Skip to content

All MCP servers blocked by policy when GHE returns 404 on /copilot/mcp_registry #2498

Open
Bug
Open
All MCP servers blocked by policy when GHE returns 404 on /copilot/mcp_registry#2498
Bug
Labels
triage
@grantborthwick

Description

@grantborthwick
grantborthwick
opened on Apr 3, 2026

Describe the bug

On GitHub Enterprise (microsoft.ghe.com) with an Enterprise Copilot plan, all non-default MCP servers are blocked at startup with "19 MCP serverswere blocked by policy". The GHE instance returns HTTP 404 for GET /copilot/mcp_registry because it doesn't support the MCP registry API yet. The CLI treats this 404 as a policy fetch error and blocks all servers, rather than treating it as "no registries configured" (which should allow all).

The pLn() function in app.js throws on 404, and the NEe() catch block returns yEe([]) (empty registry = block all). A 404 should instead return { mcp_registries: [] } so it flows into the o.length === 0 path which uses the Wgn allow-all filter.

Log evidence:
[ERROR] Request to MCP registry policy at https://api.microsoft.ghe.com/copilot/mcp_registry failed with status 404 (request ID:
E1B4:18EBE6:19AB3B:B4DE37:69CEDD72)

Affected version

GitHub Copilot CLI 1.0.17

Steps to reproduce the behavior

  1. Be on a GHE instance where GET /copilot/mcp_registry returns 404 (e.g., microsoft.ghe.com)
  2. Have an Enterprise Copilot plan (copilot_plan: enterprise)
  3. Configure any MCP servers in .vscode/mcp.json or agency.toml
  4. Run copilot
  5. See warning: "19 MCP servers were blocked by policy: ..."
  6. Only the built-in github-mcp-server loads

Expected behavior

When /copilot/mcp_registry returns 404, the CLI should treat it as "no registries configured" and allow all MCP servers (same as the no_registries outcome path). The 404 means the feature isn't available on this GHE version, not that servers should be blocked

Additional context

  • Operating system: Windows 11, x86_64
  • Terminal emulator: Windows Terminal
  • Shell: PowerShell
  • Copilot plan: enterprise (access_type_sku: copilot_enterprise_seat_quota)
  • is_mcp_enabled: true
  • Proposed fix: In pLn(), add if (a.status === 404) return { mcp_registries: [] }; before the throw
  • This affects all Enterprise plan users on GHE instances without the MCP registry API

Metadata

Metadata

Assignees

No one assigned

    Labels

    triage

    Type

    Bug

    Fields

    No fields configured for Bug.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions