This release improves markdown rendering performance, adds agent switching capabilities, and enhances secret redaction with better error handling.

What's New

• Adds unload on_agent_switch builtin hook for releasing model resources when switching between agents

Improvements

• Speeds up and simplifies markdown fast renderer for better performance
• Trims builtin tool schemas to save tokens in LLM requests
• Tightens Docker PAT redaction and adds organization access tokens support
• Adds more vendor-prefixed secret patterns for improved security scanning

Bug Fixes

• Fixes retry handling for Vertex AI 'function response parts' 400 errors that occur intermittently
• Restores styles on continuation lines of broken words in markdown rendering
• Fixes H1 prefix and ANSI style handling in wrapText functionality
• Defensively lowercases transient patterns in model error handling
• Caps quantifiers on new secret rules to prevent adjacent text being incorrectly redacted

Technical Changes

• Adopts new rubocop-go DSL across all linting cops for better code organization
• Uses slog.WarnContext where context is available for improved logging
• Drains unload response body and documents single-tenant assumption

What's Changed

• docs: update CHANGELOG.md for v1.56.0 by @docker-read-write[bot] in #2695
• Make the FastMarkdown renderer simpler and faster by @dgageot in #2686
• refactor(lint): adopt new rubocop-go DSL across all cops by @dgageot in #2687
• fix: retry transient Vertex AI 'function response parts' 400 errors by @dgageot in #2691
• shrink builtin tool schemas to save tokens by @dgageot in #2694
• feat: add unload on_agent_switch builtin hook by @dgageot in #2684
• secretsscan: tighten Docker PAT, add new vendor patterns, cap quantifiers by @dgageot in #2697

Full Changelog: v1.56.0...v1.57.0

This release adds snapshot management capabilities and expands secret detection with 20 new patterns.

What's New

• Adds /snapshots command to list and restore captured snapshots from the current session
• Adds 20 new secret detection patterns including Discord bot tokens, Telegram bot tokens, Fly.io macaroons, Groq API keys, Perplexity API keys, and xAI/Grok API keys

Technical Changes

• Freezes config v8 and starts v9 as the latest configuration schema version
• Moves non-migration config tests to pkg/config for better organization
• Updates logging to use slog.WarnContext when a context is in scope
• Simplifies snapshot plumbing implementation

What's Changed

• freeze config v8 and start v9 as latest by @dgageot in #2688
• docs: update CHANGELOG.md for v1.55.0 by @docker-read-write[bot] in #2689
• feat(tui): add /snapshots command to list and restore captured snapshots by @dgageot in #2690
• feat(secretsscan): add 20 more secret patterns by @dgageot in #2692
• move non-migration config tests to pkg/config by @dgageot in #2693

Full Changelog: v1.55.0...v1.56.0

This release introduces significant security hardening, attachment system foundations, and enhanced configuration capabilities.

What's New

• Adds HCL configuration format support as an alternative to YAML for agent configurations
• Adds /pause command to toggle the runtime loop at iteration boundaries
• Adds turn_end hook that fires once per turn regardless of how the turn ended
• Adds shadow snapshots and /undo command for restoring file changes without modifying session transcript
• Adds Anthropic Workload Identity Federation support for OIDC-derived authentication
• Adds attachment system foundations with chat.Document and per-provider document conversion
• Adds JavaScript/WebAssembly browser build with OpenRouter PKCE support
• Adds custom request headers support for the fetch toolset with environment variable expansion
• Adds allow/deny lists for filesystem toolset to sandbox file access
• Adds wildcard and CIDR pattern support in fetch toolset domain filtering
• Adds input-shape repair layer for tool calls to handle common model mistakes
• Adds MCP embedded resource content type support
• Adds --hook-stop CLI flag for the existing stop event
• Adds --tool-name flag to override MCP tool identifier
• Adds --mcp-keepalive flag for MCP server connections

