Connect Any IDE to GitHub MCP Server Through AgentGateway
Introduction
Modern AI-powered IDEs and coding agents ship with built-in MCP client support. That means you can connect them to GitHub’s remote MCP server to give your AI assistant direct access to issues, pull requests, code search, and repository management.
But connecting directly to GitHub means no visibility into what tools are being called, no rate limiting, and no centralized credential management. Every developer has their own PAT, every tool call goes straight to GitHub ungoverned.
This guide shows you how to route MCP traffic from any IDE β Cursor, VS Code, Windsurf, Claude Code, or OpenCode β to GitHub’s remote MCP server through Solo AgentGateway. You deploy the gateway once, and every IDE on your team connects through it.
What You Get
- One gateway, every IDE: Deploy AgentGateway once, connect all your tools
- Centralized credentials: GitHub PAT lives in a Kubernetes secret, not on every developer laptop
- Rate limiting: Control tool call volume per IDE or per user
- Observability: OpenTelemetry traces for every MCP interaction
- No self-hosted MCP server: GitHub hosts the MCP server at
api.githubcopilot.comβ you just proxy
Architecture
ββββββββββββββββ
β VS Code ββββ
ββββββββββββββββ€ β
β Cursor ββββ€
ββββββββββββββββ€ β ββββββββββββββββββββ ββββββββββββββββββββββββββββ
β Windsurf ββββΌββMCPβββΆβ AgentGateway βββMCPβββΆβ api.githubcopilot.com β
ββββββββββββββββ€ β β (K8s proxy) β β (GitHub Remote MCP) β
β Claude Code ββββ€ ββββββββββββββββββββ ββββββββββββββββββββββββββββ
ββββββββββββββββ€ β β Auth
β OpenCode ββββ β Rate limiting
ββββββββββββββββ β OTLP traces
Prerequisites
- Docker installed and running
- kind installed
kubectlandhelminstalled- A GitHub Personal Access Token (PAT)
- At least one of: Cursor, VS Code (with Copilot), Windsurf, Claude Code, or OpenCode
Step 1: Create a Kind Cluster
kind create cluster --name agentgateway
Verify it’s running:
kubectl get nodes
Step 2: Install AgentGateway
Deploy the Kubernetes Gateway API CRDs:
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.0/standard-install.yaml
Install the AgentGateway CRDs and control plane:
helm upgrade -i --create-namespace \
--namespace agentgateway-system \
--version v2.2.1 \
agentgateway-crds oci://ghcr.io/kgateway-dev/charts/agentgateway-crds
helm upgrade -i -n agentgateway-system \
agentgateway oci://ghcr.io/kgateway-dev/charts/agentgateway \
--version v2.2.1
Verify the control plane is running:
kubectl get pods -n agentgateway-system
Step 3: Create an AgentGateway Proxy
kubectl apply -f- <<EOF
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: agentgateway-proxy
namespace: agentgateway-system
spec:
gatewayClassName: agentgateway
listeners:
- name: http
port: 80
protocol: HTTP
EOF
Wait for the proxy pod to be ready:
kubectl rollout status deploy/agentgateway-proxy -n agentgateway-system
Step 4: Configure the GitHub Remote MCP Backend
GitHub hosts a remote MCP server at https://api.githubcopilot.com/mcp/. We point AgentGateway at it instead of deploying our own.
Create a secret with your GitHub PAT:
kubectl create secret generic github-mcp-secret \
-n agentgateway-system \
--from-literal=Authorization="Bearer ghp_your_token_here"
Create the backend:
kubectl apply -f- <<EOF
apiVersion: agentgateway.dev/v1alpha1
kind: AgentgatewayBackend
metadata:
name: github-mcp-backend
namespace: agentgateway-system
spec:
mcp:
targets:
- name: mcp-target
static:
host: api.githubcopilot.com
port: 443
path: /mcp/
policies:
auth:
secretRef:
name: github-mcp-secret
tls:
sni: api.githubcopilot.com
EOF
Key details:
path: /mcp/β GitHub’s MCP endpointtls.sniβ required for HTTPS on port 443auth.secretRefβ injects theAuthorization: Bearer <PAT>header automatically
Step 5: Create the HTTPRoute
kubectl apply -f- <<EOF
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: github-mcp
namespace: agentgateway-system
spec:
parentRefs:
- name: agentgateway-proxy
namespace: agentgateway-system
rules:
- matches:
- path:
type: PathPrefix
value: /github
backendRefs:
- name: github-mcp-backend
group: agentgateway.dev
kind: AgentgatewayBackend
EOF
Step 6: Port-Forward
Expose the gateway locally:
kubectl port-forward -n agentgateway-system deployment/agentgateway-proxy 8080:80
Leave this running. All IDE configs below use http://localhost:8080.
