Releases: docker/docker-agent
Release list
v1.78.0
This release improves MCP server connectivity, adds model thinking level controls, and enhances tool installation safety with checksum verification.
What's New
- Adds ability to cycle model thinking level with Shift+Tab in the TUI
- Adds
title_modelconfiguration field for delegating session title generation to a different model - Adds checksum verification for tool auto-install downloads to ensure binary integrity
- Adds support for
version_overridesin tool auto-install for better package configuration
Improvements
- Updates remote MCP examples to prefer Streamable HTTP transport over SSE
- Exposes embeddable TUI components (toolconfirm, StaticSessionState, Stopper) for downstream integration
- Allows loading agent from localhost HTTP URLs for local development
- Adds Docker Desktop JWT authentication when pulling agent from .docker.com URLs
Bug Fixes
- Fixes reconnection of remote MCP toolsets after clean idle SSE connection closes
- Fixes crash during elicitation channel close by guarding against in-flight sends
- Fixes panic in ScriptToolSet.Instructions() when tool argument descriptions are missing
- Fixes GitHub transport change that was causing test assertion failures
Technical Changes
- Always allowlists models.dev in sandbox proxy for model catalog resolution
- Restricts localhost HTTP redirects to localhost-only targets for security
- Removes non-working Supabase and Tally entries from MCP catalog documentation
What's Changed
- docs: update remote MCP examples to prefer Streamable HTTP over SSE by @aheritier in #3065
- docs: update configuration, sandbox, tools, Go SDK, and MCP catalog docs by @aheritier in #3068
- Cycle model thinking level with shift+tab by @rumpl in #3067
- fix: reconnect remote MCP toolsets after clean idle SSE close by @aheritier in #3064
- fix: guard type assertions in ScriptToolSet.Instructions() against missing description by @simonferquel-clanker in #3072
- fix: guard elicitation channel close against in-flight sends by @aheritier in #3070
- Allow pulling agent from localhost http URL for local dev by @gtardif in #3075
- docs: update CHANGELOG.md for v1.77.0 by @docker-read-write[bot] in #3062
- Bump Go dependencies by @dgageot in #3076
- docs: update CHANGELOG.md for v1.76.0 by @docker-read-write[bot] in #3061
- Add Docker Desktop JWT when pulling agent from a .docker.com URL by @gtardif in #3077
Full Changelog: v1.77.0...v1.78.0
v1.77.0
This release is identical to v1.76.0. It was tagged from the same commit to complete a release pipeline run and contains no code changes. See the v1.76.0 release notes for the changes.
Full Changelog: v1.74.0...v1.77.0
v1.76.0
This release adds Claude Fable 5 support, a dedicated model for session-title generation, and checksum verification for tool installs, along with session compaction and TUI fixes.
What's New
- Adds
title_modelfield for delegating session-title generation to a dedicated model - Adds Claude Fable 5 support with refusal handling and server-side fallbacks via
provider_opts - Surfaces model refusals as a distinct finish reason
- Adds asset checksum verification to tool installation and supports aqua
version_overrides
Improvements
- Allows models.dev in the sandbox proxy for model catalog metadata resolution
- Makes the TUI editor component embeddable by other modules, with a new
editor.WithPlaceholderoption - Shows a toast error when opening a URL fails
- Removes MCP catalog entries with broken OAuth
Bug Fixes
- Fixes agent losing context and halting after the first session compaction by scaling compaction budgets to the context window
- Fixes sub-session tokens being counted in the compaction trigger
- Fixes Anthropic parallel tool calls by routing input_json deltas by content-block index
- Adds a max_tokens floor for Anthropic when thinking is disabled
- Fixes sidebar token usage panel flickering during sub-agent transfers
- Surfaces useful errors when session title generation fails and honors the agent
title_modelin the debug title command - Fixes fork-mode skill commands looping in the TUI
- Fixes cell alignment when the suggestion overlay cuts a wide rune
- Fixes the configured placeholder not being restored when voice recording stops
Technical Changes
- Disables git commit signing in test helpers
