranch,
-      commentId.toString(),
+      additionalMcpConfig,
     );
     core.setOutput("mcp_config", mcpConfig);
   } catch (error) {

src/mcp/github-file-ops-server.ts

@@ -7,7 +7,6 @@ import { readFile } from "fs/promises";
 import { join } from "path";
 import fetch from "node-fetch";
 import { GITHUB_API_URL } from "../github/api/config";
-import { Octokit } from "@octokit/rest";
 
 type GitHubRef = {
   object: {
@@ -440,106 +439,6 @@ server.tool(
   },
 );
 
-// Update Claude comment tool
-server.tool(
-  "update_claude_comment",
-  "Update the Claude comment with progress and results (automatically handles both issue and PR comments)",
-  {
-    body: z.string().describe("The updated comment content"),
-  },
-  async ({ body }) => {
-    try {
-      const githubToken = process.env.GITHUB_TOKEN;
-      const claudeCommentId = process.env.CLAUDE_COMMENT_ID;
-      const eventName = process.env.GITHUB_EVENT_NAME;
-
-      if (!githubToken) {
-        throw new Error("GITHUB_TOKEN environment variable is required");
-      }
-      if (!claudeCommentId) {
-        throw new Error("CLAUDE_COMMENT_ID environment variable is required");
-      }
-
-      const owner = REPO_OWNER;
-      const repo = REPO_NAME;
-      const commentId = parseInt(claudeCommentId, 10);
-
-      // Create Octokit instance
-      const octokit = new Octokit({
-        auth: githubToken,
-      });
-
-      // Determine if this is a PR review comment based on event type
-      const isPullRequestReviewComment =
-        eventName === "pull_request_review_comment";
-
-      let response;
-
-      try {
-        if (isPullRequestReviewComment) {
-          // Try PR review comment API first
-          response = await octokit.rest.pulls.updateReviewComment({
-            owner,
-            repo,
-            comment_id: commentId,
-            body,
-          });
-        } else {
-          // Use issue comment API (works for both issues and PR general comments)
-          response = await octokit.rest.issues.updateComment({
-            owner,
-            repo,
-            comment_id: commentId,
-            body,
-          });
-        }
-      } catch (error: any) {
-        // If PR review comment update fails with 404, fall back to issue comment API
-        if (isPullRequestReviewComment && error.status === 404) {
-          response = await octokit.rest.issues.updateComment({
-            owner,
-            repo,
-            comment_id: commentId,
-            body,
-          });
-        } else {
-          throw error;
-        }
-      }
-
-      return {
-        content: [
-          {
-            type: "text",
-            text: JSON.stringify(
-              {
-                id: response.data.id,
-                html_url: response.data.html_url,
-                updated_at: response.data.updated_at,
-              },
-              null,
-              2,
-            ),
-          },
-        ],
-      };
-    } catch (error) {
-      const errorMessage =
-        error instanceof Error ? error.message : String(error);
-      return {
-        content: [
-          {
-            type: "text",
-            text: `Error: ${errorMessage}`,
-          },
-        ],
-        error: errorMessage,
-        isError: true,
-      };
-    }
-  },
-);
-
 async function runServer() {
   const transport = new StdioServerTransport();
   await server.connect(transport);

src/mcp/install-mcp-server.ts

@@ -5,10 +5,10 @@ export async function prepareMcpConfig(
   owner: string,
   repo: string,
   branch: string,
-  claudeCommentId?: string,
+  additionalMcpConfig?: string,
 ): Promise<string> {
   try {
-    const mcpConfig = {
+    const baseMcpConfig = {
       mcpServers: {
         github: {
           command: "docker",
@@ -36,15 +36,44 @@ export async function prepareMcpConfig(
             REPO_NAME: repo,
             BRANCH_NAME: branch,
             REPO_DIR: process.env.GITHUB_WORKSPACE || process.cwd(),
-            ...(claudeCommentId && { CLAUDE_COMMENT_ID: claudeCommentId }),
-            GITHUB_EVENT_NAME: process.env.GITHUB_EVENT_NAME || "",
-            IS_PR: process.env.IS_PR || "false",
           },
         },
       },
     };
 
