Delete 10 orphaned files under content/includes that are no longer
referenced by any page via the include shortcode:
- aci-ecs-eol.md, compose-eol.md, dev-envs-changing.md,
dockerfile-labs-channel.md (stale EOL/status callouts)
- buildx-v0.10-disclaimer.md, experimental.md, deploy.md,
guides-get-docker.md, open-terminal.md (orphaned snippets)
- labspace-quickstart.md (empty)
Also fix two broken include references:
- scout-early-access.md was deleted in 737ad3c4be but two environment
integration pages still included it; remove the dangling lines.
- reference/compose-file/develop.md included compose/develop.md, which
does not exist; point it at the real file, compose/services-develop.md.
Every include file is now referenced, and every reference resolves.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sync the AI Governance Policy API reference with the upstream spec from
docker/governor-services. Renames the shared 403 response component from
PermissionDenied to Forbidden across the policy/rule endpoints, and adds a
limit_exceeded error code covering org policy and per-policy rule maximums.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Sync the AI Governance Policy API reference with the upstream spec from
docker/governor-services#242. Wraps the ListPolicies response data under
a `data` object, adds the updatePolicy and deletePolicy endpoints,
migrates policy scope from profiles to teams, and switches rule/policy
updates to application/json.
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
## Summary
Restructures the Docker AI Governance documentation under
\`/ai/sandboxes/governance/\` and adds the supporting API reference.
Preview links:
-
https://deploy-preview-25162--docsdocker.netlify.app/ai/sandboxes/governance/
-
https://deploy-preview-25162--docsdocker.netlify.app/reference/api/ai-governance/
### Information architecture
The existing \`security/governance\` and \`security/policy\` pages are
merged into a new top-level \`governance\` section so local-policy and
org-policy sit side by side instead of being split across unrelated
parents:
- \`/ai/sandboxes/governance/\` — section landing; explains local + org
as layered enforcement
- \`/ai/sandboxes/governance/concepts/\` — resource model, rule syntax,
evaluation, precedence
- \`/ai/sandboxes/governance/local/\` — \`sbx policy\` CLI for
individual machines
- \`/ai/sandboxes/governance/org/\` — Admin Console flow (was
\`security/governance.md\`)
- \`/ai/sandboxes/governance/monitoring/\` — \`sbx policy ls\` / \`sbx
policy log\`
### API reference
\`/reference/api/ai-governance/\` renders the Governance OpenAPI spec
vendored at \`content/reference/api/ai-governance/api.yaml\` from
\`docker/governor-services\`. Operations, schemas, examples, and status
codes are fully driven by the spec — future updates land via re-vendor,
not in-repo edits. Anything wrong in the rendered reference should be
fixed upstream and re-vendored here.
The spec has been re-vendored to the latest upstream version, which
updated the server URL to \`hub.docker.com/v2\` and added the
\`/governance/\` prefix to all API paths.
### Review focus
1. The \`/ai/sandboxes/governance/\` landing — does the local + org
framing match how the product is positioned?
2. \`/reference/api/ai-governance/\` — does the rendered spec match the
source of truth, and is anything important missing?
Generated by Claude Code
---------
Co-authored-by: Louis-Arnaud <la.catoire@gmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
<!--Delete sections as needed -->
## Description
As per Craigs number-crunching, this PR removes some vvvvv old and
unused redirects 🧹
## Related issues or tickets
<!-- Related issues, pull requests, or Jira tickets -->
## Reviews
<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->
- [ ] Technical review
- [ ] Editorial review
- [ ] Product review
Replaces @material-symbols/svg-400 (5.5 MB) with heroicons (488 KB) — an
11x reduction in icon asset size. Heroicons uses a single consistent
distribution format (24px solid SVGs, fill="currentColor") eliminating
the need for the separate utils/svg.html partial, the icon-svg-stroke CSS
utility, and the dual-path resolution logic in icon.html.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Render the page actions (Ask Gordon, Copy Markdown, View Markdown) as
a horizontal row of icon links below the page title, separated from the
body by a divider — emulating the Stripe docs pattern. Drops the bordered
button + dropdown UI from md-dropdown.html and the Open in Claude entry.
Also clean up dead kapa.ai references: the "Ask Gordon" action now talks
to the Alpine gordon store directly instead of clicking the header
button via an open-kapa-widget class hook. The class, the unused
glossary link hook, and the dead params.kapa config block all go away.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
PR to capture work:
- Update / simplify titles to match docs
- Create subcategories within org/company
- Wrestle with redirect nightmare part 2
Filing a follow up PR to create parallel structure in the `Company`
subcategory. This PR's scope is for `Organization` only.
<!--Delete sections as needed -->
## Description
Adds documentation for `network_mode: bridge` in the Compose file
reference.
While `bridge` is a valid and functional network_mode option that
connects
containers to the host's default bridge network, it was not documented
alongside the other options (none, host, service, container).
Fixes#24742.