- Bumps github.com/anthropics/anthropic-sdk-go to v1.49.0
Pull Requests
- #3009 - fix(anthropic): route input_json deltas by content-block index
- #3038 - docs: update CHANGELOG.md for v1.74.0
- #3039 - bump github.com/anthropics/anthropic-sdk-go to v1.49.0
- #3040 - Show toast error when opening URL fails
- #3041 - Allow models.dev in sandbox proxy for model catalog resolution
- #3042 - fix: agent loses context and halts after first session compaction
- #3043 - docs: fix stale defaults, wrong tool names, and missing CLI flags
- #3044 - docs: update evaluation and compaction documentation
- #3045 - Reusable editor
- #3046 - toolinstall: verify asset checksums and support aqua version_overrides
- #3047 - Reusable editor (More)
- #3048 - Remove MCP non-working servers
- #3049 - fix: stop sidebar token usage panel flickering during sub-agent transfers
- #3050 - fix: add max_tokens floor for Anthropic when thinking is disabled
- #3051 - feat: add title_model for delegating session-title generation
- #3052 - fix: surface useful errors when session title generation fails
- #3053 - feat: add Claude Fable 5 support with refusal handling and server-side fallbacks
- #3057 - fix: prevent fork-mode skill commands from looping in TUI
- #3059 - expose embeddable tui components
- #3060 - test: disable git commit signing in test helpers
Full Changelog: v1.74.0...v1.76.0
v1.74.0
This release introduces self-update functionality, session read-only mode, and 1Password CLI integration, along with model selection improvements and various bug fixes.
What's New
- Adds opt-in self-update functionality via
DOCKER_AGENT_AUTO_UPDATEenvironment variable with interactive confirmation - Adds
--session-read-onlyflag to view sessions without sending messages in TUI mode - Adds 1Password CLI integration for secret resolution using
op://references - Adds
first_availablemodel selection for automatic fallback across multiple model candidates - Adds
user_steering_messages_submitanduser_followup_submithooks for queued user messages
Improvements
- Updates default agent to use
first_availablemodel selection with multi-provider fallbacks - Updates default model versions: OpenAI from
gpt-5-minitogpt-5, Google fromgemini-2.5-flashtogemini-3.5-flash - Updates coder agent to use
first_availablemodel selection instead of hardcoded Anthropic models
Bug Fixes
- Fixes tool call being dropped when finish_reason shares the same chunk in streaming responses
- Fixes orphaned tool results on session resume that caused validation errors on AWS Bedrock
- Fixes agent field not being preserved during command expansion, causing incorrect routing to root agent
- Fixes binary files being processed in content search operations
- Fixes self-update validation to prevent arbitrary file deletion and detect help flags properly
- Fixes IPv6 6to4, NAT64, site-local and CGNAT ranges not being blocked in SSRF protection
Technical Changes
- Hardens self-update download and re-exec process against tampering with digest and checksum verification
- Uses SSRF-safe HTTP client for MCP OAuth metadata fetches
- Hardens 1Password provider against silent pass-through and PATH hijacking
- Fixes custom-base-image evaluation template to include docker-agent binary and entrypoint
- Removes broken MCP servers from configuration
What's Changed
- docs: update CHANGELOG.md for v1.73.0 by @docker-read-write[bot] in #2990
- feat: add first_available model selection by @dgageot in #2991
- fix: don't drop tool call when finish_reason shares the chunk by @Sayt-0 in #2992
- chore: bump go dependencies (acp-go-sdk, goja) by @dgageot in #2995
- feat: add opt-in self-update by @dgageot in #2993
- docs: update agent config reference, custom provider api_type, and slash command behavior by @aheritier in #2999
- feat: update default agent to use first_available model selection by @dgageot in #2997
- refactor(coder): use first_available model selection with multi-provider fallbacks by @dgageot in #2996
- feat: add user_steering_messages_submit and user_followup_submit hooks by @simonferquel-clanker in #3000
- docs: add thinking/reasoning guide and expand provider thinking docs by @rumpl in #3004
- docs: update default model examples to gpt-5 and gemini-3.5-flash by @aheritier in #3003
- fix: drop orphaned tool results on session resume by @Sayt-0 in #3001
- docs: sync config examples with updated default models (gpt-5, gemini-3.5-flash) by @aheritier in #3012
- fix: preserve agent field during command expansion by @dgageot in #3007
- docs: update remaining gpt-5-mini → gpt-5 examples across docs by @aheritier in #3025
- feat: add --session-read-only flag to view sessions without sending messages by @gtardif in #3026
- fix: skip binary files in content search by @dgageot in #3006
- docs: document --session-read-only flag for TUI read-only mode by @aheritier in #3028
- fix(evals): copy docker-agent binary + entrypoint in custom-base-image template by @hamza-jeddad in #3029
- chore: bump go dependencies by @dgageot in #3005
- fix: block IPv6 6to4, NAT64, site-local and CGNAT ranges in IsPublicIP by @ronan-thibaut-glitch in #3031
- Remove broken MCP servers by @dgageot in #3032
- chore: bump go dependencies by @dgageot in #3033
- fix: use SSRF-safe HTTP client for MCP OAuth authorization server metadata fetch by @ronan-thibaut-glitch in #3035
- feat: add 1Password CLI integration for secret resolution by @dgageot in #3036
New Contributors
- @ronan-thibaut-glitch made their first contribution in #3031
Full Changelog: v1.73.0...v1.74.0
v1.73.0
This release improves MCP catalog server management, fixes streaming issues with AI providers, and adds memory protection for file search operations.
What's New
- Adds
--jsonflag toalias listcommand for structured output - Adds ContextLimit helper to modelinfo for centralized context window handling
- Blocks
enable_remote_mcp_serveruntil the server is actually connected, eliminating the need to re-ask questions
Improvements
- Removes command queueing - commands are now sent immediately
- Removes empty query truncation from MCP server search, showing all matching servers
- Restricts MCP catalog to OAuth and anonymous-access servers only, removing API key complexity
Bug Fixes
- Fixes Gemini parallel tool responses by coalescing them into a single Content
- Fixes custom OpenAI provider routing for Responses-only models (gpt-4.1, o-series, gpt-5, Codex)
- Fixes memory explosion in
search_files_contentby capping output at 1 MiB and skipping large files - Fixes MCP catalog retry logic for existing unstarted entries
- Fixes rollback behavior when MCP server Start is cancelled during OAuth or Tools operations
- Fixes conversation caching to exclude failed chat continuations
Technical Changes
- Refactors registry operations to reuse single session across digest and pull operations
- Updates OpenAI handler to support newer Responses stream event shapes
- Uses
cmd.Context()instead ofcontext.Background()for proper cancellation support - Uses
strings.Builderfor message merging to reduce memory allocations - Improves search_files_content memory handling for symlinks and device files
What's Changed
- docs: update CHANGELOG.md for v1.72.0 by @docker-read-write[bot] in #2974
- docs: document alias list --json flag and failure-safe conversation caching by @aheritier in #2977
- refactor: reuse registry session for OCI pulls by @dgageot in #2975
- openai: handle newer Responses stream event shapes by @rumpl in #2976
- fix(gemini): coalesce parallel tool responses into a single Content by @t-mizumoto1203 in #2959
- Don't queue commands by @rumpl in #2979
- chore: bump direct Go dependencies by @dgageot in #2980
- fix: use cmd.Context() instead of context.Background() by @dgageot in #2981
- feat(mcp_catalog): block enable_remote_mcp_server until the server is connected by @trungutt in #2973
- fix: prevent memory explosion in search_files_content by @dgageot in #2983
- refactor: remove empty query truncation from MCP server search by @dgageot in #2984
- fix(providers): route Responses-only models on custom OpenAI providers by @Sayt-0 in #2985
- feat: add ContextLimit helper to modelinfo by @dgageot in #2982
- test(mcp): fix staticcheck SA5011 nil-pointer errors in oauth_test by @dgageot in #2989
- refactor: use strings.Builder for message merging in oaistream by @dgageot in #2986
- refactor: restrict mcp_catalog to oauth and none auth only by @dgageot in #2988
New Contributors
- @t-mizumoto1203 made their first contribution in #2959
Full Changelog: v1.72.0...v1.73.0
v1.72.0
This release adds support for JSON output in alias commands, top-level shared configuration, and includes documentation updates and bug fixes.