Improvements

• Expands secret detection with additional patterns for OpenAI, Anthropic, Google, Stripe, Notion, GitLab, Vault, and Slack tokens
• Speeds up secret redaction with aho-corasick keyword pre-filter
• Improves markdown rendering performance with single-pass URL scanner optimizations
• Enhances session ID and install UUID forwarding on gateway-bound requests for better tracing
• Pauses animation ticks while terminal is blurred to reduce CPU usage
• Propagates non-interactive mode to child sessions and declines elicitation automatically

Bug Fixes

• Fixes crash on startup when configuration file is empty
• Fixes environment variable race in script shell tool execution
• Fixes data races on session token and message writes
• Fixes lifecycle supervisor state race condition
• Fixes infinite loop on hash-prefixed paragraphs in markdown renderer
• Fixes tab switching and chat scroll functionality while prompts are open
• Fixes compaction kept-tail mapping after prior summaries
• Fixes IPv4-mapped IPv6 SSRF bypass in fetch domain matcher
• Fixes finish_reason stop when tracking usage in OpenAI streams
• Fixes comment-only SSE events that crash openai-go client

Technical Changes

• Replaces mise with go-task as the project task runner
• Splits builtin tools into individual sub-packages for better organization
• Centralizes model-specific behavior in pkg/modelinfo package
• Tightens file and directory permissions for per-user data to 0o700/0o600
• Adds contextual logging throughout codebase for better trace correlation
• Adds 7 new architectural-sync linting cops that caught 10 real bugs
• Hardens OAuth with constant-time state comparison and SSRF protection
• Blocks non-public IPs in API and OpenAPI tools by default
• Updates jose2go to v1.7.0 to address security vulnerabilities
• Bumps various Go dependencies including Anthropic SDK, Docker CLI, and OpenTelemetry packages

What's Changed

• docs: document toon and per-toolset model routing by @dgageot in #2587
• Bump direct Go dependencies by @dgageot in #2586
• docs: update CHANGELOG.md for v1.54.0 by @docker-read-write[bot] in #2588
• Finish secret redaction by @dgageot in #2589
• simplify pkg/hooks: drop unused EventSpec abstraction by @dgageot in #2591
• lint: add 7 architectural-sync cops (catches 10 real bugs) by @dgageot in #2593
• Add turn_end hook by @rumpl in #2592
• Bump direct Go dependencies by @dgageot in #2597
• update PR review workflow with fork-supporting trigger by @derekmisler in #2596
• Use the latest rubocop-go by @dgageot in #2594
• Bump direct Go dependencies by @dgageot in #2599
• docs: fix outdated content and document missing commands by @dgageot in #2600
• Handle case when session started with Docker Desktop proxy available, and the Desktop is stopped by @gtardif in #2606
• Add /pause command to toggle the runtime loop by @dgageot in #2605
• harden docker agent serve api: warn on non-loopback, fix runtime race, block SSRF by @dgageot in #2604
• Support HCL as an alternative agent config format by @dgageot in #2598
• fetch: support wildcard and CIDR patterns in domain allow/deny lists by @dgageot in #2602
• Add detection rules for more secret formats by @dgageot in #2603
• docs: refresh outdated examples, missing env vars, and CLI options by @dgageot in #2610
• feat(hooks): expose stop hook via CLI by @tdabasinskas in #2627
• fix(session): close data races on session token and message writes by @tdabasinskas in #2622
• fix(lifecycle): order state transition before waking restart waiters by @tdabasinskas in #2621
• fix(security): bump jose2go to v1.7.0 (GO-2025-4123, GO-2023-2409) by @tdabasinskas in #2619
• fix(runtime): add OpenTelemetry tracer to runtime initialization by @tdabasinskas in #2505
• fix(tools): prevent environment variable race in script shell tool by @tdabasinskas in #2616
• feat(mcp): add support for embedded resource content type by @tdabasinskas in #2612
• docs: fix outdated and incorrect references by @dgageot in #2618
• deps: bump direct Go dependencies by @dgageot in #2609
• feat(filesystem): add allow_list / deny_list to sandbox the toolset by @dgageot in #2601
• feat(gateway): add X-Cagent-Session-Id header to models gateway requests by @tdabasinskas in #2631
• feat(mcp-server): add --tool-name flag to override the MCP tool identifier by @tdabasinskas in #2625
• feat(runtime): propagate non-interactive mode to child sessions and decline elicitation by @tdabasinskas in #2623
• feat(otel): configure W3C trace propagation for distributed tracing by @tdabasinskas in #2506
• docs: fill in missing CLI flags and fix outdated content by @dgageot in #2633
• bump direct Go dependencies by @dgageot in #2637
• feat(mcp-server): add keep-alive support by @tdabasinskas in #2624
• Fix perf regression urls by @dgageot in #2638
• docs: add HCL configuration documentation by @rumpl in #2643
• docs: fix broken links and outdated/incorrect snippets by @dgageot in #2650
• Update pr-review.yml by @derekmisler in #2648
• avoid duplicate compaction system prompt by @rumpl in #2647
• HCL: add a file() function by @rumpl in #2642
• docs(agents): expand AGENTS.md with guidelines and standards by @aheritier in #2644
• docs(github): update issue templates and triage workflow by @aheritier in #2645
• Fix finish_reason stop when tracking usage by @rumpl in #2641
• feat(tools): generic input-shape repair for tool calls (validate-then-repair) by @trungutt in #2635
• bump direct go dependencies by @dgageot in #2655
• fix: keep tab switching and chat scroll working while a prompt is open by @dgageot in #2654
• Add JS placeholders support in instructions by @dgageot in #2652
• fetch: support custom request headers by @dgageot in #2651
• feat(httpclient): forward cagent install UUID on gateway-bound requests by @dgageot in #2653
• split builtin tools into individual sub-packages by @dgageot in #2661
• chore: replace mise with go-task by @dgageot in #2659
• docs: refresh examples README by @dgageot in #2665
• tui: pause animation ticks while the terminal is blurred by @dgageot in #2668
• refactor(logging): pass context to all slog calls for correlation by @tdabasinskas in #2669
• redact_secrets: catch more token shapes and bare unquoted values by @dgageot in https://github.com/docke...

