Release Notes Action Items for copilot-cli 1.0.48 → 1.0.52
This issue summarizes upstream release notes for the copilot-cli dependency between the previously pinned version (1.0.48) and the new pinned version (1.0.52), highlighting items that may need follow-up in ado-aw.
The companion version-bump PR is titled chore(deps): update COPILOT_CLI_VERSION to 1.0.52.
Releases analyzed
Security fixes
- Secret scanning covers commit messages and PR descriptions (v1.0.51): "Secret scanning now covers commit messages and PR descriptions, redacting secrets before they are published." ado-aw creates commits and PRs through its safe-output tools; this change means the copilot agent running in stage 1 will automatically redact secrets from any content it writes into those fields. Maintainers should verify that the ado-aw detection stage still correctly handles redacted content and that safe-output fields like PR descriptions are not inadvertently affected.
Notable features for ado-aw to adopt
deferred-tool-loading in agent frontmatter (v1.0.52): "Custom agents support opt-in deferred tool loading via deferred-tool-loading in agent frontmatter, enabling tool-search discovery for agents with large tool lists." ado-aw could expose this as a new optional field in its agent frontmatter schema (e.g. under the engine: section) so authors of agents with large tool sets can opt in.--session-id=<id> for session resumption (v1.0.51): "--session-id=(id) resumes known sessions or tasks, and starts new sessions with a specific UUID." ado-aw could wire this into pipeline parameters to allow deterministic session IDs across retries or follow-up pipeline runs.postToolUse hooks can inject additionalContext (v1.0.51): "postToolUse hooks can now inject additionalContext into successful tool results." ado-aw's ado-script extension or future hook infrastructure may want to leverage this to inject context after safe-output tool calls.preMcpToolCall hook for MCP request metadata (v1.0.51): "Add preMcpToolCall hook for hook providers to control outgoing MCP request metadata." Relevant to ado-aw's MCP server and MCPG integration.- Legacy nested MCP OAuth config keys auto-migrated (v1.0.52): "Legacy nested
oauth.clientId and oauth.callbackPort keys in MCP server configs are now migrated to the supported oauthClientId and auth.redirectPort keys instead of being silently dropped." ado-aw's MCP config generation in src/mcp.rs and MCP extensions should ensure they emit oauthClientId/auth.redirectPort rather than deprecated nested forms.
- GitHub MCP web search available immediately without tool search (v1.0.51): "GitHub MCP web search tool is available immediately without requiring tool search." ado-aw agent docs and the
github extension should note that this tool is always available OOTB.
This issue was opened automatically by the dependency version updater workflow.
Generated by Dependency Version Updater · ● 12.4M · ◷
Release Notes Action Items for
copilot-cli1.0.48→1.0.52This issue summarizes upstream release notes for the
copilot-clidependency between the previously pinned version (1.0.48) and the new pinned version (1.0.52), highlighting items that may need follow-up in ado-aw.The companion version-bump PR is titled
chore(deps): update COPILOT_CLI_VERSION to 1.0.52.Releases analyzed
Security fixes
Notable features for ado-aw to adopt
deferred-tool-loadingin agent frontmatter (v1.0.52): "Custom agents support opt-in deferred tool loading viadeferred-tool-loadingin agent frontmatter, enabling tool-search discovery for agents with large tool lists." ado-aw could expose this as a new optional field in its agent frontmatter schema (e.g. under theengine:section) so authors of agents with large tool sets can opt in.--session-id=<id>for session resumption (v1.0.51): "--session-id=(id) resumes known sessions or tasks, and starts new sessions with a specific UUID." ado-aw could wire this into pipeline parameters to allow deterministic session IDs across retries or follow-up pipeline runs.postToolUsehooks can injectadditionalContext(v1.0.51): "postToolUse hooks can now inject additionalContext into successful tool results." ado-aw'sado-scriptextension or future hook infrastructure may want to leverage this to inject context after safe-output tool calls.preMcpToolCallhook for MCP request metadata (v1.0.51): "Add preMcpToolCall hook for hook providers to control outgoing MCP request metadata." Relevant to ado-aw's MCP server and MCPG integration.oauth.clientIdandoauth.callbackPortkeys in MCP server configs are now migrated to the supportedoauthClientIdandauth.redirectPortkeys instead of being silently dropped." ado-aw's MCP config generation insrc/mcp.rsand MCP extensions should ensure they emitoauthClientId/auth.redirectPortrather than deprecated nested forms.githubextension should note that this tool is always available OOTB.This issue was opened automatically by the dependency version updater workflow.