github docker/docker-agent v1.58.0
on GitHub

3 hours ago

This release adds external TUI control capabilities, HTTP POST hooks, and several security hardening improvements.

What's New

  • Adds http_post builtin hook for making HTTP POST requests from agent workflows
  • Adds --listen flag to run command to expose the running TUI for external control
  • Adds send subcommand to drive a live TUI session from external processes
  • Adds watch subcommand to stream events from a running TUI
  • Adds --on-event hooks to observe arbitrary events during runs
  • Adds --attach flag to serve mcp command to expose running TUI via MCP
  • Adds newline-delimited JSON protocol over stdio for external communication
  • Adds discovery files for live runs in run registry
  • Adds bump-config-version skill for configuration management

Bug Fixes

  • Fixes filesystem tool path expansion for ~ (home directory) in file paths
  • Fixes model ID handling to use fully-qualified provider/model identifiers for capability lookups
  • Fixes Nebius example to use available Kimi-K2.5 model instead of deprecated Kimi-K2-Instruct
  • Fixes dry-run mode to work properly before contacting remote servers
  • Fixes request context propagation in echo logging
  • Fixes run registry permissions and session lifecycle cleanup

Improvements

  • Makes max_iterations builtin stateless by using runtime's existing iteration counter
  • Hardens http_post hook with SSRF-safe client, scheme validation, and request logging
  • Consolidates home directory path expansion across the codebase
  • Shows current git branch when working in a repository
  • Unifies local and remote run dispatch through shared backend interface

Technical Changes

  • Refactors snapshot handling into dedicated SnapshotController separate from runtime
  • Refactors unload builtin to be pure and runtime-agnostic
  • Promotes model switching and tools change subscription onto Runtime interface
  • Adds security hardening for secrets provider, archive extraction, OAuth HTTP client, and shell tool
  • Enables gosec linter for file permission validation
  • Updates Go to version 1.26.3
  • Adds migration content pinning to enforce append-only database schema changes

What's Changed

  • docs: update CHANGELOG.md for v1.57.0 by @docker-read-write[bot] in #2703
  • fix: expand ~ in filesystem tool paths by @dgageot in #2704
  • feat(hooks): add http_post builtin by @dgageot in #2705
  • fix: use available Kimi-K2.5 model in nebius example by @dgageot in #2711
  • fix: make max_iterations builtin stateless (#2698) by @dgageot in #2708
  • update PR reviewer to 1.5.1 by @derekmisler in #2717
  • Show the current git branch when in a repo by @rumpl in #2721
  • Consolidate home directory path expansion by @rumpl in #2720
  • Change the default models for the golang dev by @rumpl in #2718
  • Change the app name in otel to docker-agent by @rumpl in #2719
  • bump direct go dependencies by @dgageot in #2709
  • bump go to 1.26.3 by @dgageot in #2712
  • feat: let external processes drive a running TUI by @dgageot in #2714
  • security: five defense-in-depth fixes (secrets, archives, oauth, shell tool, request logs) by @dgageot in #2713
  • refactor(run): unify local/remote dispatch via Backend (10 baby steps) by @dgageot in #2715
  • refactor: extract SnapshotController so the runtime no longer brokers /undo by @dgageot in #2707
  • add bump-config-version skill by @dgageot in #2729
  • ci: enable gosec linter by @dgageot in #2730
  • test(session): pin migration catalogue content (append-only enforcement) by @dgageot in #2727
  • fix(toolinstall): route the registry client through httpclient.NewSafeClient by @dgageot in #2726
  • Fix broken test on main by @dgageot in #2735
  • Add alias by @dgageot in #2736
  • ci: lint workflow invariants actionlint misses (concurrency, SHA pinning, payload deny-list) by @dgageot in #2725
  • refactor(run-control): unify target resolution and SSE handling by @dgageot in #2731
  • refactor(hooks): make the unload on_agent_switch builtin pure by @dgageot in #2706
  • chore: bump direct Go dependencies by @dgageot in #2742
  • remote-runtime: close silent gaps, consolidate Runtime, scaffold wire (10 baby steps) by @dgageot in #2723
  • fix: pass fully-qualified provider/model ID to modelcaps.Load by @simonferquel-clanker in #2738

Full Changelog: v1.57.0...v1.58.0

Check out latest releases or
releases around docker/docker-agent v1.58.0

Don't miss a new docker-agent release

NewReleases is sending notifications on new releases.

Get notifications