Skip to content

[ca] chore: update agentic CLI versions (Claude Code 2.1.145, Copilot 1.0.50, Codex 0.132.0, GitHub MCP v1.0.5, MCP Gateway v0.3.12) #33487

Open
Open
[ca] chore: update agentic CLI versions (Claude Code 2.1.145, Copilot 1.0.50, Codex 0.132.0, GitHub MCP v1.0.5, MCP Gateway v0.3.12)#33487
Assignees
copilot-swe-agentgh-aw-bot
Labels
automationchorecookieIssue Monster Loves Cookies!dependenciesPull requests that update a dependency file
@github-actions

Description

@github-actions
github-actions
bot
opened on May 20, 2026

Summary

Five agentic CLI/MCP tools have new stable releases since the last check. All updates have been applied to pkg/constants/version_constants.go and make recompile was run twice (per the DefaultMCPGatewayVersion comment) to regenerate lock files and refresh container SHA pins.

Tool Previous New Risk
Claude Code 2.1.142 2.1.145 Low
GitHub Copilot CLI 1.0.48 1.0.50 Low
OpenAI Codex 0.130.0 0.132.0 Low-Medium
GitHub MCP Server v1.0.4 v1.0.5 Low
MCP Gateway v0.3.9 v0.3.12 Low

No update needed: Playwright MCP (0.0.75), Playwright CLI (0.1.13), Playwright Browser (v1.60.0).

Critical Information

  • Permission-prompt bypass fix in Claude Code 2.1.145 — bare variable assignments to non-allowlisted env vars in Bash commands were previously auto-approved. Security-relevant; favor updating promptly.
  • MCP Gateway v0.3.12 adds DIFC proxy /meta probe support for the gh CLI (PR #5924). Relevant for sandboxed gh invocations.
  • GitHub MCP Server v1.0.5 adds list_repository_collaborators and discussion comment write tools; existing search_code now returns minimal results with text-match snippets (PR #2476).

Update: Claude Code

  • Previous: 2.1.142 → New: 2.1.145 (three patch releases)

Key Features (2.1.143–2.1.145)

  • claude agents --json for scripting (tmux, status bars, session pickers)
  • agent_id / parent_agent_id on claude_code.tool OTEL spans with corrected trace parenting for background subagents
  • Status-line JSON now includes GitHub repo and PR info
  • /plugin Discover/Browse panes now show commands, agents, skills, hooks, and MCP/LSP servers before install
  • Background sessions: /resume support, elapsed duration in completion notifications, model preserved across wake
  • New worktree.bgIsolation: "none" setting for direct edits without EnterWorktree
  • PowerShell tool passes -ExecutionPolicy Bypass; opt-out via CLAUDE_CODE_POWERSHELL_RESPECT_EXECUTION_POLICY=1
  • Stop/SubagentStop hook input now includes background_tasks and session_crons fields

Security Fix

  • Fixed permission-prompt bypass in 2.1.145 where bare variable assignments to non-allowlisted env vars in Bash commands were auto-approved
View Full Changelog (2.1.143–2.1.145)

2.1.145

  • Added claude agents --json to list live Claude sessions as JSON for scripting
  • Added agent_id and parent_agent_id attributes to claude_code.tool OTEL spans
  • Status line JSON input now includes GitHub repo and PR information
  • /plugin Discover and Browse screens now show plugin's commands, agents, skills, hooks, MCP/LSP servers
  • claude agents terminal tab title now shows awaiting-input count
  • Slash command and @-mention suggestion list now supports mouse hover/click in fullscreen mode
  • Stop and SubagentStop hook input now includes background_tasks and session_crons fields
  • Fixed permission-prompt bypass for bare variable assignments to non-allowlisted env vars
  • Fixed MCP prompt slash commands showing raw validation errors
  • Fixed spinner/elapsed-time display freezing after terminal resize/refocus
  • Fixed cross-project resume hint on Windows PowerShell 5.1
  • Fixed voice push-to-talk in agent view's reply pane
  • Fixed task lists rendering in random order
  • Fixed PR badge in footer not updating after PR-state changes
  • Fixed Agent Teams teammates with non-ASCII names
  • Fixed /review using deprecated projectCards GraphQL query
  • Improved Read tool: returns truncated first page instead of hard error when whole-file read exceeds token limit

