[ca] Update CLI tools: Claude Code 2.1.4, Copilot 0.0.377, Codex 0.80.0, Sandbox Runtime 0.0.26, Playwright MCP 0.0.55, MCP Gateway v0.0.26

[github-actions]

This issue tracks the update of 6 CLI tools and packages to their latest versions.

Summary of Updates

Package	Previous	New	Type	Risk Level
Claude Code	2.1.1	2.1.4	3 patches	Low
Copilot CLI	0.0.376	0.0.377	1 patch	Low
Codex	0.79.0	0.80.0	Minor	Medium
Sandbox Runtime	0.0.25	0.0.26	1 patch	Low
Playwright MCP	0.0.54	0.0.55	1 patch	Low
MCP Gateway	v0.0.24	v0.0.26	2 patches	Low

No updates needed:

• GitHub MCP Server: v0.27.0 (up to date)
• Playwright Browser: v1.57.0 (up to date)

---

1. Update Claude Code (2.1.1 → 2.1.4)

Release Timeline:

• v2.1.2: 2026-01-08
• v2.1.3: 2026-01-09
• v2.1.4: 2026-01-10

Changes Detected:

• Breaking Changes: None
• New Features: None detected via CLI help
• Bug Fixes: Minor patch releases (no detailed changelog available)
• CLI Changes Detected:
  • --continue flag description updated: "Continue the most recent conversation" → "Continue the most recent conversation in the current directory" (adds context about working directory scope)
  • --disable-slash-commands description updated: "Disable all slash commands" → "Disable all skills" (terminology change from "slash commands" to "skills")

Impact Assessment:

• Risk Level: Low
• Affected Features: Session continuation behavior now explicitly scoped to current directory
• Migration Required: No

Package Links:

• NPM Package: https://www.npmjs.com/package/@anthropic-ai/claude-code
• No public repository available

---

2. Update Copilot CLI (0.0.376 → 0.0.377)

Release Timeline:

• v0.0.377: 2026-01-08

Changes Detected:

• Breaking Changes: None
• New Features: None detected via CLI help
• Bug Fixes: Patch release (no detailed changelog available)
• CLI Changes: No changes detected in main help or subcommand help outputs
• Subcommand Changes: None detected (config and environment help outputs identical)

Impact Assessment:

• Risk Level: Low
• Affected Features: None identified
• Migration Required: No

Package Links:

• NPM Package: https://www.npmjs.com/package/@github/copilot
• Repository: https://github.com/github/copilot-cli (may be private)

Note: Copilot CLI repository may be private. Analysis based on NPM metadata and CLI help output comparison.

---

3. Update Codex (0.79.0 → 0.80.0)

Release Timeline:

• v0.80.0: 2026-01-09

Release Highlights (from GitHub)

New Features:

• Conversation/Thread Forking: Added endpoints to branch sessions into new threads
• Requirements Exposure: Clients can now read requirements.toml via requirement/list to adjust agent-mode UX
• Metrics Capabilities: Introduced observability counters
• Elevated Sandbox Onboarding: Added upgrade/degraded mode prompts and /elevate-sandbox command
• Explicit Skill Invocations: Enable skill calls through v2 API user input

Bug Fixes:

• Environment Variable Inheritance: Fixed CLI subprocesses to properly inherit LD_LIBRARY_PATH/DYLD_LIBRARY_PATH, resolving "10x+ performance regressions" for GPU operations (critical performance fix)
• Review Command: /review <instructions> now correctly launches review flow in TUI
• Patch Approval Persistence: "Allow this session" now applies to previously approved files
• Model Upgrade Prompts: Appears even when current model is hidden from picker
• Windows Paste Handling: Supports non-ASCII multiline input reliably
• Git Path Parsing: Correctly handles quoted/escaped paths and /dev/null

Documentation Updates:

• App-server README documents skills support
• Skill-creator docs clarify YAML formatting and quoting

Merged Pull Requests

Key PRs from release notes:

• feat: fork conversation/thread openai/codex#8866 (Thread forking)
• Feat: appServer.requirementList for requirement.toml openai/codex#8800 (Requirements exposure)
• feat: metrics capabilities openai/codex#8318 (Metrics capabilities)
• feat: add a few metrics openai/codex#8910 (Metrics capabilities)
• Elevated sandbox NUX openai/codex#8789 (Elevated sandbox)
• Support UserInput::Skill in V2 API. openai/codex#8864 (Explicit skill invocations)
• fix: remove existing process hardening from Codex CLI openai/codex#8951 (Environment variable fix - performance)
• fix: handle /review arguments in TUI openai/codex#8823 (Review command fix)
• fix: implement 'Allow this session' for apply_patch approvals openai/codex#8451 (Patch approval persistence)
• Enable model upgrade popup even when selected model is no longer in picker openai/codex#8802 (Model upgrade prompts)
• fix: windows can now paste non-ascii multiline text openai/codex#8774 (Windows paste handling)
• fix: parse git apply paths correctly openai/codex#8824 (Git path parsing)
• [chore] update app server doc with skills openai/codex#8853 (Documentation)
• Clarify YAML frontmatter formatting in skill-creator openai/codex#8610 (Documentation)

31 total commits included in this release.