- #24742
<!-- Related issues, pull requests, or Jira tickets -->
## Reviews
<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->
- [x] Technical review
- [ ] Editorial review
- [ ] Product review
---------
Signed-off-by: Mahitha Adapa <mahitha.ada@gmail.com>
Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com>
The `security_opt` field in the Compose services reference did not
document
the accepted syntax variants, which was confusing for users.
Added a note explaining that options accept `option=value`,
`option:value`,
or bare `option` syntax (for booleans). Added examples showing all three
equivalent forms for `no-new-privileges`.
Explicitly state the dangers if a port mapping binds to all interfaces
## Description
<!-- Tell us what you did and why -->
We recently discovered that docker was bypassing our firewall rules when
forwarding ports from a container using the standard `<host
port>:<container port>` syntax. What this meant was that the container
was effectively visible to the entire internet. It was only after some
digging did we discover that it is possible and even recommended to
explicitly bind the host port to localhost so it doesn't accept
connections from everywhere. This PR updates the docs to explicitly
state the potential dangers of not specifying a localhost when exposing
docker container ports.
## Reviews
- [ ] Technical review
- [ ] Editorial review
- [ ] Product review
---------
Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com>
Fixes discrepancies in the Docker Hub organization access token API
documentation to match actual API behavior.
Changes:
- Removed `created_by` field from create endpoint response (API only
returns `created_at`)
- Updated scope examples from `repo-pull` to `scope-image-pull` (correct
format with `scope-` prefix)
- Enhanced repository path documentation with validation requirements
for TYPE_REPO resources
These changes align the OpenAPI specification with the actual API
implementation as discovered during Terraform provider development.
Fixes#24406
---------
Co-authored-by: David Karlsson <dvdksn@users.noreply.github.com>
## Description
In order to better attribute upgrade sources, we are adding two params -
`ref` and `refAction` to the existing pricing url.
The `ref` will be "Docs" and the `refAction` will be the particular docs
page from where the pricing url click is originated.
## Related issues or tickets
https://docker.atlassian.net/browse/GRO-282
## Reviews
@akristen You should see the new url params when hovering over or
clicking any of the updated pricing urls
- [ ] Technical review
- [ ] Editorial review
- [ ] Product review
---------
Co-authored-by: Alexa Kristensen <81787716+akristen@users.noreply.github.com>
I noticed that building the examples would produce a client with the
default ("Go-http-client/1.1") User-Agent; this is something to look
into (probably should have a saner default), but regardless, it's
good practice to set your own;
- Update examples to show setting the User-Agent
- Use "log.Fatal" instead of "panic"; both exit the binary, but
probably are slightly more readable.
- Use the authconfig.Encode utility, which codifies the canonical
format to encode the JSON, so that users don't have to replicate
the same format.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
## Summary
Removed repeated text about path behavior in the Compose Build
Specification documentation.
## Changes
- Consolidated duplicate sentences about absolute/relative path behavior
that appeared in both the "former case" and "latter case" paragraphs
- Improved clarity by explicitly referencing "When `build` is specified
as a string" and "When `build` is specified as a detailed structure"
instead of vague "former/latter" references
- Added a single consolidated paragraph explaining path behavior that
applies to both cases
Fixes#24163
---
🤖 Generated with [cagent](https://github.com/docker/cagent)
<!--Delete sections as needed -->
## Description
Delete operation may time-out. Hub automatically retries without user
interaction in both the UI and API.
Added notes to make the user aware.
## Related issues or tickets
ENGDOCS-3173
## Reviews
<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->
- [ ] Technical review
- [ ] Editorial review
- [ ] Product review
---------
Signed-off-by: Craig Osterhout <craig.osterhout@docker.com>
## Description
Clarifies that the `depends_on` short syntax does not wait for services
to become healthy, and waits only for them to be started (running).
This aligns with the long syntax section, which defines
`service_started` as equivalent to the short syntax, and with the
[Control startup and shutdown
order](https://docs.docker.com/compose/how-tos/startup-order/#control-startup)
manual:
> On startup, Compose does not wait until a container is "ready", only
until it's running.
Confirmed locally that short syntax behaves equivalently to `condition:
service_started`.
## Related issues or tickets
None
## Reviews
<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->
- [x] Technical review
- [x] Editorial review
- [ ] Product review
## Summary
Added documentation for DOCKER_HOST requirement when using Docker SDKs
with Docker Desktop for Linux.
## Changes
- Added "Using Docker SDKs with Docker Desktop" section to Linux install
docs explaining why SDKs need DOCKER_HOST set and providing
configuration commands
- Added FAQ entry "How do I use Docker SDKs with Docker Desktop for
Linux?" with troubleshooting steps
- Added note in SDK reference docs alerting Docker Desktop for Linux
users to set DOCKER_HOST before using SDKs
Fixes#23308
---
🤖 Generated with [cagent](https://github.com/docker/cagent)
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: aevesdocker <allie.sadler@docker.com>
Paweł Gronowski