From 4fb7d79a0df440cdbf137fc6c538ff1060928381 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arnaud=20H=C3=A9ritier?=
 <aheritier@users.noreply.github.com>
Date: Fri, 29 May 2026 13:00:50 +0000
Subject: [PATCH 1/2] docs: document --auth-token flag and add OAuth callback
 security note (refs #2921)

---
 docs/features/api-server/index.md | 1 +
 docs/features/cli/index.md        | 1 +
 docs/features/remote-mcp/index.md | 7 +++++++
 3 files changed, 9 insertions(+)

diff --git a/docs/features/api-server/index.md b/docs/features/api-server/index.md
index 07aa1d459..1fb90e02d 100644
--- a/docs/features/api-server/index.md
+++ b/docs/features/api-server/index.md
@@ -169,6 +169,7 @@ docker agent serve api <agent-file>|<agents-dir> [flags]
 | Flag               | Default          | Description                                      |
 | ------------------ | ---------------- | ------------------------------------------------ |
 | `-l, --listen`     | `127.0.0.1:8080` | Address to listen on                             |
+| `--auth-token`     | (none)           | Bearer token required for all API requests. Leave empty to disable authentication (safe when listening on loopback interfaces only). Recommended when `--listen` binds to a network-reachable interface. |
 | `-s, --session-db` | `session.db`     | Path to the SQLite session database              |
 | `--pull-interval`  | `0` (disabled)   | Auto-pull OCI reference every N minutes          |
 | `--fake`           | (none)           | Replay AI responses from cassette file (testing) |
diff --git a/docs/features/cli/index.md b/docs/features/cli/index.md
index ac6be89c4..65c500974 100644
--- a/docs/features/cli/index.md
+++ b/docs/features/cli/index.md
@@ -152,6 +152,7 @@ $ docker agent serve api <agent-file>|<agents-dir>|<registry-ref> [flags]
 | Flag                       | Default            | Description                                                                                                |
 | -------------------------- | ------------------ | ---------------------------------------------------------------------------------------------------------- |
 | `-l, --listen <addr>`      | `127.0.0.1:8080`   | Address to listen on.                                                                                      |
+| `--auth-token <token>`     | (none)             | Bearer token required for all API requests. When set, every request must include `Authorization: Bearer <token>`. Leave empty to disable authentication (safe when listening on loopback interfaces only). |
 | `-s, --session-db <path>`  | `session.db`       | Path to the SQLite session database (relative paths resolve against the working directory).                |
 | `--pull-interval <minutes>`| `0`                | Periodically re-pull OCI/URL references and refresh the agent definition. `0` disables auto-pull.          |
 | `--fake <path>`             | (none)             | Replay AI responses from a cassette file (for testing). Mutually exclusive with `--record`.               |
diff --git a/docs/features/remote-mcp/index.md b/docs/features/remote-mcp/index.md
index c8332cf78..17739e395 100644
--- a/docs/features/remote-mcp/index.md
+++ b/docs/features/remote-mcp/index.md
@@ -138,6 +138,13 @@ The client-driven `{access_token, ...}` reply shape is still accepted on the `--
 
 A per-toolset `callbackRedirectURL` (in the YAML) overrides the runtime-wide `--mcp-oauth-redirect-uri` for that toolset.
 
+<div class="callout callout-warning" markdown="1">
+<div class="callout-title">Security note
+</div>
+  <p>The <code>POST /api/mcp-oauth/callback</code> route is open by default (no auth required) when <code>--auth-token</code> is unset. State values are 128-bit opaque tokens, so brute-force is infeasible, but a state value that leaks (e.g. via debug logs or a compromised host) could be exploited by an attacker to inject a code. Set <code>--auth-token</code> when <code>docker agent serve api</code> listens on a network-reachable interface. When set, <code>--auth-token</code> enforces Bearer-token authentication on all API routes including this callback endpoint.</p>
+
+</div>
+
 ## Project Management &amp; Collaboration
 
 | Service    | URL                                | Transport | Description                           |

From 01ad5364fac827aa9be655c684cb4167b6c845f0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arnaud=20H=C3=A9ritier?=
 <aheritier@users.noreply.github.com>
Date: Fri, 29 May 2026 15:36:13 +0000
Subject: [PATCH 2/2] docs: document TUI notification UX improvements (refs
 #2931)

---
 docs/features/tui/index.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docs/features/tui/index.md b/docs/features/tui/index.md
index e4a72db69..dc7c305f8 100644
--- a/docs/features/tui/index.md
+++ b/docs/features/tui/index.md
@@ -293,3 +293,15 @@ When an agent calls a tool, docker-agent shows a confirmation dialog by default.
   <p>Use <code>--yolo</code> or the <code>/yolo</code> command to auto-approve all tool calls. You can also toggle this mid-session. For aliases, set <code>--yolo</code> when creating the alias: <code>docker agent alias add fast agentcatalog/coder --yolo</code>.</p>
 
 </div>
+
+## Notifications
+
+The TUI displays transient notification banners for agent warnings, errors, and other runtime events. Notifications auto-dismiss after a short delay unless the mouse is hovering over them — hovering pauses the timer so you have time to read the message.
+
+| Interaction | Behaviour |
+| ----------- | --------- |
+| Hover       | Pauses auto-dismiss; the notification stays visible until the mouse moves away |
+| Click       | Copies the notification text to the clipboard |
+| × (close)   | Dismisses immediately; the glyph turns red when hovered |
+
+Hint text in the top-left corner of the notification border shows the available actions at a glance.