Config corruption: PowerShell variable syntax in URLs crashes CLI on launch

[waawaawee99]

Describe the bug

When running PowerShell commands that contain REST API URLs with variable interpolation (e.g. https://${bmcIp}/redfish/v1/...), the CLI's URL approval mechanism captures the unresolved PowerShell template as a literal string and
persists it to ~/.copilot/config.json under allowed_urls.

On next launch, the CLI fails to parse these malformed URLs and silently exits with code 1 — no error message, no log. The only fix is manually editing config.json to remove the bad entries.

Repro:

1. In a session, have the agent run PowerShell with URLs containing $variable syntax (e.g. iDRAC Redfish calls)
2. CLI prompts to approve the URL — the raw https://$ template gets saved to config
3. Exit and relaunch → CLI silently crashes

Corrupted config.json looked like:

"allowed_urls": [
"https://dev.azure.com",
"https://$",
"https://$($n.ip)/redfish/v1/Dell/Managers/..."
]

Affected version

No response

Steps to reproduce the behavior

1. In a Copilot CLI session, run PowerShell commands containing Redfish/REST API URLs with PowerShell variable interpolation, e.g.: Invoke-RestMethod -Uri "https://${bmcIp}/redfish/v1/Systems/System.Embedded.1"
2. The CLI's URL approval mechanism captures the unresolved template (https://$, https://$($n.IP)/...) and persists them into ~/.copilot/config.json under allowed_urls
3. On next launch, the CLI fails to parse the malformed URLs and silently exits with code 1

Expected behavior

• URLs with $ variable syntax should be sanitized/rejected before persisting to config
• At minimum, malformed allowed_urls entries should not crash the CLI on startup

Additional context

• config.json gets poisoned with entries like https://$ and https://$($n.ip)/redfish/...
• CLI silently fails to launch (exit code 1, no error message)
• User must manually edit config.json to remove the bad entries