Sam Morrow shared GitHub’s experience in scaling their remote MCP server, highlighting challenges with managing numerous tools, optimizing context usage, enhancing security through OAuth 2.1, and maintaining a scalable, stateless architecture that supports millions of tool calls weekly. Looking forward, GitHub aims to enable more autonomous and compositional tool interactions, fostering a growing community and encouraging innovation to further evolve the agent ecosystem.
Sam Morrow, lead developer of GitHub’s MCP server, shared insights and lessons learned from building and scaling GitHub’s remote MCP server. He began by highlighting the initial excitement when GitHub open-sourced their local MCP server in April of the previous year, which quickly became the most starred repository on GitHub for that week. However, as the platform grew, challenges emerged, particularly around managing the large number of tools (over 100) integrated into the system. More tools did not necessarily improve agent performance; instead, they often caused confusion and increased context window sizes, leading to inefficiencies.
To address these issues, GitHub introduced concepts like tool sets, allowing users to group related tools and select only those they needed. They also experimented with dynamic tool selection and semantic tool discovery, though most users stuck with default settings, limiting the effectiveness of these solutions. The team focused heavily on reducing context usage by optimizing tool configurations based on usage patterns, achieving significant reductions in context size and output tokens. This ongoing optimization has made the GitHub MCP server more efficient and responsive over time.
Security was a major concern throughout the development and scaling process. Many users relied on plain text access tokens, which posed risks due to their long-lived and over-privileged nature. GitHub embraced OAuth 2.1 with PKCE support to improve security and aimed to make secure connections the path of least resistance. However, they chose not to support dynamic client registration due to scalability and management challenges. Additionally, prompt injection attacks remain a significant threat, highlighting the tension between agent utility and data protection, a challenge not unique to GitHub.
From an architectural perspective, GitHub runs a stateless MCP server setup, creating a new server instance for each request and dynamically adding tools based on user configuration and permissions. This design supports scalability, allowing GitHub to handle around 7 million tool calls per week without session affinity. They also implemented features like scope-based tool filtering and step-up OAuth to improve user experience and reduce failures. Experimental features, such as MCP apps that enable human-in-the-loop interactions, are available in an “Insiders” mode for users to try out.
Looking ahead, Sam envisions a future where server discovery and tool usage become more autonomous and compositional, with tools able to pipe data between each other seamlessly. He anticipates thousands of tools becoming standard and hopes that users won’t need to understand MCP deeply to benefit from it. The GitHub MCP server community has grown significantly, with millions of downloads, thousands of contributors, and millions of weekly tool calls, reflecting both the platform’s success and the ongoing challenges of scaling in a rapidly evolving space. Sam encouraged experimentation and innovation, emphasizing the potential for new clients or tools to transform the agent ecosystem.