[ca] CLI Updates: Claude Code 2.1.144, Copilot 1.0.50, Codex 0.131.0, GitHub MCP Server v1.0.5, MCP Gateway v0.3.12

[github-actions]

Summary

Version check on 2026-05-19 detected updates across five tracked components. Playwright tooling (MCP, CLI, Browser) is unchanged.

Tool	Previous	New	Type
Claude Code	2.1.142	2.1.144	Patch (x2)
GitHub Copilot CLI	1.0.48	1.0.50	Patch (x2)
OpenAI Codex	0.130.0	0.131.0	Minor
GitHub MCP Server	v1.0.4	v1.0.5	Patch
MCP Gateway (gh-aw-mcpg)	v0.3.9	v0.3.12	Patch (x3)

No-Change Inventory

• Playwright MCP: 0.0.75
• Playwright CLI: 0.1.13
• Playwright Browser: v1.60.0

Related Open Issues (Dedup Note)

• Bump firewall to v0.25.47 and mcpg to v0.3.10 #32502 — open since 2026-05-16, targets mcpg v0.3.10. Stale: MCPG is now v0.3.12. Reviewers should close Bump firewall to v0.25.47 and mcpg to v0.3.10 #32502 in favor of this issue (or rebase its checklist onto v0.3.12).
• [ca] CLI Updates: Claude Code 2.1.143 and MCP Gateway v0.3.10 #32581 — closed (superseded by this issue).

---

Update Claude Code

• Previous: 2.1.142 → New: 2.1.144 (intermediate: 2.1.143)
• Risk: Low (patch-level; no public repository)

Claude Code has no public GitHub repository, so detailed release notes are not available. The bump spans two patches (2.1.143 published earlier this week, 2.1.144 today). Patch releases at this semver level are typically bug fixes, stability tweaks, and minor refinements.

Package Links

• NPM Package: https://www.npmjs.com/package/`@anthropic-ai/claude-code`

---

Update GitHub Copilot CLI

• Previous: 1.0.48 → New: 1.0.50 (intermediate: 1.0.49)
• Risk: Low (patch-level; repository is private — limited public changelog)

The github/copilot-cli repository is not publicly accessible from this workflow's authentication context, so detailed release notes cannot be fetched. The bump spans two patches.

Validation reminder (from DefaultCopilotVersion constant doc): when upgrading, verify:

• MCPs are not blocked from loading (tools.mcp configuration still works end-to-end)
• /models does not silently fail on PATs (model listing works with PAT auth)

Package Links

• NPM Package: https://www.npmjs.com/package/`@github/copilot`
• Repository: https://github.com/github/copilot-cli (private)

---

Update OpenAI Codex

• Previous: 0.130.0 → New: 0.131.0
• Released: 2026-05-18
• Risk: Medium (minor version; contains TUI / sandbox / app-server behavior changes worth a smoke run)

Release Highlights (from GitHub release notes)

• TUI: richer session controls — data-driven service-tier commands, blended token usage, permissions/approval mode in status line, effective workspace roots, responsive Markdown tables ([codex] Generalize service tier slash commands openai/codex#21745, [codex] Lowercase TUI service tier commands openai/codex#21906, Display blended token count in status line openai/codex#21669, Show permissions and approval mode in the TUI status line openai/codex#21677, feat(tui): render responsive Markdown tables in TUI openai/codex#22052)
• @ mentions: unified picker that searches files, directories, plugins, and skills via app-server plugin metadata (Unified mentions in TUI openai/codex#19068, Use plugin/list to get list of plugins for mentions openai/codex#22375)
• Plugin workflows: marketplace CLI commands, version-aware sharing, share checkout, default-enabled plugin hooks ([codex] add plugin marketplace CLI commands openai/codex#21396, feat: Expose plugin versions and gate plugin sharing openai/codex#22397, feat: Split shared workspace plugins by discoverability openai/codex#22425, feat: Add plugin share checkout openai/codex#22435, Enable plugin hooks by default openai/codex#22549)
• Remote workflows: daemon-managed codex remote-control, runtime enable/disable APIs, status reads, registry-backed remote environments ([daemon] Add app-server daemon lifecycle management openai/codex#20718, Update codex remote-control to start the daemon openai/codex#22218, Improve remote-control daemon UX openai/codex#22562, enable/disable remote control at runtime, not via features openai/codex#22578, feat(app-server): update remote control APIs for better UX openai/codex#22877)
• Python SDK: moved to openai-codex / openai_codex, pinned runtime-generated types, concurrent turn routing, approval modes (Route Python SDK turn notifications by ID openai/codex#21778, [1/8] Pin Python SDK runtime dependency openai/codex#21891, [2/8] Generate Python SDK types from pinned runtime openai/codex#21893, [4/8] Define Python SDK public API surface openai/codex#21896, [5/8] Rename Python SDK package to openai-codex openai/codex#21905, [6/8] Add high-level Python SDK approval mode openai/codex#21910, [7/8] Add Python SDK app-server integration harness openai/codex#22014)
• New codex doctor: support-ready diagnostics for runtime, auth, terminal, network, config, and local state (feat(cli): add codex doctor diagnostics openai/codex#22336)

View Bug Fixes & Hardening

• TUI fixes: URL wrapping, light-mode selection contrast, Shift+Enter in tmux, /review MCP startup status, /side Esc handling, network approval history text (fix(tui): preserve wrapped prose beside URLs openai/codex#21760, fix(tui): improve light-mode selection contrast openai/codex#21950, fix(tui): preserve Shift+Enter in tmux csi-u panes openai/codex#21943, Fix /review mode MCP startup render issue openai/codex#21624, Prevent Esc from dismissing or rewinding /side openai/codex#22710, fix(tui): render network approval history by target openai/codex#22229)
• Windows sandbox hardening: deny-read rules, scoped write roots, firewall policy, PowerShell edge cases (feat(sandbox): add Windows deny-read parity openai/codex#18202, [codex] Scope Windows sandbox write-root capability SIDs openai/codex#21479, windows-sandbox: fail elevated setup when firewall policy is ineffective openai/codex#22353, Avoid PowerShell profiles in elevated Windows sandbox openai/codex#21400, [codex] treat PowerShell stop-parsing forms as unsupported openai/codex#22643)
• Permission escalation preserves managed read restrictions; cleaner workspace-root permission profile resolution (fix(permissions): preserve managed deny-read during escalation openai/codex#15977, permissions: canonicalize workspace_roots and danger-full-access names openai/codex#22624, permissions: resolve profile identity with constraints openai/codex#22683)
• Safer app-server / local state startup: preserve SQLite data, fail closed when state cannot open, recovery paths (app-server: support daemon-safe restart handling openai/codex#21831, sqlite: no more destructive version bumps openai/codex#21847, fix: Block appserver startup if state db can't be opened openai/codex#22580, tui: recover local state db startup failures openai/codex#22734, [codex] Soften SQLite metadata sync failures openai/codex#22899)
• Git/auth reliability: root worktree hooks, ignore repo hook/fsmonitor config in helpers, bind local MCP OAuth callbacks, revoke superseded login tokens (Use root repo hooks in linked worktrees openai/codex#21969, Ignore configured hooks in git helpers openai/codex#22843, [codex] Ignore fsmonitor config in Git metadata reads openai/codex#22652, Add callback ids to local MCP OAuth redirects openai/codex#20237, [login] revoke superseded auth tokens on relogin openai/codex#21747)
• Remote/Windows cleanup: longer exec-server transport timeouts, quieter taskkill, non-queued plugin reads (Increase exec-server environment transport timeouts openai/codex#21825, fix(tui): suppress taskkill output for MCP teardown on Windows openai/codex#21759, fix(exec-server): suppress Windows taskkill output openai/codex#22058, Unqueue plugin list and read requests openai/codex#22703)

