This release improves MCP catalog server management, fixes streaming issues with AI providers, and adds memory protection for file search operations.

What's New

• Adds --json flag to alias list command for structured output
• Adds ContextLimit helper to modelinfo for centralized context window handling
• Blocks enable_remote_mcp_server until the server is actually connected, eliminating the need to re-ask questions

Improvements

• Removes command queueing - commands are now sent immediately
• Removes empty query truncation from MCP server search, showing all matching servers
• Restricts MCP catalog to OAuth and anonymous-access servers only, removing API key complexity

Bug Fixes

• Fixes Gemini parallel tool responses by coalescing them into a single Content
• Fixes custom OpenAI provider routing for Responses-only models (gpt-4.1, o-series, gpt-5, Codex)
• Fixes memory explosion in search_files_content by capping output at 1 MiB and skipping large files
• Fixes MCP catalog retry logic for existing unstarted entries
• Fixes rollback behavior when MCP server Start is cancelled during OAuth or Tools operations
• Fixes conversation caching to exclude failed chat continuations

Technical Changes

• Refactors registry operations to reuse single session across digest and pull operations
• Updates OpenAI handler to support newer Responses stream event shapes
• Uses cmd.Context() instead of context.Background() for proper cancellation support
• Uses strings.Builder for message merging to reduce memory allocations
• Improves search_files_content memory handling for symlinks and device files

What's Changed

• docs: update CHANGELOG.md for v1.72.0 by @docker-read-write[bot] in #2974
• docs: document alias list --json flag and failure-safe conversation caching by @aheritier in #2977
• refactor: reuse registry session for OCI pulls by @dgageot in #2975
• openai: handle newer Responses stream event shapes by @rumpl in #2976
• fix(gemini): coalesce parallel tool responses into a single Content by @t-mizumoto1203 in #2959
• Don't queue commands by @rumpl in #2979
• chore: bump direct Go dependencies by @dgageot in #2980
• fix: use cmd.Context() instead of context.Background() by @dgageot in #2981
• feat(mcp_catalog): block enable_remote_mcp_server until the server is connected by @trungutt in #2973
• fix: prevent memory explosion in search_files_content by @dgageot in #2983
• refactor: remove empty query truncation from MCP server search by @dgageot in #2984
• fix(providers): route Responses-only models on custom OpenAI providers by @Sayt-0 in #2985
• feat: add ContextLimit helper to modelinfo by @dgageot in #2982
• test(mcp): fix staticcheck SA5011 nil-pointer errors in oauth_test by @dgageot in #2989
• refactor: use strings.Builder for message merging in oaistream by @dgageot in #2986
• refactor: restrict mcp_catalog to oauth and none auth only by @dgageot in #2988

New Contributors

• @t-mizumoto1203 made their first contribution in #2959

Full Changelog: v1.72.0...v1.73.0

This release adds support for JSON output in alias commands, top-level shared configuration, and includes documentation updates and bug fixes.

What's New

• Adds Atlassian expert agent example for specialized assistance
• Adds JSON output support for alias list command with --json flag
• Adds support for top-level shared skills and commands in configuration files

Bug Fixes

• Fixes HTTP client panic when default transport is wrapped by other libraries

Technical Changes

• Documents --agent-picker flag for interactive agent selection
• Documents MCP embedded resource forwarding to model providers
• Documents OAuth authorization cancel behavior for remote MCP servers
• Refactors configuration handling to support shared skills and commands in latest package

What's Changed

• docs: update CHANGELOG.md for v1.71.0 by @docker-read-write[bot] in #2962
• feat(examples): add Atlassian expert agent example by @maxcleme in #2963
• feat(cli): support alias list --json output by @Sayt-0 in #2966
• chore: bump Go dependencies by @dgageot in #2968
• docs: update documentation for agent-picker, MCP embedded resources, and remote MCP OAuth cancel by @aheritier in #2957
• fix(httpclient): fall back when http.DefaultTransport is not *http.Transport by @Daniel-Kolev in #2970
• feat(config): support top-level shared skills and commands by @Sayt-0 in #2971

New Contributors

• @Sayt-0 made their first contribution in #2966
• @Daniel-Kolev made their first contribution in #2970

Full Changelog: v1.71.0...v1.72.0

This release improves GitHub Copilot integration with better API routing and error handling, along with enhanced conversation state management and expanded documentation.

