Copilot CLI v1.0.51: Session Control, Security Review & MCP Fixes

TL;DR

• Resume sessions with --session-id or start new ones with a specific UUID
• New /security-review command scans code changes for vulnerabilities
• MCP server startup is faster; OAuth sessions now persist across logins
• Remote commands respect org policies; input area grows with terminal height

New

• Session resumption with --session-id — resume known sessions or start new ones with a specific UUID for better workflow continuity
• /security-review slash command — review code changes for security vulnerabilities without leaving the CLI
• /chronicle cost-tips subcommand — get personalized token usage and cost reduction recommendations
• Customizable status line — terminal footer now displays session info including model, context window, and git branch
• MCP startup performance — faster tool loading at startup for users with many HTTP-based MCP servers
• OAuth session persistence — MCP servers using OAuth stay connected when authentication happens in a separate session
• /memory show documentation links — displays learning resources for managing Copilot Memory
• terminalProgress setting — enable or disable OSC 9;4 terminal progress indicators
• Responsive input area — input grows with terminal height instead of capping at 3 lines

Fixed

• Remote commands now respect organization remote control and view from cloud policy with clear error messaging when disabled
• Remote command can be used while the agent is working
• Settings file no longer accumulates unrelated config keys during updates
• GFM tables and blockquotes inside list items render correctly without floating top borders
• Session naming works correctly for usage-based billing users
• Subcommand completion now inserts selection on Enter instead of submitting partial command
• Editor launched with Ctrl+G no longer steals keystrokes or requires double keypresses
• Shell tool calls succeed even when model omits the description parameter
• Login prompt more clearly warns when token storage falls back to insecure plain text config file
• GitHub MCP web search tool available immediately without requiring tool search
• Secret scanning now covers commit messages and PR descriptions, redacting secrets before publishing
• Experimental mode indicator now appears persistently in app header instead of one-time notification
• Loading indicator color matches the active mode (plan, autopilot, shell)
• Default release notes used when publishing a release with no changelog entries

Developer-Facing Changes

• preMcpToolCall hook — hook providers can now control outgoing MCP request metadata
• postToolUse hooks enhancement — can now inject additionalContext into successful tool results
• Token usage clarity — input token usage now includes cached tokens; formatting updated to clarify billing impact

Update with: npm install -g @github/copilot-cli@latest

Source: Copilot CLI