From 52f5b9d0802a169dc65e7ae668204ee980dcffaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arnaud=20H=C3=A9ritier?= Date: Thu, 11 Jun 2026 04:05:04 +0000 Subject: [PATCH 1/7] docs: document title_model config field for delegated title generation (ref #3051) --- docs/configuration/models/index.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/configuration/models/index.md b/docs/configuration/models/index.md index 3817e77f4..31ab5149e 100644 --- a/docs/configuration/models/index.md +++ b/docs/configuration/models/index.md @@ -57,6 +57,27 @@ models: | `track_usage` | boolean | ✗ | Track and report token usage for this model | | `routing` | array | ✗ | Rule-based routing to different models. See [Model Routing]({{ '/configuration/routing/' | relative_url }}). | | `provider_opts` | object | ✗ | Provider-specific options (see provider pages) | +| `title_model` | string | ✗ | Model used for session-title generation. Can be a named model from the `models:` section or an inline `provider/model` string. When omitted, the agent's primary model generates titles. Cannot be combined with `first_available`. | + +## Delegating Session-Title Generation + +The `title_model` field lets a heavyweight primary model hand off the cheap +title-generation call to a smaller, faster model: + +```yaml +model: anthropic/claude-opus-4-5 +title_model: anthropic/claude-haiku-4-5 +``` + +The value can be a named entry from the `models` stanza or an inline +`provider/model` string. When omitted, the agent's primary model generates +titles. + +
+
Constraint +
+

title_model cannot be combined with first_available model selection — the combination is rejected at validation time.

+
## First Available Models From 6e2154afe20daa83867b6142d5f67403ce4debd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arnaud=20H=C3=A9ritier?= Date: Thu, 11 Jun 2026 04:05:19 +0000 Subject: [PATCH 2/7] docs: note models.dev is always allowlisted in sandbox proxy (ref #3041) --- docs/configuration/sandbox/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration/sandbox/index.md b/docs/configuration/sandbox/index.md index a34782f89..fa9e3b9ad 100644 --- a/docs/configuration/sandbox/index.md +++ b/docs/configuration/sandbox/index.md @@ -190,7 +190,7 @@ Every text file copied into the kit is run through [portcullis](https://github.c ### Network allowlist -The sandbox templates ship with a default-deny network proxy that allows the major model providers but blocks `*.docker.com` and every package-registry / source host the auto-installer reaches for. When the agent declares MCP or LSP toolsets that have a `command` and an installable `version`, the kit build resolves each toolset's package against the [aqua](https://aquaproj.github.io/) registry and computes the minimal set of hosts the in-sandbox auto-installer will need (Go module proxy + toolchain bootstrap for `go_install` packages, GitHub release hosts for `github_release` packages, …). Those hosts — and the configured [`--models-gateway`]({{ '/features/cli/' | relative_url }}#runtime-configuration-flags) — are then allow-listed on the sandbox proxy. If a per-toolset registry lookup fails, a conservative fallback union is used so the run can still succeed; the affected toolsets are surfaced in the printed summary. +The sandbox templates ship with a default-deny network proxy that allows the major model providers but blocks `*.docker.com` and every package-registry / source host the auto-installer reaches for. When the agent declares MCP or LSP toolsets that have a `command` and an installable `version`, the kit build resolves each toolset's package against the [aqua](https://aquaproj.github.io/) registry and computes the minimal set of hosts the in-sandbox auto-installer will need (Go module proxy + toolchain bootstrap for `go_install` packages, GitHub release hosts for `github_release` packages, …). Those hosts, `models.dev` (needed so the in-sandbox agent can resolve model metadata such as context limits, pricing, and capabilities — without it the first catalog lookup fails with a `403 Blocked by network policy` error), and the configured [`--models-gateway`]({{ '/features/cli/' | relative_url }}#runtime-configuration-flags) — are then allow-listed on the sandbox proxy. If a per-toolset registry lookup fails, a conservative fallback union is used so the run can still succeed; the affected toolsets are surfaced in the printed summary. ### Caching From 767067dac1cd03a8ba80e74e1b90142b93a54c5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arnaud=20H=C3=A9ritier?