Guide · IDE Integration
MCP server with GitHub Copilot
GitHub Copilot's agent mode supports MCP tool calls — the Copilot Chat extension in VS Code connects to MCP servers configured in .vscode/mcp.json or user settings, presents the tools in the agent mode picker, and invokes them during chat sessions. This guide covers everything you need to get your MCP server working with Copilot: the configuration format, the tool approval security model, which Copilot subscription plans include MCP access, token budget considerations, enterprise policy controls, and monitoring strategies for MCP servers that Copilot workflows depend on.
TL;DR
Add your MCP server to .vscode/mcp.json under the servers key. In VS Code settings, ensure "github.copilot.chat.agent.runTasks": true is set. Open Copilot Chat, switch to Agent mode (the agent-mode toggle at the top of the chat panel), and click the tools button — your MCP server's tools appear in the list. GitHub Copilot requires a paid subscription (Copilot Individual, Business, or Enterprise) to use MCP tools in agent mode. Add AliveMCP monitoring so you catch server outages before developers notice Copilot ignoring your tools.
Agent mode vs Copilot Chat: what's different
GitHub Copilot Chat has two modes — Chat mode (default) and Agent mode. MCP tools are only available in agent mode:
| Feature | Chat mode | Agent mode |
|---|---|---|
| MCP tool calls | No | Yes |
| Built-in tools (file read, terminal) | No | Yes |
| Multi-step autonomous actions | No | Yes |
| Code completion suggestions | Yes | Yes |
| Context from selected code | Yes | Yes |
| Available since | Copilot launch (2023) | VS Code 1.99 + Copilot extension update (2025) |
Switch to agent mode using the mode toggle at the top of the Copilot Chat panel. In agent mode, Copilot has access to the tool registry built from all connected MCP servers plus VS Code's built-in tools (read file, run terminal command, create/edit file). The LLM chooses which tools to call based on your prompt — you do not explicitly invoke tools by name.
Configuring MCP servers for GitHub Copilot
GitHub Copilot uses VS Code's MCP discovery mechanism, which reads from .vscode/mcp.json at the workspace level and from the user-level settings.json at the mcp.servers key. The format is identical regardless of whether Copilot or another MCP client reads it:
// .vscode/mcp.json — shared with team via git
{
"inputs": [
{
"id": "api-token",
"type": "promptString",
"description": "API token for the project MCP server",
"password": true
}
],
"servers": {
"project-tools": {
"type": "http",
"url": "https://mcp.myproject.example.com/mcp",
"headers": {
"Authorization": "Bearer ${input:api-token}"
}
},
"code-search": {
"type": "stdio",
"command": "npx",
"args": ["-y", "@myorg/code-search-mcp"]
}
}
}For Copilot-specific configuration, you may want to restrict which tools Copilot can invoke. This is controlled by the tool approval mechanism (see below) rather than by filtering in the server configuration — all tools from a connected server are presented to Copilot regardless of the configuration. To expose only a subset of tools, implement filtering in your MCP server itself by returning only the intended tools from tools/list.
Tool approval workflow
Before Copilot executes any MCP tool call, VS Code shows an approval prompt displaying the tool name, description, and the exact arguments Copilot intends to pass. The developer must explicitly approve or block each call. This is a security boundary — it prevents Copilot from silently taking destructive actions via MCP tools.
The approval prompt shows:
- Tool name (e.g.,
delete_issue) - Description from the tool's
descriptionfield - Arguments as formatted JSON — the developer can inspect exactly what will be sent
- Three options: Allow (once), Always Allow (for this session), Block
VS Code also reads MCP tool annotations to color-code the approval prompt:
| Annotation | Value | Prompt styling |
|---|---|---|
readOnlyHint | true | Green indicator — read-only tool, lower risk |
destructiveHint | true | Red indicator — destructive tool, explicit warning shown |
idempotentHint | true | No special styling, but agent may retry automatically |
openWorldHint | true | Network access indicator shown |
Always set readOnlyHint: true on tools that only read data — it gives Copilot users confidence in the tool and reduces friction on frequently-invoked read operations. Set destructiveHint: true on tools that delete records, send emails, or make irreversible changes — the warning prompt reduces the chance of accidental destructive invocations.
Copilot subscription plan requirements
MCP tool calls in agent mode require a paid GitHub Copilot subscription. The free Copilot tier (available to verified students and some open-source contributors) does not include agent mode at all:
| Plan | Agent mode | MCP tools | Enterprise MCP policy |
|---|---|---|---|
| Copilot Free (GitHub Education / Open Source) | No | No | No |
| Copilot Individual ($10/mo) | Yes | Yes | No |
| Copilot Business ($19/user/mo) | Yes | Yes | Via organization policy |
| Copilot Enterprise ($39/user/mo) | Yes | Yes | Full enterprise controls |
For organizations on Copilot Business or Enterprise, GitHub admins can set MCP-related policies in the organization settings under Copilot → Policies → Agent features. These policies control whether members can configure arbitrary MCP servers or only organization-approved servers.
