From 17cb0c75c4bc972d094d135ee220e89970378256 Mon Sep 17 00:00:00 2001
From: "A.K.M. Adib" <adibakm@google.com>
Date: Mon, 30 Mar 2026 13:04:59 -0400
Subject: [PATCH] add documentation

---
 docs/reference/policy-engine.md | 2 ++
 docs/tools/mcp-server.md        | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/docs/reference/policy-engine.md b/docs/reference/policy-engine.md
index c9fc482ea7..65ab541749 100644
--- a/docs/reference/policy-engine.md
+++ b/docs/reference/policy-engine.md
@@ -439,6 +439,8 @@ The Gemini CLI ships with a set of default policies to provide a safe
 out-of-the-box experience.
 
 - **Read-only tools** (like `read_file`, `glob`) are generally **allowed**.
+- **MCP Read-only tools**: MCP tools that explicitly declare themselves as
+  read-only via the `readOnlyHint` annotation are automatically allowed.
 - **Agent delegation** defaults to **`ask_user`** to ensure remote agents can
   prompt for confirmation, but local sub-agent actions are executed silently and
   checked individually.
diff --git a/docs/tools/mcp-server.md b/docs/tools/mcp-server.md
index 9fc84d54c0..9963f15387 100644
--- a/docs/tools/mcp-server.md
+++ b/docs/tools/mcp-server.md
@@ -651,6 +651,10 @@ When confirmation is required, users can choose:
 - **Always allow this server:** Add to server-level allow-list
 - **Cancel:** Abort execution
 
+#### Read-only bypass
+
+If an MCP tool provides a `readOnlyHint` in its metadata (annotations), the Gemini CLI will automatically execute it without prompting for confirmation, regardless of the configured approval mode. This ensures a seamless experience for safe, data-fetching operations.
+
 ### 3. Execution
 
 Upon confirmation (or trust bypass):