= Date: Thu, 11 Jun 2026 04:05:36 +0000 Subject: [PATCH 3/7] docs: document checksum verification and version_overrides fix in tool auto-install (ref #3046) --- docs/configuration/tools/index.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/configuration/tools/index.md b/docs/configuration/tools/index.md index 84a285172..b2ff616cc 100644 --- a/docs/configuration/tools/index.md +++ b/docs/configuration/tools/index.md @@ -165,6 +165,14 @@ toolsets: args: ["mcp"] ``` +### Checksum Verification + +Downloaded binaries are **checksum-verified** before installation. Verification fails closed: if a checksum is advertised in the aqua registry manifest but does not match the downloaded archive (or the manifest is missing entirely), the install is aborted and an error is returned. Checksum types that are unsupported or too weak are skipped with a warning rather than causing a hard failure. + +### version_overrides Resolution + +The auto-installer correctly resolves **`version_overrides`** entries in the aqua registry. Many common tools (for example, `fzf`) keep their package configuration — including download URLs and checksums — under `version_overrides` rather than at the top level of their registry entry. These tools previously failed to install silently; they are now handled correctly. + ### Disabling Auto-Install **Per toolset** — set `version` to `"false"` or `"off"`: From e613b78407ecd4bfb2acb7c1b29297f0d4d0f190 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arnaud=20H=C3=A9ritier?= Date: Thu, 11 Jun 2026 04:05:58 +0000 Subject: [PATCH 4/7] docs: document exported TUI embedding packages (toolconfirm, StaticSessionState, Stopper) (ref #3059) --- docs/guides/go-sdk/index.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/guides/go-sdk/index.md b/docs/guides/go-sdk/index.md index 24db1256e..9ae6ac8c8 100644 --- a/docs/guides/go-sdk/index.md +++ b/docs/guides/go-sdk/index.md @@ -31,6 +31,17 @@ docker-agent can be used as a Go library, allowing you to build AI agents direct | `pkg/model/provider/*` | Model provider clients | | `pkg/config/latest` | Configuration types | | `pkg/environment` | Environment and secrets | +| `pkg/tui/components/toolconfirm` | Tool-confirmation policy: `Decision` enum, `BuildPermissionPattern`, key bindings, and rejection-reason presets. Share this instead of copying the permission-pattern logic. | +| `pkg/tui/service` | `StaticSessionState` — a `SessionStateReader` with conservative fixed values, for rendering message/tool views outside the full TUI app. Replaces hand-rolled nine-method stubs. | +| `pkg/tui/animation` | `Stopper` / `StopView` — animation lifecycle contract. Call `StopAnimation` on views removed from the UI to prevent leaked tick subscriptions. | + +## Embedding TUI Components + +When building custom UIs on top of docker-agent's TUI primitives, three packages define the contracts that keep the runtime and the UI in sync: + +- **`pkg/tui/components/toolconfirm`** — import this package for the permission-decision policy rather than copying the pattern-building logic. The `Decision` enum, `BuildPermissionPattern` helper, and rejection-reason presets are the canonical source of truth: whatever pattern is shown to the user in the confirmation dialog is exactly the pattern granted to the runtime. +- **`pkg/tui/service`** — use `StaticSessionState` as a stub `SessionStateReader` when rendering individual message or tool views outside the full TUI app. It returns conservative fixed values for all nine interface methods, eliminating the need for hand-rolled stubs. +- **`pkg/tui/animation`** — implement `animation.Stopper` on any view that owns a tick-based animation. Call `StopAnimation` whenever a view is removed from the UI hierarchy to prevent leaked `time.Tick` subscriptions from firing against a dead view. ## Basic Example From 6fc019035f8e9f779b76bab8e6e7d54f2771e731 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arnaud=20H=C3=A9ritier?