Bug Fixes

• Fixes GitHub Copilot Responses API auto-selection and error preservation to properly route models to correct endpoints
• Prevents X-Conversation-Id from mutating cached session on retry by making continuations transactional
• Preserves item value fields and Ask permission in Session.Clone operations
• Implements deep-copy for Evals, EvalResult, and ToolDefinitions in session clones
• Updates github-copilot model from gpt-4o to gpt-4.1 to match available models

Technical Changes

• Freezes configuration schema v9 and starts v10 as latest version
• Adds comprehensive documentation for coding harnesses, caching, lifecycle, defer, and fetch filtering
• Adds end-to-end tests for conversation state handling across failed turns

What's Changed

• docs: update CHANGELOG.md for v1.70.2 by @docker-read-write[bot] in #2951
• docs: document coding harnesses and fill P0/P1/P2 documentation gaps by @aheritier in #2950
• fix: keep failed chat continuations out of conversation cache by @dgageot in #2947
• fix: github-copilot Responses API auto-selection and error preservation by @dgageot in #2942
• fix: update github-copilot model from gpt-4o to gpt-4.1 by @dgageot in #2961
• chore(config): freeze v9 and bump latest to v10 by @dgageot in #2960

Full Changelog: v1.70.2...v1.71.0

This release adds support for inline skills in agent configuration and improves environment variable handling in path fields, along with several bug fixes.

What's New

• Adds support for inline skills in agent YAML config, allowing skills to be defined directly without separate files
• Adds support for ${env.VAR} syntax in path fields as an alias for ${VAR}

Improvements

• Streams tool outputs for better real-time feedback

Bug Fixes

• Fixes duplicate persistent toolset-failure notifications that were stacking in the TUI
• Fixes MCP OAuth dialog re-appearing after user declines authentication
• Surfaces inline-skill decode errors and rejects file reads for inline skills

Technical Changes

• Removes obsolete expansion-mismatch warnings for path fields
• Extracts failureStreak helper in StartableToolSet
• Removes notification-layer deduplication
• Removes MCP server on OAuth decline and stops providing incorrect information to the model

What's Changed

• docs: update CHANGELOG.md for v1.70.1 by @docker-read-write[bot] in #2940
• Stream tool outputs by @rumpl in #2945
• feat: support inline skills in agent YAML config by @dgageot in #2946
• chore: bump direct Go dependencies by @dgageot in #2941
• feat(config): accept ${env.X} in path fields (steps 2-4 of #2615) by @dgageot in #2944
• fix: dedupe persistent toolset-failure notifications by @dgageot in #2943
• fix(mcp): stop the OAuth Authentication Request loop after the user clicks Cancel by @trungutt in #2949

Full Changelog: v1.70.1...v1.70.2

This release introduces agent selection UI, git worktree isolation, theme preselection, and notification improvements for enhanced workflow management.

What's New

• Adds --agent-picker flag for full-screen agent selection dialog with YAML syntax highlighting and scrollable interface
• Adds --worktree flag to run agents in isolated git worktrees on dedicated branches
• Adds --worktree-pr flag to run agents on GitHub pull requests in separate worktrees
• Adds --theme flag to preselect TUI theme at launch, overriding user config settings

Improvements

• Improves TUI notifications with hover protection, click-to-copy content, and visual enhancements
• Adds worktree cleanup when interactive runs end to maintain clean workspace
• Adds worktree_create hook to prepare fresh git worktrees for agent execution

Bug Fixes

• Fixes agent config display sanitization and enables YAML soft-wrap in picker dialog

Technical Changes

• Forwards MCP embedded resources (images, PDFs, text) to model providers as native content blocks
• Adds theme flag validation and completion tests for better user experience

What's Changed

• docs: update CHANGELOG.md for v1.70.0 by @docker-read-write[bot] in #2930
• TUI - Improve notifications by @krissetto in #2931
• feat: add --theme flag to preselect TUI theme by @dgageot in #2933
• docs: document --auth-token flag, OAuth callback security note, and TUI notification UX by @aheritier in #2932
• docs: document --theme flag for docker agent run by @aheritier in #2936
• docs: add --theme launch example to TUI quickstart by @aheritier in #2939
• feat: add --agent-picker flag for agent selection UI by @dgageot in #2937
• feat: run agents in isolated git worktrees by @dgageot in #2938
• feat(mcp): forward embedded resources to model providers by @rumpl in #2935

Full Changelog: v1.70.0...v1.70.1

This release focuses on text handling improvements, OAuth flow enhancements for MCP catalog servers, and server filtering capabilities.

