[ca] Update CLI Tools and MCP Servers - 5 Version Updates (2026-01-23)

[github-actions]

Summary

Five CLI tools and MCP servers have new versions available. This issue tracks the updates for:

1. Claude Code: 2.1.15 → 2.1.18 (3 versions)
2. Copilot CLI: 0.0.389 → 0.0.393 (4 versions)
3. Codex: 0.88.0 → 0.89.0 (1 version)
4. Playwright Browser: v1.57.0 → v1.58.0 (1 version)
5. Sandbox Runtime: 0.0.29 → 0.0.32 (3 versions)

Status: Constants updated in pkg/constants/constants.go (see commit). Requires make recompile to regenerate workflow lock files.

---

1. Update Claude Code CLI

• Previous: 2.1.15 → New: 2.1.18
• Timeline: 2.1.16 and 2.1.17 released 2026-01-22, 2.1.18 available 2026-01-23
• Breaking Changes: None detected
• New Features: Unknown (no public release notes available)
• Bug Fixes: Unknown (no public release notes available)
• Security: None identified
• CLI Discovery: Unable to test (read-only filesystem in workflow environment)
• Impact: Risk Low - patch version bumps, likely bug fixes and minor improvements
• Migration: No migration needed

Package Links

• NPM Package: https://www.npmjs.com/package/`@anthropic-ai/claude-code`
• Repository: Not publicly available

Notes

• Claude Code does not have a public GitHub repository
• Release notes are not available via NPM metadata
• Version increment pattern (2.1.15 → 2.1.18) suggests incremental patches
• Unable to install and compare CLI help output due to read-only filesystem

---

2. Update GitHub Copilot CLI

• Previous: 0.0.389 → New: 0.0.393
• Timeline: 0.0.390-0.0.393 all released 2026-01-23 (same day batch release)
• Breaking Changes: None
• New Features:
  • Plugin marketplace management (/plugin command)
  • Session rename alias (/rename command)
  • Plugin update capability (/plugin update)
  • Enhanced diff display in edit tool timeline
  • Snapshot undo feature (Esc-Esc to undo file changes)
  • GHE Cloud support for remote custom agents (*.ghe.com)
• Bug Fixes:
  • Fixed plugin uninstall functionality
  • Memory loading no longer generates warnings outside Git repositories
• Security: None identified
• CLI Discovery: Unable to test (read-only filesystem)
• Subcommand Changes: None detected (would need CLI access to verify)
• Impact: Risk Low - new features and bug fixes, no breaking changes
• Migration: No migration needed

Release Highlights (from GitHub)

v0.0.393 (January 23, 2026)

• Conversation compaction status displayed as timeline messages instead of header indicator
• Memory loading improvement for non-Git contexts
• GHE Cloud support for remote custom agents
• Plugin uninstall fix
• MCP server and tool names exposed in tool.execution_start events for error handling
• Snapshot undo feature (Esc-Esc)

Repository: https://github.com/github/copilot-cli
Commit: 7b4edbe0cd150d8834d28e61a551403478d555f9

v0.0.392 (January 22, 2026)

• Plugin marketplace management (/plugin command)
• Session rename alias (/rename)
• Plugin update command (/plugin update)
• Enhanced diff display in edit tool timeline

v0.0.390 (January 22, 2026)

• Preserve extended thinking after compaction
• Custom agents with MCP servers avoid unnecessary restarts (performance improvement)
• Enable steering during plan mode

Commit: 8409aaf4e4badeda53e7d6540c4acbf981f9c948

Package Links

• NPM Package: https://www.npmjs.com/package/`@github/copilot`
• Repository: https://github.com/github/copilot-cli (now public!)
• Release Notes: https://github.com/github/copilot-cli/releases

Notes

• Repository Status: The Copilot CLI repository is now publicly accessible (previously private/inaccessible)
• Repository Stats: 7.1k stars, 950 forks, 495 open issues, 19 contributors
• All four versions (0.0.390-0.0.393) were released on the same day
• Focus on plugin management, session handling, and performance improvements

