Copilot CLI v0.0.403: Security & Plugin Fixes

TL;DR

• Security check now prevents modules outside the app bundle from being used
• Plugin skills work in prompt mode; MCP servers stop before plugin updates
• Reasoning summaries enabled by default for supporting models
• Config files preserve custom fields during CLI updates

New

• Security check for module bundling — prevents use of modules outside the application bundle, tightening the sandbox
• Plugin skills in prompt mode — skills now work when using prompt mode, expanding where you can leverage custom plugins
• Comma-separated tools in custom agent frontmatter — define multiple tools inline without extra syntax
• Reasoning summaries enabled by default — models that support reasoning now show summaries automatically
• ACP model info enhancements — model info now includes usage multiplier and enablement status

Fixed

• Windows Task Manager display — application name now shows correctly in Task Manager
• Organization membership check logic — fixed the logic that verifies user organization membership
• MCP server lifecycle — MCP servers now stop before updating plugins, preventing conflicts
• Detached shell processes on macOS — shell processes now work on vanilla macOS installations without extra dependencies
• Escape key in permission dialogs — escape key now consistently aborts permission dialogs regardless of current selection
• Config file preservation — custom fields in config files are now preserved when the CLI updates them
• Plugin skill loading — skills with unknown frontmatter fields now load with warnings instead of being silently skipped

Update with: gh copilot update or download from the release page.

Source: Copilot CLI