centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-03-27 06:18:55 +07:00
Code Issues Packages Projects Releases Wiki Activity

gordon: revise gordon docs for gordon v2

Browse Source 
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
David Karlsson
2026-01-31 17:37:56 +01:00
parent 18ed80925a
commit cf69340a3d
24 changed files with 810 additions and 651 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
content/includes/gordondhi.md
View File

@@ -1,28 +0,0 @@
1. Ensure Gordon is [enabled](/manuals/ai/gordon.md#enable-ask-gordon).
1. In Gordon's Toolbox, ensure Gordon's [Developer MCP Toolkit is enabled](/manuals/ai/gordon/mcp/built-in-tools.md#configuration).
1. In the terminal, navigate to the directory containing your Dockerfile.
1. Start a conversation with Gordon:
```bash
docker ai
```
1. Type:
```console
"Migrate my dockerfile to DHI"
```
1. Follow the conversation with Gordon. Gordon will edit your Dockerfile, so when
it requests access to the filesystem and more, type `yes` to allow Gordon to proceed.
> [!NOTE]
> To learn more about Gordon's data retention and the data it
> can access, see [Gordon](/manuals/ai/gordon.md#what-data-does-gordon-access).
When the migration is complete, you see a success message:
```text
The migration to Docker Hardened Images (DHI) is complete. The updated Dockerfile
successfully builds the image, and no vulnerabilities were detected in the final image.
The functionality and optimizations of the original Dockerfile have been preserved.
```
> [!IMPORTANT]
> As with any AI tool, you must verify Gordon's edits and test your image.