This release introduces clickable terminal links, domain filtering for fetch operations, and enhanced toolset lifecycle management with configurable supervision profiles.

What's New

• Makes markdown links and URLs clickable in the terminal using OSC 8 hyperlink escape sequences
• Adds allowed_domains and blocked_domains filters to the fetch toolset for restricting network access
• Adds /toolsets command and supervisor-aware status surface in the TUI
• Introduces redact_secrets agent flag that scrubs credential patterns from tool calls and LLM messages
• Adds per-toolset lifecycle configuration with profile presets for MCP and LSP servers
• Introduces /toolset-restart slash command for hot-reload functionality

Improvements

• Defers OAuth elicitation outside interactive context to prevent premature prompts
• Reduces macOS keychain prompts by storing all MCP OAuth tokens in a single keychain item
• Makes every dialog close on ctrl+c, with twice exiting the application
• Filters LSP tools by server-advertised capabilities
• Detects secrets embedded inside larger tokens, not just word-bounded patterns

Bug Fixes

• Fixes MCP catalog reference in mcp-definitions.yaml from docker:github to docker:github-official
• Fixes Slack token responses and surfaces server errors in MCP OAuth handling
• Fixes config package names for v6 and v7 versions
• Fixes strip transform reading wrong model in alloy/per-tool override mode
• Suppresses spurious 'is now available' MCP toolset notice after OAuth completion

Technical Changes

• Separates toolset notices from warnings in agent handling
• Simplifies history package by replacing manual parsing with standard library functions
• Refactors skills package into focused files without changing behavior
• Extracts image-stripping into registered MessageTransform mechanism
• Unifies MCP/LSP toolset supervision with typed errors and state-machine architecture
• Isolates example loading in temporary directories for tests

What's Changed

• docs: update CHANGELOG.md for v1.53.0 by @docker-read-write[bot] in #2565
• Make the slack remote MCP server work by @dgageot in #2512
• Fix misleading UpdateMessage doc comment by @rumpl in #2570
• docs: bring hooks reference up to date with new events by @dgageot in #2569
• lint: add config-versioning robustness cops + fix v6/v7 package names by @dgageot in #2568
• Use the slices package to simplify slice operations by @dgageot in #2566
• test: stop example tests from writing SQLite files into examples/ by @dgageot in #2564
• Simplify the history package by @dgageot in #2567
• runtime: extract image-stripping into a registered MessageTransform by @dgageot in #2573
• refactor(skills): split package into focused files by @dgageot in #2571
• feat(fetch): add allowed_domains and blocked_domains filters by @dgageot in #2572
• defer oauth when elicitation bridge isn't wired up yet by @dgageot in #2574
• feat(tui): make markdown links and URLs clickable in the terminal by @silvin-lubecki in #2498
• stop hard-coding "root" as the default agent name by @dgageot in #2576
• fix(examples): correct MCP catalog ref in mcp-definitions.yaml by @aheritier in #2465
• refactor(sessiontitle): simplify Generator without changing behavior by @dgageot in #2575
• Add redact_secrets builtin hook + before_llm_call transform by @dgageot in #2577
• Suppress spurious 'is now available' MCP toolset notice by @dgageot in #2578
• reduce macOS keychain prompts for OAuth MCP servers by @dgageot in #2580
• docs: document redact_secrets agent flag by @dgageot in #2581
• detect secrets embedded inside larger tokens by @dgageot in #2582
• feat(lifecycle): unify MCP/LSP toolset supervision with configurable profiles + /toolsets UX by @dgageot in #2579
• test(mcp): test buildRemoteDescription directly to skip keychain by @dgageot in #2584
• make every dialog close on ctrl+c, twice exits by @dgageot in #2583
• Disable test that prompts for a password by @dgageot in #2585

Full Changelog: v1.53.0...v1.54.0

This release adds OpenAI-compatible API server functionality, skill model overrides, and response caching, along with extensive refactoring to improve code organization and testability.

What's New

• Adds docker agent serve chat command that exposes agents through an OpenAI-compatible HTTP server
• Adds configurable response cache for agents to skip model calls for repeated questions
• Adds skill model override capability allowing fork skills to specify different models via model: field in SKILL.md frontmatter
• Adds g/G keybindings to scroll messages view (jump to top/bottom)
• Adds 10 new builtin hook events including lifecycle events, compaction events, and observability events
• Adds type: model hook handler for LLM-as-judge functionality

Improvements

• Switches Anthropic Opus 4.6/4.7 to adaptive thinking when token-based budgets are configured
• Improves file path handling for sub-agent sessions by propagating user-attached files and encouraging absolute paths
• Improves error messages for HTTP 400 failures with structured provider error details

Bug Fixes

• Fixes Copilot integration by adding required Copilot-Integration-Id header for github-copilot provider
• Fixes crash when opening sessions with empty configuration files
• Fixes session_start hook output appearing as user messages in transcript
• Fixes TUI bottom slack clearing after thinking text fades out
• Fixes race conditions in skill model overrides and response cache handling

Technical Changes

• Extracts hooks builtins from runtime into separate package
• Extracts tool execution, compaction, and delegation logic into focused sub-packages
• Consolidates hook orchestration and simplifies executor caching
• Improves testability across runtime, session, provider, and TUI packages
• Replaces PersistentRuntime decorator with EventObserver pattern
• Updates multiple dependencies including Anthropic SDK, AWS Smithy, and various UI libraries