Token budget impact of large tool schemas
Every tool registered in the Copilot agent mode session is serialized into the system prompt as a JSON schema — the LLM needs to read it to decide which tool to call. Large tool schemas increase token consumption on every Copilot Chat message in agent mode, even messages that don't result in tool calls.
Rule of thumb: each tool with a moderately complex schema consumes 200–800 tokens. A server registering 20 tools with detailed schemas adds 4,000–16,000 tokens to every agent mode context. With GPT-4o's context window, this is manageable; with models that have smaller effective context windows, it degrades response quality on long coding sessions.
Strategies to reduce token overhead:
| Strategy | Implementation | Trade-off |
|---|---|---|
| Minimize tool descriptions | Keep description to 1–2 sentences; move lengthy documentation to a linked resource | Copilot may select tools less accurately on ambiguous prompts |
Use additionalProperties: false in schemas | Prevents Copilot from hallucinating extra fields; also reduces ambiguity tokens | Breaks callers that pass extra fields — enforce this only on new tools |
| Register only tools needed for the workspace | Return a filtered tool list from tools/list based on a workspace identifier in the initialize request | Requires workspace-aware server logic |
| Split into multiple MCP servers | One server per domain (file tools, API tools, database tools); developers enable only the servers they need for their current task | More deployment units to maintain and monitor |
Monitoring MCP servers used in Copilot workflows
Copilot agent mode fails silently when an MCP server is unavailable. If your server goes down mid-session, Copilot does not display an error — it simply stops offering your tools in the agent mode picker, or shows "Tool unavailable" when it tries to invoke a cached tool. Developers typically interpret this as a Copilot bug rather than a server outage, which means you may not receive a report until hours later.
The monitoring gap is compounded by Copilot's architecture: tool availability is checked at session start, not before each tool call. A server that goes down after the session begins may still appear in the tool picker — Copilot only discovers it's unavailable when it tries to make the tool call and the server returns an error or times out.
AliveMCP probes your server every 60 seconds with a full initialize + tools/list cycle, alerting you the moment the protocol handshake fails. Add your MCP server URL to AliveMCP monitoring as part of the server's CI/CD deployment pipeline — wire the alert to your team's Slack channel so outages get addressed before the next stand-up.
Frequently asked questions
Does GitHub Copilot send my MCP server's tool results to GitHub's servers?
Yes. When Copilot invokes an MCP tool, the tool's result is included in the subsequent LLM request that Copilot sends to its backend. This means tool results pass through GitHub's Copilot infrastructure (and the underlying LLM provider). For tools that return sensitive data (credentials, PII, internal business data), treat the tool result as potentially visible to GitHub/Microsoft under their data usage policies. Review the GitHub Copilot for Business data protection commitments before connecting tools that return sensitive data.
Can I prevent certain MCP tools from appearing in Copilot while keeping them for other clients?
The simplest approach is to run two separate MCP server instances: one for Copilot users (with a filtered tool set) and one for other clients (full tool set). Alternatively, inspect the clientInfo field in the initialize request — VS Code sends "name": "Visual Studio Code" — and return a filtered tools/list response based on the client. This approach is fragile (any VS Code-based client looks the same) but works for simple exclusions.
How do I test that Copilot can correctly invoke my MCP tools?
Open a new VS Code workspace, add your server to .vscode/mcp.json, trust the workspace, and open Copilot Chat in agent mode. Type a prompt that should naturally trigger one of your tools — e.g., "Search the docs for authentication best practices" if you have a search_docs tool. Copilot should propose a tool call, which you approve; the result should appear in the chat. If no tool call is proposed, check the Output panel (MCP: your-server) to confirm the tools/list handshake completed successfully and the tool schemas are clear enough for the LLM to select them correctly.
Does Copilot agent mode support MCP servers with OAuth authentication?
Copilot does not natively handle MCP's OAuth 2.0 WWW-Authenticate challenge flow — it passes the headers you configure in .vscode/mcp.json and does not handle 401 redirects for dynamic token acquisition. For OAuth-protected MCP servers, the recommended approach is to use the VS Code input variable mechanism to prompt developers for a pre-obtained bearer token, or to implement a local token broker as a stdio MCP proxy that handles the OAuth dance and exposes a pre-authenticated HTTP endpoint to Copilot.
What happens if my MCP server is slow to respond to tool calls?
Copilot has an implicit timeout for tool call responses. If your server takes more than ~30 seconds to return a tools/call result, Copilot may abandon the tool call and fall back to generating a response without tool data. Implement streaming progress via MCP's notifications/progress messages for long-running tools — Copilot Chat displays the progress text inline while it waits, and the timeout window is extended as long as progress messages are received. Without progress messages, aim to return tool results within 10 seconds.
Further reading
- MCP server in VS Code — .vscode/mcp.json configuration and debugging
- MCP tool annotations — readOnlyHint, destructiveHint for client approval UX
- MCP server authentication — Bearer tokens, OAuth 2.0, API keys
- MCP server in Cursor — configuring MCP for Cursor's AI features
- MCP tool design — writing descriptions that LLMs select correctly
- AliveMCP — continuous protocol monitoring for MCP servers