283
content/manuals/ai/gordon/_index.md
View File

@@ -1,6 +1,7 @@
---
title: Ask Gordon
description: Streamline your workflow with Docker's AI-powered assistant in Docker Desktop and CLI.
title: Gordon
description: AI agent for Docker workflows - execute tasks, debug issues, and
manage containers with intelligent assistance
weight: 40
params:
sidebar:
@@ -9,259 +10,111 @@ params:
text: Beta
group: AI
aliases:
- /desktop/features/gordon/
- /desktop/features/gordon/
---
{{< summary-bar feature_name="Ask Gordon" >}}
{{< summary-bar feature_name="Gordon" >}}
Ask Gordon is your personal AI assistant embedded in Docker Desktop and the
Docker CLI. It's designed to streamline your workflow and help you make the most
of the Docker ecosystem.
Gordon is an AI agent that takes action on your Docker workflows. It analyzes
your environment, proposes solutions, and executes commands with your
permission. Available in Docker Desktop and via the `docker ai` CLI command.
## Key features
## What Gordon does
Ask Gordon provides AI-powered assistance in Docker tools. It can:
Gordon takes action to help you with Docker tasks:
- Improve Dockerfiles
- Run and troubleshoot containers
- Interact with your images and code
- Find vulnerabilities or configuration issues
- Migrate a Dockerfile to use [Docker Hardened Images](/manuals/dhi/_index.md)
- Explains Docker concepts and commands
- Searches Docker documentation and web resources for solutions
- Writes and modifies Dockerfiles following best practices
- Debugs container failures by reading logs and proposing fixes
- Manages containers, images, volumes, and networks
It understands your local environment, including source code, Dockerfiles, and
images, to provide personalized and actionable guidance.
Gordon proposes every action before executing. You approve what it does.
Ask Gordon remembers conversations, allowing you to switch topics more easily.
## Get started
Ask Gordon is not enabled by default, and is not
production-ready. You may also encounter the term "Docker AI" as a broader
reference to this technology.
### Prerequisites
Before you begin:
- Docker Desktop 4.61.0 or later
- Sign in to your Docker account
> [!NOTE]
>
> Ask Gordon is powered by Large Language Models (LLMs). Like all
> LLM-based tools, its responses may sometimes be inaccurate. Always verify the
> information provided.
> Gordon is enabled by default for Personal, Pro, and Team subscriptions. For
> Business subscriptions, an administrator must enable Gordon for the
> organization before users can access it.
### What data does Gordon access?
### Quick start
When you use Ask Gordon, the data it accesses depends on your query:
{{< tabs >}}
{{< tab name="Docker Desktop" >}}
- Local files: If you use the `docker ai` command, Ask Gordon can access files
and directories in the current working directory where the command is
executed. In Docker Desktop, if you ask about a specific file or directory in
the **Ask Gordon** view, you'll be prompted to select the relevant context.
- Local images: Gordon integrates with Docker Desktop and can view all images in
your local image store. This includes images you've built or pulled from a
registry.
1. Open Docker Desktop.
2. Select **Ask Gordon** in the sidebar.
3. Select your project directory.
4. Type a question: "What containers are running?"
To provide accurate responses, Ask Gordon may send relevant files, directories,
or image metadata to the Gordon backend with your query. This data transfer
occurs over the network but is never stored persistently or shared with third
parties. It is used only to process your request and formulate a response. For
details about privacy terms and conditions for Docker AI, review [Gordon's
Supplemental Terms](https://www.docker.com/legal/docker-ai-supplemental-terms/).
![Gordon running in Docker Desktop](./images/gordon_gui.avif)
All data transferred is encrypted in transit.
5. Review Gordon's proposed actions and approve.
### How your data is collected and used
{{< /tab >}}
{{< tab name="CLI" >}}
Docker collects anonymized data from your interactions with Ask Gordon to
improve the service. This includes:
- Your queries: Questions you ask Gordon.
- Responses: Answers provided by Gordon.
- Feedback: Thumbs-up and thumbs-down ratings.
To ensure privacy and security:
- Data is anonymized and cannot be traced back to you or your account.
- Docker does not use this data to train AI models or share it with third
parties.
By using Ask Gordon, you help improve Docker AI's reliability and accuracy for
everyone.
If you have concerns about data collection or usage, you can
[disable](#disable-ask-gordon) the feature at any time.
## Enable Ask Gordon
1. Sign in to your Docker account.
1. Go to the **Beta features** tab in settings.
1. Check the **Enable Docker AI** checkbox.
The Docker AI terms of service agreement appears. You must agree to the terms
before you can enable the feature. Review the terms and select **Accept and
enable** to continue.
1. Select **Apply**.
> [!IMPORTANT]
>
> For Docker Desktop versions 4.41 and earlier, this setting is under the
> **Experimental features** tab on the **Features in development** page.
## Using Ask Gordon
You can access Gordon:
- In Docker Desktop, in the **Ask Gordon** view.
- In the Docker CLI, with the `docker ai` command.
After you enable Docker AI features, you will also see **Ask Gordon** in other
places in Docker Desktop. Whenever you see a button with the **Sparkles** (✨)
icon, you can use it to get contextual support from Ask Gordon.
## Example workflows
Ask Gordon is a general-purpose AI assistant for Docker tasks and workflows. Here
are some things you can try:
- [Troubleshoot a crashed container](#troubleshoot-a-crashed-container)
