Copilot CLI v1.0.51-3: Security Review & MCP Auth Fixes
Copilot CLI 1.0.51-3 adds security vulnerability scanning, fixes MCP OAuth session persistence, and improves the experimental mode indicator. New /chronicle cost-tips command helps optimize token usage.
TL;DR
- New /security-review command scans code changes for vulnerabilities
- MCP OAuth sessions now persist across separate authentication flows
- Experimental mode indicator moved to persistent header display
New
- /security-review slash command — Review code changes for security vulnerabilities directly in the CLI
- preMcpToolCall hook — Hook providers can now control outgoing MCP request metadata
- /chronicle cost-tips subcommand — Get personalized token usage and cost reduction recommendations
Improved
- Experimental mode indicator — Now persists in the app header instead of showing as a one-time notification
- Loading indicator colors — Match the active mode (plan, autopilot, shell) for better visual feedback
Fixed
- MCP OAuth persistence — Servers using OAuth stay connected when authentication happens in a separate session
- GFM rendering — Tables and blockquotes inside list items now render correctly without floating top borders
Update with: npm install -g @github/copilot-cli@latest
Source: Copilot CLI
