v0.31.0

"Default" profile support for connected clients. (#273)

v0.30.0

What's Changed

Bug Fixes

• Fix issue with openai by @dgageot in #265
• Fix a bug where plugin init was being overriden by @cmrigney in #266

Full Changelog: v0.29.0...v0.30.0

v0.29.0

What's Changed

MCP Profile Improvements

• Add support for pulling catalog images in the show command via the --pull flag by @cmrigney in #255, #257
• Add clients to profile show output with the --clients flag by @bobbyhouse in #249
• Support remotes from legacy catalog by @bobbyhouse in #261
• Migrate legacy setup to default profile by @cmrigney in #259
• Add support for catalog uris when adding a server by @cmrigney in #253
• Support connecting a client when a profile is created by @cmrigney in #246

Other Fixes and Improvements

• fix: Fix multiple issues with enable/disable tools by @bobbyhouse in #251
• refactor: servers to server ls by @bobbyhouse in #242
• Ensure db directory exists by @cmrigney in #254
• Add metadata to snapshot by @bobbyhouse in #248
• Add icon to snapshot data by @bobbyhouse in #252
• Remove Amazon Q support in favor of Kiro by @mikesir87 in #256

Full Changelog: v0.28.0...v0.29.0

v0.28.0

Features

Profiles (Previously Working Sets) and Next Gen Catalogs

• New catalog-next commands for managing next gen catalogs (#230)
• Add/remove servers to/from profiles (#223, #236)
• Create next gen catalog from legacy catalog (#232)
• Self-describing images fully work in the gateway with profiles (#219)
• Tool filters management with --enable-all/--disable-all (#226)

OAuth & Authentication

• OAuth DCR (Dynamic Client Registration) with Docker CE (#208)

Client Support

• Amazon Q client support (#231)

Configuration Management

• Custom config directory via CLAUDE_CONFIG_DIR environment variable (#224)
• Auto-import docker-mcp catalog on reset (#221)

Bug Fixes & Improvements

Schema Fixes

• Add Types field to mcp-exec arguments parameter schema (#234)
• Add Types field to mcp-config-set value parameter schema (#234)
• Fix snapshots missing in certain places (#238)

Security Enhancements

• Origin validation for DNS rebinding protection
• Combined security layers with Origin + Auth validation
• Skip security checks for container environments (compose networking)

Contributors

@kgprs @saucow @cmrigney @bobbyhouse @Daniel-Kolev @slimslenderslacks @austin5456

New Contributors

• @jcheek made their first contribution in #234
• @jandroav made their first contribution in #224

Full Changelog: v0.27.0...v0.28.0

v0.27.0

What's Changed

• update the output of "docker mcp server ls" to surface more details by @austin5456 in #207

Breaking Change

• These updates change the data structure output of the docker mcp server ls command, any consumers will need to be updated.

Full Changelog: v0.26.0...v0.27.0

v0.26.0

Changelog: v0.25.0 to HEAD

Features

Working Sets Enhancements

• Server search functionality - Added ability to search across all working sets to return a list of servers grouped by working set ID (68a8e87)
• Schema resolution and caching - Working sets now resolve server schemas/snapshots and cache them for improved performance (#213, 7145062)
• Comprehensive testing - Added tests for working set commands and database operations (#210, f788f54)

MCP Tools Improvements

• Enhanced mcp-add tool (2219d11):

  • Pull Docker images before initializing servers to catch errors early
  • Improved OAuth handling to check authorization state before prompting
  • Only register and start OAuth providers if they don't already exist
  • Skip authorization flow if user already has valid credentials
  • Better separation of concerns with refactored OAuth status checking

• Enhanced mcp-config-set tool (2219d11):

  • Added support for JSON-encoded array values
  • Support for arrays, objects, strings, numbers, and booleans
  • Improved display messages with proper JSON formatting
  • Better handling of complex configuration values

Dynamic Tools

• Enabled by default - Dynamic tools are now enabled by default (5d80b4b)
• Capability separation - Split up available capabilities from active capabilities for better management (3326167)

