Custom MCP servers are blocked by policy when MCP registry policy fetch returns 404 #2481
Description
Describe the bug
Copilot CLI blocks all custom/non-default MCP servers with the message:
"X MCP servers were blocked by policy: 'fetch', 'cloudflare',... " (X being the number of affected mcp servers).
This happens even though I am using a personal paid Copilot Plus account, not an organization or enterprise-managed account.
After checking the local Copilot logs, the actual error appears to be:
"Failed to fetch MCP registry policy: 404. Non-default MCP servers will be blocked until the policy can be fetched."
So the user-configured MCP servers are being detected correctly, but they are blocked because the CLI/backend policy fetch fails.
Affected version
GitHub Copilot CLI 1.0.15 experimental: on
Steps to reproduce the behavior
- Configure custom MCP servers in ~/.copilot/mcp-config.json
- Start Copilot CLI
- Observe the startup message that custom MCP servers are blocked by policy
- Run /logout, /login, and /restart
- Start a new session again
- Observe the same message again
- Restarted the device
- Followed the steps from the start again
- Observer the same message again
Relevant log output:
[ERROR] Request to MCP registry policy at https://api.github.com/copilot/mcp_registry failed with status 404
[WARNING] Failed to fetch MCP registry policy: GitHubApiError: Failed to fetch MCP registry policy: 404 . Non-default MCP servers will be blocked until the policy can be fetched.
Expected behavior
Custom MCP servers configured in ~/.copilot/mcp-config.json should load normally for a personal Copilot Plus account, or at minimum the CLI should not permanently block all non-default MCP servers because the MCP registry policy endpoint returns 404.
If the registry/policy service is unavailable, the CLI should provide a clearer error and a recovery path.
Additional context
-
Environment
- OS: Ubuntu 24.04.4 LTS (Noble Numbat)
- Kernel: Linux 6.17.0-19-generic
- Architecture: x86_64
- Desktop session: ubuntu:GNOME
- Session type: X11
- Shell: /bin/bash
- Terminal environment: TERM=xterm-color
-
Local Copilot setup
- User-level MCP configuration is stored in ~/.copilot/mcp-config.json
- There is also a ~/.copilot/mcp.json file present locally with the same MCP definitions
- The MCPs are user-defined/local custom servers, not repository-managed or org-managed configuration
-
Scope of the failure
- The affected servers are a mixed set of local/custom MCP integrations (filesystem, PostgreSQL, fetch, Cloudflare, Playwright, docs/context, sequential reasoning, memory)
- All custom servers are blocked together, which makes this look like a global gating/policy-resolution failure rather than a per-server startup or handshake failure
- The behavior happens before the custom MCPs appear usable, so the block seems to occur during policy/registry evaluation rather than during individual server execution
-
Diagnostic evidence
- Local logs in ~/.copilot/logs consistently show requests to the MCP registry policy endpoint failing with HTTP 404
- The failing endpoint in the logs is:
https://api.github.com/copilot/mcp_registry - The corresponding warning indicates that non-default MCP servers are blocked when that policy cannot be fetched
- This suggests a fail-closed behavior path: registry/policy fetch failure causes all user-configured non-default MCP servers to be disabled
-
Why this seems important
- This is happening on a personal/local Linux environment with user-level MCP configuration
- The issue disables the entire custom MCP toolchain in one shot, including local project access, database access, browser automation, and auxiliary tooling
- From the outside, it looks less like an invalid MCP config problem and more like a CLI/backend policy lookup dependency that is failing and then blocking all custom MCPs as a fallback
-
If helpful, I can provide
- sanitized copies of ~/.copilot/mcp-config.json and ~/.copilot/mcp.json
- the exact blocked server names
- the exact timestamps and surrounding log lines from ~/.copilot/logs