IDE Configuration
Each IDE has its own MCP config format. Pick yours below β or configure all of them to use the same gateway endpoint.
Cursor
Create or edit ~/.cursor/mcp.json (global) or .cursor/mcp.json (per-project):
{
"mcpServers": {
"github": {
"url": "http://localhost:8080/github/mcp"
}
}
}
Restart Cursor β Settings β MCP β verify GitHub tools appear.
VS Code (with GitHub Copilot)
Add to your VS Code settings.json (Cmd/Ctrl + , β search “mcp”):
{
"github.copilot.chat.mcp.servers": {
"github": {
"url": "http://localhost:8080/github/mcp"
}
}
}
Or for workspace-specific config, add to .vscode/settings.json.
Reload VS Code (Cmd/Ctrl + Shift + P β “Developer: Reload Window”) β open Copilot Chat β tools should list GitHub MCP tools.
Windsurf
Create or edit ~/.windsurf/mcp.json (global) or .windsurf/mcp.json (per-project):
{
"mcpServers": {
"github": {
"url": "http://localhost:8080/github/mcp"
}
}
}
Restart Windsurf β verify connection in MCP settings.
Claude Code
Add via CLI:
claude mcp add github --transport sse http://localhost:8080/github/mcp
Or add to your project’s .mcp.json:
{
"mcpServers": {
"github": {
"type": "sse",
"url": "http://localhost:8080/github/mcp"
}
}
}
OpenCode
Add to your opencode.json config:
{
"mcp": {
"servers": {
"github": {
"type": "sse",
"url": "http://localhost:8080/github/mcp"
}
}
}
}
Step 7: Test It
Open your IDE’s AI chat and try:
- “List open issues in my repo”
- “Create a new branch called feature/test”
- “Search for files referencing AgentGateway”
Every tool call flows through AgentGateway regardless of which IDE you’re using. The gateway handles auth, logs the interaction, and forwards to GitHub.
Verifying Traffic
Check proxy logs:
kubectl logs -n agentgateway-system deploy/agentgateway-proxy --tail=20
You should see MCP connection events and tool call forwards to api.githubcopilot.com.
IDE Comparison
| IDE | Config File | Transport | Auth Headers |
|---|---|---|---|
| Cursor | ~/.cursor/mcp.json | streamable-http | β supported |
| VS Code | settings.json | streamable-http | β supported |
| Windsurf | ~/.windsurf/mcp.json | streamable-http | β supported |
| Claude Code | .mcp.json or CLI | SSE | β supported |
| OpenCode | opencode.json | SSE | β supported |
Note: All IDEs connect to the same
http://localhost:8080/github/mcpendpoint. The gateway doesn’t care which client is calling β it applies the same auth, rate limiting, and observability to all of them.
What’s Next
- Add more MCP servers: Slack, Notion, Jira β all behind the same gateway, same endpoint pattern
- Security policies: JWT auth, prompt guards, tool-level RBAC with
AgentgatewayPolicy - Team rollout: Share the gateway endpoint with your team β one PAT, centrally managed, no credentials on laptops
- Per-IDE rate limiting: Different limits for different tools or users
Cleanup
kubectl delete httproute github-mcp -n agentgateway-system
kubectl delete agentgatewaybackend github-mcp-backend -n agentgateway-system
kubectl delete secret github-mcp-secret -n agentgateway-system
kind delete cluster --name agentgateway
Conclusion
Every AI-powered IDE now speaks MCP. But connecting each one directly to backend servers means fragmented credentials, zero visibility, and no governance. AgentGateway gives you a single control point β deploy it once, connect every IDE on your team, and get auth, rate limiting, and observability on every tool call.
One gateway. Every IDE. Full visibility.