Multi-Profile Setup

Overview

Multi-profile support allows you to manage multiple GitHub accounts (personal, work, clients) from a single MCP server executable with complete token isolation and clear identification.

Benefits:

✅ One executable serves unlimited profiles
✅ Each profile has dedicated GitHub token
✅ Profile names appear in tool responses for clarity
✅ Audit logs track operations by profile
✅ Easy switching between accounts in Claude

Configuration

Edit claude_desktop_config.json with multiple server entries:

{
  "mcpServers": {
    "github-personal": {
      "command": "C:\\Users\\Name\\github-mcp-server-v3.exe",
      "args": ["--profile", "personal"],
      "env": {
        "GITHUB_TOKEN": "ghp_personal_token_here"
      }
    },
    "github-work": {
      "command": "C:\\Users\\Name\\github-mcp-server-v3.exe",
      "args": ["--profile", "work"],
      "env": {
        "GITHUB_TOKEN": "ghp_work_token_here"
      }
    },
    "github-client-acme": {
      "command": "C:\\Users\\Name\\github-mcp-server-v3.exe",
      "args": ["--profile", "acme-corp"],
      "env": {
        "GITHUB_TOKEN": "ghp_acme_token_here"
      }
    }
  }
}

Profile Naming

Profile names (--profile argument) can be any descriptive string:

personal, work, client-name
github-main, github-opensource
username-personal, companyname-work

Best practices:

Use descriptive, memorable names
Avoid special characters (stick to alphanumeric and hyphens)
Keep names short (under 20 characters)

Using Profiles in Claude

Explicit Profile Selection

Specify which profile to use in your request:

"Using my work GitHub account, list all repositories"
→ Claude uses github-work profile

"On my personal account, create a new repository called 'dotfiles'"
→ Claude uses github-personal profile

"For Acme Corp, show me the open security alerts"
→ Claude uses github-client-acme profile

Context-Based Selection

Claude can infer profile from context:

"Show me my personal project repos"
→ Likely uses github-personal

"What PRs need review at work?"
→ Likely uses github-work

"List Acme's private repositories"
→ Uses github-client-acme

Default Behavior

If profile not specified and context unclear:

Claude may ask which profile to use
Or use the first alphabetically (not reliable)
Best practice: Always specify profile for clarity

Profile Isolation

Each profile operates independently:

Token Isolation

Each profile has separate GitHub token
Tokens can have different scopes
Token compromise affects only that profile
No cross-profile token sharing

Example: Personal token with full admin access, work token with read-only.

Audit Log Separation

Operations logged with profile identifier:

{
  "timestamp": "2024-02-10T14:30:00Z",
  "profile": "work",
  "operation": "github_create_pr",
  "repository": "company/backend-api",
  ...
}

Query logs by profile:

cat mcp-admin-audit.log | jq 'select(.profile == "work")'

Safety Configuration

Each profile can have different safety settings.

Option 1: Single shared safety.json (same directory as executable)

All profiles use same safety rules.

Option 2: Profile-specific safety configs

{
  "mcpServers": {
    "github-personal": {
      "command": "path/to/github-mcp-server-v3.exe",
      "args": ["--profile", "personal", "--safety-config", "C:\\configs\\safety-personal.json"],
      "env": { "GITHUB_TOKEN": "ghp_personal..." }
    },
    "github-work": {
      "command": "path/to/github-mcp-server-v3.exe",
      "args": ["--profile", "work", "--safety-config", "C:\\configs\\safety-work.json"],
      "env": { "GITHUB_TOKEN": "ghp_work..." }
    },
    "github-client": {
      "command": "path/to/github-mcp-server-v3.exe",
      "args": ["--profile", "client", "--safety-config", "C:\\configs\\safety-client.json"],
      "env": { "GITHUB_TOKEN": "ghp_client..." }
    }
  }
}

Example use cases:

Personal: permissive mode (you’re the only user)
Work: moderate mode (shared repos, some collaboration)
Client: strict mode (high-stakes production repos)

