Scaling GitHub for your Agents — Sam Morrow, GitHub

AI Engineer · Intermediate ·🔧 Backend Engineering ·1w ago
GitHub operates one of the most heavily-utilised MCP servers in the ecosystem, with over 4 million downloads of the stdio server alone. Discover the architectural decisions, technical challenges and lessons learned while building and scaling a remote MCP server on production infrastructure. The session walks through the journey from initial implementation to horizontal scaling, covering the specific challenges of condensing a platform as expansive as GitHub into a coherent MCP interface. Attendees will learn practical strategies for managing tool overload, optimizing context usage, implementing distributed session storage, and maintaining observability without compromising user privacy. Whether building a first remote server or optimizing an existing implementation, attendees will gain concrete patterns, anti-patterns, and architectural guidance from real production experience. Key Takeaways: • Architecture patterns for stateless, horizontally scalable remote MCP servers • Practical approaches to tool proliferation and context window constraints • Why a focus on auth, security and privacy is essential to success Speaker info: https://www.linkedin.com/in/sammorrow https://github.com/SamMorrowDrums Timestamps: 0:00:29 - Overview of GitHub's MCP public launch and community growth. 0:02:06 - Challenges of tool proliferation and impact on agent context. 0:03:21 - Mitigation via "tool sets" and dynamic discovery. 0:05:54 - Optimizing API output tokens to improve efficiency. 0:06:44 - Improving reliability through intent-based tool design. 0:08:14 - Security strategy: OAuth 2.1 and PKCE implementation. 0:10:40 - Managing prompt injection and security vulnerabilities. 0:12:35 - Using OAuth scopes for granular tool filtering. 0:13:47 - Stateless server architecture and Redis session management. 0:15:18 - Experimental features and human-in-the-loop UX. 0:16:30 - Future outlook: Compositional tools and automation. 0:18:04 - Final project metrics: Downloads, forks, and volum
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Related AI Lessons

`setTimeout()` Is NOT Part of JavaScript
Learn why setTimeout() is not a part of JavaScript and how it's actually a part of the Web APIs, with implications for coding and understanding browser behavior
Dev.to · CodeWithIshwar
Installing Node.js and npm on Ubuntu 26.04
Learn to install the latest Node.js and npm on Ubuntu 26.04, bypassing the outdated default version
Dev.to · Sanskriti Harmukh
How to Modernize a Node.js Backend Without Rewriting It (Using Zuplo)
Learn how to modernize a Node.js backend without rewriting it using Zuplo, improving performance and scalability
Dev.to · Chidera Humphrey
Firebase for Startups: When to Switch to Enterprise Solutions
Learn when to switch from Firebase to enterprise solutions for your startup, and how to navigate the 300-500% yearly cost increase
Dev.to · Horizon Dev

Chapters (12)

0:29 Overview of GitHub's MCP public launch and community growth.
2:06 Challenges of tool proliferation and impact on agent context.
3:21 Mitigation via "tool sets" and dynamic discovery.
5:54 Optimizing API output tokens to improve efficiency.
6:44 Improving reliability through intent-based tool design.
8:14 Security strategy: OAuth 2.1 and PKCE implementation.
10:40 Managing prompt injection and security vulnerabilities.
12:35 Using OAuth scopes for granular tool filtering.
13:47 Stateless server architecture and Redis session management.
15:18 Experimental features and human-in-the-loop UX.
16:30 Future outlook: Compositional tools and automation.
18:04 Final project metrics: Downloads, forks, and volum
Up next
Lovable AI + Kling 3.0 + Cookiebot = INSANE AI 3D Websites in Minutes (GDPR Ready)
Tin Rovic
Watch →