This release adds a lean TUI user setting, hardens MCP OAuth token storage, and includes several refactoring changes to make toolsets, providers, and embedder dependencies more explicit.

What's New

• Adds a settings.lean global user config option to make the lean TUI the default for interactive runs, while preserving explicit CLI overrides including --lean=false
• Adds a headless chat session API (pkg/embeddedchat) for embedding docker-agent runtime conversations in non-docker-agent UIs
• Makes OpenAI, Anthropic, Google, and Amazon Bedrock providers optional via build tags, allowing embedders to drop unneeded providers and shrink binary size
• Makes the RAG toolset opt-in to remove the cgo dependency on go-tree-sitter from embedders that don't need it

Bug Fixes

• Fixes the Shift+Tab thinking-level cycle to include the max effort tier for Claude models that support it (Opus 4.7+, Fable 5, Mythos 5)
• Fixes potential token loss and repeated keyring access in the OAuth token store
• Hardens MCP OAuth token file storage with cross-process locking, reload-before-write merge semantics, Windows-safe atomic file replacement, and migration of legacy keyring entries

Technical Changes

• Replaces the single keyring OAuth token bundle with a keyring-sealed AES-256/AES-GCM encrypted file, storing only a fixed-size key in the OS keyring
• Refactors toolset and provider registries to be explicit rather than relying on blank imports and init() functions
• Decouples embedder dependencies so that pkg/runtime, pkg/model/provider, and pkg/tools/mcp no longer transitively pull in openai-go and 99designs/keyring; moves the OS-keyring-backed MCP OAuth store to its own pkg/tools/mcp/keyringstore sub-package
• Removes unused agent in the wasm runtime

What's Changed

• docs: update CHANGELOG.md for v1.83.0 by @docker-read-write[bot] in #3179
• Add lean TUI user setting by @rumpl in #3181
• docs: update /docs for PRs merged 2026-06-18–20 by @aheritier in #3183
• refactor: make toolsets and providers explicit by @dgageot in #3184
• fix: seal MCP OAuth tokens with keyring-backed file by @dgageot in #3185
• Remove unused agent in wasm runtime by @rumpl in #3187
• refactor: decouple embedder deps and register keyring store explicitly by @dgageot in #3189

Full Changelog: v1.83.0...v1.84.0

This release adds an opt-in sudo askpass flow for shell commands, a headless embedded chat session API, and several bug fixes for cost accounting, session handling, and custom provider model resolution.

What's New

• Adds opt-in sudo_askpass: true flag to the shell toolset, bridging sudo password prompts to the agent's elicitation flow instead of hanging until timeout
• Adds pkg/embeddedchat, a headless chat session API for embedding docker-agent runtime conversations in non-docker-agent UIs, with support for streaming events, tool call confirmation, conversation restart, and cancellation
• Makes OpenAI, Anthropic, Google, and Amazon Bedrock providers optional via build tags, allowing embedders to drop unneeded providers and reduce binary size

Improvements

• Replaces the bleve full-text search library with a lightweight pure-Go BM25 matcher for model routing, removing a large transitive dependency tree and enabling WebAssembly cross-compilation

Bug Fixes

• Fixes duplicate tool_result blocks for the same tool_call_id being passed to strict providers such as AWS Bedrock
• Fixes custom providers (defined with base_url + token_key) triggering a blocking fetch of the full models.dev catalog (~3.4 MB) on every turn in internet-restricted environments
• Fixes reasoning tokens from streaming usage not being recorded for Anthropic extended-thinking models
• Fixes run_background_agent sub-sessions not being persisted to the store
• Adds a warning when an uncatalogued model bills $0 with token usage
• Fixes the Shift+Tab thinking-level cycle in the TUI not offering the max effort tier on Claude models that support it (Opus 4.7/4.8, Sonnet 4.6, Fable 5)

Technical Changes

• Replaces external go-memoize and go-cache libraries with a new internal pkg/memoize package built on golang.org/x/sync/singleflight
• Makes the RAG toolset opt-in to remove the cgo dependency on go-tree-sitter from the default build
• Documents YAML anchors, aliases, and merge keys support in the configuration overview
• Documents the 10-second per-toolset tool-listing timeout for wedged MCP servers in the troubleshooting guide