2.1.144

  • Added /resume support for background sessions
  • Added elapsed duration to background subagent completion notifications
  • /plugin browse/discover panes show when plugin was last updated
  • /model changes for current session only (press d to set default)
  • Renamed "extra usage" to "usage credits" (old /extra-usage still works)
  • Fixed startup hanging up to 75s when api.anthropic.com unreachable (now 15s timeout)
  • Fixed garbled terminal output after missed window-resize event
  • Fixed macOS background sessions crashing in Full Disk Access folders (regression in 2.1.143)
  • Fixed MCP servers with paginated tools/list only returning first page
  • Fixed MCP images with unsupported MIME types (e.g. SVG) breaking conversations
  • Fixed Bedrock/Vertex users unable to select "Opus (1M context)" (regression in v2.1.129)
  • Improved SDK/headless MCP startup (up to 2s faster)

2.1.143

  • Added plugin dependency enforcement: claude plugin disable refuses when another plugin depends on target
  • Added projected context cost to /plugin marketplace browse pane
  • Added worktree.bgIsolation: "none" setting
  • PowerShell tool now passes -ExecutionPolicy Bypass
  • Background sessions preserve model and effort level after waking
  • Shift+Tab cycle in agent sessions now includes auto mode
  • Fixed corrupt .credentials.json hanging CLI on startup
  • Fixed right-click paste in claude agents on Windows Terminal and WSL
  • Fixed stop hooks that block repeatedly looping forever (8-block cap)
  • Fixed /goal evaluator firing while background shells/subagents still running
  • Fixed NO_COLOR/FORCE_COLOR settings stripping Claude Code's own UI colors
  • Worktree cleanup no longer falls back to rm -rf when git worktree remove fails

Package Links

Update: GitHub Copilot CLI

  • Previous: 1.0.48 → New: 1.0.50
  • Release timeline: v1.0.49 published 2026-05-19; v1.0.50 on NPM with no GitHub release notes (latest GitHub release is v1.0.49, then prereleases v1.0.51-1, v1.0.51-2)

Key Features (from v1.0.49 release)

  • New /chronicle search subcommand to search session content by keyword/topic
  • New /rubber-duck command (experimental) for independent critique of agent's work
  • New /session id subcommand to display/copy current session ID
  • New /memory on|off|show slash command (persistent memory status control)
  • New /exit print option to print session before exiting
  • Add Alpine Linux (musl libc) support
  • New copilot plugin update --all to update all plugins at once
  • Add auth.redirectPort MCP config option to pin OAuth callback port
  • Experimental: /mcp search to search and install MCP servers from registry
  • Experimental: Tool search with deferred loading for MCP/external tools
  • Add "None" reasoning effort option to disable model reasoning
  • New COPILOT_PLUGIN_DIR_ONLY env var to disable automatic plugin discovery

Key Fixes

  • postToolUse hook additionalContext now injected as system message (was silently discarded)
  • MCP servers using static OAuth clients now persist registration for token refreshes
  • MCP server configurations with no args field now accepted (treated as empty list)
  • MCP OAuth token lookups correctly scoped to active session
  • MCP stdio servers display type as 'stdio' instead of 'local'
  • Memory permission prompts name who can see stored memory (user vs owner/repo)
  • Hooks (preToolUse, postToolUse, subagentStart, subagentStop) now fire for sub-agent tool calls
  • Plugins via --plugin-dir register agents as available task(agent_type=...) subagents in prompt mode
  • --plugin-dir and --additional-mcp-config now work in --server / --headless mode
  • Prompt mode (-p) automatically loads workspace MCP sources when folder already trusted
  • Repo hooks in .github/hooks/ now load in prompt mode when folder trusted
  • Reduce PowerShell syntax errors on Windows (avoid && chaining in PowerShell 5.x)

Impact on gh-aw

  • Verify per DefaultCopilotVersion comment: confirm MCPs load and /models works with PATs. The release notes mention multiple MCP improvements but no breaking MCP changes.
  • v1.0.50 specifically not documented in GitHub releases (likely a small patch released 2026-05-19/20 between v1.0.49 and v1.0.51-1 prerelease). The latest stable GitHub release notes are for v1.0.49.

