ragidi
← back

Scaling GitHub for your Agents — Sam Morrow, GitHub

2.9K views · Apr 27, 2026 · 20:34 min · Watch on YouTube ↗
Takeaway

MCP servers at platform scale need aggressive tool reduction, server-side multi-call workflows, eval-driven tool descriptions, and OAuth instead of plaintext PATs.

Summary

  • GitHub's MCP server (open-sourced April 2024) grew past 100 tools through community PRs — but LangChain research and GitHub's own data showed more tools = worse, more forgetful agents
  • Reduced default-config context by ~49% by focusing tools to common cases and grouping CRUD; another tailoring pass dropped list-PR output tokens by 75%
  • Tool failure rate now >95% success by encoding agent intent server-side: one tool call can fan out to 5 API calls to be more robust without round-trip context cost
  • Evaluation strategy: test tool descriptions against each other so they get called at the right times and not the wrong times — 'pool of tools' rather than micro-tuning descriptions
  • Security: rejected DCR (dynamic client registration) due to unbounded app DB growth; pushing OAuth 2.1 + PKCE + client ID metadata as the path of least resistance vs long-lived plaintext tokens
mcpgithubagents
Original description 
GitHub operates one of the most heavily-utilised MCP servers in the ecosystem, with over 4 million downloads of the stdio server alone. Discover the architectural decisions, technical challenges and lessons learned while building and scaling a remote MCP server on production infrastructure. The session walks through the journey from initial implementation to horizontal scaling, covering the specific challenges of condensing a platform as expansive as GitHub into a coherent MCP interface. Attendees will learn practical strategies for managing tool overload, optimizing context usage, implementing distributed session storage, and maintaining observability without compromising user privacy. Whether building a first remote server or optimizing an existing implementation, attendees will gain concrete patterns, anti-patterns, and architectural guidance from real production experience.

Key Takeaways:
• Architecture patterns for stateless, horizontally scalable remote MCP servers
• Practical approaches to tool proliferation and context window constraints
• Why a focus on auth, security and privacy is essential to success

Speaker info:
https://www.linkedin.com/in/sammorrow
https://github.com/SamMorrowDrums

Timestamps:
0:00:29 - Overview of GitHub's MCP public launch and community growth.
0:02:06 - Challenges of tool proliferation and impact on agent context.
0:03:21 - Mitigation via "tool sets" and dynamic discovery.
0:05:54 - Optimizing API output tokens to improve efficiency.
0:06:44 - Improving reliability through intent-based tool design.
0:08:14 - Security strategy: OAuth 2.1 and PKCE implementation.
0:10:40 - Managing prompt injection and security vulnerabilities.
0:12:35 - Using OAuth scopes for granular tool filtering.
0:13:47 - Stateless server architecture and Redis session management.
0:15:18 - Experimental features and human-in-the-loop UX.
0:16:30 - Future outlook: Compositional tools and automation.
0:18:04 - Final project metrics: Downloads, forks, and volume.