-    return JSON.stringify(mcpConfig, null, 2);
+    // Merge with additional MCP config if provided
+    if (additionalMcpConfig && additionalMcpConfig.trim()) {
+      try {
+        const additionalConfig = JSON.parse(additionalMcpConfig);
+
+        // Validate that parsed JSON is an object
+        if (typeof additionalConfig !== "object" || additionalConfig === null) {
+          throw new Error("MCP config must be a valid JSON object");
+        }
+
+        core.info(
+          "Merging additional MCP server configuration with built-in servers",
+        );
+
+        // Merge configurations with user config overriding built-in servers
+        const mergedConfig = {
+          ...baseMcpConfig,
+          ...additionalConfig,
+          mcpServers: {
+            ...baseMcpConfig.mcpServers,
+            ...additionalConfig.mcpServers,
+          },
+        };
+
+        return JSON.stringify(mergedConfig, null, 2);
+      } catch (parseError) {
+        core.warning(
+          `Failed to parse additional MCP config: ${parseError}. Using base config only.`,
+        );
+      }
+    }
+
+    return JSON.stringify(baseMcpConfig, null, 2);
   } catch (error) {
     core.setFailed(`Install MCP server failed with error: ${error}`);
     process.exit(1);

test/create-prompt.test.ts

@@ -8,6 +8,7 @@ import {
   buildDisallowedToolsString,
 } from "../src/create-prompt";
 import type { PreparedContext } from "../src/create-prompt";
+import type { EventData } from "../src/create-prompt/types";
 
 describe("generatePrompt", () => {
   const mockGitHubData = {
@@ -618,7 +619,15 @@ describe("getEventTypeAndContext", () => {
 
 describe("buildAllowedToolsString", () => {
   test("should return issue comment tool for regular events", () => {
-    const result = buildAllowedToolsString();
+    const mockEventData: EventData = {
+      eventName: "issue_comment",
+      commentId: "123",
+      isPR: true,
+      prNumber: "456",
+      commentBody: "Test comment",
+    };
+
+    const result = buildAllowedToolsString(mockEventData);
 
     // The base tools should be in the result
     expect(result).toContain("Edit");
@@ -627,15 +636,22 @@ describe("buildAllowedToolsString", () => {
     expect(result).toContain("LS");
     expect(result).toContain("Read");
     expect(result).toContain("Write");
-    expect(result).toContain("mcp__github_file_ops__update_claude_comment");
-    expect(result).not.toContain("mcp__github__update_issue_comment");
+    expect(result).toContain("mcp__github__update_issue_comment");
     expect(result).not.toContain("mcp__github__update_pull_request_comment");
     expect(result).toContain("mcp__github_file_ops__commit_files");
     expect(result).toContain("mcp__github_file_ops__delete_files");
   });
 
   test("should return PR comment tool for inline review comments", () => {
-    const result = buildAllowedToolsString();
+    const mockEventData: EventData = {
+      eventName: "pull_request_review_comment",
+      isPR: true,
+      prNumber: "456",
+      commentBody: "Test review comment",
+      commentId: "789",
+    };
+
+    const result = buildAllowedToolsString(mockEventData);
 
     // The base tools should be in the result
     expect(result).toContain("Edit");
@@ -644,16 +660,23 @@ describe("buildAllowedToolsString", () => {
     expect(result).toContain("LS");
     expect(result).toContain("Read");
     expect(result).toContain("Write");
-    expect(result).toContain("mcp__github_file_ops__update_claude_comment");
     expect(result).not.toContain("mcp__github__update_issue_comment");
-    expect(result).not.toContain("mcp__github__update_pull_request_comment");
+    expect(result).toContain("mcp__github__update_pull_request_comment");
     expect(result).toContain("mcp__github_file_ops__commit_files");
     expect(result).toContain("mcp__github_file_ops__delete_files");
   });
 
   test("should append custom tools when provided", () => {
+    const mockEventData: EventData = {
+      eventName: "issue_comment",
+      commentId: "123",
+      isPR: true,
+      prNumber: "456",
+      commentBody: "Test comment",
+    };
+
     const customTools = "Tool1,Tool2,Tool3";
-    const result = buildAllowedToolsString(customTools);
+    const result = buildAllowedToolsString(mockEventData, customTools);
 