View Chores & Refactors

• Split large TUI ChatWidget, history, and composer code into focused modules (Split ChatWidget state into focused modules openai/codex#21866, Refactor chatwidget state into modules openai/codex#22269, Refactor chatwidget input flow into modules openai/codex#22407, Refactor chatwidget protocol flows into modules (phase 3) openai/codex#22433, Refactor chatwidget settings surfaces into modules (phase 4) openai/codex#22518, Refactor chatwidget orchestration into modules (phase 5) openai/codex#22537, TUI: split history cells into focused modules openai/codex#22704)
• Extension/tool internals extraction with shared tool contracts plus guardian and memory extension plumbing (extension: add initial typed extension API openai/codex#21736, extension: wire extension registries into sessions openai/codex#21737, extension: move git attribution into an extension openai/codex#21738, refactor: extract executable tool contracts into codex-tool-api openai/codex#22138, feat: wire extension tool bundles into core openai/codex#22147, feat: guardian as an extension (contributors part) openai/codex#22216, feat: route guardian review model selection through providers openai/codex#22258, extension-api: add approval review contributor flow openai/codex#22344)
• Removed obsolete tool paths, feature flags, config gates, legacy hooks as defaults stabilized ([codex] Delete function-style apply_patch openai/codex#21651, [codex] Remove legacy after tool use hooks openai/codex#21805, chore: drop built-in MCPs openai/codex#22173, [codex] Remove unused legacy shell tools openai/codex#22246, chore(config) rm experimental_use_freeform_apply_patch openai/codex#22565, chore(features) rm Feature::ApplyPatchFreeform openai/codex#22711)

Impact Assessment

• Risk: Medium — minor bump, large surface; no breaking changes called out, but TUI status-line additions and @ mention unification touch interactive flows used by gh-aw Codex workflows.
• Affects: any workflow using engine: codex; the new codex doctor command may be useful for debugging future sandbox-bound runs.
• Migration: none required at the constants level; existing Codex configs remain compatible.

Package Links

• NPM Package: https://www.npmjs.com/package/`@openai/codex`
• Repository: https://github.com/openai/codex
• Release Notes: https://github.com/openai/codex/releases/tag/rust-v0.131.0
• Compare: openai/codex@rust-v0.130.0...rust-v0.131.0

---

Update GitHub MCP Server

• Previous: v1.0.4 → New: v1.0.5
• Released: 2026-05-18
• Risk: Low (additive tools and ifc labels; one new tool, no breaking changes)

Key Changes

• New tool: list_repository_collaborators (Add tool to list repo collaborators github-mcp-server#2477)
• New tool: discussion comment write operations (feat: Add tool for discussion comment write operations github-mcp-server#2427)
• New optional parameter: rationale on update_issue_type tool (Add optional rationale parameter to update_issue_type tool github-mcp-server#2458)
• Fix: Added missing pagination on get_reviews (fix: add missing pagination on get_reviews github-mcp-server#2367)
• Optimization: Return minimal code search results with text match snippets (feat: return minimal code search results with text match snippets github-mcp-server#2476)
• ifc labels added to: list_issues, get_file_contents, search_issues, issue_read, search_repositories (Add ifc label for list_issues tool github-mcp-server#2453, Add ifc label for get_file_contents tool github-mcp-server#2454, Add ifc label for search_issues tool github-mcp-server#2456, Add ifc label for issue_read tool github-mcp-server#2457, Add ifc label for search_repositories tool github-mcp-server#2459)
• Infrastructure: Replace ingress IFC reader list with private marker (Replace ingress IFC reader list with private marker github-mcp-server#2478); upgrade go-github to v0.87 (Upgrade go-github to v 0.87 github-mcp-server#2452)
• Docs: Document Copilot Spaces PAT requirements (Document Copilot Spaces PAT requirements github-mcp-server#2479)

Impact Assessment

• Risk: Low — additive surface; existing tool contracts unchanged.
• Affects: workflows declaring tools.github will pick up the new list_repository_collaborators and discussion-comment-write tools. MCP Gateway's DIFC policy already classifies these (see MCPG v0.3.11 below).
• Migration: none required.

Package Links

• Repository: https://github.com/github/github-mcp-server
• Release Notes: https://github.com/github/github-mcp-server/releases/tag/v1.0.5
• Compare: github/github-mcp-server@v1.0.4...v1.0.5

---

Update MCP Gateway (gh-aw-mcpg)

• Previous: v0.3.9 → New: v0.3.12 (intermediates: v0.3.10, v0.3.11)
• Released: v0.3.10 on 2026-05-15, v0.3.11 on 2026-05-17, v0.3.12 on 2026-05-18
• Risk: Low–Medium (three patches; guard-policy classification changes for new GitHub MCP tools are observable for workflow authors)

This bump touches the default sandbox.agent container image (ghcr.io/github/gh-aw-mcpg). Per the constant's doc, make build && make recompile && make recompile must be run to refresh container SHA pins across all generated lock files.