Token Management Strategy

Separate Tokens Per Profile

Generate distinct tokens for each profile:

Personal Profile
- Scopes: repo, delete_repo, workflow, security_events
- Expiration: 90 days
- Note: “Claude Desktop - Personal”
Work Profile
- Scopes: repo, workflow, security_events (no delete_repo)
- Expiration: 30 days (more frequent rotation)
- Note: “Claude Desktop - Work”
Client Profile
- Scopes: repo only (minimal permissions)
- Expiration: 30 days
- Note: “Claude Desktop - Client Acme”

Token Rotation Schedule

Different profiles can have different rotation schedules:

Profile	Rotation Frequency	Reason
Personal	90 days	Low risk, personal control
Work	30 days	Company policy, shared org
Client	30 days	External access, compliance

Common Multi-Profile Workflows

Morning Triage Across Accounts

1. "Show me my personal GitHub dashboard"
   → github_dashboard (personal profile)

2. "Now show my work dashboard"
   → github_dashboard (work profile)

3. "Any security alerts in Acme's repos?"
   → github_security_alerts (acme profile)

Context Switching

1. [Working on personal project]
   "Create a branch called feature-auth"
   → git_checkout (personal profile, local repo)

2. [Switching to work]
   "List open PRs for company/backend-api"
   → github_list_prs (work profile)

3. "Comment on PR #123: 'LGTM'"
   → github_comment_pr (work profile)

Cross-Account Operations

1. "Fork company/public-lib to my personal account"
   → Uses work profile to read, personal profile to create fork

2. "Create PR from my personal fork to company repo"
   → github_create_pr (work profile, cross-repo)

Advanced: Environment-Based Profiles

For development vs. production environments:

{
  "mcpServers": {
    "github-dev": {
      "command": "path/to/github-mcp-server-v3.exe",
      "args": ["--profile", "dev"],
      "env": {
        "GITHUB_TOKEN": "ghp_dev_token",
        "GITHUB_API_BASE_URL": "https://github.enterprise-dev.com/api/v3"
      }
    },
    "github-prod": {
      "command": "path/to/github-mcp-server-v3.exe",
      "args": ["--profile", "prod"],
      "env": {
        "GITHUB_TOKEN": "ghp_prod_token",
        "GITHUB_API_BASE_URL": "https://github.enterprise.com/api/v3"
      }
    }
  }
}

Troubleshooting

Wrong Profile Used

Problem: Claude used personal profile instead of work profile.

Fix: Be more explicit in your request:

❌ "List repositories"
✅ "Using my work GitHub account, list repositories"

Token Confusion

Problem: Work token used for personal operation.

Fix: Check claude_desktop_config.json — ensure each profile has correct token.

Profile Not Found

Error: Profile "xyz" not configured

Fix: Profile name in Claude request must match --profile argument in config.

Best Practices

Naming Convention

Use consistent, hierarchical naming:

github-{account-type}-{identifier}

Examples:
- github-personal
- github-work-engineering
- github-work-devops
- github-client-acme
- github-client-startup-x

Token Security

✅ Store tokens in environment variables or encrypted config
✅ Rotate tokens on schedule (per profile)
✅ Revoke token immediately if compromised
✅ Use minimal scopes per profile (least privilege)

Profile Organization

By purpose:

github-personal-oss — Open-source contributions
github-personal-private — Private projects
github-work-backend — Backend team repos
github-work-frontend — Frontend team repos

By permission level:

github-admin — Full admin access
github-readonly — Read-only token (safe browsing)
github-ci — CI/CD automation (workflow scope)

Comparison: Single vs. Multi-Profile

Aspect	Single Profile	Multi-Profile
Setup complexity	Simple	Moderate
Token management	One token	Multiple tokens
Account isolation	None	Complete
Context switching	Manual token change	Automatic
Audit clarity	Mixed operations	Per-profile tracking
Security blast radius	All accounts	Single account
Recommended for	Personal use only	Multiple accounts / teams