Why GitHub Scores 67 for Agent Readiness (And What It Gets Wrong)
GitHub is the reason half the top 25 on our leaderboard exists. Every company in the Silver tier was built on it. And yet GitHub itself scored 67 — Silver, not Gold. Eight points shy of the only company that broke Gold. Here is every dimension, what GitHub wins, what it loses, and the four changes that push it to 78.
The Setup
AgentHermes scanned 500 businesses against a 9-dimension Agent Readiness Score. The average was 43/100. The top cluster — Resend 75, Agora 72, Vercel 70, Statuspage 70, Supabase 69, TikTok 69, Stripe 68, Slack 68, Craft 68, GitHub 67 — is dominated by developer infrastructure. GitHub sits tenth.
GitHub has a full REST API, a full GraphQL API, an OpenAPI 3.0 spec, OAuth 2.0 with PKCE, an official MCP server, a status page with component-level history, and a documented SLA. That is more agent-ready surface area than any other company on the list. So why isn't it Gold?
Because the model rewards breadth, not just depth. A single Gold tier company — Resend — scored 75 by nailing all 9 dimensions including D4 Pricing and D5 Payment. GitHub is exceptional on 6 of the 9 and middling on 3. The weighted average lands at 67.
Dimension-by-Dimension Breakdown
Each dimension uses the v4 scoring model. Weights sum to 93% of the headline score; the remaining 7% is the Agent-Native bonus.
D1 Discoverability (12%)
SilverWins: DNS, HTTPS, sitemap, robots.txt unblocked for GPTBot, structured OG tags
Losses: No agent-card.json at /.well-known/. No llms.txt at the root. MCP endpoint not auto-discoverable from domain alone.
D2 API Quality (15%)
Near-perfectWins: REST API, GraphQL API, OpenAPI 3.0 spec published at docs.github.com/rest. Cursor pagination. Consistent response envelopes. Request IDs on every call.
Losses: GraphQL schema depth is high — some agents struggle with the branching. Rate-limit error shape differs slightly between REST and GraphQL.
D3 Onboarding (8%)
SilverWins: Self-service signup. Fine-grained PATs with scoped permissions. Free tier for individuals. OAuth apps with programmatic creation.
Losses: Enterprise onboarding requires sales contact. No sandbox environment — agents test against production, which makes destructive operations risky for new developers.
D4 Pricing (5%)
PartialWins: Individual, Team, and Enterprise tiers published with per-seat pricing. Copilot add-on priced transparently.
Losses: Enterprise Cloud and GHAS pricing require contact. No JSON-LD Offer schema on pricing pages. Advanced Security pricing hidden.
D5 Payment Processing (8%)
WeakWins: Marketplace apps can collect payment through GitHub billing.
Losses: No public self-service API for upgrading or downgrading a seat programmatically. An agent cannot bump a user's plan without a human hitting the dashboard. No webhook for billing events on personal accounts.
D6 Data Quality (10%)
SilverWins: JSON responses across the board. Consistent error codes. ETags for caching. Schema.org Organization markup on the main site.
Losses: A few public endpoints (raw.githubusercontent.com, some pages routes) still return HTML errors on failure rather than a JSON envelope. AGENTS.md is not published at the domain root.
D7 Security (12%)
StrongWins: OAuth 2.0 with PKCE. Fine-grained personal access tokens. SAML SSO for Enterprise. TLS 1.3. HSTS preloaded. Every scope documented.
Losses: None significant. D7 is effectively maxed. The one knock is that PAT creation flow is still human-only — an agent cannot self-provision credentials without a human authorizing first.
D8 Reliability (13%)
SilverWins: status.github.com with component-level history. Published SLA for Enterprise. Uptime well above 99.9%. Public incident post-mortems.
Losses: Rate limits are tight for unauthenticated traffic (60/hour). Agents without credentials get throttled fast.
D9 Agent Experience (10%)
MiddlingWins: Request IDs via X-GitHub-Request-Id. Rate-limit headers. Idempotency on some write endpoints. Cursor pagination.
Losses: Inconsistent idempotency across endpoints. Some errors surface as HTML via 404 on pages routes. Official MCP exists but is not linked from an agent card.
The Three Real Gaps
Strip out the dimensions where GitHub already dominates and three weaknesses are left.
D5 Payment Processing. GitHub's billing lives behind a human-only dashboard for personal and team accounts. An agent cannot upgrade a seat, cancel a subscription, or swap a payment method without a human. There is no equivalent of Stripe's POST /v1/subscriptions for a GitHub plan change. D5 costs GitHub about 5 points against the best dev-infra peers.