= Date: Thu, 11 Jun 2026 04:06:18 +0000 Subject: [PATCH 5/7] docs: remove Supabase and Tally from MCP catalog docs (ref #3048) --- docs/tools/mcp-catalog/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/tools/mcp-catalog/index.md b/docs/tools/mcp-catalog/index.md index a93658c44..b62a4b3ac 100644 --- a/docs/tools/mcp-catalog/index.md +++ b/docs/tools/mcp-catalog/index.md @@ -102,6 +102,7 @@ A complete, runnable configuration lives in [`examples/mcp_catalog.yaml`](https: ## Notes and Limitations - **Streamable-http only.** The catalog deliberately excludes servers that require a local subprocess or the MCP gateway — declare those with [`type: mcp`]({{ '/configuration/tools/#mcp-tools' | relative_url }}) instead. +- **Catalog membership changes between releases.** The set of available servers is updated with each docker-agent release as integrations are added or removed. Servers present in one release may not appear in the next. - **Blocking enable.** DNS, TCP, MCP handshake and any OAuth flow happen synchronously inside `enable_remote_mcp_server` so the agent gets a deterministic result in the same turn. On startup, however, the runtime probes tools non-interactively (`mcp.WithoutInteractivePrompts`); OAuth-pending servers fail fast there and are silently deferred to the next interactive turn — including the sidebar-only tool-count pass, where a dialog would be impossible. - **No prompt discovery.** MCP prompt lookups (`/prompts`) walk YAML-declared `mcp` toolsets directly; prompts exposed by servers activated through the catalog are not surfaced. Tools — the primary interface — work fine. - **Frozen at build time.** The list of servers is embedded in the binary. New entries land with each docker-agent release. From 72c5cb060c229c2c173d3382ce0c616c9db886ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arnaud=20H=C3=A9ritier?= Date: Thu, 11 Jun 2026 04:10:57 +0000 Subject: [PATCH 6/7] docs: fix model version in title_model example (claude-opus-4-7) (ref #3051) --- docs/configuration/models/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration/models/index.md b/docs/configuration/models/index.md index 31ab5149e..018c8cd7b 100644 --- a/docs/configuration/models/index.md +++ b/docs/configuration/models/index.md @@ -65,7 +65,7 @@ The `title_model` field lets a heavyweight primary model hand off the cheap title-generation call to a smaller, faster model: ```yaml -model: anthropic/claude-opus-4-5 +model: anthropic/claude-opus-4-7 title_model: anthropic/claude-haiku-4-5 ``` From 2e945537fc53bd7b6ac04db209dcf6fefb1d5c82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arnaud=20H=C3=A9ritier?= Date: Thu, 11 Jun 2026 04:11:11 +0000 Subject: [PATCH 7/7] docs: clarify checksum verification scope in tool auto-install (ref #3046) --- docs/configuration/tools/index.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/configuration/tools/index.md b/docs/configuration/tools/index.md index b2ff616cc..6ad0819c0 100644 --- a/docs/configuration/tools/index.md +++ b/docs/configuration/tools/index.md @@ -167,7 +167,11 @@ toolsets: ### Checksum Verification -Downloaded binaries are **checksum-verified** before installation. Verification fails closed: if a checksum is advertised in the aqua registry manifest but does not match the downloaded archive (or the manifest is missing entirely), the install is aborted and an error is returned. Checksum types that are unsupported or too weak are skipped with a warning rather than causing a hard failure. +Where the aqua registry includes a checksum manifest, downloaded binaries are verified against it before installation. Verification behaviour depends on the checksum type advertised: + +- **Strong checksums (sha256, sha512, etc.)** — verified before the binary is installed. If the downloaded archive does not match, the install is aborted and an error is returned (fails closed). +- **Unsupported or weak checksum types (e.g. md5, sha1)** — skipped with a warning; installation proceeds without verification. +- **No manifest** — if no checksum is advertised in the registry entry, the binary is installed without verification. ### version_overrides Resolution