Remote GitHub MCP server (GA) (#57269)

Co-authored-by: Jules Porter <jules-p@users.noreply.github.com>
Co-authored-by: Dimitrios Philliou <d1m1tr10s@github.com>
Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com>

Author: 3 people

content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-and-the-github-mcp-server.md

@@ -21,7 +21,7 @@ Push protection prevents you from inadvertently exposing secrets, such as tokens
 
 When you're interacting with the {% data variables.product.github %} MCP server, push protection blocks secrets in AI-generated responses as well as preventing secrets from being included in any actions you perform, such as creating an issue.
 
-This protection is on by default for all interactions between the {% data variables.product.github %} MCP server and **public repositories** only, regardless of whether push protection is enabled on the repository's security settings page.
+This protection is on by default for all interactions between the {% data variables.product.github %} MCP server and **public repositories**; and between the {% data variables.product.github %} MCP server and private repositories covered by {% data variables.product.prodname_GHAS %}, regardless of whether push protection is enabled on the repository's security settings page.
 
 ## Resolving a block
 

content/copilot/concepts/about-mcp.md

@@ -31,10 +31,11 @@ The {% data variables.product.github %} MCP server is a Model Context Protocol (
 * Automate and streamline code-related tasks.
 * Connect third-party tools (like Cursor, Windsurf, or future integrations) to leverage {% data variables.product.github %}’s context and AI capabilities.
 * Enable cloud-based workflows that work from any device, without local setup.
+* Invoke {% data variables.product.github %} tools, such as {% data variables.copilot.copilot_coding_agent %} (requires {% data variables.product.prodname_copilot %} subscription) and {% data variables.product.prodname_code_scanning %} (requires {% data variables.product.prodname_GHAS %} subscription), to assist with code generation and security analysis.
 
-For public repositories, interactions with the {% data variables.product.github %} MCP server are secured by push protection, which blocks secrets from being included in AI-generated responses and prevents you from exposing secrets through any actions you perform using the server, such as creating an issue. See [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-and-the-github-mcp-server).
+For all public repositories, and private repositories covered by {% data variables.product.prodname_GHAS %}, interactions with the {% data variables.product.github %} MCP server are secured by push protection, which blocks secrets from being included in AI-generated responses and prevents you from exposing secrets through any actions you perform using the server, such as creating an issue. See [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-and-the-github-mcp-server).
 
-You can access the {% data variables.product.github %} MCP server remotely through {% data variables.product.prodname_vscode %}, or other editors that support remote MCP; or you can run it locally in any MCP-compatible editor, allowing you to choose between the convenience of a hosted solution or the customizability of a self-hosted setup.
+You can access the {% data variables.product.github %} MCP server remotely through {% data variables.copilot.copilot_chat_short %} in {% data variables.product.github %}, {% data variables.product.prodname_vscode %}, or other editors that support remote MCP; or you can run it locally in any MCP-compatible editor, allowing you to choose between the convenience of a hosted solution or the customizability of a self-hosted setup.
 
 If you want to utilize the remote {% data variables.product.github %} MCP server, you can do so in a few steps, without any local setup. This is particularly useful for users who want to quickly leverage {% data variables.product.github %}’s AI capabilities without the overhead of managing a local MCP server.
 
@@ -46,7 +47,7 @@ To learn how to set up and use the {% data variables.product.github %} MCP serve
 
 There is currently broad support for local MCP servers in clients such as {% data variables.product.prodname_vscode %}, JetBrains IDEs, XCode, and others.
 
-Support for remote MCP servers is growing, with editors like {% data variables.product.prodname_vscode %} (with OAuth or PAT), {% data variables.product.prodname_vs %} (PAT only), JetBrains IDEs (PAT only), Xcode (PAT only), Eclipse (PAT only), Windsurf (PAT only), and Cursor (PAT only) already providing this functionality.
+Support for remote MCP servers is growing, with editors like {% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, JetBrains IDEs, Xcode, Eclipse, and Cursor providing this functionality with OAuth or PAT, and Windsurf supporting PAT only.
 
 To find out if your preferred editor supports remote MCP servers, check the documentation for your specific editor.
 

content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-enterprise-policies.md

@@ -32,6 +32,8 @@ Enterprise owners can define a policy for the whole enterprise, or delegate the
    * Click the **Models** tab to edit the policies that control availability of models beyond the basic models provided with {% data variables.product.prodname_copilot_short %}, which may incur additional costs.
 1. For each policy you want to configure, click the dropdown menu and select an enforcement option. Select **No policy** to delegate the decision to individual organization owners. For more information, see [AUTOTITLE](/copilot/reference/feature-availability-enterprise).
 
+{% data reusables.copilot.mcp-servers-policy-note %}
+
 ## Opting in to previews or feedback
 