What's Changed

• docs: update CHANGELOG.md for v1.52.0 by @docker-read-write[bot] in #2520
• refactor(hooks): extract builtins from pkg/runtime into pkg/hooks/builtins by @dgageot in #2521
• refactor(hooks): simplify package while preserving features by @dgageot in #2522
• refactor(runtime): consolidate hook orchestration and cache executors by @dgageot in #2523
• Skills: allow fork skills to override the model by @dgageot in #2525
• refactor(skills): move fork-skill validation into SkillsToolset by @dgageot in #2524
• fix(skills): unbreak main after fork-skill refactor merge by @dgageot in #2527
• fix(openai): send Copilot-Integration-Id header for github-copilot by @dgageot in #2475
• refactor(hooks/builtins): one file per builtin + simplify registration by @dgageot in #2526
• feat(tui): add g/G keybindings to scroll messages view by @dgageot in #2528
• refactor(hooks/builtins): inline GetEnvironmentInfo + simplify package by @dgageot in #2529
• refactor(hooks/builtins): inline & simplify add_prompt_files by @dgageot in #2530
• refactor(hooks): simplify caching, dispatch flow, and notification helpers by @dgageot in #2531
• Inherit user-attached files in sub-agent sessions by @dgageot in #2532
• fix(runtime): don't persist session_start hook output as a session message by @dgageot in #2533
• refactor(hooks): drop runtime shadow types and tighten the executor by @dgageot in #2534
• feat: add docker agent serve chat command (OpenAI-compatible API) by @dgageot in #2510
• feat(hooks): add 6 builtin hooks + widen post_tool_use / before_llm_call contract by @dgageot in #2538
• refactor(runtime): drop unused receiver from handleStream by @dgageot in #2539
• feat(hooks): add three observability events around runtime transitions by @dgageot in #2542
• fix(tui): clear bottom slack after thinking text fades out by @dgageot in #2543
• refactor(tui): simplify components, drop dead code, consolidate helpers by @dgageot in #2544
• refactor(provider): improve testability and split provider.go by @dgageot in #2547
• speed up PR image builds by @dgageot in #2553
• refactor(tui): reduce duplication across picker dialogs by @dgageot in #2556
• Add context to todo storage methods by @rumpl in #2560
• refactor(runtime): improve testability and simplify package structure by @dgageot in #2554
• docs: document all builtin hooks in schema and hooks page by @dgageot in #2555
• tui: improve testability and simplify code by @dgageot in #2551
• refactor(session): improve testability and simplify the session package by @dgageot in #2550
• feat(modelerrors): surface structured provider error details on non-2xx responses by @dgageot in #2549
• feat(hooks): lifecycle events, per-hook options, and event-spec refactor by @dgageot in #2540
• refactor(runtime): extract sub-session orchestration by @dgageot in #2535
• refactor(runtime): extract model-fallback chain into fallbackExecutor by @dgageot in #2541
• refactor(runtime): extract tool execution into pkg/runtime/toolexec by @dgageot in #2545
• log history init failure via slog instead of stderr by @dgageot in #2561
• feat(hooks): add before_compaction and after_compaction events by @dgageot in #2537
• Bump direct Go dependencies by @dgageot in #2562
• feat(agent): add a configurable response cache by @dgageot in #2536
• refactor(runtime): replace PersistentRuntime decorator with EventObserver by @dgageot in #2552
• feat(hooks): add 4 new hook events to match Claude Code / OpenCode / pi by @dgageot in #2548
• anthropic: switch opus 4.6/4.7 token thinking budgets to adaptive by @dgageot in #2563
• feat(hooks): add 'type: model' hook and integrate pre_tool_use into approval flow by @dgageot in #2546

Full Changelog: v1.52.0...v1.53.0

This release adds file picker hotkeys, improves message handling consistency, and introduces an extensible hooks system with new lifecycle events.

What's New

• Adds Alt+H and Alt+I hotkeys in file picker to toggle hidden and ignored file visibility
• Adds extensible hooks system with 5 new lifecycle events and 3 builtin hooks

Improvements

• Makes user prompt elicitation dialog scrollable to prevent content overflow in terminal

Bug Fixes

• Fixes message trimming behavior to be consistent across all model providers
• Fixes steer message handling by appending newlines between queued messages to prevent word fragments from being concatenated

Technical Changes

• Refactors hooks architecture for better extensibility with pluggable registry system
• Centralizes whitespace-only message filtering in session.GetMessages

What's Changed

• docs: update CHANGELOG.md for v1.51.0 by @docker-read-write[bot] in #2514
• fix(tui): make user_prompt elicitation dialog scrollable by @dgageot in #2509
• hotkeys to toggle filepicker hidden/ignored files by @joshbarrington in #2501
• runtime: append newline to non-last steer messages on multi-drain by @simonferquel-clanker in #2518
• fix: normalize message trimming behavior across all model providers by @simonferquel-clanker in #2516
• feat(hooks): refactor for extensibility, add 5 events and 3 builtins by @dgageot in #2519

Full Changelog: v1.51.0...v1.52.0

This release improves Anthropic model support on Vertex AI, enhances the model picker interface, and includes several bug fixes.

