! 1 MCP server was blocked by policy: #2486
Description
Describe the bug
I'm on a personal pro+ account. Been using this MCP for weeks now but got this today. Tried --yolo tried /mcp enable edit: This is working but only through a hack that is not a long term solution, please don't close this post until someone from Github replies.
Tried this:
Root cause: A recent Copilot CLI update (v1.0.11) started enforcing GitHub's MCP registry policy. It calls
https://api.github.com/copilot/mcp_registry — which returns 404 for your account because that endpoint isn't fully
rolled out yet. When that fetch fails, the CLI defensively blocks all custom MCP servers.
Fix: Set COPILOT_EXP_COPILOT_CLI_MCP_ALLOWLIST=false as a permanent user environment variable. This disables the MCP
allowlist feature flag, restoring the old behaviour where all custom servers are allowed.
You need to restart Copilot CLI for this to take effect (the env var is now set permanently for your Windows user
account). Once you relaunch, xxxxxx-devtools should connect normally.
No dice. Tried /mcp enable
Tried this also but no luck:
Downgraded to v1.0.10. Now you need to fully close and reopen your terminal again, then launch Copilot — the MCP
should connect without the policy block.
Here's the summary of what happened:
- v1.0.11 introduced enforcement of GitHub's MCP registry policy
- For personal accounts, the mcp_registry API endpoint doesn't exist yet (returns 404)
- When it gets a 404, the new code defensively blocks ALL custom MCPs — that's a bug
- v1.0.10 predates this enforcement and will allow your cascade-devtools MCP to run normally
You should also consider filing a bug report with GitHub — this is clearly broken for personal accounts since the
registry API they're checking against doesn't exist for them yet.
Tried another thing that didn't work:
Here's what we found and fixed:
- The npm package is irrelevant — the native binary (copilot.exe) is a self-updating launcher that downloads its actual
code to %LOCALAPPDATA%\copilot\pkg\win32-x64\1.0.14\app.js - That's the real code that was blocking MCPs when the mcp_registry API returned 404
- We patched it to allow all MCPs instead of blocking them when the policy fetch fails
You'll know this happened if you see the block again after a copilot update. We can re-apply the patch when needed.
This finally fixed it but not a great long term solution
Patch is in the right file this time. The real cache is C:\Users\xxxxxx.copilot\pkg\universal\1.0.15\app.js — not the
AppData\Local path we were patching before.
Restart Copilot CLI — close this session, open a new terminal, launch copilot fresh. cascade-devtools should connect
now.
Also, if it ever blocks again after an auto-update, the file to patch will be
C:\Users\xxxxxxx.copilot\pkg\universal{new-version}\app.js — same one-line change.
Affected version
GitHub Copilot CLI 1.0.15.
Steps to reproduce the behavior
Try to launch copilot cli with a personal mcp server setup properly that has been working for weeks.
Expected behavior
That the mcp server that was working fine before would continue working fine
Additional context
I posted this to the githubcopilot subreddit too https://www.reddit.com/r/GithubCopilot/comments/1salre3/comment/odwnvl4/