 If your enterprise has a {% data variables.copilot.copilot_business_short %} or {% data variables.copilot.copilot_enterprise_short %} plan and you enable "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}" on the "Policies" tab, two additional options are displayed:

content/copilot/how-tos/provide-context/use-mcp/use-the-github-mcp-server.md

@@ -15,11 +15,7 @@ redirect_from:
 contentType: how-tos
 ---
 
->[!NOTE]
-> * The remote {% data variables.product.github %} MCP server is currently in {% data variables.release-phases.public_preview %} and subject to change; use of the {% data variables.product.github %} MCP server locally is generally available (GA).
-> * MCP support is generally available (GA) in {% data variables.product.prodname_copilot_short %} for {% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, JetBrains, Eclipse, and Xcode.
-> * The **MCP servers in {% data variables.product.prodname_copilot_short %}** policy for enterprises and organizations, disabled by default, controls the use of MCP.
-> * While in {% data variables.release-phases.public_preview %}, access to the remote {% data variables.product.github %} MCP server through OAuth in {% data variables.product.prodname_copilot_short %} is governed by the {% data variables.product.prodname_copilot_short %} **Editor preview features** policy at the organization or enterprise level. PAT access to the server is managed by PAT policies.
+The {% data variables.product.github %} MCP server is available to all {% data variables.product.github %} users regardless of plan type. However, specific tools within the MCP server inherit the same access requirements as their corresponding {% data variables.product.github %} features. If a feature requires a paid {% data variables.product.github %} or {% data variables.product.prodname_copilot_short %} license, the equivalent MCP tool will require the same subscription. For example, tools that interact with {% data variables.product.prodname_copilot_short %} Coding Agent require a paid {% data variables.product.prodname_copilot_short %} license.
 
 {% vscode %}
 
@@ -41,8 +37,7 @@ You can choose to set up the {% data variables.product.github %} MCP server eith
 
 The remote {% data variables.product.github %} MCP server uses one-click OAuth authentication by default, but you can also manually configure it to use a {% data variables.product.pat_generic %} (PAT) for authentication. If you use OAuth, the MCP server can only access the scopes you approve during sign-in. In organization-owned contexts, access may also be limited by admin policies that control which scopes and apps are permitted. If you use a PAT, the MCP server will have access to the scopes granted by the PAT, which is also subject to any PAT restrictions configured by the organization.
 
-> [!NOTE]
-> If you are an {% data variables.product.prodname_emu %}, then PAT is disabled by default, unless enabled by an enterprise administrator. If PAT is disabled, you won't be able to use PAT authentication. If you have OAuth access policy restrictions, you will need the OAuth App for each client (MCP host application) to be enabled (except {% data variables.product.prodname_vscode %} and {% data variables.product.prodname_vs %}).
+If you are an {% data variables.product.prodname_emu %}, then PAT is disabled by default, unless enabled by an enterprise administrator. If PAT is disabled, you won't be able to use PAT authentication. If you have OAuth access policy restrictions, you will need the OAuth App for each client (MCP host application) to be enabled (except {% data variables.product.prodname_vscode %} and {% data variables.product.prodname_vs %} since they are first-party Microsoft IDEs with native {% data variables.product.prodname_copilot_short %} integration).
 
 * [Remote MCP server configuration with OAuth](#remote-mcp-server-configuration-with-oauth)
 * [Remote MCP server configuration with PAT](#remote-mcp-server-configuration-with-pat)
@@ -467,6 +462,7 @@ The {% data variables.product.github %} MCP server enables you to perform a wide
 {% data reusables.copilot.eclipse-prerequisites %}
 * **Latest version of the {% data variables.product.prodname_copilot %} extension**. Download this from the [Eclipse Marketplace](https://aka.ms/copiloteclipse). For more information, see [AUTOTITLE](/copilot/managing-copilot/configure-personal-settings/installing-the-github-copilot-extension-in-your-environment?tool=eclipse).
 * **Sign in to {% data variables.product.company_short %} from Eclipse**.
+* {% data reusables.copilot.mcp-policy-requirement %}
 
 ## Setting up the {% data variables.product.github %} MCP server in Eclipse
 
@@ -534,8 +530,6 @@ The {% data variables.product.github %} MCP server enables you to perform a wide
 
 {% webui %}
 
->[!NOTE] MCP in {% data variables.copilot.copilot_chat_dotcom_short %} is currently in {% data variables.release-phases.public_preview %} and subject to change.
-
 ## About MCP in {% data variables.copilot.copilot_chat_dotcom_short %}
 
 The {% data variables.product.github %} MCP server is a Model Context Protocol (MCP) server provided and maintained by {% data variables.product.github %}. MCP allows you to integrate AI capabilities with other tools and services, enhancing your development experience by providing context-aware AI assistance.
@@ -553,7 +547,6 @@ The {% data variables.product.github %} MCP server is automatically configured i
 
     Some examples of requests you can make are:
     * `Create a new branch called [BRANCH-NAME] in the repository [USERNAME/REPO-NAME].`
-    * `Create a new branch called [BRANCH-NAME] in the repository [USERNAME/REPO-NAME].`
     * `Merge the pull request [PULL-REQUEST-NUMBER] in the repository [USERNAME/REPO-NAME].`
 
 1. {% data variables.copilot.copilot_chat_short %} will ask you to confirm that you want to proceed with the action. Click **Allow** to confirm.

data/reusables/copilot/mcp-servers-policy-note.md

@@ -1,2 +1,2 @@
 > [!NOTE]
-> The **MCP servers in {% data variables.product.prodname_copilot_short %}** policy controls use where MCP server support is generally available (GA). In features where MCP support is in preview, for example {% data variables.product.prodname_copilot_short %} editors, availability is controlled by the **Editor preview features** policy.
+> The **MCP servers in {% data variables.product.prodname_copilot_short %}** policy controls use where MCP server support is generally available (GA). This policy does not control access and permissions for the {% data variables.product.github %} MCP server in third-party host applications (like Cursor, Windsurf or Claude). For more information on controlling access to the {% data variables.product.github %} MCP server, see the [Policies and Governance](https://github.com/github/github-mcp-server/blob/main/docs/policies-and-governance.md#control-mechanisms) documentation in the {% data variables.product.github %} MCP Server repository.