## Summary
- Add `useState` to the React import in the backend extension tutorial
code example — it was used but missing from the import, causing a
compilation error
- Remove the duplicate `createDockerDesktopClient()` call inside `App()`
— `ddClient` is already declared at module scope
## Issue
Fixes#25192
## Description
Fixes a broken relative link in
`content/manuals/admin/organization/organization-faqs.md`.
The FAQ linked to `convert-account.md` in the current directory, but the
file is located in the `setup/` subdirectory. Updated the link to point
to the correct path.
## Related issues or tickets
Fixes#25366
## Reviews
* [x] Technical review
* [ ] Editorial review
* [ ] Product review
The include shortcode previously called readFile directly, which renders
nothing when the target is missing instead of failing. That let renamed
or deleted snippets linger as silent no-ops (for example the stale
scout-early-access.md and compose/develop.md references).
Check fileExists first and errorf with the shortcode position when the
target is missing, mirroring the file/files shortcodes. Verified against
Hugo 0.163.0: valid includes still render; a missing target now fails the
build with the offending file and line.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Delete 10 orphaned files under content/includes that are no longer
referenced by any page via the include shortcode:
- aci-ecs-eol.md, compose-eol.md, dev-envs-changing.md,
dockerfile-labs-channel.md (stale EOL/status callouts)
- buildx-v0.10-disclaimer.md, experimental.md, deploy.md,
guides-get-docker.md, open-terminal.md (orphaned snippets)
- labspace-quickstart.md (empty)
Also fix two broken include references:
- scout-early-access.md was deleted in 737ad3c4be but two environment
integration pages still included it; remove the dangling lines.
- reference/compose-file/develop.md included compose/develop.md, which
does not exist; point it at the real file, compose/services-develop.md.
Every include file is now referenced, and every reference resolves.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The 'Ask AI' assistant could not answer whether sbx may be used
commercially because the docs never state the licensing terms. Add an
FAQ entry and a front-page callout making clear the sbx CLI is free to
use, including for commercial work, and that only organization
governance requires a paid subscription.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add the Governance permission category (View policies, Manage policies)
to the custom roles permissions reference, and note in the organization
policy page that only owners can manage AI Governance policies by
default, with custom roles available to delegate to non-owners.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
## Description
Minor editorial fixes in the Docker Scout docs:
- Correct "setup" used as a verb to "set up" in the Integrations and CI
integration page descriptions
- Remove a duplicated word ("improve improve") in the policy view page
## Reviews
- [ ] Technical review
- [ ] Editorial review
- [ ] Product review
Adds a "Use router-assigned IPv6 addresses" subsection to the macvlan
and ipvlan driver pages, covering how to receive IPv6 via SLAAC from a
router on the parent network instead of Docker IPAM.
When the network has no IPv6 subnet, Docker disables IPv6 on the
endpoint; setting the per-interface `net.ipv6.conf.IFNAME.disable_ipv6`
sysctl to `0` via the `endpoint.sysctls` driver option re-enables it so
the interface accepts router advertisements. The section links to the
`docker network connect` sysctl reference for the full mechanism. Also
adds `ipv6`/`slaac` keywords to both pages for discoverability.
Motivated by
[moby/moby#52815](https://github.com/moby/moby/issues/52815), where the
per-endpoint sysctl mechanism was hard to discover from the driver docs.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
"Autoconfiguration" is part of the standard term "stateless address
autoconfiguration (SLAAC)" used in the macvlan/ipvlan IPv6 sections.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add a "Use router-assigned IPv6 addresses" subsection to the macvlan and
ipvlan driver pages explaining how to receive IPv6 addresses via SLAAC
instead of Docker IPAM. Setting the per-interface net.ipv6.conf.IFNAME.disable_ipv6
sysctl to 0 via the endpoint.sysctls driver option re-enables IPv6 on the
interface so it can accept router advertisements, and the section links to
the docker network connect sysctl reference for the full mechanism.
Also add ipv6 and slaac keywords to both pages to improve discoverability.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
## Description
Fix several small grammar errors across the docs:
- **GitHub Actions CI guides** (Python and Ruby): `This workflow is
runs` → `This workflow runs`; `tab of you GitHub repository` → `of your
GitHub repository`; `[Login to Docker Hub]` link text → `[Log in to
Docker Hub]`, matching the adjacent "Set up Docker Buildx" step
- **build/ci/github-actions/configure-builder**: `a node in an
underlying step of you workflow` → `of your workflow`
- **Bind mounts page** (get started): remove a stray article in image
alt text — `inside the a container` → `inside the container`
- **Database pre-seeding guide**: `let you access to the Postgres
database` → `letting you access the Postgres database`; `It also define`
→ `It also defines`
## Reviews
- [ ] Technical review
- [ ] Editorial review
- [ ] Product review
- Python/Ruby GitHub Actions CI guides: 'is runs' -> 'runs', 'of you' ->
'of your', and 'Login to Docker Hub' link text -> 'Log in to Docker Hub'
- configure-builder: 'of you workflow' -> 'of your workflow'
- bind-mount page: remove stray article ('the a container' -> 'the container')
- pre-seeding guide: 'let you access to' -> 'letting you access', 'define' -> 'defines'
Fixes a broken anchor link in
`content/manuals/admin/organization/deactivate-account.md`.
