add documentation

docs/reference/policy-engine.md

@@ -439,6 +439,8 @@ The Gemini CLI ships with a set of default policies to provide a safe
 out-of-the-box experience.
 
 - **Read-only tools** (like `read_file`, `glob`) are generally **allowed**.
+- **MCP Read-only tools**: MCP tools that explicitly declare themselves as
+  read-only via the `readOnlyHint` annotation are automatically allowed.
 - **Agent delegation** defaults to **`ask_user`** to ensure remote agents can
   prompt for confirmation, but local sub-agent actions are executed silently and
   checked individually.

docs/tools/mcp-server.md

@@ -651,6 +651,10 @@ When confirmation is required, users can choose:
 - **Always allow this server:** Add to server-level allow-list
 - **Cancel:** Abort execution
 
+#### Read-only bypass
+
+If an MCP tool provides a `readOnlyHint` in its metadata (annotations), the Gemini CLI will automatically execute it without prompting for confirmation, regardless of the configured approval mode. This ensures a seamless experience for safe, data-fetching operations.
+
 ### 3. Execution
 
 Upon confirmation (or trust bypass):