docker-agent

This release introduces significant security hardening, attachment system foundations, and enhanced configuration capabilities.

What's New

• Adds HCL configuration format support as an alternative to YAML for agent configurations
• Adds /pause command to toggle the runtime loop at iteration boundaries
• Adds turn_end hook that fires once per turn regardless of how the turn ended
• Adds shadow snapshots and /undo command for restoring file changes without modifying session transcript
• Adds Anthropic Workload Identity Federation support for OIDC-derived authentication
• Adds attachment system foundations with chat.Document and per-provider document conversion
• Adds JavaScript/WebAssembly browser build with OpenRouter PKCE support
• Adds custom request headers support for the fetch toolset with environment variable expansion
• Adds allow/deny lists for filesystem toolset to sandbox file access
• Adds wildcard and CIDR pattern support in fetch toolset domain filtering
• Adds input-shape repair layer for tool calls to handle common model mistakes
• Adds MCP embedded resource content type support
• Adds --hook-stop CLI flag for the existing stop event
• Adds --tool-name flag to override MCP tool identifier
• Adds --mcp-keepalive flag for MCP server connections

Improvements

• Expands secret detection with additional patterns for OpenAI, Anthropic, Google, Stripe, Notion, GitLab, Vault, and Slack tokens
• Speeds up secret redaction with aho-corasick keyword pre-filter
• Improves markdown rendering performance with single-pass URL scanner optimizations
• Enhances session ID and install UUID forwarding on gateway-bound requests for better tracing
• Pauses animation ticks while terminal is blurred to reduce CPU usage
• Propagates non-interactive mode to child sessions and declines elicitation automatically

Bug Fixes

• Fixes crash on startup when configuration file is empty
• Fixes environment variable race in script shell tool execution
• Fixes data races on session token and message writes
• Fixes lifecycle supervisor state race condition
• Fixes infinite loop on hash-prefixed paragraphs in markdown renderer
• Fixes tab switching and chat scroll functionality while prompts are open
• Fixes compaction kept-tail mapping after prior summaries
• Fixes IPv4-mapped IPv6 SSRF bypass in fetch domain matcher
• Fixes finish_reason stop when tracking usage in OpenAI streams
• Fixes comment-only SSE events that crash openai-go client

Technical Changes

• Replaces mise with go-task as the project task runner
• Splits builtin tools into individual sub-packages for better organization
• Centralizes model-specific behavior in pkg/modelinfo package
• Tightens file and directory permissions for per-user data to 0o700/0o600
• Adds contextual logging throughout codebase for better trace correlation
• Adds 7 new architectural-sync linting cops that caught 10 real bugs
• Hardens OAuth with constant-time state comparison and SSRF protection
• Blocks non-public IPs in API and OpenAPI tools by default
• Updates jose2go to v1.7.0 to address security vulnerabilities
• Bumps various Go dependencies including Anthropic SDK, Docker CLI, and OpenTelemetry packages

