Describe the bug
VS Code extensions are currently able to install and register Model Context Protocol (MCP) servers that are not defined in an organization’s private MCP registry.
From an enterprise governance and security perspective, this behavior is problematic. When a private MCP registry is configured, VS Code should enforce it as an allowlist, preventing extensions from installing, registering, or invoking any MCP servers that are not explicitly declared in that registry.
As it stands:
Extensions can introduce MCP servers outside of the approved registry.
Administrators have no reliable way to prevent or audit this behavior using existing controls.
This undermines efforts by organizations to strictly control which MCP servers are permitted in regulated or locked-down environments.
Impact
This affects any organization attempting to:
Enforce supply chain and AI tool governance
Meet regulatory or compliance requirements
Maintain a strict allowlist of sanctioned MCP servers
Without stronger enforcement, extensions can unintentionally or intentionally bypass organizational policy, creating both security and compliance gaps.
Affected version
No response
Steps to reproduce the behavior
No response
Expected behavior
When a private MCP registry is configured:
VS Code must block any MCP server installation or activation that is not defined in the registry.
Extensions should fail gracefully with a clear error if they attempt to register an unapproved MCP server.
Registry enforcement should be consistent regardless of how the MCP server is introduced (extension install, activation, or runtime).
Additional context
No response
Describe the bug
VS Code extensions are currently able to install and register Model Context Protocol (MCP) servers that are not defined in an organization’s private MCP registry.
From an enterprise governance and security perspective, this behavior is problematic. When a private MCP registry is configured, VS Code should enforce it as an allowlist, preventing extensions from installing, registering, or invoking any MCP servers that are not explicitly declared in that registry.
As it stands:
Extensions can introduce MCP servers outside of the approved registry.
Administrators have no reliable way to prevent or audit this behavior using existing controls.
This undermines efforts by organizations to strictly control which MCP servers are permitted in regulated or locked-down environments.
Impact
This affects any organization attempting to:
Enforce supply chain and AI tool governance
Meet regulatory or compliance requirements
Maintain a strict allowlist of sanctioned MCP servers
Without stronger enforcement, extensions can unintentionally or intentionally bypass organizational policy, creating both security and compliance gaps.
Affected version
No response
Steps to reproduce the behavior
No response
Expected behavior
When a private MCP registry is configured:
VS Code must block any MCP server installation or activation that is not defined in the registry.
Extensions should fail gracefully with a clear error if they attempt to register an unapproved MCP server.
Registry enforcement should be consistent regardless of how the MCP server is introduced (extension install, activation, or runtime).
Additional context
No response