What's New

• Adds --app-name flag to override the default "docker agent" label in the TUI status bar and window title
• Adds allow-list and block-list filtering for MCP catalog servers via allowed_servers and blocked_servers configuration options

Improvements

• Tells the model to proceed automatically after enabling an OAuth server in MCP catalog instead of requiring user to repeat their request
• Restores dynamic progress bar width in evaluation mode (was previously fixed at width 10)

Bug Fixes

• Fixes rune-safe truncation across multiple UI components: file names in file picker, session titles in session browser, directory names in working-dir picker, tab titles, search query preview, and tool output preview
• Fixes rune-safe truncation of operation descriptions in OpenAPI handling
• Fixes rune-safe search-result preview in filesystem operations
• Prevents sending split UTF-8 runes to embedding models in RAG operations
• Populates ModelID field correctly in after_llm_call hook payload

Technical Changes

• Removes dead code in WASM agent loop selection
• Adds validation for allowed_servers and blocked_servers in MCP catalog configuration
• Adds warning for unknown server IDs in MCP catalog allow/block lists
• Updates documentation for CLI flags, hook payloads, and OAuth endpoints

What's Changed

• docs: update CHANGELOG.md for v1.69.0 by @docker-read-write[bot] in #2919
• chore: bump direct Go dependencies by @dgageot in #2918
• fix(runtime): populate ModelID in after_llm_call hook payload by @kimizuka in #2911
• fix: rune-safe truncation and dead-code cleanup by @dgageot in #2920
• Address review feedback on #2896 by @trungutt in #2921
• docs: sync CLI flags and hook payload docs with recent changes by @aheritier in #2927
• chore: bump direct Go dependencies by @dgageot in #2926
• feat: add allow/block-list of servers to the mcp_catalog tool by @dgageot in #2928
• docs: sync /docs with changes merged 2026-05-28 – 2026-05-29 by @aheritier in #2929
• fix(mcpcatalog): tell the model to proceed after enabling an OAuth server by @trungutt in #2925

New Contributors

• @kimizuka made their first contribution in #2911

Full Changelog: v1.69.0...v1.70.0

This release adds new TUI customization options and improves OAuth authentication handling.

What's New

• Adds --app-name flag to override TUI title display
• Adds --disable-commands flag to hide and disable slash commands in TUI
• Adds --sidebar flag to control sidebar visibility
• Adds out-of-band callback route for unmanaged OAuth drive-flow

Improvements

• Extends unmanaged OAuth flow to drive code exchange in-process
• Propagates user-initiated cancellation across the WithoutCancel boundary

Technical Changes

• Renames OAuth elicitation meta keys from cagent/ to docker-agent/
• Trims aijson re-tests while keeping docker-agent integration tests
• Fixes lint issues in OAuth tests and helpers
• Canonicalizes bootstrapRepo temp dir for macOS in snapshot tests
• Simplifies AllBindings by removing redundant leanMode guard

What's Changed

• docs: update CHANGELOG.md for v1.68.0 by @docker-read-write[bot] in #2909
• docs: update CHANGELOG.md for v1.68.0 and document cancelled v1.66/v1.67 by @aheritier in #2910
• test(tools): trim aijson re-tests, keep docker-agent integration by @trungutt in #2905
• Rename OAuth elicitation meta keys from cagent/ to docker-agent/ by @trungutt in #2915
• feat: add --app-name flag and fix macOS test symlink issue by @dgageot in #2914
• feat: add --disable-commands flag to hide and disable slash commands in TUI by @dgageot in #2913
• feat: add --sidebar flag to control sidebar visibility by @dgageot in #2917
• Extend unmanaged OAuth flow to drive code exchange in-process by @trungutt in #2896