What's Changed

• docs: document toon and per-toolset model routing by @dgageot in https://github.com/docker/docker-agent/pull/2587
• Bump direct Go dependencies by @dgageot in https://github.com/docker/docker-agent/pull/2586
• docs: update CHANGELOG.md for v1.54.0 by @docker-read-write[bot] in https://github.com/docker/docker-agent/pull/2588
• Finish secret redaction by @dgageot in https://github.com/docker/docker-agent/pull/2589
• simplify pkg/hooks: drop unused EventSpec abstraction by @dgageot in https://github.com/docker/docker-agent/pull/2591
• lint: add 7 architectural-sync cops (catches 10 real bugs) by @dgageot in https://github.com/docker/docker-agent/pull/2593
• Add turn_end hook by @rumpl in https://github.com/docker/docker-agent/pull/2592
• Bump direct Go dependencies by @dgageot in https://github.com/docker/docker-agent/pull/2597
• update PR review workflow with fork-supporting trigger by @derekmisler in https://github.com/docker/docker-agent/pull/2596
• Use the latest rubocop-go by @dgageot in https://github.com/docker/docker-agent/pull/2594
• Bump direct Go dependencies by @dgageot in https://github.com/docker/docker-agent/pull/2599
• docs: fix outdated content and document missing commands by @dgageot in https://github.com/docker/docker-agent/pull/2600
• Handle case when session started with Docker Desktop proxy available, and the Desktop is stopped by @gtardif in https://github.com/docker/docker-agent/pull/2606
• Add /pause command to toggle the runtime loop by @dgageot in https://github.com/docker/docker-agent/pull/2605
• harden docker agent serve api: warn on non-loopback, fix runtime race, block SSRF by @dgageot in https://github.com/docker/docker-agent/pull/2604
• Support HCL as an alternative agent config format by @dgageot in https://github.com/docker/docker-agent/pull/2598
• fetch: support wildcard and CIDR patterns in domain allow/deny lists by @dgageot in https://github.com/docker/docker-agent/pull/2602
• Add detection rules for more secret formats by @dgageot in https://github.com/docker/docker-agent/pull/2603
• docs: refresh outdated examples, missing env vars, and CLI options by @dgageot in https://github.com/docker/docker-agent/pull/2610
• feat(hooks): expose stop hook via CLI by @tdabasinskas in https://github.com/docker/docker-agent/pull/2627
• fix(session): close data races on session token and message writes by @tdabasinskas in https://github.com/docker/docker-agent/pull/2622
• fix(lifecycle): order state transition before waking restart waiters by @tdabasinskas in https://github.com/docker/docker-agent/pull/2621
• fix(security): bump jose2go to v1.7.0 (GO-2025-4123, GO-2023-2409) by @tdabasinskas in https://github.com/docker/docker-agent/pull/2619
• fix(runtime): add OpenTelemetry tracer to runtime initialization by @tdabasinskas in https://github.com/docker/docker-agent/pull/2505
• fix(tools): prevent environment variable race in script shell tool by @tdabasinskas in https://github.com/docker/docker-agent/pull/2616
• feat(mcp): add support for embedded resource content type by @tdabasinskas in https://github.com/docker/docker-agent/pull/2612
• docs: fix outdated and incorrect references by @dgageot in https://github.com/docker/docker-agent/pull/2618
• deps: bump direct Go dependencies by @dgageot in https://github.com/docker/docker-agent/pull/2609
• feat(filesystem): add allow_list / deny_list to sandbox the toolset by @dgageot in https://github.com/docker/docker-agent/pull/2601
• feat(gateway): add X-Cagent-Session-Id header to models gateway requests by @tdabasinskas in https://github.com/docker/docker-agent/pull/2631
• feat(mcp-server): add --tool-name flag to override the MCP tool identifier by @tdabasinskas in https://github.com/docker/docker-agent/pull/2625
• feat(runtime): propagate non-interactive mode to child sessions and decline elicitation by @tdabasinskas in https://github.com/docker/docker-agent/pull/2623
• feat(otel): configure W3C trace propagation for distributed tracing by @tdabasinskas in https://github.com/docker/docker-agent/pull/2506
• docs: fill in missing CLI flags and fix outdated content by @dgageot in https://github.com/docker/docker-agent/pull/2633
• bump direct Go dependencies by @dgageot in https://github.com/docker/docker-agent/pull/2637
• feat(mcp-server): add keep-alive support by @tdabasinskas in https://github.com/docker/docker-agent/pull/2624
• Fix perf regression urls by @dgageot in https://github.com/docker/docker-agent/pull/2638
• docs: add HCL configuration documentation by @rumpl in https://github.com/docker/docker-agent/pull/2643
• docs: fix broken links and outdated/incorrect snippets by @dgageot in https://github.com/docker/docker-agent/pull/2650
• Update pr-review.yml by @derekmisler in https://github.com/docker/docker-agent/pull/2648