What's Changed

• docs: update CHANGELOG.md for v1.82.0 by @docker-read-write[bot] in #3161
• docs: document startup tool-listing timeout for wedged MCP servers by @aheritier in #3166
• fix(modelsdev): skip models.dev fetch for custom providers (#3165) by @Sayt-0 in #3169
• feat(embeddedchat): add headless chat session API by @dgageot in #3171
• chore: bump direct Go dependencies by @dgageot in #3170
• refactor: replace go-memoize and go-cache with internal memoize package by @dgageot in #3172
• fix(runtime): close cost-accounting blind spots (reasoning tokens, $0 spend leaks) by @dgageot in #3173
• feat(shell): opt-in sudo askpass flow (#1551) by @Sayt-0 in #3163
• fix(session): drop duplicate tool results in sanitizeToolCalls by @Sayt-0 in #3162
• refactor(rag): make the rag toolset opt-in to drop cgo from embedders by @dgageot in #3174
• docs: document YAML anchors, aliases and merge keys by @Sayt-0 in #3175
• feat(provider): make openai, anthropic, google, and amazon-bedrock optional by @dgageot in #3176
• refactor: replace bleve with lightweight BM25 matcher for model routing by @dgageot in #3177
• fix(modelinfo): offer the max effort tier in the Shift+Tab thinking cycle by @Sayt-0 in #3178

Full Changelog: v1.82.0...v1.83.0

This release adds visual pause state indicators to the TUI, expands MCP catalog and OAuth support, and fixes several runtime, provider, and memory issues.

What's New

• Adds a banner to the lean TUI on startup
• Adds Grafana Cloud as a remote streamable-http MCP server to the catalog (monitoring category, OAuth 2.1 authentication)
• Adds pausing/paused visual state indicators to the TUI when the /pause command is active

Bug Fixes

• Fixes reserved character sanitization in the memory toolset's default-path config segment, preventing initialization failures on Windows when agents are loaded from OCI references containing : in the image tag
• Fixes sub-session transcript not being persisted when the run loop exits via an error path in runForwarding
• Fixes sub-session transcript not being persisted on error path in runCollecting (background agent path)
• Fixes startup tool listing hanging indefinitely when a toolset's Tools() call blocks; adds a per-toolset timeout so the sidebar no longer gets stuck on "Loading tools..."
• Exempts list_background_agents from the runtime loop-killer, which previously flagged it as a repeated identical call
• Fixes delta.reasoning field being dropped in the OpenAI-compatible chat-completions stream adapter, resolving silent/empty responses with Qwen3 thinking mode
• Fixes configured headers not being forwarded to OAuth discovery requests for remote MCP servers, resolving repeated auth prompts for servers like Grafana Cloud that require instance-scoping headers
• Fixes OAuth default port normalization in MCP header host scoping

What's Changed

• docs: update CHANGELOG.md for v1.81.2 by @docker-read-write[bot] in #3143
• Add a banner in the lean tui by @rumpl in #3147
• fix(memory): sanitise reserved characters in default-path config segment by @trungutt in #3146
• chore: bump Go dependencies by @dgageot in #3149
• docs: sync /docs with main — Grafana Cloud catalog, lean TUI banner, memory path sanitization by @aheritier in #3153
• fix(providers): consume delta.reasoning in chat-completions stream adapter by @Sayt-0 in #3158
• chore: bump github.com/alecthomas/chroma/v2 to v2.27.0 by @dgageot in #3155
• feat(tui): show pausing/paused state for /pause by @dgageot in #3156
• fix(runtime): exempt list_background_agents from the loop-killer by @mcavage-docker in #3157
• fix(mcp): forward configured headers to OAuth discovery on the server host by @Sayt-0 in #3159
• fix(runtime): bound per-toolset tool listing during startup (#3137) by @Sayt-0 in #3154
• fix(runtime): persist sub-session transcript on error path in runCollecting by @jedp-docker in #3152
• fix(runtime): persist sub-session transcript on error path by @jedp-docker in #3151
• docs: update documentation for recent merged PRs by @aheritier in #3160

New Contributors

• @jedp-docker made their first contribution in #3152

Full Changelog: v1.81.2...v1.82.0

This release adds Grafana Cloud to the MCP server catalog.

What's New

• Adds Grafana Cloud as a remote MCP server to the catalog, accessible via https://mcp.grafana.com/mcp using streamable-http transport and browser-based OAuth 2.1 authentication

What's Changed

• feat(mcpcatalog): add Grafana Cloud remote MCP server by @dgageot in #3139

Full Changelog: v1.81.1...v1.81.2

This release adds TUI embedding capabilities, gateway model discovery, and HTTP transport middleware support, along with various fixes and improvements.

