We’re seeing cases across multiple releases where downloading a Copilot CLI binary from a tagged GitHub release appears to yield a binary that reports, and may actually be, a different newer CLI version than the selected tag. This causes compatibility issues with the pinned CLI version in the Copilot SDK. I originally observed this on macOS, and a colleague reproduced the same behavior on Windows.
Filed a sibling issue of this in the CLI repo (github/copilot-cli#2588), but also filing this here in the SDK repo because it has direct downstream impact here, although the root cause appears to be in Copilot CLI release packaging/versioning.
One concrete example is release v1.0.12
- On macOS, downloading the
v1.0.12 asset and running the extracted binary directly from a temporary directory reports GitHub Copilot CLI 1.0.20
- A colleague reproduced the same behavior on Windows
Why this matters for the SDK
This makes SDK version pinning and compatibility validation unreliable.
If an SDK integration depends on a fix, behavior change, or API that is tied to a specific CLI version, users may believe they are testing or deploying against CLI vX.Y.Z while actually running a different build. That can lead to hard-to-explain regressions and production issues.
We’ve already seen this affect one of our production tools built on the Copilot SDK, where behavior changed unexpectedly because the downloaded Copilot CLI appeared to behave like a newer version than the selected release. More generally, when a fix is expected in a specific release—such as the unknown hook fix referenced in v0.2.2-preview.0—being unable to trust the resolved CLI version makes it difficult to validate that the expected fix is actually present.
Expected
When an SDK integration pins or selects Copilot CLI vX.Y.Z, the downloaded and executed CLI should actually be X.Y.Z and provide the behavior, fixes, and API surface expected for that version. SDK consumers should be able to validate compatibility reliably against the chosen CLI version.
Actual
In at least some cases, selecting or downloading Copilot CLI vX.Y.Z yields a binary that identifies as a different version and appears to behave like a newer release. That makes SDK compatibility testing, fix validation, and production version pinning unreliable.
Note
This may ultimately need to be fixed in the CLI release pipeline rather than in the SDK itself, but we wanted to report it here because it directly affects SDK consumers that need reliable CLI version pinning.
We’re seeing cases across multiple releases where downloading a Copilot CLI binary from a tagged GitHub release appears to yield a binary that reports, and may actually be, a different newer CLI version than the selected tag. This causes compatibility issues with the pinned CLI version in the Copilot SDK. I originally observed this on macOS, and a colleague reproduced the same behavior on Windows.
Filed a sibling issue of this in the CLI repo (github/copilot-cli#2588), but also filing this here in the SDK repo because it has direct downstream impact here, although the root cause appears to be in Copilot CLI release packaging/versioning.
One concrete example is release
v1.0.12v1.0.12asset and running the extracted binary directly from a temporary directory reportsGitHub Copilot CLI 1.0.20Why this matters for the SDK
This makes SDK version pinning and compatibility validation unreliable.
If an SDK integration depends on a fix, behavior change, or API that is tied to a specific CLI version, users may believe they are testing or deploying against CLI
vX.Y.Zwhile actually running a different build. That can lead to hard-to-explain regressions and production issues.We’ve already seen this affect one of our production tools built on the Copilot SDK, where behavior changed unexpectedly because the downloaded Copilot CLI appeared to behave like a newer version than the selected release. More generally, when a fix is expected in a specific release—such as the
unknown hookfix referenced inv0.2.2-preview.0—being unable to trust the resolved CLI version makes it difficult to validate that the expected fix is actually present.Expected
When an SDK integration pins or selects Copilot CLI
vX.Y.Z, the downloaded and executed CLI should actually beX.Y.Zand provide the behavior, fixes, and API surface expected for that version. SDK consumers should be able to validate compatibility reliably against the chosen CLI version.Actual
In at least some cases, selecting or downloading Copilot CLI
vX.Y.Zyields a binary that identifies as a different version and appears to behave like a newer release. That makes SDK compatibility testing, fix validation, and production version pinning unreliable.Note
This may ultimately need to be fixed in the CLI release pipeline rather than in the SDK itself, but we wanted to report it here because it directly affects SDK consumers that need reliable CLI version pinning.