Key Changes (v0.3.10 → v0.3.12)

• Guard policy: classify discussion_comment_write and add list_repository_collaborators DIFC rules — required to pair with GitHub MCP Server v1.0.5's new tools (fix(guard): classify discussion_comment_write; add list_repository_collaborators DIFC rules gh-aw-mcpg#5818, Align list_repository_collaborators DIFC integrity to reader-level gh-aw-mcpg#5843)
• DIFC proxy: Support gh CLI /meta probe (Support gh CLI /meta probe in DIFC proxy gh-aw-mcpg#5924)
• OTEL: Read OTEL_EXPORTER_OTLP_HEADERS env var as fallback for OTLP export headers (feat: read OTEL_EXPORTER_OTLP_HEADERS env var as fallback for OTLP export headers gh-aw-mcpg#5849)
• Fix: Fall back to stderr (not stdout) when --log-dir is unwritable (fix: fall back to stderr (not stdout) when log-dir is unwritable gh-aw-mcpg#5773)
• Proxy: Replace http.Error with httputil.WriteErrorResponse for consistent JSON error shape (proxy: replace http.Error with httputil.WriteErrorResponse for consistent JSON error shape gh-aw-mcpg#5819)
• Performance: rust-guard removes hot-path scope/integrity allocations via Cow<str> and zero-alloc rank matching (rust-guard: remove hot-path scope/integrity allocations via Cow<str> and zero-alloc rank matching gh-aw-mcpg#5754)

View Full Changelog by Version

v0.3.10 (2026-05-15) — https://github.com/github/gh-aw-mcpg/releases/tag/v0.3.10

• feat: use latest mcpg container image in smoke-copilot (feat: use latest mcpg container image in smoke-copilot gh-aw-mcpg#5705)
• smoke-copilot: add artifact readability test (smoke-copilot: add artifact readability test gh-aw-mcpg#5711)
• [log] Add debug logging to ResolveGuardPolicyOverride ([log] Add debug logging to ResolveGuardPolicyOverride in guard_policy_parse.go gh-aw-mcpg#5714)
• [test-improver] Improve tests for server/system_tools package ([test-improver] Improve tests for server/system_tools package gh-aw-mcpg#5715)
• [Repo Assist] refactor(config): add envutil.HasEnvVar and hasMapKeyVariants helpers ([Repo Assist] refactor(config): add envutil.HasEnvVar and hasMapKeyVariants helpers gh-aw-mcpg#5750)
• rust-guard: remove hot-path scope/integrity allocations via Cow(str) and zero-alloc rank matching (rust-guard: remove hot-path scope/integrity allocations via Cow<str> and zero-alloc rank matching gh-aw-mcpg#5754)
• [test] Add tests for config.stripExtensionFieldsForValidation ([test] Add tests for config.stripExtensionFieldsForValidation and assignLegacyIntAlias gh-aw-mcpg#5762)
• Refactor WASM guard detection placement (Refactor WASM guard detection placement and inline config validation log wrappers gh-aw-mcpg#5774)
• fix: fall back to stderr (not stdout) when log-dir is unwritable (fix: fall back to stderr (not stdout) when log-dir is unwritable gh-aw-mcpg#5773)
• Reconcile docs with runtime behavior (Reconcile docs with runtime behavior for env vars, launch flags, and config semantics gh-aw-mcpg#5779)

