docker
diff --git a/‎CHANGELOG.md‎
Lines changed: 98 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 98 additions & 0 deletions
diff --git a/‎docs/configuration/overview/index.md‎
Lines changed: 2 additions & 1 deletion b/‎docs/configuration/overview/index.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎docs/configuration/permissions/index.md‎
Lines changed: 48 additions & 1 deletion b/‎docs/configuration/permissions/index.md‎
Lines changed: 48 additions & 1 deletion
diff --git a/‎docs/guides/tips/index.md‎
Lines changed: 20 additions & 0 deletions b/‎docs/guides/tips/index.md‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎pkg/compaction/compaction.go‎
Lines changed: 4 additions & 76 deletions b/‎pkg/compaction/compaction.go‎
Lines changed: 4 additions & 76 deletions
@@ -3,6 +3,98 @@
 All notable changes to this project will be documented in this file.
 
 
+## [v1.39.0] - 2026-03-27
+
+This release adds new color themes for the terminal interface and includes internal version management updates.
+
+## What's New
+- Adds Calm Roots theme with warm white accents, sage green info messages, and charcoal background
+- Adds Neon Pink theme with vibrant pink tones and high-contrast white accents for readability
+
+## Technical Changes
+- Freezes v7 version
+- Updates CHANGELOG.md for v1.38.0
+
+### Pull Requests
+
+- [#2256](https://github.com/docker/docker-agent/pull/2256) - docs: update CHANGELOG.md for v1.38.0
+- [#2260](https://github.com/docker/docker-agent/pull/2260) - Add Calm Roots and Neon Pink themes
+- [#2264](https://github.com/docker/docker-agent/pull/2264) - Freeze v7
+
+
+## [v1.38.0] - 2026-03-26
+
+This release improves OAuth configuration and fixes tool caching issues with remote MCP server reconnections.
+
+## Improvements
+
+- Changes OAuth client name to "docker-agent" for better identification
+- Reworks compaction logic to prevent infinite loops when context overflow errors occur repeatedly
+
+## Bug Fixes
+
+- Fixes tool cache not refreshing after remote MCP server reconnects, ensuring updated tools are available after server restarts
+
+## Technical Changes
+
+- Updates CHANGELOG.md for v1.37.0 release documentation
+
+### Pull Requests
+
+- [#2242](https://github.com/docker/docker-agent/pull/2242) - Refactor compaction
+- [#2243](https://github.com/docker/docker-agent/pull/2243) - docs: update CHANGELOG.md for v1.37.0
+- [#2245](https://github.com/docker/docker-agent/pull/2245) - Change the oauth client name to docker-agent
+- [#2246](https://github.com/docker/docker-agent/pull/2246) - fix: refresh tool and prompt caches after remote MCP server reconnect
+
+
+## [v1.37.0] - 2026-03-25
+
+This release adds support for forwarding sampling parameters to provider APIs, introduces global user-level permissions, and includes several bug fixes and improvements.
+
+## What's New
+
+- Adds support for forwarding sampling provider options (top_k, repetition_penalty, etc.) to provider APIs
+- Adds global-level permissions from user config that apply across all sessions and agents
+- Adds a welcome message to the interface
+- Adds custom linter to enforce config version import chain
+
+## Improvements
+
+- Refactors RAG from agent-level config to standard toolset type for consistency with other toolsets
+- Restores RAG indexing event forwarding to TUI after toolset refactor
+- Simplifies RAG event forwarding and cleans up RAGTool
+
+## Bug Fixes
+
+- Fixes Bedrock interleaved_thinking defaults to true and adds logging for provider_opts mismatches
+- Fixes issue where CacheControl markers were preserved during message compaction, exceeding Anthropic's limit
+- Fixes tool loop detector by resetting it after degenerate loop error
+- Fixes desktop proxy socket name on WSL where http-proxy socket is not allowed for users
+
+## Technical Changes
+
+- Documents max_old_tool_call_tokens and max_consecutive_tool_calls in agent config reference
+- Documents global permissions from user config in permissions reference and guides
+- Pins GitHub actions for improved security
+- Updates cagent-action to latest version with better permissions
+
+### Pull Requests
+
+- [#2210](https://github.com/docker/docker-agent/pull/2210) - Refactor RAG from agent-level config to standard toolset type
+- [#2225](https://github.com/docker/docker-agent/pull/2225) - Add custom linter to enforce config version import chain
+- [#2226](https://github.com/docker/docker-agent/pull/2226) - feat: forward sampling provider_opts (top_k, repetition_penalty) to provider APIs
+- [#2227](https://github.com/docker/docker-agent/pull/2227) - docs: update CHANGELOG.md for v1.36.1
+- [#2229](https://github.com/docker/docker-agent/pull/2229) - docs: add max_old_tool_call_tokens and max_consecutive_tool_calls to agent config reference
+- [#2230](https://github.com/docker/docker-agent/pull/2230) - Add global-level permissions from user config
+- [#2231](https://github.com/docker/docker-agent/pull/2231) - Pin GitHub actions
+- [#2233](https://github.com/docker/docker-agent/pull/2233) - update cagent-action to latest (with better permissions)
+- [#2236](https://github.com/docker/docker-agent/pull/2236) - fix: strip CacheControl from messages during compaction
+- [#2237](https://github.com/docker/docker-agent/pull/2237) - Reset tool loop detector after degenerate loop error
+- [#2238](https://github.com/docker/docker-agent/pull/2238) - Bump direct Go module dependencies
+- [#2240](https://github.com/docker/docker-agent/pull/2240) - Fix desktop proxy socket name on WSL
+- [#2241](https://github.com/docker/docker-agent/pull/2241) - docs: document global permissions from user config
+
+
 ## [v1.36.1] - 2026-03-23
 
