Add Streamable HTTP mode.

[omgitsads]

Summary

Adds support for Streamable HTTP mode.

Why

Addresses https://github.com/github/copilot-mcp-core/issues/1125.

What changed

• Adds a http subcommand to the core binary.
• Moves Param methods into their own file
• Extract inventory creation out to a factory method, so that we can provide our own implementation in our remote server
• Extract server creation to a factory method, so that we can provide our own implementation in remote.
• Consolidate MCP Server creation in the github package, to be used by both STDIO and HTTP mode.
• Decoupled Inventory & Dependency creation from MCP Server creation, to allow custom implementations
• Moved API URL building out to the utils package
• GetRepoAccessCache and GetFlags methods on ToolDependencies now require a context.Context.
• Implemented a request based dependency
• Added Scope Challenge middleware for progressive token scope escalation.

MCP impact

• No tool or API changes
• Tool schema or behavior changed
• New tool added

Tool changes are limited to new ToolDependencies interface changes.

Security / limits

• No security or limits impact
• Auth / permissions considered
• Data exposure, filtering, or token/size limits considered

This is mostly porting across our existing Remote HTTP implementation.

Tool renaming

• I am renaming tools as part of this PR (e.g. a part of a consolidation effort)
  • I have added the new tool aliases in deprecated_tool_aliases.go
• I am not renaming tools as part of this PR

Note: if you're renaming tools, you must add the tool aliases. For more information on how to do so, please refer to the official docs.

Lint & tests

• Linted locally with ./script/lint
• Tested locally with ./script/test

Docs

• Not needed
• Updated (README / docs / examples)

[SamMorrowDrums]

Looks like this is going really, a couple of questions/comments/clarifications for now. Let me know if any specific things I should look deeper at sooner rather than later.

[Copilot]

Pull request overview

This PR adds support for Streamable HTTP mode to the GitHub MCP Server, enabling HTTP-based MCP requests in addition to the existing stdio mode. The changes include significant refactoring to support request-scoped dependencies and OAuth scope challenges.

Changes:

• Adds http subcommand with HTTP server implementation supporting various path patterns
• Refactors server/inventory creation into factory methods for reusability
• Introduces RequestDeps for per-request dependency injection with lazy client initialization
• Implements OAuth scope challenge middleware and token parsing utilities
• Extracts parameter handling methods into dedicated params.go file

Reviewed changes

Copilot reviewed 47 out of 48 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
pkg/http/server.go	HTTP server setup with OAuth and middleware registration
pkg/http/handler.go	Request handler with inventory filtering and MCP server creation
pkg/http/middleware/*.go	Token extraction, request config parsing, MCP parsing, and scope challenge
pkg/http/oauth/oauth.go	RFC 9728 OAuth protected resource metadata implementation
pkg/context/*.go	Context utilities for token info, request config, and MCP method info
pkg/utils/*.go	Token parsing and API host resolution utilities
pkg/github/server.go	Refactored to extract NewMCPServer with configurable dependencies
pkg/github/dependencies.go	New RequestDeps for per-request lazy client initialization
pkg/github/params.go	Extracted parameter parsing functions from server.go
pkg/scopes/*.go	Updated scope fetcher to use APIHostResolver interface
cmd/github-mcp-server/main.go	Added http subcommand with flags