What's New

• Adds embeddable transcript component for TUI integration
• Adds gateway model discovery to automatically populate the model picker with models served by configured gateways
• Adds HTTP transport wrapper support to inject middleware into provider clients
• Adds Shift+Tab keyboard shortcut to cycle through model thinking levels in the TUI
• Adds support for pulling agent from localhost HTTP URLs for local development
• Adds automatic Docker Desktop JWT authentication when pulling from .docker.com URLs

Improvements

• Makes theme application self-contained with ApplyThemeRef and change hooks
• Exposes read access to transcript messages for embedders
• Adds SetRoot function to re-home all agent state in one call
• Adds NewAtDir function for embedders with custom state layouts
• Centralizes tool-confirmation decision dispatch in toolconfirm

Bug Fixes

• Fixes remote MCP toolset reconnection after clean idle SSE close
• Fixes gateway discovery implementation issues
• Fixes SSE fallback when transport wrapper is set and transport=websocket
• Fixes Semgrep MCP server authentication configuration to use OAuth

Technical Changes

• Wires TransportWrapper into Bedrock provider
• Updates lint findings in TUI embedding helpers
• Adds double-check for gateway cache inside singleflight closure
• Rewrites Gemini client if-else chain as switch statement for better code quality

What's Changed

• docs: update CHANGELOG.md for v1.78.0 by @docker-read-write[bot] in #3079
• Board/tui embedding helpers by @dgageot in #3080
• feat(tui): expose read access to transcript messages by @dgageot in #3081
• fix(mcpcatalog): mark semgrep server as oauth by @trungutt in #3085
• docs: require GPG/SSH commit signing in Git Practices by @aheritier in #3087
• feat(runtime): discover gateway-served models for the model picker by @Sayt-0 in #3086
• docs: update remote MCP reconnect, thinking runtime cycling, distribution, and Go SDK docs by @aheritier in #3084
• feat: add options.WithHTTPTransportWrapper to inject HTTP middleware in provider clients by @simonferquel-clanker in #3090

Full Changelog: v1.78.0...v1.79.0

This release improves MCP server connectivity, adds model thinking level controls, and enhances tool installation safety with checksum verification.

What's New

• Adds ability to cycle model thinking level with Shift+Tab in the TUI
• Adds title_model configuration field for delegating session title generation to a different model
• Adds checksum verification for tool auto-install downloads to ensure binary integrity
• Adds support for version_overrides in tool auto-install for better package configuration

Improvements

• Updates remote MCP examples to prefer Streamable HTTP transport over SSE
• Exposes embeddable TUI components (toolconfirm, StaticSessionState, Stopper) for downstream integration
• Allows loading agent from localhost HTTP URLs for local development
• Adds Docker Desktop JWT authentication when pulling agent from .docker.com URLs

Bug Fixes

• Fixes reconnection of remote MCP toolsets after clean idle SSE connection closes
• Fixes crash during elicitation channel close by guarding against in-flight sends
• Fixes panic in ScriptToolSet.Instructions() when tool argument descriptions are missing
• Fixes GitHub transport change that was causing test assertion failures

Technical Changes

• Always allowlists models.dev in sandbox proxy for model catalog resolution
• Restricts localhost HTTP redirects to localhost-only targets for security
• Removes non-working Supabase and Tally entries from MCP catalog documentation

What's Changed

• docs: update remote MCP examples to prefer Streamable HTTP over SSE by @aheritier in #3065
• docs: update configuration, sandbox, tools, Go SDK, and MCP catalog docs by @aheritier in #3068
• Cycle model thinking level with shift+tab by @rumpl in #3067
• fix: reconnect remote MCP toolsets after clean idle SSE close by @aheritier in #3064
• fix: guard type assertions in ScriptToolSet.Instructions() against missing description by @simonferquel-clanker in #3072
• fix: guard elicitation channel close against in-flight sends by @aheritier in #3070
• Allow pulling agent from localhost http URL for local dev by @gtardif in #3075
• docs: update CHANGELOG.md for v1.77.0 by @docker-read-write[bot] in #3062
• Bump Go dependencies by @dgageot in #3076
• docs: update CHANGELOG.md for v1.76.0 by @docker-read-write[bot] in #3061
• Add Docker Desktop JWT when pulling agent from a .docker.com URL by @gtardif in #3077

Full Changelog: v1.77.0...v1.78.0

This release is identical to v1.76.0. It was tagged from the same commit to complete a release pipeline run and contains no code changes. See the v1.76.0 release notes for the changes.

Full Changelog: v1.74.0...v1.77.0

This release adds Claude Fable 5 support, a dedicated model for session-title generation, and checksum verification for tool installs, along with session compaction and TUI fixes.