 This release improves OCI reference handling, adds a tools command, and enhances MCP server reliability with better error recovery.
@@ -1560,3 +1652,9 @@ This release improves the terminal user interface with better error handling and
 [v1.36.0]: https://github.com/docker/docker-agent/releases/tag/v1.36.0
 
 [v1.36.1]: https://github.com/docker/docker-agent/releases/tag/v1.36.1
+
+[v1.37.0]: https://github.com/docker/docker-agent/releases/tag/v1.37.0
+
+[v1.38.0]: https://github.com/docker/docker-agent/releases/tag/v1.38.0
+
+[v1.39.0]: https://github.com/docker/docker-agent/releases/tag/v1.39.0
@@ -53,7 +53,8 @@ providers:
     base_url: https://api.example.com/v1
     token_key: MY_API_KEY
 
-# 7. Permissions — global tool permission rules (optional)
+# 7. Permissions — agent-level tool permission rules (optional)
+#    For user-wide global permissions, see ~/.config/cagent/config.yaml
 permissions:
   allow: ["read_*"]
   deny: ["shell:cmd=sudo*"]
 
@@ -19,7 +19,18 @@ Permissions provide fine-grained control over tool execution. You can configure
 
 </div>
 
-## Configuration
+## Permission Levels
+
+Permissions can be defined at two levels:
+
+| Level | Location | Scope |
+| ----- | -------- | ----- |
+| **Agent-level** | Agent YAML config (`permissions:` section) | Applies to that specific agent config |
+| **Global (user-level)** | `~/.config/cagent/config.yaml` under `settings.permissions` | Applies to every agent you run |
+
+Both levels use the same `allow`/`ask`/`deny` pattern syntax. When both are present, they are **merged** at startup -- patterns from both sources are combined into a single checker. See [Merging Behavior](#merging-behavior) for details.
+
+## Agent-Level Configuration
 
 ```yaml
 agents:
@@ -42,6 +53,42 @@ permissions:
     - "dangerous_tool"
 ```
 
+## Global Permissions
+
+Global permissions let you enforce rules across **all** agents, regardless of which agent config you run. Define them in your user config file:
+
+```yaml
+# ~/.config/cagent/config.yaml
+settings:
+  permissions:
+    deny:
+      - "shell:cmd=sudo*"
+      - "shell:cmd=rm*-rf*"
+    allow:
+      - "read_*"
+      - "shell:cmd=ls*"
+      - "shell:cmd=cat*"
+```
+
+This is useful for setting personal safety guardrails that apply everywhere -- for example, always blocking `sudo` or always auto-approving read-only tools -- without relying on each agent config to include those rules.
+
+### Merging Behavior
+
+When both global and agent-level permissions are present, they are merged into a single set of patterns before evaluation. The merge works as follows:
+
+- **Deny patterns from either source block the tool.** A global deny cannot be overridden by an agent-level allow, and vice versa.
+- **Allow patterns from either source auto-approve the tool** (as long as no deny pattern matches).
+- **Ask patterns from either source force confirmation** (as long as no deny or allow pattern matches).
+
+The evaluation order remains the same after merging: **Deny > Allow > Ask > default Ask**.
+
+<div class="callout callout-tip">
+<div class="callout-title">Example: Global deny + agent allow
+</div>
+  <p>If your global config denies <code>shell:cmd=sudo*</code> and an agent config allows <code>shell:cmd=sudo apt update</code>, the deny wins. Deny patterns always take priority regardless of source.</p>
+
+</div>
+
 ## Pattern Syntax
 
 Permissions support glob-style patterns with optional argument matching:
 