---

3. Update OpenAI Codex CLI

• Previous: 0.88.0 → New: 0.89.0
• Timeline: Single version update released 2026-01-23
• Breaking Changes: TUI2 experiment removed (consolidated on terminal-native UI)
• New Features:
  • Permissions command (/permissions) with streamlined approval workflow
  • /approvals maintained for backward compatibility
  • Skill management UI to toggle individual skills on/off
  • Enhanced command selection with prioritized exact/prefix matching over fuzzy matching
  • App server threading support (thread/read, archived thread filtering)
  • Layered config resolution with computed effective config capability
  • Config schema publishing with stable URL in release artifacts
• Bug Fixes:
  • Fixed tilde expansion preventing HOME escape on paths like ~//...
  • TUI turn timing now resets between assistant messages for accurate elapsed time
• Security: None identified
• CLI Discovery: Unable to test (read-only filesystem)
• Impact: Risk Low - new features with backward compatibility, one UI consolidation
• Migration: Users of TUI2 experiment will automatically use terminal-native UI

Release Highlights (from GitHub)

New Features

• Permissions Command: Introduced /permissions with streamlined approval workflow while maintaining /approvals for backward compatibility (feat(tui) /permissions flow openai/codex#9561)
• Skill Management UI: Added interface to toggle individual skills on/off (Add UI for skill enable/disable. openai/codex#9627)
• Enhanced Command Selection: Improved slash-command matching by prioritizing exact and prefix matches over fuzzy matching (feat: better sorting of shell commands openai/codex#9629)
• App Server Threading: Added thread/read support and archived thread filtering in thread/list (feat(app-server): thread/read API openai/codex#9569, feat(app-server): support archived threads in thread/list openai/codex#9571)
• Layered Config Resolution: App server now supports layered config.toml resolution with computed effective config capability (Add layered config.toml support to app server openai/codex#9510)
• Config Schema Publishing: Release artifacts include stable URL for published config schema (feat: publish config schema on release openai/codex#9572)

Bug Fixes

• Fixed tilde expansion preventing HOME escape on paths like ~//... (fix: Fix tilde expansion to avoid absolute-path escape openai/codex#9621)
• TUI turn timing now resets between assistant messages for accurate elapsed time (fix(tui) turn timing incremental openai/codex#9599)

Notable Changes

• Removed TUI2 experiment, consolidating on terminal-native UI (feat(tui): retire the tui2 experiment openai/codex#9640)

Package Links

• NPM Package: https://www.npmjs.com/package/`@openai/codex`
• Repository: https://github.com/openai/codex
• Release Notes: https://github.com/openai/codex/releases
• Specific Release: https://github.com/openai/codex/releases/tag/rust-v0.89.0

---

4. Update Playwright Browser

• Previous: v1.57.0 → New: v1.58.0
• Timeline: Single version update released 2026-01-23
• Breaking Changes:
  • Removed _react and _vue selectors (use locators guide for alternatives)
  • Removed :light selector engine suffix (use standard CSS selectors)
  • Removed devtools option from browserType.launch() (use args: ['--auto-open-devtools-for-tabs'])
  • Dropped macOS 13 support for WebKit
• New Features:
  • Timeline tab in HTML Reports for merged reports across multiple environments
  • System theme option for UI Mode and Trace Viewer (adapts to OS preferences)
  • Search functionality (Cmd/Ctrl+F) in code editors
  • Reorganized network details panel
  • Auto-formatted JSON responses
  • CDP connection optimization with isLocal option for file system optimizations
• Bug Fixes: None specifically mentioned
• Security: None identified
• Impact: Risk Medium - breaking changes require code updates for selector usage
• Migration: Yes - update selector usage (remove _react, _vue, :light), update devtools launch options

Release Highlights (from GitHub)

