MCP & Tools
Connections to external services, APIs, and databases via Model Context Protocol
Extension Name MCP Servers
Vendor Terms MCP servers, mcp.json, MCP tools, MCP prompts, MCP resource templates, MCP elicitation, autoApprove, disabledTools, MCP registry
Scopes
User / HomeProject / Repo RootOrganization / Enterprise
Interfaces IDE, CLI
Availability current (explicit)
Trust Model Tool approval required per-use; autoApprove array or wildcard bypasses approval; disabledTools blocks specific tools; IDE approved environment variables whitelist; enterprise MCP registry allow-list with client-side enforcement
Notes IDE and CLI merge workspace and user MCP configs with workspace precedence. CLI adds a third tier: agent config > workspace > global. IDE supports MCP prompts, resource templates, and elicitation. CLI supports OAuth authentication with mid-session token refresh. Enterprise admins can enforce allow-lists via MCP registry URL (fetched at startup and every 24h). Curated server directory with 30+ servers and one-click install.
Extension Name MCP Servers
Vendor Terms MCP servers, .mcp.json, local-scoped MCP servers, project-scoped MCP servers, user-scoped MCP servers, managed-mcp.json, MCP Tool Search, MCP resources, MCP prompts, MCP elicitation, channels, plugin-provided MCP servers, claude.ai connectors
Scopes
User / HomeProject / Repo RootOrganization / Enterprise
Interfaces terminal CLI, VS Code, Desktop, web, JetBrains
Availability current (explicit)
Trust Model Project-scoped servers require explicit approval; managed-mcp.json provides enterprise lockdown; allowlist/denylist policies via managed settings; plugin MCP servers inherit plugin trust
Notes Three installation scopes: local (default, per-project private), project (shared via .mcp.json), and user (cross-project). Tool Search enabled by default defers tool loading. Supports HTTP, SSE (deprecated), and stdio transports. OAuth 2.0 auth for remote servers. Plugin-provided MCP servers auto-start. MCP resources, prompts, and elicitation supported. Channels enable push messages. Claude Code can serve as an MCP server. Enterprise managed-mcp.json and allowlist/denylist policies available.
Extension Name MCP Servers
Vendor Terms GitHub MCP server, GitHub MCP Registry, MCP servers, MCP toolsets, MCP allowlist
Scopes
Machine / AdminProject / Repo RootOrganization / Enterprise
Interfaces GitHub.com, VS Code, Visual Studio, JetBrains, Eclipse, Xcode, CLI, Copilot SDK
Availability current (explicit)
Trust Model MCP exposes tools and API capabilities subject to OAuth/PAT auth, push protection for secrets, and MCP allowlist enforcement (name/ID matching); enterprise policies override org policies; Registry only mode restricts to approved servers
Notes Available to all GitHub users regardless of plan; GitHub MCP Registry in public preview; org/enterprise can restrict via MCP allowlist policy; toolset customization supported; GitHub MCP server built into CLI; cloud agent has GitHub MCP server and Playwright MCP server by default
Extension Name MCP Servers
Vendor Terms MCP servers, STDIO transport, streamable HTTP transport, OAuth authentication, bearer token authentication, enabled_tools, disabled_tools
Scopes
User / HomeProject / Repo Root
Interfaces CLI, IDE extension, app
Availability current (explicit)
Trust Model Destructive MCP tool calls always require approval; side-effect calls can elicit approval; granular mcp_elicitations approval toggle; enterprise allowlist via requirements.toml; Guardian subagent can review MCP approvals
Notes CLI, IDE extension, and app share MCP configuration via config.toml; STDIO and streamable HTTP transports; OAuth via codex mcp login; per-server enabled_tools/disabled_tools filtering; enterprise allowlist enforcement via requirements.toml (name + identity matching)