What's New

• Adds title_model field for delegating session-title generation to a dedicated model
• Adds Claude Fable 5 support with refusal handling and server-side fallbacks via provider_opts
• Surfaces model refusals as a distinct finish reason
• Adds asset checksum verification to tool installation and supports aqua version_overrides

Improvements

• Allows models.dev in the sandbox proxy for model catalog metadata resolution
• Makes the TUI editor component embeddable by other modules, with a new editor.WithPlaceholder option
• Shows a toast error when opening a URL fails
• Removes MCP catalog entries with broken OAuth

Bug Fixes

• Fixes agent losing context and halting after the first session compaction by scaling compaction budgets to the context window
• Fixes sub-session tokens being counted in the compaction trigger
• Fixes Anthropic parallel tool calls by routing input_json deltas by content-block index
• Adds a max_tokens floor for Anthropic when thinking is disabled
• Fixes sidebar token usage panel flickering during sub-agent transfers
• Surfaces useful errors when session title generation fails and honors the agent title_model in the debug title command
• Fixes fork-mode skill commands looping in the TUI
• Fixes cell alignment when the suggestion overlay cuts a wide rune
• Fixes the configured placeholder not being restored when voice recording stops

Technical Changes

• Disables git commit signing in test helpers
• Bumps github.com/anthropics/anthropic-sdk-go to v1.49.0

Pull Requests

• #3009 - fix(anthropic): route input_json deltas by content-block index
• #3038 - docs: update CHANGELOG.md for v1.74.0
• #3039 - bump github.com/anthropics/anthropic-sdk-go to v1.49.0
• #3040 - Show toast error when opening URL fails
• #3041 - Allow models.dev in sandbox proxy for model catalog resolution
• #3042 - fix: agent loses context and halts after first session compaction
• #3043 - docs: fix stale defaults, wrong tool names, and missing CLI flags
• #3044 - docs: update evaluation and compaction documentation
• #3045 - Reusable editor
• #3046 - toolinstall: verify asset checksums and support aqua version_overrides
• #3047 - Reusable editor (More)
• #3048 - Remove MCP non-working servers
• #3049 - fix: stop sidebar token usage panel flickering during sub-agent transfers
• #3050 - fix: add max_tokens floor for Anthropic when thinking is disabled
• #3051 - feat: add title_model for delegating session-title generation
• #3052 - fix: surface useful errors when session title generation fails
• #3053 - feat: add Claude Fable 5 support with refusal handling and server-side fallbacks
• #3057 - fix: prevent fork-mode skill commands from looping in TUI
• #3059 - expose embeddable tui components
• #3060 - test: disable git commit signing in test helpers

Full Changelog: v1.74.0...v1.76.0

This release introduces self-update functionality, session read-only mode, and 1Password CLI integration, along with model selection improvements and various bug fixes.

What's New

• Adds opt-in self-update functionality via DOCKER_AGENT_AUTO_UPDATE environment variable with interactive confirmation
• Adds --session-read-only flag to view sessions without sending messages in TUI mode
• Adds 1Password CLI integration for secret resolution using op:// references
• Adds first_available model selection for automatic fallback across multiple model candidates
• Adds user_steering_messages_submit and user_followup_submit hooks for queued user messages

Improvements

• Updates default agent to use first_available model selection with multi-provider fallbacks
• Updates default model versions: OpenAI from gpt-5-mini to gpt-5, Google from gemini-2.5-flash to gemini-3.5-flash
• Updates coder agent to use first_available model selection instead of hardcoded Anthropic models

Bug Fixes

• Fixes tool call being dropped when finish_reason shares the same chunk in streaming responses
• Fixes orphaned tool results on session resume that caused validation errors on AWS Bedrock
• Fixes agent field not being preserved during command expansion, causing incorrect routing to root agent
• Fixes binary files being processed in content search operations
• Fixes self-update validation to prevent arbitrary file deletion and detect help flags properly
• Fixes IPv6 6to4, NAT64, site-local and CGNAT ranges not being blocked in SSRF protection

Technical Changes

• Hardens self-update download and re-exec process against tampering with digest and checksum verification
• Uses SSRF-safe HTTP client for MCP OAuth metadata fetches
• Hardens 1Password provider against silent pass-through and PATH hijacking
• Fixes custom-base-image evaluation template to include docker-agent binary and entrypoint
• Removes broken MCP servers from configuration