Major Features

• Timeline in HTML Reports: Merged reports feature displays Timeline tab in HTML report Speedboard for visual test execution insights
• UI Mode and Trace Viewer Enhancements:
  • System theme option adapting to OS dark/light preferences
  • Search functionality (Cmd/Ctrl+F) in code editors
  • Reorganized network details panel
  • Auto-formatted JSON responses
  • Credit: @cpAdm
• CDP Connection Optimization: browserType.connectOverCDP() accepts isLocal option for file system optimizations when CDP server runs locally

Breaking Changes ⚠️

• Removed _react and _vue selectors (consult (redacted) for alternatives)
• Removed :light selector engine suffix (use standard CSS selectors)
• Removed devtools option from browserType.launch() (use args: ['--auto-open-devtools-for-tabs'])
• Dropped macOS 13 support for WebKit

Browser Versions

• Chromium 145.0.7632.6
• Mozilla Firefox 146.0.1
• WebKit 26.0

Package Links

• NPM Package: https://www.npmjs.com/package/playwright
• Repository: https://github.com/microsoft/playwright
• Release Notes: https://github.com/microsoft/playwright/releases
• Specific Release: https://github.com/microsoft/playwright/releases/tag/v1.58.0
• Docker Image: mcr.microsoft.com/playwright:v1.58.0

Notes

• This update includes breaking changes that may affect existing test code
• Selector migration required for _react, _vue, and :light usage
• WebKit users on macOS 13 cannot use this version

---

5. Update Anthropic Sandbox Runtime

• Previous: 0.0.29 → New: 0.0.32
• Timeline: 0.0.30, 0.0.31, 0.0.32 released 2026-01-23 (same day)
• Breaking Changes: Unknown
• New Features: Unknown
• Bug Fixes: Unknown
• Security: Unknown
• Impact: Risk Low - patch version increments suggest bug fixes
• Migration: Unknown - no release notes available

Package Links

• NPM Package: https://www.npmjs.com/package/`@anthropic-ai/sandbox-runtime`
• Repository: https://github.com/anthropic-experimental/sandbox-runtime
• Release Notes: Not available (no GitHub releases published)

Notes

• Anthropic Sandbox Runtime does not publish GitHub releases
• All metadata must be inferred from NPM
• Package description: "Anthropic Sandbox Runtime (ASRT) - A general-purpose tool for wrapping security boundaries around arbitrary processes"
• Three versions released on same day suggests coordinated bug fix batch

---

Action Items

Completed

• Updated pkg/constants/constants.go with new versions
• Documented all version changes and release notes
• Saved version check results to cache

Required

• Run make recompile to regenerate workflow lock files
• Commit changes to constants.go
• Test updated CLIs in workflow environment
• Verify Playwright Browser breaking changes don't affect existing workflows
• Monitor for any issues with Copilot CLI plugin features

Recommendations

• Priority High: Playwright Browser breaking changes should be tested
• Priority Medium: Copilot CLI new features (plugins, snapshots) may enhance workflows
• Priority Low: Codex permissions and skill management features for future exploration

---

Technical Details

Constants Updated

DefaultClaudeCodeVersion:        "2.1.15" → "2.1.18"
DefaultCopilotVersion:           "0.0.389" → "0.0.393"
DefaultCodexVersion:             "0.88.0" → "0.89.0"
DefaultPlaywrightBrowserVersion: "v1.57.0" → "v1.58.0"
DefaultSandboxRuntimeVersion:    "0.0.29" → "0.0.32"

File Modified

• pkg/constants/constants.go

Next Steps

1. Run make recompile in local development environment
2. Review generated workflow changes
3. Commit and push changes
4. Monitor workflow runs for any compatibility issues

Cache Location

Version check results saved to:

• /tmp/gh-aw/cache-memory/version-check-2026-01-23.json

---

Generated by: CLI Version Checker workflow
Workflow Run: https://github.com/githubnext/gh-aw/actions/runs/21298076171
Date: 2026-01-23

AI generated by CLI Version Checker