Bug Fixes

• Claude client compatibility - Handle Claude clients with missing notifications, especially for MCP servers with OAuth where authorization arrives asynchronously (94ec997)
• Linting fixes - Fixed various linting errors (7f65a59, 68f94d8)

Refactoring

• Code organization - Moved mcp-add to separate file for better code structure (b493525)
• Working sets naming - Renamed search to servers in working sets for clarity (688c46a)
• Configuration documentation - Updated config-set parameter description to be more explicit about config document structure (3b3022c)

Summary

This release focuses on significant improvements to working sets functionality, enhanced MCP tool capabilities with better OAuth handling and configuration support, and enabling dynamic tools by default. The changes improve user experience through better error handling, more robust OAuth provider lifecycle management, and comprehensive testing coverage.

Total commits: 12
Contributors: Jim Clark, Cody Rigney, Bobby House
Date range: 2025-10-30 to 2025-11-04

v0.25.0

Merge pull request #206 from docker/bootstrap_server

Add command to bootstrap an MCP Server with a template

v0.24.0

What's Changed

• add Title to Catalog model by @slimslenderslacks in #183
• consolidate log functions in one package by @slimslenderslacks in #182
• improve catalog show output readability by @austin5456 in #185
• Make mcp-oauth-dcr feature default true by @saucow in #188
• Add mcp UI resource and codemode by @slimslenderslacks in #179

New Contributors

• @austin5456 made their first contribution in #185

Full Changelog: v0.23.0...v0.24.0

v0.23.0

Merge pull request #178 from docker/slim/catalog-migration

Migrate old versions of catalog

v0.22.0

Release Notes - v0.22.0

Release Date: October 2025

🚀 New Features

OAuth Token Automatic Refresh

• Background token refresh infrastructure with event-driven per-provider architecture
• Monitors OAuth lifecycle events from Docker Desktop via Server-Sent Events (SSE)
• Proactive token refresh triggers at 10 seconds before expiry (aligns with OAuth library behavior)
• Automatic retry mechanism handles TokenSource caching with exponential backoff (30s, 1min, 2min, 4min, 8min...)
• Event-driven provider lifecycle - providers created on login, destroyed on logout
• Dynamic server support - automatic DCR client registration when using mcp-add
• Tool handlers OAuth-agnostic - token management fully background, no impact on tool execution

Client Support

• Added OpenAI Codex client configuration (#165)

🔧 Improvements

SDK Update

• Updated to MCP Go SDK 1.0.0 (#167)
  • Latest protocol features and improvements
  • Enhanced stability and performance

Catalog Management

• Use v3 catalog URL when mcp-oauth-dcr feature is enabled (#168)
• Improved catalog URL override logic to preserve custom URLs
• Added URL validation before overriding catalog URLs
• Better handling of catalog version selection

OAuth CLI Improvements

• Fixed CLI commands for remote MCP OAuth servers (#169)
  • docker mcp oauth authorize now works after mcp-add
  • DCR client registration automatic for dynamic tools
• Moved DCR cleanup to oauth revoke (safer server disable)
  • docker mcp server disable → Just removes from registry
  • docker mcp oauth revoke → Full cleanup (tokens + DCR client)
• Unified OAuth server checks using IsRemoteOAuthServer() helper
• mcp-add registers DCR clients enabling immediate OAuth authorization

Error Handling

• Gateway continues when images cannot be pulled (#163)
  • Failed image pulls no longer stop gateway initialization
  • Better resilience for partial failures

🐛 Bug Fixes

• Fixed double-close panics with sync.Once on provider Stop()
• Prevented goroutine leaks from concurrent GetOAuthApp calls
• Made all backoff sleeps interruptible by SSE events for responsive event handling
• Fixed EventLoginSuccess to trigger server reload (not just create provider)
• Fixed provider cleanup - wrapper goroutines remove dead providers from map
• Prevented infinite loops with max retry count and expiry tracking

📚 Documentation

• OAuth provider architecture documentation
• TokenSource caching analysis with Mermaid sequence diagrams
• Event-driven lifecycle state machine
• Clean architecture plan and implementation guide
• Known limitations documented (TokenSource caching, notification volume)

---

Full Changelog: v0.21.0...v0.22.0