Bump default agentic tool pins (Claude, Copilot, Codex, GitHub MCP, Playwright Browser)#32351
Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Updates the repository’s default pinned versions for several agentic tools (Claude Code, Copilot CLI, Codex, GitHub MCP Server, Playwright browser) and refreshes WASM golden compiler fixtures so generated workflow output matches the new defaults.
Changes:
- Bumped five default tool/version pins in
pkg/constants/version_constants.go. - Updated affected WASM golden workflow outputs to reflect the new Copilot CLI version and GitHub MCP Server image tag.
- Added a patch changeset documenting the default pin updates.
Show a summary per file
| File | Description |
|---|---|
pkg/constants/version_constants.go |
Bumps default pinned versions for multiple CLIs/images. |
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden |
Updates expected compiled workflow output for new Copilot + GitHub MCP Server pins. |
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden |
Updates expected compiled workflow output for new Copilot + GitHub MCP Server pins. |
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/playwright-cli-mode.golden |
Updates expected compiled workflow output for new Copilot + GitHub MCP Server pins. |
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden |
Updates expected compiled workflow output for new Copilot + GitHub MCP Server pins. |
.changeset/patch-update-agentic-cli-tools-20260515.md |
Records the default pin bumps as a patch release note. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 6/6 changed files
- Comments generated: 1
| // DefaultCopilotVersion is the default version of the GitHub Copilot CLI. | ||
| // | ||
| // When unpinning or upgrading this version, verify: | ||
| // - MCPs are not blocked from loading (tools.mcp configuration still works end-to-end) | ||
| // - /models does not silently fail on PATs (check that model listing works with PAT auth) | ||
| const DefaultCopilotVersion Version = "1.0.43" | ||
| const DefaultCopilotVersion Version = "1.0.48" |
|
✅ Smoke OTEL — OTEL telemetry verified |
|
💫 TO BE CONTINUED... Smoke Claude failed to deliver outputs! Our hero faces unexpected challenges... |
|
🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧 |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
✅ Smoke OTEL Backends completed successfully! |
|
🚀 Smoke Gemini MISSION COMPLETE! Gemini has spoken. ✨ Caution Security scanning requires review for Smoke Gemini DetailsThe threat detection results could not be parsed. The workflow output should be reviewed before merging. Review the workflow run logs for details. |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
Agent Container Tool Check
Result: 12/12 tools available ✅ Overall Status: PASS
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Skills-Based Review 🧠
Applied /zoom-out — this is a maintenance/version-bump PR, so the key question is whether the changes fit the architecture and verification procedures consistently.
Key Observation
The DefaultCopilotVersion constant carries an explicit upgrade checklist comment (lines 39–41):
// When unpinning or upgrading this version, verify:
// - MCPs are not blocked from loading (tools.mcp configuration still works end-to-end)
// - /models does not silently fail on PATs (check that model listing works with PAT auth)This PR jumps 5 minor versions (1.0.43 → 1.0.48). The PR description doesn't explicitly confirm these two checks were performed. If they were — great, a quick note in the PR body (or a comment on the constant) would close the loop. If not, they're worth a pass before merging.
Positive Highlights
- ✅ Version bumps are isolated to a single source-of-truth file (
version_constants.go) — correct pattern - ✅ Golden fixtures are faithfully regenerated; changes are pure version-string propagation with no unexpected diff
- ✅ Changeset entry is present and accurate
- ✅ Playwright, Playwright MCP/CLI, and MCP Gateway are intentionally left unchanged — scoping is clear and well-explained
Verdict
Approving — the change is well-structured and low-risk. One soft suggestion: confirm the Copilot CLI upgrade checklist (MCP loading + PAT model listing) was verified and optionally note it in the PR description.
🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · ● 3.3M
|
Caution Security scanning requires review for Smoke Gemini DetailsThe threat detection results could not be parsed. The workflow output should be reviewed before merging. Review the workflow run logs for details. Smoke Test Results\n- GitHub MCP: ✅\n- Web Fetch: ✅\n- File Writing: ✅\n- Bash Tool: ✅\n- Build gh-aw: ❌\n\nOverall Status: FAILWarning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
|
Smoke Test Codex 25918800929: FAIL Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Smoke Test: Claude — Run 25918800860Core #1–#12: ✅ all Overall: PASS (§25918800860) Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal!
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
💥 [THE END] — Illustrated by Smoke Claude · ● 4M
✨ Enhancement
Five pinned tool versions in
pkg/constants/version_constants.gowere behind current stable releases. This updates those defaults and aligns golden compiler fixtures that assert emitted workflow content against the new pins, while leaving Playwright MCP/CLI and MCP Gateway unchanged.What does this improve?
2.1.141 → 2.1.1421.0.43 → 1.0.480.129.0 → 0.130.0v1.0.3 → v1.0.4v1.59.1 → v1.60.0Why is this valuable?
Implementation approach:
pkg/constants/version_constants.gofor the five target constants only.ariaRef,videosPath,videoSize, deprecatedexposeBinding/connectoptions) before bumping browser tag.pkg/workflow/testdata/TestWasmGolden_CompileFixtures/*.golden.changeset/patch-update-agentic-cli-tools-20260515.md.Changeset
✨ PR Review Safe Output Test - Run 25918800860
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.comSee Network Configuration for more information.