This release introduces self-update functionality, session read-only mode, and 1Password CLI integration, along with model selection improvements and various bug fixes.
What's New
- Adds opt-in self-update functionality via
DOCKER_AGENT_AUTO_UPDATEenvironment variable with interactive confirmation - Adds
--session-read-onlyflag to view sessions without sending messages in TUI mode - Adds 1Password CLI integration for secret resolution using
op://references - Adds
first_availablemodel selection for automatic fallback across multiple model candidates - Adds
user_steering_messages_submitanduser_followup_submithooks for queued user messages
Improvements
- Updates default agent to use
first_availablemodel selection with multi-provider fallbacks - Updates default model versions: OpenAI from
gpt-5-minitogpt-5, Google fromgemini-2.5-flashtogemini-3.5-flash - Updates coder agent to use
first_availablemodel selection instead of hardcoded Anthropic models
Bug Fixes
- Fixes tool call being dropped when finish_reason shares the same chunk in streaming responses
- Fixes orphaned tool results on session resume that caused validation errors on AWS Bedrock
- Fixes agent field not being preserved during command expansion, causing incorrect routing to root agent
- Fixes binary files being processed in content search operations
- Fixes self-update validation to prevent arbitrary file deletion and detect help flags properly
- Fixes IPv6 6to4, NAT64, site-local and CGNAT ranges not being blocked in SSRF protection
Technical Changes
- Hardens self-update download and re-exec process against tampering with digest and checksum verification
- Uses SSRF-safe HTTP client for MCP OAuth metadata fetches
- Hardens 1Password provider against silent pass-through and PATH hijacking
- Fixes custom-base-image evaluation template to include docker-agent binary and entrypoint
- Removes broken MCP servers from configuration
What's Changed
- docs: update CHANGELOG.md for v1.73.0 by @docker-read-write[bot] in #2990
- feat: add first_available model selection by @dgageot in #2991
- fix: don't drop tool call when finish_reason shares the chunk by @Sayt-0 in #2992
- chore: bump go dependencies (acp-go-sdk, goja) by @dgageot in #2995
- feat: add opt-in self-update by @dgageot in #2993
- docs: update agent config reference, custom provider api_type, and slash command behavior by @aheritier in #2999
- feat: update default agent to use first_available model selection by @dgageot in #2997
- refactor(coder): use first_available model selection with multi-provider fallbacks by @dgageot in #2996
- feat: add user_steering_messages_submit and user_followup_submit hooks by @simonferquel-clanker in #3000
- docs: add thinking/reasoning guide and expand provider thinking docs by @rumpl in #3004
- docs: update default model examples to gpt-5 and gemini-3.5-flash by @aheritier in #3003
- fix: drop orphaned tool results on session resume by @Sayt-0 in #3001
- docs: sync config examples with updated default models (gpt-5, gemini-3.5-flash) by @aheritier in #3012
- fix: preserve agent field during command expansion by @dgageot in #3007
- docs: update remaining gpt-5-mini → gpt-5 examples across docs by @aheritier in #3025
- feat: add --session-read-only flag to view sessions without sending messages by @gtardif in #3026
- fix: skip binary files in content search by @dgageot in #3006
- docs: document --session-read-only flag for TUI read-only mode by @aheritier in #3028
- fix(evals): copy docker-agent binary + entrypoint in custom-base-image template by @hamza-jeddad in #3029
- chore: bump go dependencies by @dgageot in #3005
- fix: block IPv6 6to4, NAT64, site-local and CGNAT ranges in IsPublicIP by @ronan-thibaut-glitch in #3031
- Remove broken MCP servers by @dgageot in #3032
- chore: bump go dependencies by @dgageot in #3033
- fix: use SSRF-safe HTTP client for MCP OAuth authorization server metadata fetch by @ronan-thibaut-glitch in #3035
- feat: add 1Password CLI integration for secret resolution by @dgageot in #3036
New Contributors
- @ronan-thibaut-glitch made their first contribution in #3031
Full Changelog: v1.73.0...v1.74.0