v0.3.11 (2026-05-17) — https://github.com/github/gh-aw-mcpg/releases/tag/v0.3.11

• [test-improver] Improve tests for mcp/tool_result ([test-improver] Improve tests for mcp/tool_result gh-aw-mcpg#5788)
• [log] Add debug logging to circuit breaker key events ([log] Add debug logging to circuit breaker key events gh-aw-mcpg#5786)
• [test] Add tests for config.StdinServerConfig.UnmarshalJSON ([test] Add tests for config.StdinServerConfig.UnmarshalJSON gh-aw-mcpg#5825)
• proxy: replace http.Error with httputil.WriteErrorResponse for consistent JSON error shape (proxy: replace http.Error with httputil.WriteErrorResponse for consistent JSON error shape gh-aw-mcpg#5819)
• fix(guard): classify discussion_comment_write; add list_repository_collaborators DIFC rules (fix(guard): classify discussion_comment_write; add list_repository_collaborators DIFC rules gh-aw-mcpg#5818)
• refactor: rename guard/init.go, relocate expandTracingVariables, consolidate collaborator_permission helpers (refactor: rename guard/init.go, relocate expandTracingVariables, consolidate collaborator_permission helpers gh-aw-mcpg#5844)
• Align list_repository_collaborators DIFC integrity to reader-level (Align list_repository_collaborators DIFC integrity to reader-level gh-aw-mcpg#5843)
• [log] Add debug logging to listTools/listResources/listPrompts in connection_methods.go ([log] Add debug logging to listTools, listResources, listPrompts in connection_methods.go gh-aw-mcpg#5852)
• [Repo Assist] refactor(server): add legacyPolicySource constant ([Repo Assist] refactor(server): add legacyPolicySource constant in guard_init.go gh-aw-mcpg#5880)
• feat: read OTEL_EXPORTER_OTLP_HEADERS env var as fallback (feat: read OTEL_EXPORTER_OTLP_HEADERS env var as fallback for OTLP export headers gh-aw-mcpg#5849)
• Reconcile contributor and runtime docs with current verification and startup defaults (Reconcile contributor and runtime docs with current verification and startup defaults gh-aw-mcpg#5884)
• [test-improver] Improve tests for cmd package (flags_tracing) ([test-improver] Improve tests for cmd package (flags_tracing) gh-aw-mcpg#5853)
• Refactor guard initialization to centralize noop fallback construction (Refactor guard initialization to centralize noop fallback construction gh-aw-mcpg#5885)
• Refactor legacy guard policy fallback source handling (Refactor legacy guard policy fallback source handling gh-aw-mcpg#5886)
• [test] Add tests for server.WithOTELTracing ([test] Add tests for server.WithOTELTracing gh-aw-mcpg#5892)

v0.3.12 (2026-05-18) — https://github.com/github/gh-aw-mcpg/releases/tag/v0.3.12

• Support gh CLI /meta probe in DIFC proxy (Support gh CLI /meta probe in DIFC proxy gh-aw-mcpg#5924)

View Migration Guide

1. Update DefaultMCPGatewayVersion in pkg/constants/version_constants.go from v0.3.9 → v0.3.12.
2. Run make build && make recompile && make recompile (double recompile required per the constant's documented rebuild policy — first pass regenerates lock files, second pass refreshes container SHA pins).
3. Verify lock files reference the new container image ghcr.io/github/gh-aw-mcpg:v0.3.12.
4. No workflow-author API changes; guard policy auto-classifies the new GitHub MCP Server v1.0.5 tools (list_repository_collaborators, discussion-comment-write).
5. If using OTLP exports, you can now set OTEL_EXPORTER_OTLP_HEADERS (the gateway will pick it up as a fallback).

Impact Assessment

• Risk: Low–Medium — guard policy now classifies new tools that GitHub MCP Server v1.0.5 introduces; without this bump, those new tools would be unclassified by DIFC.
• Affects: every generated workflow whose sandbox.agent resolves to the default ghcr.io/github/gh-aw-mcpg image.
• Migration: constant + lock file regeneration; no consumer-facing API changes.

Package Links

• Repository: https://github.com/github/gh-aw-mcpg
• Release Notes: https://github.com/github/gh-aw-mcpg/releases/tag/v0.3.12
• Compare: github/gh-aw-mcpg@v0.3.9...v0.3.12
• Docker Image: ghcr.io/github/gh-aw-mcpg:v0.3.12

---

Recommendations

• Order matters: bump DefaultGitHubMCPServerVersion (v1.0.5) and DefaultMCPGatewayVersion (v0.3.12) together — the MCPG v0.3.11 guard-policy update is the prerequisite for safely exposing the new GitHub MCP tools (list_repository_collaborators, discussion-comment-write).
• Bundle Claude Code, Copilot, Codex in a separate PR from the MCPG/GitHub-MCP pair so the container-SHA recompile churn does not mix with NPM-only constant updates.
• After bumping MCPG, run make build && make recompile && make recompile twice as documented; verify lock files reference the new digest.
• Validate next CI run on a workflow that exercises both engines (Claude + Copilot + Codex) and at least one workflow using the new github MCP tools.
• Close or rebase Bump firewall to v0.25.47 and mcpg to v0.3.10 #32502 — its MCPG target (v0.3.10) is now stale.

References:

• §26080697468

Generated by 🔢 CLI Version Checker · ● 11M · ◷

• expires on May 21, 2026, 6:43 AM UTC