     // Base tools should be present
     expect(result).toContain("Edit");

test/install-mcp-server.test.ts

@@ -0,0 +1,344 @@
+import { describe, test, expect, beforeEach, afterEach, spyOn } from "bun:test";
+import { prepareMcpConfig } from "../src/mcp/install-mcp-server";
+import * as core from "@actions/core";
+
+describe("prepareMcpConfig", () => {
+  let consoleInfoSpy: any;
+  let consoleWarningSpy: any;
+  let setFailedSpy: any;
+  let processExitSpy: any;
+
+  beforeEach(() => {
+    consoleInfoSpy = spyOn(core, "info").mockImplementation(() => {});
+    consoleWarningSpy = spyOn(core, "warning").mockImplementation(() => {});
+    setFailedSpy = spyOn(core, "setFailed").mockImplementation(() => {});
+    processExitSpy = spyOn(process, "exit").mockImplementation(() => {
+      throw new Error("Process exit");
+    });
+  });
+
+  afterEach(() => {
+    consoleInfoSpy.mockRestore();
+    consoleWarningSpy.mockRestore();
+    setFailedSpy.mockRestore();
+    processExitSpy.mockRestore();
+  });
+
+  test("should return base config when no additional config is provided", async () => {
+    const result = await prepareMcpConfig(
+      "test-token",
+      "test-owner",
+      "test-repo",
+      "test-branch",
+    );
+
+    const parsed = JSON.parse(result);
+    expect(parsed.mcpServers).toBeDefined();
+    expect(parsed.mcpServers.github).toBeDefined();
+    expect(parsed.mcpServers.github_file_ops).toBeDefined();
+    expect(parsed.mcpServers.github.env.GITHUB_PERSONAL_ACCESS_TOKEN).toBe(
+      "test-token",
+    );
+    expect(parsed.mcpServers.github_file_ops.env.GITHUB_TOKEN).toBe(
+      "test-token",
+    );
+    expect(parsed.mcpServers.github_file_ops.env.REPO_OWNER).toBe("test-owner");
+    expect(parsed.mcpServers.github_file_ops.env.REPO_NAME).toBe("test-repo");
+    expect(parsed.mcpServers.github_file_ops.env.BRANCH_NAME).toBe(
+      "test-branch",
+    );
+  });
+
+  test("should return base config when additional config is empty string", async () => {
+    const result = await prepareMcpConfig(
+      "test-token",
+      "test-owner",
+      "test-repo",
+      "test-branch",
+      "",
+    );
+
+    const parsed = JSON.parse(result);
+    expect(parsed.mcpServers).toBeDefined();
+    expect(parsed.mcpServers.github).toBeDefined();
+    expect(parsed.mcpServers.github_file_ops).toBeDefined();
+    expect(consoleWarningSpy).not.toHaveBeenCalled();
+  });
+
+  test("should return base config when additional config is whitespace only", async () => {
+    const result = await prepareMcpConfig(
+      "test-token",
+      "test-owner",
+      "test-repo",
+      "test-branch",
+      "   \n\t  ",
+    );
+
+    const parsed = JSON.parse(result);
+    expect(parsed.mcpServers).toBeDefined();
+    expect(parsed.mcpServers.github).toBeDefined();
+    expect(parsed.mcpServers.github_file_ops).toBeDefined();
+    expect(consoleWarningSpy).not.toHaveBeenCalled();
+  });
+
+  test("should merge valid additional config with base config", async () => {
+    const additionalConfig = JSON.stringify({
+      mcpServers: {
+        custom_server: {
+          command: "custom-command",
+          args: ["arg1", "arg2"],
+          env: {
+            CUSTOM_ENV: "custom-value",
+          },
+        },
+      },
+    });
+
+    const result = await prepareMcpConfig(
+      "test-token",
+      "test-owner",
+      "test-repo",
+      "test-branch",
+      additionalConfig,
+    );
+
+    const parsed = JSON.parse(result);
+    expect(consoleInfoSpy).toHaveBeenCalledWith(
+      "Merging additional MCP server configuration with built-in servers",
+    );
+    expect(parsed.mcpServers.github).toBeDefined();
+    expect(parsed.mcpServers.github_file_ops).toBeDefined();
+    expect(parsed.mcpServers.custom_server).toBeDefined();
+    expect(parsed.mcpServers.custom_server.command).toBe("custom-command");
+    expect(parsed.mcpServers.custom_server.args).toEqual(["arg1", "arg2"]);
+    expect(parsed.mcpServers.custom_server.env.CUSTOM_ENV).toBe("custom-value");
+  });
+
+  test("should override built-in servers when additional config has same server names", async () => {
+    const additionalConfig = JSON.stringify({
+      mcpServers: {
+        github: {
+          command: "overridden-command",
+          args: ["overridden-arg"],
+          env: {
+            OVERRIDDEN_ENV: "overridden-value",
+          },
+        },
+      },
+    });
+
+    const result = await prepareMcpConfig(
+      "test-token",
+      "test-owner",
+      "test-repo",
+      "test-branch",
+      additionalConfig,
+    );
+
+    const parsed = JSON.parse(result);
+    expect(consoleInfoSpy).toHaveBeenCalledWith(
+      "Merging additional MCP server configuration with built-in servers",
+    );
+    expect(parsed.mcpServers.github.command).toBe("overridden-command");
+    expect(parsed.mcpServers.github.args).toEqual(["overridden-arg"]);
+    expect(parsed.mcpServers.github.env.OVERRIDDEN_ENV).toBe(
+      "overridden-value",
+    );
+    expect(
+      parsed.mcpServers.github.env.GITHUB_PERSONAL_ACCESS_TOKEN,
+    ).toBeUndefined();
+    expect(parsed.mcpServers.github_file_ops).toBeDefined();
+  });
+
+  test("should merge additional root-level properties", async () => {
+    const additionalConfig = JSON.stringify({
+      customProperty: "custom-value",
+      anotherProperty: {
+        nested: "value",
+      },
+      mcpServers: {
+        custom_server: {
+          command: "custom",
+        },
+      },
+    });
+
+    const result = await prepareMcpConfig(
+      "test-token",
+      "test-owner",
+      "test-repo",
+      "test-branch",
+      additionalConfig,
+    );
+
+    const parsed = JSON.parse(result);
+    expect(parsed.customProperty).toBe("custom-value");
+    expect(parsed.anotherProperty).toEqual({ nested: "value" });
+    expect(parsed.mcpServers.github).toBeDefined();
+    expect(parsed.mcpServers.custom_server).toBeDefined();
+  });
+
+  test("should handle invalid JSON gracefully", async () => {
+    const invalidJson = "{ invalid json }";
+
+    const result = await prepareMcpConfig(
+      "test-token",
+      "test-owner",
+      "test-repo",
+      "test-branch",
+      invalidJson,
+    );
+
+    const parsed = JSON.parse(result);
+    expect(consoleWarningSpy).toHaveBeenCalledWith(
+      expect.stringContaining("Failed to parse additional MCP config:"),
+    );
+    expect(parsed.mcpServers.github).toBeDefined();
+    expect(parsed.mcpServers.github_file_ops).toBeDefined();
+  });
+
+  test("should handle non-object JSON values", async () => {
+    const nonObjectJson = JSON.stringify("string value");
+
+    const result = await prepareMcpConfig(
+      "test-token",
+      "test-owner",
+      "test-repo",
+      "test-branch",
+      nonObjectJson,
+    );
+
+    const parsed = JSON.parse(result);
+    expect(consoleWarningSpy).toHaveBeenCalledWith(
+      expect.stringContaining("Failed to parse additional MCP config:"),
+    );
+    expect(consoleWarningSpy).toHaveBeenCalledWith(
+      expect.stringContaining("MCP config must be a valid JSON object"),
+    );
+    expect(parsed.mcpServers.github).toBeDefined();
+    expect(parsed.mcpServers.github_file_ops).toBeDefined();
+  });
+
+  test("should handle null JSON value", async () => {
+    const nullJson = JSON.stringify(null);
+
+    const result = await prepareMcpConfig(
+      "test-token",
+      "test-owner",
+      "test-repo",
+      "test-branch",
+      nullJson,
+    );
+
+    const parsed = JSON.parse(result);
+    expect(consoleWarningSpy).toHaveBeenCalledWith(
+      expect.stringContaining("Failed to parse additional MCP config:"),
+    );
+    expect(consoleWarningSpy).toHaveBeenCalledWith(
+      expect.stringContaining("MCP config must be a valid JSON object"),
+    );
+    expect(parsed.mcpServers.github).toBeDefined();
+    expect(parsed.mcpServers.github_file_ops).toBeDefined();
+  });
+
+  test("should handle array JSON value", async () => {
+    const arrayJson = JSON.stringify([1, 2, 3]);
+
+    const result = await prepareMcpConfig(
+      "test-token",
+      "test-owner",
+      "test-repo",
+      "test-branch",
+      arrayJson,
+    );
+
+    const parsed = JSON.parse(result);
+    // Arrays are objects in JavaScript, so they pass the object check
+    // But they'll fail when trying to spread or access mcpServers property
+    expect(consoleInfoSpy).toHaveBeenCalledWith(
+      "Merging additional MCP server configuration with built-in servers",
+    );
+    expect(parsed.mcpServers.github).toBeDefined();
+    expect(parsed.mcpServers.github_file_ops).toBeDefined();
+    // The array will be spread into the config (0: 1, 1: 2, 2: 3)
+    expect(parsed[0]).toBe(1);
+    expect(parsed[1]).toBe(2);
+    expect(parsed[2]).toBe(3);
+  });
+
+  test("should merge complex nested configurations", async () => {
+    const additionalConfig = JSON.stringify({
+      mcpServers: {
+        server1: {
+          command: "cmd1",
+          env: { KEY1: "value1" },
+        },
+        server2: {
+          command: "cmd2",
+          env: { KEY2: "value2" },
+        },
+        github_file_ops: {
+          command: "overridden",
+          env: { CUSTOM: "value" },
+        },
+      },
+      otherConfig: {
+        nested: {
+          deeply: "value",
+        },
+      },
+    });
+
+    const result = await prepareMcpConfig(
+      "test-token",
+      "test-owner",
+      "test-repo",
+      "test-branch",
+      additionalConfig,
+    );
+
+    const parsed = JSON.parse(result);
+    expect(parsed.mcpServers.server1).toBeDefined();
+    expect(parsed.mcpServers.server2).toBeDefined();
+    expect(parsed.mcpServers.github).toBeDefined();
+    expect(parsed.mcpServers.github_file_ops.command).toBe("overridden");
+    expect(parsed.mcpServers.github_file_ops.env.CUSTOM).toBe("value");
+    expect(parsed.otherConfig.nested.deeply).toBe("value");
+  });
+
+  test("should preserve GITHUB_ACTION_PATH in file_ops server args", async () => {
+    const oldEnv = process.env.GITHUB_ACTION_PATH;
+    process.env.GITHUB_ACTION_PATH = "/test/action/path";
+
+    const result = await prepareMcpConfig(
+      "test-token",
+      "test-owner",
+      "test-repo",
+      "test-branch",
+    );
+
+    const parsed = JSON.parse(result);
+    expect(parsed.mcpServers.github_file_ops.args[1]).toBe(
+      "/test/action/path/src/mcp/github-file-ops-server.ts",
+    );
+
+    process.env.GITHUB_ACTION_PATH = oldEnv;
+  });
+
+  test("should use process.cwd() when GITHUB_WORKSPACE is not set", async () => {
+    const oldEnv = process.env.GITHUB_WORKSPACE;
+    delete process.env.GITHUB_WORKSPACE;
+
+    const result = await prepareMcpConfig(
+      "test-token",
+      "test-owner",
+      "test-repo",
+      "test-branch",
+    );
+
+    const parsed = JSON.parse(result);
+    expect(parsed.mcpServers.github_file_ops.env.REPO_DIR).toBe(process.cwd());
+
+    process.env.GITHUB_WORKSPACE = oldEnv;
+  });
+});