Package Links

Update: OpenAI Codex

  • Previous: 0.130.0 → New: 0.132.0 (two minor releases)

Key Features

0.131.0 (2026-05-18)

  • Richer TUI session controls: data-driven service-tier commands, blended token usage, permissions/approval mode, responsive Markdown tables (#21745, #22052)
  • @ mentions now search files, directories, plugins, and skills in one picker (#19068, #22375)
  • Plugin workflows: marketplace CLI commands, version-aware sharing, default-enabled plugin hooks (#21396)
  • Remote workflows: codex remote-control daemon, runtime enable/disable APIs (#20718)
  • Python SDK moved to openai-codex/openai_codex with pinned runtime-generated types (#21778)
  • New codex doctor for support-ready diagnostics across runtime, auth, terminal, network, config, and local state (#22336)

0.132.0 (2026-05-20)

  • Python SDK now supports first-class authentication (API key login, ChatGPT browser/device-code flows, account inspection, logout) (#23093)
  • Python turn APIs accept plain strings as input; handle-based runs return TurnResult with collected items, timing, usage (#23151, #23162)
  • codex exec resume now accepts --output-schema to enforce structured JSON output on resumed automations (#23123)
  • TUI startup faster (batched terminal capability probes) (#23175)
  • Remote executor registration can use standard Codex auth (#22769)
  • App-server turns can preserve image fidelity (original-resolution local images) (#20693)

Key Fixes

  • 0.131.0: Hardened Windows sandbox behavior, preserved managed read restrictions during permission escalation, safer app-server/local state startup (SQLite data preserved on restart, fail-closed when state cannot open)
  • 0.132.0: Goal continuations now stop on usage limits or repeated blockers; session picker resume hints show name (thread-id); remote sessions keep websocket connections alive; Windows MSVC release binaries no longer depend on separately installed VC++ runtime DLLs (#22905); codex doctor detects npm-managed installs correctly on Windows (#22967)

Documentation

  • Updated Python SDK docs, FAQ, and examples around new auth flow and turn APIs

Impact Assessment

  • Risk: Low-Medium — Python SDK was renamed (openai-codex/openai_codex); gh-aw does not use the Python SDK directly so impact is limited
  • Memory summaries are now versioned and rebuilt when stored format is stale (#23148) — may regenerate existing memory state on first run

Package Links

Update: GitHub MCP Server

  • Previous: v1.0.4 → New: v1.0.5 (single patch release on 2026-05-18)

Key Changes

Features

  • Add list_repository_collaborators tool (PR #2477)
  • Add discussion comment write operations tool (PR #2427)
  • Return minimal code search results with text-match snippets in search_code (PR #2476)
  • Add optional rationale parameter to update_issue_type tool (PR #2458)
  • Add missing pagination on get_reviews (PR #2367)

Improvements

  • Add IFC (information flow control) labels for: list_issues (PR #2453), get_file_contents (PR #2454), search_issues (PR #2456), issue_read (PR #2457), search_repositories (PR #2459)
  • Replace ingress IFC reader list with private marker (PR #2478)
  • Document Copilot Spaces PAT requirements (PR #2479)
  • Upgrade go-github to v0.87 (PR #2452)

Impact Assessment

  • Risk: Low — Additive changes; search_code response shape narrowed to minimal results with text-match snippets (verify any gh-aw code that consumes search_code results — see pkg/workflow/tools_validation_github_integrity_reactions.go)

Package Links

Update: MCP Gateway (gh-aw-mcpg)

  • Previous: v0.3.9 → New: v0.3.12 (three patch releases)

Key Changes

v0.3.10 (2026-05-15)