What's New
- Adds Atlassian expert agent example for specialized assistance
- Adds JSON output support for
alias listcommand with--jsonflag - Adds support for top-level shared skills and commands in configuration files
Bug Fixes
- Fixes HTTP client panic when default transport is wrapped by other libraries
Technical Changes
- Documents
--agent-pickerflag for interactive agent selection - Documents MCP embedded resource forwarding to model providers
- Documents OAuth authorization cancel behavior for remote MCP servers
- Refactors configuration handling to support shared skills and commands in latest package
What's Changed
- docs: update CHANGELOG.md for v1.71.0 by @docker-read-write[bot] in #2962
- feat(examples): add Atlassian expert agent example by @maxcleme in #2963
- feat(cli): support
alias list --jsonoutput by @Sayt-0 in #2966 - chore: bump Go dependencies by @dgageot in #2968
- docs: update documentation for agent-picker, MCP embedded resources, and remote MCP OAuth cancel by @aheritier in #2957
- fix(httpclient): fall back when http.DefaultTransport is not *http.Transport by @Daniel-Kolev in #2970
- feat(config): support top-level shared skills and commands by @Sayt-0 in #2971
New Contributors
- @Sayt-0 made their first contribution in #2966
- @Daniel-Kolev made their first contribution in #2970
Full Changelog: v1.71.0...v1.72.0
v1.71.0
This release improves GitHub Copilot integration with better API routing and error handling, along with enhanced conversation state management and expanded documentation.
Bug Fixes
- Fixes GitHub Copilot Responses API auto-selection and error preservation to properly route models to correct endpoints
- Prevents X-Conversation-Id from mutating cached session on retry by making continuations transactional
- Preserves item value fields and Ask permission in Session.Clone operations
- Implements deep-copy for Evals, EvalResult, and ToolDefinitions in session clones
- Updates github-copilot model from gpt-4o to gpt-4.1 to match available models
Technical Changes
- Freezes configuration schema v9 and starts v10 as latest version
- Adds comprehensive documentation for coding harnesses, caching, lifecycle, defer, and fetch filtering
- Adds end-to-end tests for conversation state handling across failed turns
What's Changed
- docs: update CHANGELOG.md for v1.70.2 by @docker-read-write[bot] in #2951
- docs: document coding harnesses and fill P0/P1/P2 documentation gaps by @aheritier in #2950
- fix: keep failed chat continuations out of conversation cache by @dgageot in #2947
- fix: github-copilot Responses API auto-selection and error preservation by @dgageot in #2942
- fix: update github-copilot model from gpt-4o to gpt-4.1 by @dgageot in #2961
- chore(config): freeze v9 and bump latest to v10 by @dgageot in #2960
Full Changelog: v1.70.2...v1.71.0
v1.70.2
This release adds support for inline skills in agent configuration and improves environment variable handling in path fields, along with several bug fixes.
What's New
- Adds support for inline skills in agent YAML config, allowing skills to be defined directly without separate files
- Adds support for
${env.VAR}syntax in path fields as an alias for${VAR}
Improvements
- Streams tool outputs for better real-time feedback
Bug Fixes
- Fixes duplicate persistent toolset-failure notifications that were stacking in the TUI
- Fixes MCP OAuth dialog re-appearing after user declines authentication
- Surfaces inline-skill decode errors and rejects file reads for inline skills
Technical Changes
- Removes obsolete expansion-mismatch warnings for path fields
- Extracts failureStreak helper in StartableToolSet
- Removes notification-layer deduplication
- Removes MCP server on OAuth decline and stops providing incorrect information to the model
What's Changed
- docs: update CHANGELOG.md for v1.70.1 by @docker-read-write[bot] in #2940
- Stream tool outputs by @rumpl in #2945
- feat: support inline skills in agent YAML config by @dgageot in #2946
- chore: bump direct Go dependencies by @dgageot in #2941
- feat(config): accept ${env.X} in path fields (steps 2-4 of #2615) by @dgageot in #2944
- fix: dedupe persistent toolset-failure notifications by @dgageot in #2943
- fix(mcp): stop the OAuth Authentication Request loop after the user clicks Cancel by @trungutt in #2949
Full Changelog: v1.70.1...v1.70.2
v1.70.1
This release introduces agent selection UI, git worktree isolation, theme preselection, and notification improvements for enhanced workflow management.
