This release introduces clickable terminal links, domain filtering for fetch operations, and enhanced toolset lifecycle management with configurable supervision profiles.
What's New
- Makes markdown links and URLs clickable in the terminal using OSC 8 hyperlink escape sequences
- Adds
allowed_domainsandblocked_domainsfilters to the fetch toolset for restricting network access - Adds
/toolsetscommand and supervisor-aware status surface in the TUI - Introduces
redact_secretsagent flag that scrubs credential patterns from tool calls and LLM messages - Adds per-toolset lifecycle configuration with profile presets for MCP and LSP servers
- Introduces
/toolset-restartslash command for hot-reload functionality
Improvements
- Defers OAuth elicitation outside interactive context to prevent premature prompts
- Reduces macOS keychain prompts by storing all MCP OAuth tokens in a single keychain item
- Makes every dialog close on ctrl+c, with twice exiting the application
- Filters LSP tools by server-advertised capabilities
- Detects secrets embedded inside larger tokens, not just word-bounded patterns
Bug Fixes
- Fixes MCP catalog reference in mcp-definitions.yaml from
docker:githubtodocker:github-official - Fixes Slack token responses and surfaces server errors in MCP OAuth handling
- Fixes config package names for v6 and v7 versions
- Fixes strip transform reading wrong model in alloy/per-tool override mode
- Suppresses spurious 'is now available' MCP toolset notice after OAuth completion
Technical Changes
- Separates toolset notices from warnings in agent handling
- Simplifies history package by replacing manual parsing with standard library functions
- Refactors skills package into focused files without changing behavior
- Extracts image-stripping into registered MessageTransform mechanism
- Unifies MCP/LSP toolset supervision with typed errors and state-machine architecture
- Isolates example loading in temporary directories for tests
What's Changed
- docs: update CHANGELOG.md for v1.53.0 by @docker-read-write[bot] in #2565
- Make the slack remote MCP server work by @dgageot in #2512
- Fix misleading UpdateMessage doc comment by @rumpl in #2570
- docs: bring hooks reference up to date with new events by @dgageot in #2569
- lint: add config-versioning robustness cops + fix v6/v7 package names by @dgageot in #2568
- Use the slices package to simplify slice operations by @dgageot in #2566
- test: stop example tests from writing SQLite files into examples/ by @dgageot in #2564
- Simplify the history package by @dgageot in #2567
- runtime: extract image-stripping into a registered MessageTransform by @dgageot in #2573
- refactor(skills): split package into focused files by @dgageot in #2571
- feat(fetch): add allowed_domains and blocked_domains filters by @dgageot in #2572
- defer oauth when elicitation bridge isn't wired up yet by @dgageot in #2574
- feat(tui): make markdown links and URLs clickable in the terminal by @silvin-lubecki in #2498
- stop hard-coding "root" as the default agent name by @dgageot in #2576
- fix(examples): correct MCP catalog ref in mcp-definitions.yaml by @aheritier in #2465
- refactor(sessiontitle): simplify Generator without changing behavior by @dgageot in #2575
- Add redact_secrets builtin hook + before_llm_call transform by @dgageot in #2577
- Suppress spurious 'is now available' MCP toolset notice by @dgageot in #2578
- reduce macOS keychain prompts for OAuth MCP servers by @dgageot in #2580
- docs: document redact_secrets agent flag by @dgageot in #2581
- detect secrets embedded inside larger tokens by @dgageot in #2582
- feat(lifecycle): unify MCP/LSP toolset supervision with configurable profiles + /toolsets UX by @dgageot in #2579
- test(mcp): test buildRemoteDescription directly to skip keychain by @dgageot in #2584
- make every dialog close on ctrl+c, twice exits by @dgageot in #2583
- Disable test that prompts for a password by @dgageot in #2585
Full Changelog: v1.53.0...v1.54.0