Full Changelog: v1.68.0...v1.69.0

What's Changed

• docs: update CHANGELOG.md for v1.65.0 by @docker-read-write[bot] in #2868
• Show the path from where the skill is loaded by @rumpl in #2869
• chore: bump github.com/pb33f/libopenapi to v0.36.5 by @dgageot in #2862
• docs: document --sandbox auto-kit and --no-kit flag by @dgageot in #2867
• docs: document reset_remote_mcp_server_auth meta-tool by @dgageot in #2874
• fix(anthropic): handle SSE in-band errors with correct HTTP status codes by @dgageot in #2880
• feat: add 'docker agent debug skills' command by @dgageot in #2881
• docs: document mcp_catalog toolset and reorganize RAG reference by @dgageot in #2876
• chore(deps): bump direct Go dependencies by @dgageot in #2883
• a2a: honour timeout and allow_private_ips config (with SSRF protection) by @dgageot in #2882
• docs: add dedicated MCP tool reference page by @dgageot in #2875
• feat(config): enable redact_secrets by default by @rumpl in #2889
• feat(sandbox): alias/runtime sandbox defaults and persistent network allowlist by @dgageot in #2888
• fix(#2861): release per-message render caches when streaming completes by @aheritier in #2866
• fix: don't close shared session store in runtime.Close by @dgageot in #2879
• Polish --sandbox auto-kit output and tool auto-install logging by @dgageot in #2878
• fix(mcp/oauth): discover RFC 8414 §3.1 path-aware metadata URLs by @dgageot in #2877
• fix: reduce retained tool output memory by @dgageot in #2854
• Revert "fix: spool large mcp media to disk" by @dgageot in #2893
• feat(mcp_catalog): add 7 remote streamable-http servers by @dgageot in #2894
• docs: document all toolset config options for api, fetch, openapi by @dgageot in #2895
• Bump go dependencies by @dgageot in #2898
• feat(pkg/history): redact secrets in command history by @dgageot in #2892
• ci: skip image push in forked repositories by @areebahmeddd in #2805
• refactor(tools): use github.com/docker/aijson for tool-arg shape repair by @trungutt in #2899
• persist cookies in remote MCP client for sticky sessions by @maxcleme in #2902
• Smarter search by @rumpl in #2901
• feat(tui): word-level highlighting in edit_file diff view by @rumpl in #2900
• Lazy headers in tools by @dgageot in #2907
• fix(snapshot): scope git operations from worktree root by @rumpl in #2904
• chore: bump direct go dependencies by @dgageot in #2908

Full Changelog: v1.65.0...v1.68.0

This release adds a skills dialog to the TUI and improves HTTP configuration options for API tools, along with proxy handling fixes.

What's New

• Adds /skills slash command to TUI that displays all available skills with their names, sources, and descriptions

Improvements

• Adds timeout and allow_private_ips configuration support to api and openapi tools for consistency with fetch tool

Bug Fixes

• Fixes HTTP proxy support for private IPs in SSRF transport to allow configured proxies on private addresses

Technical Changes

• Updates configuration documentation and applies minor cleanups

What's Changed

• docs: update CHANGELOG.md for v1.64.0 by @docker-read-write[bot] in #2860
• feat: add timeout and allow_private_ips support to api and openapi tools by @dgageot in #2865
• fix: allow configured HTTP proxy on private IPs in SSRF transport by @dgageot in #2864
• feat: add skills dialog to TUI by @dgageot in #2863

Full Changelog: v1.64.0...v1.65.0

Note: v1.63.0 was a failed release and was skipped. This release includes all changes that accumulated since v1.62.0.

New Features

• Eval: input_id passthrough — When an eval input file contains a top-level "input_id" field, that value is now carried through untouched to the session entry in the results output (JSON and SQLite). The session's own "id" (a fresh UUID) is unchanged. When the input file has no "input_id", the field is absent from the output — no change to existing behaviour. This lets callers correlate eval results back to their own records without custom post-processing. (#2857)

• MCP: allow private IPs for remote OAuth — Remote MCP servers hosted on private-network IP addresses can now participate in the OAuth authorization flow. (#2828)

Improvements

• Sandbox: remove stale token forwarding on startup — Removed an obsolete token-forwarding step from sandbox startup that was redundant after the token-forwarding refactor in v1.62.0. (#2859)

• Sandbox: Go toolchain bootstrap allowed through network policy — go.dev and dl.google.com are now added to the sandbox proxy allowlist, so the Go toolchain can be downloaded inside the sandbox without hitting a blocked-network-policy error. (#2859)

• Sandbox: resolve tool-install hosts per-toolset from aqua registry — Package-host allowlisting for tool auto-install is now resolved per toolset from the aqua registry, giving more accurate (and minimal) network opens for each toolset's install requirements. (#2859)

• Sandbox: make tokens file readable by sandbox user — The tokens file written inside the sandbox is now created with permissions that allow the sandbox user to read it, fixing authentication failures in sandboxes running as a non-root user. (#2859)

Bug Fixes

• MCP OAuth: send resource on token exchange — The OAuth resource parameter is now correctly included when exchanging an authorization code for a token, fixing token exchange failures for resource-aware authorization servers. (#2828)

• MCP OAuth: coalesce concurrent authorization requests — Concurrent OAuth authorization flows for the same server are now deduplicated so only one browser redirect is triggered per server, preventing race conditions when multiple tool calls fire simultaneously. (#2828)

• Sandbox: use correct host path for kit — The docker-agent kit (skills + prompt files staged into the sandbox) is now mounted from the correct host-side directory rather than a constant container mount path, fixing kit resolution failures when the host cache directory is not at the default location. (#2859)

Contributors

@hamza-jeddad · @rumpl · @dgageot

Full Changelog: v1.62.0...v1.64.0