The existing link pointed to `#remove-an-organization`, which does not
exist in the target document. Updated it to `#delete-a-connection`,
which points to the correct section for removing an SSO connection.
## Related issues or tickets
Fixes#25367
## Reviews
* [x] Technical review
* [ ] Editorial review
* [ ] Product review
Lead "How credential injection works" with the injection model and an
orientation table (which form to use, when), and group the value sources.
Reframe registry credentials by purpose and isolation posture rather than as
the "non-injection" outlier: explain the host-only/global/sandbox scopes
upfront, that in-sandbox credentials are written to ~/.docker/config.json at
creation time (less isolated than proxy injection), and show the store-then-run
ordering. Add a best-practices note on the registry isolation tradeoff.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Ctrl+V image/screenshot paste into sandboxed agents (Claude Code, Codex)
is opt-in via the clipboard.imagePaste setting. Added an FAQ entry
covering how to enable it and the isolation tradeoff: enabling it lets a
sandbox process read the host clipboard through the proxy, scoped to
image data only and never cached or logged.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Arguments after `--` no longer wholesale-replace an agent's default
entrypoint flags. The default flags are now kept when the first user
argument is itself a flag (begins with `-`), and replaced only when the
first argument is a bare word (a subcommand or prompt). Updated the
"Default startup command" section on each affected agent page and fixed
examples that re-included flags now retained automatically.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Direct-mode virtiofs caching is now on by default on macOS and Linux;
Windows remains opt-in. Corrected the troubleshooting guidance, which
still described caching as disabled by default, and documented
DOCKER_SANDBOXES_ENABLE_VIRTIOFS_CACHE=0 as the kill switch.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
sbx secret set-custom --host accepts wildcards (* for a single label, **
for any number), using the same syntax as network rules. Added a note and
examples alongside the repeatable --host guidance.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
--name now identifies a sandbox independently of the working directory.
Expanded the reconnecting and naming section to cover: re-attaching by
name from any directory, re-running a create command to reconnect without
error, and using distinct names to run multiple sandboxes against the
same workspace.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
sbx secret set-custom --host is now repeatable, so one secret entry can
cover multiple domains. Added a second example showing the multi-host
form and updated the prose to reflect that the proxy matches any of the
configured hosts.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Audit records now include an `agent` field identifying which AI agent
drove the sandbox (claude, codex, etc.), so multi-agent deployments can
attribute policy decisions per agent. Added to the example record and the
field reference table.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sandbox DNS lookups now go through the same policy engine as TCP
connections — a denied domain is refused at the resolver level, not just
the connection level. Updated the network isolation description to reflect
this guarantee rather than describing DNS as merely proxied.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
<!--Delete sections as needed -->
## Description
A few small changes to account for the Alpine 3.24 updates that are
rolling out.
- Added Alpine 3.24 to the yaml build spec topic
- Added Alpine 3.23 and later to the GUI customization hsp flow.
- Added Alpine 3.24 hsp repo note to packages example
## Related issues or tickets
ENGDOCS-3323
## Reviews
<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->
- [ ] Technical review
- [ ] Editorial review
- [ ] Product review
---------
Signed-off-by: Craig Osterhout <craig.osterhout@docker.com>
<!--Delete sections as needed -->
## Description
- Added a new supported scanner.
- Changed list to a table for better scanability.
- Removed paywalled/login-walled third-party scanners from the how-to
since we just point to their docs, and it's getting weird as the list
grows.
- Removed blogs from additional resources rather than adding the Aikido
blog. Blogs were taking the place of release notes, but now we have
quarterly release notes.
## Related issues or tickets
ENGDOCS-3324
## Reviews
<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->
- [ ] Editorial review
- [ ] Product review
---------
Signed-off-by: Craig Osterhout <craig.osterhout@docker.com>
## Description
- surface the cgroup v2 limitation earlier in the runtime metrics page
- clarify that the detailed metrics section currently documents the
cgroup v1 file layout
- point cgroup v2 readers to the container-specific controller files
they should inspect
## Related issues or tickets
- Addresses #24644
## Guideline alignment
- followed `docs/CONTRIBUTING.md`
- kept the change to one documentation file and one focused issue
## Validation
- not run (`docker buildx bake validate`) because this is a docs-only
clarification
## Reviews
- [x] Technical review
- [ ] Editorial review
- [ ] Product review
<!--Delete sections as needed -->
## Description
<!-- Tell us what you did and why -->
## Related issues or tickets
<!-- Related issues, pull requests, or Jira tickets -->
## Reviews
<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->
- [ ] Technical review
- [ ] Editorial review
- [ ] Product review
<!--Delete sections as needed -->
## Description
<!-- Tell us what you did and why -->
## Related issues or tickets
<!-- Related issues, pull requests, or Jira tickets -->
## Reviews
<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->
- [ ] Technical review
- [ ] Editorial review
- [ ] Product review
---------
Signed-off-by: aevesdocker <allie.sadler@docker.com>
Paweł Gronowski