Impact Assessment:

• Risk Level: Medium
• Affected Features:
  • Session management (thread forking)
  • Requirements introspection
  • Performance improvements for GPU operations
  • Sandbox elevation capabilities
• Migration Required: No, but new capabilities available
• Performance Impact: Positive - fixes 10x+ performance regression for GPU operations

Package Links:

• NPM Package: https://www.npmjs.com/package/@openai/codex
• Repository: https://github.com/openai/codex
• Release Notes: https://github.com/openai/codex/releases/tag/rust-v0.80.0

---

4. Update Sandbox Runtime (0.0.25 → 0.0.26)

Release Timeline:

• v0.0.26: 2026-01-08

Changes Detected:

• Breaking Changes: None
• New Features: None detected
• Bug Fixes: Patch release (no detailed changelog available)
• Security: None identified

Impact Assessment:

• Risk Level: Low
• Affected Features: None identified
• Migration Required: No

Package Links:

• NPM Package: https://www.npmjs.com/package/@anthropic-ai/sandbox-runtime
• Repository: https://github.com/anthropic-experimental/sandbox-runtime

---

5. Update Playwright MCP (0.0.54 → 0.0.55)

Release Timeline:

• v0.0.55: 2026-01-09

Changes Detected:

• Breaking Changes: None
• New Features:
  • Added --allow-unrestricted-file-access flag: Allows access to files outside workspace roots and unrestricted access to file:// URLs. By default, file system access is restricted to workspace root directories only.
• Bug Fixes: None identified
• CLI Changes: New flag for file system access control

Impact Assessment:

• Risk Level: Low
• Affected Features: File system access control - new opt-in capability
• Migration Required: No - feature is opt-in via new flag

Package Links:

• NPM Package: https://www.npmjs.com/package/@playwright/mcp
• Repository: https://github.com/microsoft/playwright

---

6. Update MCP Gateway (v0.0.24 → v0.0.26)

Release Timeline:

• v0.0.25: 2026-01-11
• v0.0.26: 2026-01-11

v0.0.26 Changes

Focus: Enhanced observability through comprehensive RPC message logging

Key Changes:

• Added RPC message logging with privacy-preserving payload preview
• Implements dual format logging (text and markdown)
• Automatically filters sensitive data from logs

PR References:

• Add RPC message logging with privacy-preserving payload preview gh-aw-mcpg#158

Docker: ghcr.io/githubnext/gh-aw-mcpg:v0.0.26

v0.0.25 Changes

Focus: Documentation improvements and developer experience enhancements

Key Changes:

• Documented the MCP_GATEWAY_LOG_DIR environment variable with usage examples
• Clarified configuration precedence hierarchy
• Improved automated workflows to create draft pull requests
• Ongoing work on /health endpoint specification compliance

PR References:

• Document MCP_GATEWAY_LOG_DIR environment variable gh-aw-mcpg#155
• Configure workflows to create draft PRs and process single files gh-aw-mcpg#156
• [WIP] Review health endpoints for compliance with MCP gateway specs gh-aw-mcpg#157

Docker: ghcr.io/githubnext/gh-aw-mcpg:v0.0.25

Impact Assessment:

• Risk Level: Low
• Affected Features: Logging and observability improvements
• Migration Required: No
• Benefits: Better debugging capabilities with privacy-preserving logs

Package Links:

• Repository: https://github.com/githubnext/gh-aw-mcpg
• Release Notes v0.0.26: https://github.com/githubnext/gh-aw-mcpg/releases/tag/v0.0.26
• Release Notes v0.0.25: https://github.com/githubnext/gh-aw-mcpg/releases/tag/v0.0.25
• Docker Image: ghcr.io/githubnext/gh-aw-mcpg:v0.0.26

---

Testing Recommendations

1. Codex (Medium Risk):

   • Test thread forking functionality
   • Verify GPU performance improvements if applicable
   • Test elevated sandbox features

2. All Other Updates (Low Risk):

   • Standard smoke testing should be sufficient
   • Verify CLI help outputs match expected behavior

Files Modified

• pkg/constants/constants.go - Updated version constants
• All .lock.yml workflow files regenerated with new versions (118 workflows)

Implementation Status

✅ Constants updated
✅ Workflows recompiled successfully
✅ All changes verified

Next Steps

• Merge this update
• Monitor for any issues post-deployment
• Consider testing Codex thread forking and elevated sandbox features

AI generated by CLI Version Checker

[pelikhan]

Playwright:

Enable Added --allow-unrestricted-file-access flag: Allows access to files

Claude:

Use flags for Disable all skills, disable all slash commands