Skip to content

v0.22.0

Pre-release
Pre-release

Choose a tag to compare

View all tags
@docker-read-write docker-read-write released this 06 Oct 21:28
· 43 commits to main since this release
v0.22.0
e4de220
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Release Notes - v0.22.0

Release Date: October 2025

πŸš€ New Features

OAuth Token Automatic Refresh

  • Background token refresh infrastructure with event-driven per-provider architecture
  • Monitors OAuth lifecycle events from Docker Desktop via Server-Sent Events (SSE)
  • Proactive token refresh triggers at 10 seconds before expiry (aligns with OAuth library behavior)
  • Automatic retry mechanism handles TokenSource caching with exponential backoff (30s, 1min, 2min, 4min, 8min...)
  • Event-driven provider lifecycle - providers created on login, destroyed on logout
  • Dynamic server support - automatic DCR client registration when using mcp-add
  • Tool handlers OAuth-agnostic - token management fully background, no impact on tool execution

Client Support

  • Added OpenAI Codex client configuration (#165)

πŸ”§ Improvements

SDK Update

  • Updated to MCP Go SDK 1.0.0 (#167)
    • Latest protocol features and improvements
    • Enhanced stability and performance

Catalog Management

  • Use v3 catalog URL when mcp-oauth-dcr feature is enabled (#168)
  • Improved catalog URL override logic to preserve custom URLs
  • Added URL validation before overriding catalog URLs
  • Better handling of catalog version selection

OAuth CLI Improvements

  • Fixed CLI commands for remote MCP OAuth servers (#169)
    • docker mcp oauth authorize now works after mcp-add
    • DCR client registration automatic for dynamic tools
  • Moved DCR cleanup to oauth revoke (safer server disable)
    • docker mcp server disable β†’ Just removes from registry
    • docker mcp oauth revoke β†’ Full cleanup (tokens + DCR client)
  • Unified OAuth server checks using IsRemoteOAuthServer() helper
  • mcp-add registers DCR clients enabling immediate OAuth authorization

Error Handling

  • Gateway continues when images cannot be pulled (#163)
    • Failed image pulls no longer stop gateway initialization
    • Better resilience for partial failures

πŸ› Bug Fixes

  • Fixed double-close panics with sync.Once on provider Stop()
  • Prevented goroutine leaks from concurrent GetOAuthApp calls
  • Made all backoff sleeps interruptible by SSE events for responsive event handling
  • Fixed EventLoginSuccess to trigger server reload (not just create provider)
  • Fixed provider cleanup - wrapper goroutines remove dead providers from map
  • Prevented infinite loops with max retry count and expiry tracking

πŸ“š Documentation

  • OAuth provider architecture documentation
  • TokenSource caching analysis with Mermaid sequence diagrams
  • Event-driven lifecycle state machine
  • Clean architecture plan and implementation guide
  • Known limitations documented (TokenSource caching, notification volume)

Full Changelog: v0.21.0...v0.22.0

Assets 8
Loading