Support Enterprise MCP Policies #599
Description
Describe the feature or problem you'd like to solve
Some enterprise users require that MCP policies and the MCP allowlist are enforced before a tool can be enabled for an organization.
Proposed solution
Hi, my colleagues and I would love to use copilot-cli, but we’re currently unable to because, to my knowledge, copilot-cli does not respect MCP allowlist policies.
It’s possible this has changed since the following document was released: https://docs.github.com/en/copilot/how-tos/administer-copilot/configure-mcp-server-access#support-for-mcp-policies. As of now, my understanding is that this feature is not supported.
Respecting the allow list would enforce the minimum level of security our organization needs to ensure only trusted tools are used by agents. This is critical for minimizing potential risks to development environments, internal tooling, and other sensitive systems.
Example prompts or workflows
No response
Additional context
No response