• avoid duplicate compaction system prompt by @rumpl in https://github.com/docker/docker-agent/pull/2647
• HCL: add a file() function by @rumpl in https://github.com/docker/docker-agent/pull/2642
• docs(agents): expand AGENTS.md with guidelines and standards by @aheritier in https://github.com/docker/docker-agent/pull/2644
• docs(github): update issue templates and triage workflow by @aheritier in https://github.com/docker/docker-agent/pull/2645
• Fix finish_reason stop when tracking usage by @rumpl in https://github.com/docker/docker-agent/pull/2641
• feat(tools): generic input-shape repair for tool calls (validate-then-repair) by @trungutt in https://github.com/docker/docker-agent/pull/2635
• bump direct go dependencies by @dgageot in https://github.com/docker/docker-agent/pull/2655
• fix: keep tab switching and chat scroll working while a prompt is open by @dgageot in https://github.com/docker/docker-agent/pull/2654
• Add JS placeholders support in instructions by @dgageot in https://github.com/docker/docker-agent/pull/2652
• fetch: support custom request headers by @dgageot in https://github.com/docker/docker-agent/pull/2651
• feat(httpclient): forward cagent install UUID on gateway-bound requests by @dgageot in https://github.com/docker/docker-agent/pull/2653
• split builtin tools into individual sub-packages by @dgageot in https://github.com/docker/docker-agent/pull/2661
• chore: replace mise with go-task by @dgageot in https://github.com/docker/docker-agent/pull/2659
• docs: refresh examples README by @dgageot in https://github.com/docker/docker-agent/pull/2665
• tui: pause animation ticks while the terminal is blurred by @dgageot in https://github.com/docker/docker-agent/pull/2668
• refactor(logging): pass context to all slog calls for correlation by @tdabasinskas in https://github.com/docker/docker-agent/pull/2669
• redact_secrets: catch more token shapes and bare unquoted values by @dgageot in https://github.com/docker/docker-agent/pull/2664
• fix(httpclient): drop comment-only SSE events that crash openai-go by @dgageot in https://github.com/docker/docker-agent/pull/2662
• docs: refresh outdated model examples and add Chat Server page by @dgageot in https://github.com/docker/docker-agent/pull/2656
• perf(secretsscan): speed up secret redaction with an aho-corasick pre-filter by @dgageot in https://github.com/docker/docker-agent/pull/2667
• fix(shell): do not enforce "assisted-by" by default. by @maxcleme in https://github.com/docker/docker-agent/pull/2671
• fix: stop matching category in command palette filter by @dgageot in https://github.com/docker/docker-agent/pull/2673
• add js/wasm browser build with OpenRouter PKCE, agentic loop, and demo page by @dgageot in https://github.com/docker/docker-agent/pull/2672
• lint: add SlogContextual cop and fix remaining bare slog calls by @dgageot in https://github.com/docker/docker-agent/pull/2674
• fix(markdown): avoid infinite loop on hash-prefixed paragraphs; simplify renderer by @dgageot in https://github.com/docker/docker-agent/pull/2675
• chore(deps): bump github.com/anthropics/anthropic-sdk-go from v1.40.0 to v1.41.0 by @dgageot in https://github.com/docker/docker-agent/pull/2676
• Lint by @rumpl in https://github.com/docker/docker-agent/pull/2678
• update PR reviewer by @derekmisler in https://github.com/docker/docker-agent/pull/2680
• chore(deps): bump python-multipart from 0.0.22 to 0.0.27 in /examples/dhi/dhi_mcp_server in the pip group across 1 directory by @dependabot[bot] in https://github.com/docker/docker-agent/pull/2679
• fix compaction kept-tail mapping after prior summaries by @rumpl in https://github.com/docker/docker-agent/pull/2646
• use slices.Backward in CompactionInput by @dgageot in https://github.com/docker/docker-agent/pull/2682
• refactor: centralize model-specific behavior in pkg/modelinfo by @dgageot in https://github.com/docker/docker-agent/pull/2666
• bump github.com/docker/cli from v29.4.2 to v29.4.3 by @dgageot in https://github.com/docker/docker-agent/pull/2681
• chore: tighten file/directory permissions for per-user data by @dgageot in https://github.com/docker/docker-agent/pull/2663
• feat: Anthropic Workload Identity Federation by @dgageot in https://github.com/docker/docker-agent/pull/2658
• security: SSRF / TOCTOU / OAuth state hardening by @dgageot in https://github.com/docker/docker-agent/pull/2670
• feat: add shadow snapshots and undo by @rumpl in https://github.com/docker/docker-agent/pull/2677
• feat: Phase 1 attachment system – chat.Document, pkg/attachment, per-provider convertDocument by @simonferquel-clanker in https://github.com/docker/docker-agent/pull/2639
• feat: attach-time processing – transcode/resize images and resolve URLs at message add time by @simonferquel-clanker in https://github.com/docker/docker-agent/pull/2685

Full Changelog: https://github.com/docker/docker-agent/compare/v1.54.0...v1.55.0