What's Changed

• docs: update CHANGELOG.md for v1.73.0 by @docker-read-write[bot] in #2990
• feat: add first_available model selection by @dgageot in #2991
• fix: don't drop tool call when finish_reason shares the chunk by @Sayt-0 in #2992
• chore: bump go dependencies (acp-go-sdk, goja) by @dgageot in #2995
• feat: add opt-in self-update by @dgageot in #2993
• docs: update agent config reference, custom provider api_type, and slash command behavior by @aheritier in #2999
• feat: update default agent to use first_available model selection by @dgageot in #2997
• refactor(coder): use first_available model selection with multi-provider fallbacks by @dgageot in #2996
• feat: add user_steering_messages_submit and user_followup_submit hooks by @simonferquel-clanker in #3000
• docs: add thinking/reasoning guide and expand provider thinking docs by @rumpl in #3004
• docs: update default model examples to gpt-5 and gemini-3.5-flash by @aheritier in #3003
• fix: drop orphaned tool results on session resume by @Sayt-0 in #3001
• docs: sync config examples with updated default models (gpt-5, gemini-3.5-flash) by @aheritier in #3012
• fix: preserve agent field during command expansion by @dgageot in #3007
• docs: update remaining gpt-5-mini → gpt-5 examples across docs by @aheritier in #3025
• feat: add --session-read-only flag to view sessions without sending messages by @gtardif in #3026
• fix: skip binary files in content search by @dgageot in #3006
• docs: document --session-read-only flag for TUI read-only mode by @aheritier in #3028
• fix(evals): copy docker-agent binary + entrypoint in custom-base-image template by @hamza-jeddad in #3029
• chore: bump go dependencies by @dgageot in #3005
• fix: block IPv6 6to4, NAT64, site-local and CGNAT ranges in IsPublicIP by @ronan-thibaut-glitch in #3031
• Remove broken MCP servers by @dgageot in #3032
• chore: bump go dependencies by @dgageot in #3033
• fix: use SSRF-safe HTTP client for MCP OAuth authorization server metadata fetch by @ronan-thibaut-glitch in #3035
• feat: add 1Password CLI integration for secret resolution by @dgageot in #3036

New Contributors

• @ronan-thibaut-glitch made their first contribution in #3031

Full Changelog: v1.73.0...v1.74.0

This release improves MCP catalog server management, fixes streaming issues with AI providers, and adds memory protection for file search operations.

What's New

• Adds --json flag to alias list command for structured output
• Adds ContextLimit helper to modelinfo for centralized context window handling
• Blocks enable_remote_mcp_server until the server is actually connected, eliminating the need to re-ask questions

Improvements

• Removes command queueing - commands are now sent immediately
• Removes empty query truncation from MCP server search, showing all matching servers
• Restricts MCP catalog to OAuth and anonymous-access servers only, removing API key complexity

Bug Fixes

• Fixes Gemini parallel tool responses by coalescing them into a single Content
• Fixes custom OpenAI provider routing for Responses-only models (gpt-4.1, o-series, gpt-5, Codex)
• Fixes memory explosion in search_files_content by capping output at 1 MiB and skipping large files
• Fixes MCP catalog retry logic for existing unstarted entries
• Fixes rollback behavior when MCP server Start is cancelled during OAuth or Tools operations
• Fixes conversation caching to exclude failed chat continuations

Technical Changes

• Refactors registry operations to reuse single session across digest and pull operations
• Updates OpenAI handler to support newer Responses stream event shapes
• Uses cmd.Context() instead of context.Background() for proper cancellation support
• Uses strings.Builder for message merging to reduce memory allocations
• Improves search_files_content memory handling for symlinks and device files

What's Changed

• docs: update CHANGELOG.md for v1.72.0 by @docker-read-write[bot] in #2974
• docs: document alias list --json flag and failure-safe conversation caching by @aheritier in #2977
• refactor: reuse registry session for OCI pulls by @dgageot in #2975
• openai: handle newer Responses stream event shapes by @rumpl in #2976
• fix(gemini): coalesce parallel tool responses into a single Content by @t-mizumoto1203 in #2959
• Don't queue commands by @rumpl in #2979
• chore: bump direct Go dependencies by @dgageot in #2980
• fix: use cmd.Context() instead of context.Background() by @dgageot in #2981
• feat(mcp_catalog): block enable_remote_mcp_server until the server is connected by @trungutt in #2973
• fix: prevent memory explosion in search_files_content by @dgageot in #2983
• refactor: remove empty query truncation from MCP server search by @dgageot in #2984
• fix(providers): route Responses-only models on custom OpenAI providers by @Sayt-0 in #2985
• feat: add ContextLimit helper to modelinfo by @dgageot in #2982
• test(mcp): fix staticcheck SA5011 nil-pointer errors in oauth_test by @dgageot in #2989
• refactor: use strings.Builder for message merging in oaistream by @dgageot in #2986
• refactor: restrict mcp_catalog to oauth and none auth only by @dgageot in #2988

New Contributors

• @t-mizumoto1203 made their first contribution in #2959

Full Changelog: v1.72.0...v1.73.0