  • Use latest mcpg container image in smoke-copilot (PR #5705)
  • rust-guard: remove hot-path scope/integrity allocations via Cow<str> and zero-alloc rank matching (PR #5754) — performance improvement
  • Refactor WASM guard detection placement and inline config validation log wrappers (PR #5774)
  • fix: fall back to stderr (not stdout) when log-dir is unwritable (PR #5773)
  • Reconcile docs with runtime behavior for env vars, launch flags, config semantics (PR #5779)

v0.3.11 (2026-05-17)

  • proxy: replace http.Error with httputil.WriteErrorResponse for consistent JSON error shape (PR #5819)
  • fix(guard): classify discussion_comment_write; add list_repository_collaborators DIFC rules (PR #5818) — aligns with GitHub MCP Server v1.0.5 new tools
  • Align list_repository_collaborators DIFC integrity to reader-level (PR #5843)
  • feat: read OTEL_EXPORTER_OTLP_HEADERS env var as fallback for OTLP export headers (PR #5849) — relevant to GH_AW_OTEL_*_AUTHORIZATION secret consumers
  • Refactor guard initialization to centralize noop fallback construction (PR #5885)

v0.3.12 (2026-05-18)

  • Support gh CLI /meta probe in DIFC proxy (PR #5924) — relevant for sandboxed gh invocations through MCP Gateway

Impact Assessment

  • Risk: Low — Additive changes; new DIFC rules align with new GitHub MCP Server tools (intentionally bundled together)
  • OTLP headers env var fallback is helpful for OTEL shared imports declared in this repo's required secrets (GH_AW_OTEL_*_AUTHORIZATION)
  • Performance improvement in rust-guard hot-path

Package Links

Constants Diff

-const DefaultClaudeCodeVersion Version = "2.1.142"
+const DefaultClaudeCodeVersion Version = "2.1.145"
-const DefaultCopilotVersion Version = "1.0.48"
+const DefaultCopilotVersion Version = "1.0.50"
-const DefaultCodexVersion Version = "0.130.0"
+const DefaultCodexVersion Version = "0.132.0"
-const DefaultGitHubMCPServerVersion Version = "v1.0.4"
+const DefaultGitHubMCPServerVersion Version = "v1.0.5"
-const DefaultMCPGatewayVersion Version = "v0.3.9"
+const DefaultMCPGatewayVersion Version = "v0.3.12"

Migration Steps Performed

  1. Updated pkg/constants/version_constants.go with 5 new versions
  2. Ran make recompile twice (per DefaultMCPGatewayVersion comment to refresh container SHA pins on the second pass)
  3. 232 files modified total — 231 workflow *.lock.yml files regenerated + constants file

Recommendations

  • Priority: Medium-High due to the Claude Code 2.1.145 permission-prompt bypass fix (security)
  • Verify before merge per DefaultCopilotVersion comment in constants: that MCPs are not blocked from loading and /models does not silently fail on PATs (run a smoke-copilot workflow)
  • Verify GitHub MCP Server search_code response handling — minimal results with text-match snippets is a slightly narrowed response shape
  • The MCP Gateway and GitHub MCP Server updates ship paired DIFC rules for new tools (list_repository_collaborators, discussion_comment_write)

Release Timeline

Date Tool Version
2026-05-15 MCP Gateway v0.3.10
2026-05-17 MCP Gateway v0.3.11
2026-05-18 GitHub MCP Server v1.0.5
2026-05-18 MCP Gateway v0.3.12
2026-05-18 Codex rust-v0.131.0
2026-05-19 Copilot CLI v1.0.49
2026-05-20 Codex rust-v0.132.0
(recent) Claude Code 2.1.143, 2.1.144, 2.1.145
(recent) Copilot CLI v1.0.50 (npm; no GitHub release)

References:

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • docs.claude.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "docs.claude.com"

See Network Configuration for more information.

Generated by 🔢 CLI Version Checker · ● 21.6M ·

  • expires on May 22, 2026, 6:46 AM UTC

Metadata

Metadata

Assignees

Labels

automationchorecookieIssue Monster Loves Cookies!dependenciesPull requests that update a dependency file

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions