Skip to main content
The hosted Nodal MCP endpoint serves your context repo — the Markdown + YAML your analyst curates — to your team’s agents. To do that, it needs to read that repo. That’s the entire access footprint: read-only, GitHub-only, and revocable at any time.
Nodal never needs access to your database. Warehouse SQL still runs through your own read-only connector. See exactly what we access →
You can grant read-only access two ways. The onboarding flow defaults to the Nodal GitHub App.

Install the Nodal GitHub App

From the Nodal admin:
  1. Open Settings → Connect repository and select GitHub.
  2. Click Install GitHub App. You’ll be redirected to GitHub’s installation screen.
  3. Choose the organization (or personal account) that owns your context repo.
  4. Under Repository access, select Only select repositories and pick your analytics-context repo. (Optional: also select your dbt project repo to enable the lineage connector.)
  5. Review the read-only permissions and click Install. GitHub returns you to the Nodal admin with the connection confirmed.
You must have organization ownership or admin permissions on the repo to install the app. If you don’t, GitHub sends an install request to an org owner, who approves it once — after that the repo appears in Nodal.
Scope the app to only the repositories Nodal needs. You can add or remove repos later without reinstalling — see Manage repository access.

Permissions

The Nodal GitHub App requests the minimum read-only scopes needed to serve your context — and no write access of any kind.
PermissionAccessWhy
metadataRead-onlyBasic repository information (default for every GitHub App)
contentsRead-onlyRead the Markdown + YAML context files (and dbt files, if you connect that repo)
Nodal cannot open branches, push commits, create pull requests, or trigger deployments. Contrast this with a docs or CI app, which needs write scopes — Nodal deliberately does not.

Manage repository access

The app installation is managed entirely from your GitHub org, so you stay in control:
  • Add or remove repos: in GitHub, go to Settings → GitHub Apps → Nodal → Configure and edit the selected repositories. Changes take effect immediately.
  • Review activity: GitHub logs every action the app takes under the app’s installation.
  • Revoke access: from the same Configure screen, click Uninstall. Nodal loses all access the moment you do — no token to hunt down or expire.

Prefer a token instead?

If your org would rather manage the credential directly, you can skip the app and paste a read-only personal access token (PAT) instead:
  1. In GitHub, create a fine-grained personal access token scoped to your context repo (and, optionally, your dbt repo) with Contents: Read-only.
  2. In the Nodal admin, choose Use a token instead and paste it.
The access footprint is identical — read-only, GitHub-only. The only difference is that you hold and rotate the token, whereas the GitHub App has no token to rotate. Most teams prefer the app.

Troubleshooting

Confirm the repo is in the app’s selected repositories (GitHub → Settings → GitHub Apps → Nodal → Configure). If you installed on a personal account but the repo lives in an org — or vice versa — reinstall against the account that owns the repo.
You don’t have owner/admin rights on that GitHub org. An org owner needs to approve the pending install request once; then the repo appears in the Nodal admin.
The endpoint reads your repo; make sure your latest changes are pushed to the connected branch. If access looks broken, uninstall and reinstall the app from GitHub’s Configure screen to refresh the connection.

What Nodal can access

The full access footprint — and what Nodal can never touch.

Share with your team

The .mcp.json file to hand out once you’re connected.