Copilot CLI 1.0.55 Puts Token Accounting, MCP Usage, and Bypass Controls in the Terminal

Copilot CLI 1.0.55 is the release where agent cost stops being a billing surprise and starts becoming a terminal feature. That sounds unromantic because it is. The next useful wave of coding-agent tooling is not another prompt box. It is the boring ability to see what the agent consumed, which tools inflated the context, which permissions were bypassed, which skills won precedence, and whether the organization allowed the remote-control path in the first place.

The May 28 Copilot CLI release is dense: token-based billing restrictions, reasoning-token reporting, per-MCP-server token usage, MCP tool-token breakout, recursive custom-agent and skill discovery, a setting to disable bypass/yolo mode, remote-session policy warnings, hook progress streaming, session-mounted plugin directories, extension diagnostics, and /autopilot <objective>. The follow-up 1.0.56-0 patch persists context-window tier selection in session events, clarifies trusted-folder permission memory, and fixes remote session URLs to use the real repository owner/name.

That is a lot of plumbing. It is also the right plumbing. Agentic coding gets expensive and risky in exactly the places this release makes visible: tool context, reasoning effort, permission bypass, remote sessions, plugins, skills, and long-running hooks.

MCP token usage is the cost graph teams were missing

The most important feature is /mcp showing per-MCP-server token usage, paired with /context breaking out MCP tool tokens. Once MCP enters the loop, a session’s cost is no longer simply “the model generated code.” It becomes a graph of tool schemas, tool results, context packing, retries, reasoning tokens, and whatever external systems the agent asked to read.

That distinction matters. A coding agent may call a docs MCP server, an issue tracker, a repo search service, a CI log tool, a package index, and an observability backend before touching a file. Each server can contribute useful context or a truckload of irrelevant text. Without per-server accounting, teams cannot tell whether the agent was expensive because the task was hard, the model reasoned heavily, a tool returned too much, or a schema was bloated beyond usefulness.

Per-MCP accounting also changes how teams should design tools. If a server’s responses consistently dominate context, shorten them. Split broad tools into narrower read APIs. Add pagination. Mark read-only tools clearly. Return identifiers and summaries before dumping full logs. MCP tool design is now cost design. The token meter is not just finance telemetry; it is API feedback.

Reasoning-token reporting matters for the same reason. The release notes say session usage summaries now show Claude thinking/reasoning tokens, and reasoning token count is shown to all users. That gives engineering teams a way to compare task classes instead of arguing from vibes. Did the agent solve the task because it used a better model, because it spent more reasoning tokens, because it loaded more context, or because the task was simpler than expected? You cannot optimize what the CLI hides.

The Free and Student plan restriction to Auto model selection under token-based billing is another signal. Model choice is becoming a policy and billing-control surface, not merely a taste preference. Teams should expect more routing constraints: approved models by repo, context-window tiers by task, credit limits by workspace, and fallbacks that trade capability for spend. The response should be documentation, not surprise. Write down which model routes are approved for code review, refactors, tests, migrations, and exploratory debugging.

Bypass mode belongs in demos, not shared defaults

The new permissions.disableBypassPermissionsMode setting is quietly one of the safest changes in the release. Allow-all/yolo mode is attractive because approval prompts are annoying. It is also exactly how a coding agent becomes an unreviewed shell session with a language model attached. In a shared repository, bypass should be an explicitly governed exception, not a developer convenience that leaks into automation.

Disabling bypass mode does not make agents safe by itself. It needs to sit beside trusted-folder policy, named permission profiles, hook logs, and reviewable diffs. But it gives organizations a lever. If a repository contains production-adjacent code, deployment scripts, secrets-adjacent config, or customer-impacting migrations, the default should be “ask before acting,” not “ship first, explain later.”

Remote-session policy warnings fit the same pattern. When remote-controlled sessions are disabled by organization policy, the CLI now says so more helpfully. That is not just nicer copy. It tells the developer whether a failure is local setup, product limitation, or governance. Without that clarity, people route around policy because they think the tool is broken. Good governance surfaces the rule at the moment it matters.

Hook progress streaming is another trust feature masquerading as UX. Long-running hooks often run tests, linters, scanners, builds, codegen, or policy checks. If they emit nothing, users assume the agent is stuck and cancel them. Streaming progress into the timeline turns the hook into part of the session artifact: what ran, how long it took, where it failed. That is useful for debugging and for postmortems.

Skills are dependencies, even when they are Markdown

Copilot CLI also tightens the skills and plugin story. Custom agents and skills are discovered recursively in subdirectories. --plugin-dir skills now take precedence over personal-home skills, with ordering project > plugin-dir > personal > custom. SDK clients can mount Open Plugins-format directories per session through pluginDirectories on session.create and session.resume.

That ordering is sane because project policy should beat personal convenience. A developer’s private helper skill should not silently override a repo’s release checklist or security review behavior. Session-mounted plugin directories are also the right primitive for reproducible agent environments. A task can get the capabilities it needs without inheriting every experimental skill on the user’s machine.

But this only works if teams treat skills and plugins like dependencies. Pin plugin sources. Review skill content. Avoid duplicate names unless the precedence is intentional. Do not mount broad personal skill folders into SDK-driven automation. Keep project skills under code review. Markdown stops being “just docs” when an agent reads it as operational behavior.

The new /autopilot <objective> command is useful in that context. A persistent objective gives the session a clearer target, and the /goal alias aligns with the vocabulary other agent runtimes are adopting. But an objective is not a test. Agents can optimize toward a written goal and still produce an unsafe or incomplete diff. Pair objectives with hook progress, MCP token inspection, permission prompts, CI, and human review.

The 1.0.56-0 patch is a good example of why durable session state matters. Persisting context-window tier selection in session events means compaction and truncation limits survive SDK-only resume paths. If that state disappears, long-running sessions can resume under different context assumptions, causing missing context, unexpected spend, or brittle behavior. Small patch, real runtime consequence.

The practical checklist is straightforward. After agent-heavy sessions, inspect /mcp and compare token burn by server. Use /context to see whether MCP tools are bloating the prompt. Track reasoning tokens by task type. Disable bypass mode in shared repositories. Mount plugin directories only from reviewed sources. Keep project skills versioned and named carefully. Treat Auto model routing and context-window tiers as policy decisions. And do not build remote-session automation until you understand the organization’s policy warnings.

Copilot CLI 1.0.55 is not about making the agent more charming. Good. Charm is cheap. Cost visibility, MCP accounting, permission controls, plugin precedence, and durable context state are the parts that decide whether autonomous coding can survive contact with team workflows. The terminal is finally showing more of the bill of materials. Engineers should read it.

Sources: GitHub Copilot CLI v1.0.55, GitHub Copilot CLI v1.0.56-0, Copilot CLI v1.0.55-3 context