Read our guide to building secure and scalable remote MCP servers >
Running the Model Context Protocol (MCP) server locally works, but managing Docker, rotating access tokens, and pulling updates is a hassle. GitHub’s managed MCP endpoint eliminates these infrastructure headaches, letting you focus on what you love — shipping code.
In this 201-level tutorial, we’ll walk through upgrading from the local MCP setup to GitHub’s managed endpoint. You’ll get OAuth authentication, automatic updates, and access to toolsets that open the door to richer AI workflows you simply can’t pull off with a bare‑bones local runtime.
You’ll also learn how to customize tool access with read-only modes, streamline your AI workflows with dynamic toolsets, and get ready for agent-to-agent collaboration using GitHub Copilot.
But first, why switch to our hosted server?
Running the open source MCP server locally works, but it carries hidden costs. Here’s what changes when you go remote:
| Local Docker server | Hosted MCP endpoint |
|---|---|
| Maintain a Docker image, upgrade manually | GitHub patches and upgrades automatically |
| Manage personal‑access tokens (PATs) | Sign in once with OAuth; scopes handled for you |
| Expose the server on localhost only | Reachable from any IDE or remote‑dev box |
| Full write access unless you customise the binary | Built-in read‑only switch and per‑toolset flags |
If you need an air‑gapped environment, stick with local. For most teams, the hosted server eliminates infrastructure work and lets you focus on automation. With that, let’s dive in.
A few things you need before you get started:
- GitHub Copilot or Copilot Enterprise seatVS Code 1.92+ (or another MCP‑capable client)Network access to
https://api.githubcopilot.comA test repository to experiment withStep 1: Install the remote MCP server
Setting up GitHub’s remote MCP server server is a breeze compared to local Docker-based installations. Hosted by GitHub, it eliminates the need for managing Docker containers or manually handling updates, offering a streamlined, cloud-native experience.
How to install the remote server on VS Code or VS Code Insiders:
- Open the command palette and run:
> GitHub MCP: Install Remote ServerComplete the OAuth flow to connect your GitHub account.Restart the server to finish setup.For any other client
Set the server URL to: https://api.githubcopilot.com/mcp/
Then authenticate when prompted.
Validate your connection with a quick check
curl -I https://api.githubcopilot.com/mcp/healthz# HTTP/1.1 200 OKIf you see 200 OK, you’re good to go.
Once installed, the remote server replaces the local one, and you’re ready to roll. That means no more Docker or tokens, just a simple integration.
Step 2: Configure access controls
Use read-only mode for safe exploration.
Working in a sensitive environment? Testing in production? Demoing to stakeholders? Flip the server to read-only mode:
{ "servers": { "github": { "type": "http", "url": "https://api.githubcopilot.com/mcp/", "mode": "read-only" } }}The agent can read issues, pull requests, and code but can’t push changes. Perfect for code reviews where you want context without risk.
Use case: Pull request viewer
Need to review pull requests without modifying anything? This setup gives you safe, read-only access — perfect for browsing changes, leaving comments, or gathering context without risk of altering code.
- Go to the GitHub MCP server repo.Navigate to the “Remote Server” section.Choose the pull request read-only variant.Click Install Read Only.
You’ll now see tools like listPullRequests, getPullRequest, and searchPullRequests, but no write access. And since these tools don’t make changes, VS Code skips the permission prompts for a seamless experience.
Step 3: Try it out with these three hands-on examples
Want to see how Copilot agent mode works in practice? These real-world examples show how the agent can handle everyday developer tasks — like managing pull requests, debugging workflows, and triaging security alerts — without needing local setup or manual digging. Just prompt and go.
Example 1: Add a CODEOWNERS file and open a pull request
- Open your repo ➜ Ask Copilot Agent.Prompt your agent:
"Add a CODEOWNERS file for /api/** assigning @backend-team, then open a draft pull request."The agent will:- Use
repos.create_file to add the CODEOWNERS file.Call pull_requests.open to create the pull request.Execute pull_requests.request_reviewers to assign reviewers.No local cloning, no manual file creation. Just prompt and ship.
Example 2: Debug a failed workflow
Prompt: “Why did the release.yml job fail last night?”
The agent pulls logs with actions.get_workflow_run_logs, analyzes the stack trace, and suggests fixes. It’s like having a senior engineer review your CI/CD failures.
Example 3: Triage security alerts
Prompt: “List critical Dependabot alerts across all my repos and create issues for each.”
The server returns alerts via dependabot.list_dependabot_alerts, then the agent creates focused issues only where needed.
Step 4: Troubleshooting tips with the GitHub remote MCP server
| Symptom | Likely cause | Fix |
|---|---|---|
| 401 Unauthorized on install | Left‑over GITHUB_TOKEN env var | Unset the var and rerun OAuth flow |
| Tools don’t appear | Corporate proxy blocks api.githubcopilot.com | Add proxy settings or allowlist the domain |
| Model times out | Large toolset enabled | Restrict to needed toolsets only |
Step 5: Streamline your workflow with dynamic toolsets
The full MCP server includes over 70 tools, and, while powerful, that can overwhelm both you and the AI model.
That’s where dynamic toolsets come in.
How it works:
- The LLM starts with just a few meta-tools:
listAvailableToolsets, enableToolset, and getToolsetToolsIt determines the task at hand (e.g. “work with pull requests”).It fetches and enables only the tools needed for that task.VS Code loads them automatically via tool change notifications.This keeps your interface (and your AI) focused and efficient.
Step 6: What’s next with security and agentic workflows
The GitHub MCP server is actively evolving. Here’s what’s coming next:
Secret scanning in MCP
Soon, the MCP server will detect and block AI-generated secrets, just like GitHub prevents you from pushing secrets in pull requests. You can override if needed, but the default protects your data, whether from a prompt injection or by accident.
Assign issues to Copilot
Direct integration with Copilot’s coding agent means you’ll be able to:
- Assign issues directly to Copilot.Trigger completions from VS Code.Watch as agent-to-agent workflows unfold across tools.
The future is agents collaborating with agents, and GitHub MCP is the foundation.
Want to contribute?
The GitHub MCP project is fully open source and growing fast.
📌 Explore the repo: See how tools are built and contribute your own.
📌 File issues: Help shape the protocol and tooling.
📌 Join discussions: Connect with other builders on GitHub and Discord.
Whether you’re building tools, providing feedback, or exploring AI-powered development, there’s a place for you in the MCP ecosystem.
Ready to Ship?
The GitHub remote MCP server removes infrastructure overhead so you can focus on building better automations. No more Docker babysitting, no more token rotation, just OAuth once and start shipping.
Remember: the best infrastructure is the infrastructure you don’t have to manage.
Read the full documentation to get started, or dive into the examples above and start experimenting today.
The post A practical guide on how to use the GitHub MCP server appeared first on The GitHub Blog.