What's New
- Adds
--agent-pickerflag for full-screen agent selection dialog with YAML syntax highlighting and scrollable interface - Adds
--worktreeflag to run agents in isolated git worktrees on dedicated branches - Adds
--worktree-prflag to run agents on GitHub pull requests in separate worktrees - Adds
--themeflag to preselect TUI theme at launch, overriding user config settings
Improvements
- Improves TUI notifications with hover protection, click-to-copy content, and visual enhancements
- Adds worktree cleanup when interactive runs end to maintain clean workspace
- Adds worktree_create hook to prepare fresh git worktrees for agent execution
Bug Fixes
- Fixes agent config display sanitization and enables YAML soft-wrap in picker dialog
Technical Changes
- Forwards MCP embedded resources (images, PDFs, text) to model providers as native content blocks
- Adds theme flag validation and completion tests for better user experience
What's Changed
- docs: update CHANGELOG.md for v1.70.0 by @docker-read-write[bot] in #2930
- TUI - Improve notifications by @krissetto in #2931
- feat: add --theme flag to preselect TUI theme by @dgageot in #2933
- docs: document --auth-token flag, OAuth callback security note, and TUI notification UX by @aheritier in #2932
- docs: document --theme flag for docker agent run by @aheritier in #2936
- docs: add --theme launch example to TUI quickstart by @aheritier in #2939
- feat: add --agent-picker flag for agent selection UI by @dgageot in #2937
- feat: run agents in isolated git worktrees by @dgageot in #2938
- feat(mcp): forward embedded resources to model providers by @rumpl in #2935
Full Changelog: v1.70.0...v1.70.1
v1.70.0
This release focuses on text handling improvements, OAuth flow enhancements for MCP catalog servers, and server filtering capabilities.
What's New
- Adds
--app-nameflag to override the default "docker agent" label in the TUI status bar and window title - Adds allow-list and block-list filtering for MCP catalog servers via
allowed_serversandblocked_serversconfiguration options
Improvements
- Tells the model to proceed automatically after enabling an OAuth server in MCP catalog instead of requiring user to repeat their request
- Restores dynamic progress bar width in evaluation mode (was previously fixed at width 10)
Bug Fixes
- Fixes rune-safe truncation across multiple UI components: file names in file picker, session titles in session browser, directory names in working-dir picker, tab titles, search query preview, and tool output preview
- Fixes rune-safe truncation of operation descriptions in OpenAPI handling
- Fixes rune-safe search-result preview in filesystem operations
- Prevents sending split UTF-8 runes to embedding models in RAG operations
- Populates ModelID field correctly in after_llm_call hook payload
Technical Changes
- Removes dead code in WASM agent loop selection
- Adds validation for allowed_servers and blocked_servers in MCP catalog configuration
- Adds warning for unknown server IDs in MCP catalog allow/block lists
- Updates documentation for CLI flags, hook payloads, and OAuth endpoints
What's Changed
- docs: update CHANGELOG.md for v1.69.0 by @docker-read-write[bot] in #2919
- chore: bump direct Go dependencies by @dgageot in #2918
- fix(runtime): populate ModelID in after_llm_call hook payload by @kimizuka in #2911
- fix: rune-safe truncation and dead-code cleanup by @dgageot in #2920
- Address review feedback on #2896 by @trungutt in #2921
- docs: sync CLI flags and hook payload docs with recent changes by @aheritier in #2927
- chore: bump direct Go dependencies by @dgageot in #2926
- feat: add allow/block-list of servers to the mcp_catalog tool by @dgageot in #2928
- docs: sync /docs with changes merged 2026-05-28 – 2026-05-29 by @aheritier in #2929
- fix(mcpcatalog): tell the model to proceed after enabling an OAuth server by @trungutt in #2925
New Contributors
Full Changelog: v1.69.0...v1.70.0