What's New

• Adds pricing and capabilities information to the /model picker interface with a detailed comparison table

Improvements

• Routes Anthropic models on Vertex AI through the native endpoint instead of OpenAI-compatible endpoint to fix compatibility issues

Bug Fixes

• Fixes race condition in session cleanup that could cause spurious "session busy" errors
• Fixes OTLP endpoint URL handling to properly support http/https schemes

Technical Changes

• Enables noctx linter and adds context threading through HTTP, SQL, exec and net APIs

What's Changed

• docs: update CHANGELOG.md for v1.50.0 by @docker-read-write[bot] in #2499
• ci: bump golangci-lint from v2.9 to v2.11 by @dgageot in #2489
• Route Anthropic models on Vertex AI through the native endpoint by @dgageot in #2476
• fix(otel): support http/https scheme in OTLP endpoint URL by @tdabasinskas in #2504
• fix(session): prevent race condition in session cleanup by @tdabasinskas in #2503
• feat(tui): show pricing & capabilities in /model picker by @dgageot in #2511
• lint: enable noctx and deduplicate touched code by @dgageot in #2508

Full Changelog: v1.50.0...v1.51.0

This release fixes several runtime issues with message steering and sandbox argument handling, along with TUI improvements for user prompts and speech commands.

What's New

• Adds support for custom OAuth callback redirect URLs for remote MCP toolsets, allowing public-facing proxies for authentication

Improvements

• Adds custom component for user_prompt tool calls in TUI that shows only status and name without exposing internal details

Bug Fixes

• Fixes sandbox mode incorrectly interpreting agent file path as first chat message due to duplicate argument handling
• Fixes runtime race conditions where steer messages could be silently dropped during idle windows or first turns
• Fixes /speak slash command not dispatching immediately in TUI

Technical Changes

• Updates Go to version 1.26.2
• Refactors runtime steer message injection to remove system-reminder envelope

What's Changed

• docs: update CHANGELOG.md for v1.49.2 by @docker-read-write[bot] in #2486
• fix(sandbox): don't duplicate agent file and --config-dir args by @dgageot in #2487
• fix(runtime): drain steerQueue at top of RunStream loop to close idle-window race by @simonferquel-clanker in #2492
• feat(mcp): support custom OAuth callbackRedirectURL for remote toolsets by @dgageot in #2494
• chore: bump Go to 1.26.2 by @dgageot in #2488
• tui: add custom component for user_prompt tool calls by @dgageot in #2497
• fix(tui): make /speak slash command dispatch immediately by @dgageot in #2496

Full Changelog: v1.49.2...v1.50.0

This release fixes an issue with the --pull-interval flag when using URL gordon references.

Bug Fixes

• Fixes blocking of --pull-interval flag when using URL gordon reference

Technical Changes

• Updates CHANGELOG.md for v1.49.1

What's Changed

• docs: update CHANGELOG.md for v1.49.1 by @docker-read-write[bot] in #2484
• Do not block --pull-interval flag when using URL gordon ref by @gtardif in #2485

Full Changelog: v1.49.1...v1.49.2

This release improves the shell tool's command handling and fixes documentation inconsistencies.

Improvements

• Accepts "command" as an alias for "cmd" in shell tool calls to improve compatibility with different AI models
• Improves error messaging when shell commands are empty or blank

Bug Fixes

• Fixes documentation and code divergences reported in issue #2464 with 36 targeted corrections
• Prevents blank "cmd" parameters from interfering with "command" alias functionality

Technical Changes

• Updates configuration schema version to 8 in documentation
• Updates CHANGELOG.md for v1.49.0 release

What's Changed

• docs: update CHANGELOG.md for v1.49.0 by @docker-read-write[bot] in #2483
• shell: accept command as alias for cmd and improve empty-arg error by @trungutt in #2481
• docs: fix doc-code divergences reported in #2464 by @dgageot in #2479

Full Changelog: v1.49.0...v1.49.1