D4 Pricing Transparency.Enterprise Cloud, GHAS, and some Copilot tiers are “contact us” pricing. No machine-readable JSON-LD Offer schema on the pricing pages. The scanner marks this partial — full credit requires structured pricing markup plus programmatic retrieval.
D9 Agent Experience. GitHub has a real MCP server. It is just not advertised via an agent-card.json at the domain root. A scanner that only looks at github.com cannot find it. This is fixable in a single PR — add /.well-known/agent-card.json pointing at the MCP endpoint. The same PR should add llms.txt for D1 Discovery credit.
What Would Push GitHub to Gold
Publish agent-card.json
Single JSON file at /.well-known/agent-card.json. Points at the existing MCP server and A2A skills. +3 to D1, +2 to D9.
Ship llms.txt at the root
Index of docs, API references, and policies in markdown. +1 to D1, +1 to D6. AgentHermes auto-generates this from a business profile.
Convert remaining HTML errors to JSON
raw.githubusercontent.com and pages routes. +2 to D6, +1 to D9.
Publish machine-readable enterprise pricing
JSON-LD Offer schema on every pricing page, not just a contact form. +3 to D4.
Conservative math: 67 + 11 = 78. That clears the Gold threshold of 75. A more aggressive change — adding x402 support for agent-native per-call billing — would lift D5 another 4-6 points and push the score into Platinum territory.
Why This Matters for the Other 499 Businesses
GitHub is 8 points from Gold. The median business is 35 points from Silver. GitHub's gaps are the expensive ones to fix — payment APIs and pricing schema require org-wide coordination. The median business's gaps are the cheap ones — a missing llms.txt, no OpenAPI spec, an HTML 404 page.
That is the lesson from this breakdown. If GitHub can sit at 67 with a full OpenAPI and an MCP server, a business at 20 is not one investment away from Silver. It is ten quick fixes away. The order matters — start with the improve-score playbook and ship the easy wins first.
The universal pattern:Almost every company in the top 25 — Vercel, Supabase, Stripe, GitHub, Make, Mintlify, MongoDB — sits in the 60-70 range. The 75+ tier is empty except Resend. The difference between “good at agent readiness” and “best in class” is 5 to 10 specific fixes, not a rebuild.
Frequently Asked Questions
How did AgentHermes calculate GitHub's 67 score?
Every domain runs through the v4 Agent Readiness Score model: 9 dimensions weighted by agent impact, with auth-aware scoring for 401 responses and hard caps for no-TLS or no-endpoints failures. GitHub scores come from the live scan of github.com and api.github.com against the same scoring profile used for the other 499 businesses.
Why is GitHub Silver and not Gold?
Gold requires a 75+. GitHub sits at 67 because of three gaps: no public agent-card.json at the domain root, partial pricing transparency (enterprise pricing is quote-only), and a handful of endpoints that return HTML error pages to unauthenticated agents instead of structured JSON. Each of those is a 2-4 point fix.
Does GitHub have an MCP server?
Yes, the official GitHub MCP server ships from github/github-mcp-server. That is one of the reasons GitHub scores higher than almost every other dev platform. MCP raises the Agent-Native bonus and helps D9 Agent Experience. The gap is that the MCP endpoint is not advertised in an agent-card.json at github.com, so the scanner cannot auto-discover it from the domain alone.
How does GitHub compare to Stripe, Vercel, and Supabase?
GitHub 67, Stripe 68, Vercel 70, Supabase 69. All four cluster within 3 points, and all four are Silver. GitHub trails Vercel primarily on D9 Agent Experience, where Vercel returns cleaner error envelopes and ships a more complete OpenAPI. GitHub beats Stripe on D8 Reliability thanks to status.github.com's deep component-level status model.
What would push GitHub to Gold or Platinum?
Four changes. First, publish /.well-known/agent-card.json that points at the existing MCP server and A2A skills. Second, ship llms.txt at the root. Third, convert remaining HTML error responses on public endpoints to JSON. Fourth, publish machine-readable enterprise pricing (not just a contact form). Conservatively those lift GitHub to 78 — Gold. Add x402 support for per-call billing and the score breaks 85 — Platinum territory.
See how your domain compares to GitHub
GitHub scores 67 with a full OpenAPI and MCP server. Most domains score below 40. Where do you land, and what are the quick wins?