GitHub Copilot CLI 1.0.40: Headless MCP Auth, Smarter Subagents, and Autopilot Limits

GitHub Copilot CLI 1.0.40 shipped on May 1 with a few targeted improvements. None of them are the kind of splashy feature you’d write a blog post about on their own, but taken together they address real rough edges in the current workflow.

Headless MCP Authentication

The most technically interesting change: MCP servers now support the client_credentials OAuth grant type. This enables fully headless authentication without requiring a browser.

The standard OAuth flow that MCP servers use today requires a browser redirect, which breaks in CI environments, Docker containers, and automated pipelines. client_credentials lets a server authenticate by presenting a client ID and secret directly, without any human interaction. If you’re running Copilot CLI in a non-interactive environment with MCP servers that need auth, this is what you’ve been waiting for.

Subagents Now Evaluate Their Own Model

A subtle but important fix: subagents now evaluate tool search support based on their own model rather than inheriting the parent session’s settings.

This matters because Copilot CLI supports multiple models, and not all of them handle tool-search the same way. Before this fix, a subagent running on a different model would use the parent session’s tool-search configuration, which could either expose capabilities the subagent’s model doesn’t support or suppress ones it does. The fix means subagents behave correctly relative to what their actual model can do.

Autopilot Gets a Default Cap

Autopilot mode now limits continuation messages to 5 by default. You can change this with --max-autopilot-continues.

Before this, autopilot would continue indefinitely, which was fine until it wasn’t: an agent chasing a task that couldn’t be resolved cleanly would just keep going. The 5-message default gives you a stopping point to review progress before committing more context and tokens. It’s a conservative default — most legitimate autopilot tasks finish well under five turns — but it prevents the runaway case.

Other Changes

Switching sessions with /new or /resume no longer carries over pending messages to the new session. This was an awkward edge case where a message typed before switching would end up in the new context.

Prompt mode (-p) now gates repo hooks and workspace MCP behind opt-in environment variables (GITHUB_COPILOT_PROMPT_MODE_REPO_HOOKS and GITHUB_COPILOT_PROMPT_MODE_WORKSPACE_MCP). The default is to not load them, making prompt mode more predictable for scripted or CI use.

/research now uses an orchestrator/subagent architecture internally. The practical effect is more reliable deep research results — the orchestrator coordinates multiple subagent passes rather than doing everything in a single context.

Bug Fixes

PR branch decoration now displays correctly in the footer regardless of how long the model name is (some newer model names were causing the footer to wrap or clip). /clear and /new reset the active custom agent selection. The CLI was hanging at 100% CPU when sending large file attachments — that’s fixed.

---

Sources: Copilot CLI releases, Copilot CLI changelog