@@ -232,6 +232,26 @@ permissions:
 docker-agent run --sandbox agent.yaml
 ```
 
+### Set Global Permission Guardrails
+
+Use [global permissions]({{ '/configuration/permissions/' | relative_url }}#global-permissions) in your user config to enforce safety rules across every agent:
+
+```yaml
+# ~/.config/cagent/config.yaml
+settings:
+  permissions:
+    deny:
+      - "shell:cmd=sudo*"
+      - "shell:cmd=rm*-rf*"
+      - "shell:cmd=git push --force*"
+    allow:
+      - "read_*"
+      - "shell:cmd=ls*"
+      - "shell:cmd=cat*"
+```
+
+These rules merge with any agent-level permissions. Deny patterns from your global config cannot be overridden by agent configs, so you can trust that dangerous commands stay blocked regardless of which agent you run.
+
 ### Use Hooks for Audit Logging
 
 Log all tool calls for compliance or debugging:
 
@@ -1,22 +1,7 @@
-// Package compaction provides conversation compaction (summarization) for
-// chat sessions that approach their model's context window limit.
-//
-// It is designed as a standalone component that can be used independently of
-// the runtime loop. The package exposes:
-//
-//   - [BuildPrompt]: prepares a conversation for summarization by appending
-//     the compaction prompt and sanitizing message costs.
-//   - [ShouldCompact]: decides whether a session needs compaction based on
-//     token usage and context window limits.
-//   - [EstimateMessageTokens]: a fast heuristic for estimating the token
-//     count of a single chat message.
-//   - [HasConversationMessages]: checks whether a message list contains any
-//     non-system messages worth summarizing.
 package compaction
 
 import (
 	_ "embed"
-	"time"
 
 	"github.com/docker/docker-agent/pkg/chat"
 )
@@ -26,68 +11,23 @@ var (
 	SystemPrompt string
 
 	//go:embed prompts/compaction-user.txt
-	userPrompt string
+	UserPrompt string
 )
 
 // contextThreshold is the fraction of the context window at which compaction
 // is triggered. When the estimated token usage exceeds this fraction of the
 // context limit, compaction is recommended.
 const contextThreshold = 0.9
 
-// Result holds the outcome of a compaction operation.
-type Result struct {
-	// Summary is the generated summary text.
-	Summary string
-
-	// InputTokens is the token count reported by the summarization model,
-	// used as an approximation of the new context size after compaction.
-	InputTokens int64
-
-	// Cost is the cost of the summarization request in dollars.
-	Cost float64
-}
-
-// BuildPrompt prepares the messages for a summarization request.
-// It clones the conversation (zeroing per-message costs so they aren't
-// double-counted), then appends a user message containing the compaction
-// prompt. If additionalPrompt is non-empty it is included as extra
-// instructions.
-//
-// Callers should first check [HasConversationMessages] to avoid sending
-// an empty conversation to the model.
-func BuildPrompt(messages []chat.Message, additionalPrompt string) []chat.Message {
-	prompt := userPrompt
-	if additionalPrompt != "" {
-		prompt += "\n\nAdditional instructions from user: " + additionalPrompt
-	}
-
-	out := make([]chat.Message, len(messages), len(messages)+1)
-	for i, msg := range messages {
-		cloned := msg
-		cloned.Cost = 0
-		cloned.CacheControl = false
-		out[i] = cloned
-	}
-	out = append(out, chat.Message{
-		Role:      chat.MessageRoleUser,
-		Content:   prompt,
-		CreatedAt: time.Now().Format(time.RFC3339),
-	})
-
-	return out
-}
-
 // ShouldCompact reports whether a session's context usage has crossed the
-// compaction threshold. It returns true when the estimated total token count
+// compaction threshold. It returns true when the total token count
 // (input + output + addedTokens) exceeds [contextThreshold] (90%) of
-// contextLimit. A non-positive contextLimit is treated as unlimited and
-// always returns false.
+// contextLimit.
 func ShouldCompact(inputTokens, outputTokens, addedTokens, contextLimit int64) bool {
 	if contextLimit <= 0 {
 		return false
 	}
-	estimated := inputTokens + outputTokens + addedTokens
-	return estimated > int64(float64(contextLimit)*contextThreshold)
+	return (inputTokens + outputTokens + addedTokens) > int64(float64(contextLimit)*contextThreshold)
 }
 
 // EstimateMessageTokens returns a rough token-count estimate for a single
@@ -121,15 +61,3 @@ func EstimateMessageTokens(msg *chat.Message) int64 {
 	}
 	return int64(chars/charsPerToken) + perMessageOverhead
 }
-
-// HasConversationMessages reports whether messages contains at least one
-// non-system message. A session with only system prompts has no conversation
-// to summarize.
-func HasConversationMessages(messages []chat.Message) bool {
-	for _, msg := range messages {
-		if msg.Role != chat.MessageRoleSystem {
-			return true
-		}
-	}
-	return false
-}