Upgrade azureauth-cli to 0.9.4 with native Linux support

[Copilot]

Upgrades azureauth-cli from 0.8.4 to 0.9.4, which adds native Linux support outside of WSL. Updates all platform-detection logic to treat native Linux and WSL uniformly — calling azureauth directly rather than routing through azureauth.exe or npm exec.

Core Changes

• node-azureauth/src/install.ts: Version bump to 0.9.4; Windows artifact renamed from win10-x64.zip → win-x64.zip; removed stale linux: "azureauth.exe" from AZUREAUTH_NAME_MAP
• utils/is-wsl.ts: New isLinux() export — platform() === "linux" — covers both native Linux and WSL; isWsl() retained for telemetry
• azureauth-command.ts: isWsl() + ["azureauth.exe"] → isLinux() + ["azureauth"]
• ado.ts: All isWsl() guards replaced with isLinux() (spawn-vs-exec, prompt-hint quoting)
• is-supported-platform-and-architecture.ts: Added linux: ["x64", "arm64"]; removed redundant isWsl() || OR check

Before / After:

// Before: WSL-only special case, native Linux unsupported
memo = isWsl() ? ["azureauth.exe"] : npxAzureAuthCommand;

// After: both WSL and native Linux call azureauth directly
memo = isLinux() ? ["azureauth"] : npxAzureAuthCommand;

Note on DOWNLOAD_MAP: Linux releases ship as .deb packages, which the decompress dependency cannot extract. Linux users are expected to install azureauth via the system package (.deb) so it is available in PATH — consistent with how WSL worked previously.

References and Relevant Issues

azureauth-cli 0.9.4 release: https://github.com/AzureAD/microsoft-authentication-cli/releases/tag/0.9.4

Detailed Description of the Pull Request / Additional comments

Tests updated to mock isLinux (replacing isWsl), add clearMemo to beforeEach so each test gets a clean command memo, and assert spawnSync("azureauth", [...]) rather than the old npm-exec invocation path.

Validation Steps Performed

All 22 existing tests pass with no modifications to test counts or test logic — only mock targets and expected values updated to reflect new behavior.

PR Checklist

• Tests added/passed
• Documentation updated

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/AzureAD/microsoft-authentication-cli/releases/tags/0.9.4
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

---

⚡ Quickly spin up Copilot coding agent tasks from anywhere on your macOS or Windows machine with Raycast.

In general, the safest fix is to avoid going through the shell altogether and instead pass arguments as an array to a function like child_process.spawn/spawnSync or execFile. When that’s not possible, we should not manually build a single command string with interpolated values; instead, parse or quote arguments with a robust library such as shell-quote.

Here, the Linux path is already safe because it uses spawnSync(command[0], command.slice(1), ...) with a proper argument array. The unsafe part is the non‑Linux branch where we call exec(command.join(" "), { env }). The minimal, behavior‑preserving fix is:

• Import spawnSync directly from "node:child_process" is already done.
• Stop joining command into a single string in the non‑Linux branch.
• Use spawnSync there as well (like the Linux path), passing the env from azureAuthCommand() and encoding "utf-8".
• Remove the special quoting logic that embeds quotes into the --prompt-hint string for non‑Linux; instead, always pass --prompt-hint as two separate arguments, [ "--prompt-hint", options.promptHint ], which makes quoting unnecessary. This preserves functional behavior while avoiding shell interpretation.
• Similarly, split other --flag value pairs into distinct array elements instead of interpolated --flag ${value} strings, reducing the chance of accidental changes if someone later reintroduces a join.

These changes are all confined to packages/ado-npm-auth-lib/src/azureauth/ado.ts, specifically around the command array construction and the else branch that currently calls exec.