- [Get help with running a container](#get-help-with-running-a-container)
- [Improve a Dockerfile](#improve-a-dockerfile)
- [Migrate a Dockerfile to DHI](#migrate-a-dockerfile-to-dhi)
For more examples, try asking Gordon directly. For example:
```console
$ docker ai "What can you do?"
```
### Troubleshoot a crashed container
If you start a container with an invalid configuration or command, use Ask Gordon
to troubleshoot the error. For example, try starting a Postgres container without
a database password:
```console
$ docker run postgres
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD to a non-empty value for the
superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
connections without a password. This is *not* recommended.
See PostgreSQL documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
```
In the **Containers** view in Docker Desktop, select the ✨ icon next to the
container's name, or inspect the container and open the **Ask Gordon** tab.
### Get help with running a container
If you want to run a specific image but are not sure how, Gordon can help you get
set up:
1. Pull an image from Docker Hub (for example, `postgres`).
1. Open the **Images** view in Docker Desktop and select the image.
1. Select the **Run** button.
In the **Run a new container** dialog, you see a message about **Ask Gordon**.
![Screenshot showing Ask Gordon hint in Docker Desktop.](../../images/gordon-run-ctr.png)
The linked text in the hint is a suggested prompt to start a conversation with
Ask Gordon.
### Improve a Dockerfile
Gordon can analyze your Dockerfile and suggest improvements. To have Gordon
evaluate your Dockerfile using the `docker ai` command:
1. Go to your project directory:
1. Open your terminal and run:
```console
$ cd <path-to-your-project>
$ docker ai
```
1. Use the `docker ai` command to rate your Dockerfile:
This opens the Terminal User Interface (TUI) for Gordon.
```console
$ docker ai rate my Dockerfile
```
2. Type a question: "what containers are running?" and press <kbd>Enter</kbd>.
Gordon will analyze your Dockerfile and identify opportunities for improvement
across several dimensions:
![Gordon running in the terminal](./images/gordon_tui.avif?border=true)
- Build cache optimization
- Security
- Image size efficiency
- Best practices compliance
- Maintainability
- Reproducibility
- Portability
- Resource efficiency
3. Review Gordon's proposed actions and approve by typing `y`.
### Migrate a Dockerfile to DHI
{{< /tab >}}
{{< /tabs >}}
Migrating your Dockerfile to use [Docker Hardened Images](/manuals/dhi/_index.md)
helps you build more secure, minimal, and production-ready containers. DHIs
reduce vulnerabilities, enforce best practices, and simplify compliance, making
them a strong foundation for secure software supply chains.
### Permissions
To request Gordon's help for the migration:
By default, Gordon asks for approval before executing actions. You can approve
individual actions or allow all actions for the current session.
{{% include "gordondhi.md" %}}
![Gordon permission request](./images/permissions.avif)
## Disable Ask Gordon
Permissions reset for each session. To configure default permissions or enable
auto-approve mode, see [Permissions](./how-to/permissions.md).
### For individual users
### Try these examples
If you've enabled Ask Gordon and you want to disable it again:
Container inspection:
1. Open the **Settings** view in Docker Desktop.
1. Go to **Beta features**.
1. Clear the **Enable Docker AI** checkbox.
1. Select **Apply**.
### For organizations
To disable Ask Gordon for your entire Docker organization, use [Settings
Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md)
and add this property to your `admin-settings.json` file:
```json
{
"enableDockerAI": {
"value": false,
"locked": true
}
}
```console
$ docker ai "show me logs from my nginx container"
```
Or disable all Beta features by setting `allowBetaFeatures` to false:
Dockerfile review:
```json
{
"allowBetaFeatures": {
"value": false,
"locked": true
}
}
```console
$ docker ai "review my Dockerfile for best practices"
```
## Feedback
Image management:
<!-- vale Docker.We = NO -->
```console
$ docker ai "list my local images and their sizes"
```
We value your input on Ask Gordon and encourage you to share your experience.
Your feedback helps us improve and refine Ask Gordon for all users. If you
encounter issues, have suggestions, or simply want to share what you like,
here's how you can get in touch:
## Usage and availability
- Thumbs-up and thumbs-down buttons
Rate Ask Gordon's responses using the thumbs-up or thumbs-down buttons in the
response.
- Feedback survey
You can access the Ask Gordon survey by following the _Give feedback_ link in
the **Ask Gordon** view in Docker Desktop, or from the CLI by running the
`docker ai feedback` command.
Gordon is available with all Docker subscriptions. Usage limits vary by tier:
- Personal: Baseline usage
- Pro and Team: 3x more usage than Personal
- Business: 6x more usage than Personal
For details, see [Usage and limits](./usage-and-limits/).

6
content/manuals/ai/gordon/concepts/_index.md Normal file
View File

@@ -0,0 +1,6 @@
---
build:
render: never
title: Concepts
weight: 20
---

93
content/manuals/ai/gordon/concepts/capabilities.md Normal file
View File

@@ -0,0 +1,93 @@
---
title: Gordon's capabilities
linkTitle: Capabilities
description: Understand what Gordon can do and the tools it has access to
weight: 10
---
{{< summary-bar feature_name="Gordon" >}}
Gordon combines multiple capabilities to handle Docker workflows. This page
explains what Gordon can do and the tools it uses.
## Core capabilities
Gordon uses five capabilities to take action on your behalf:
- Specialized agents for specific Docker tasks
- Shell access to run commands
- Filesystem access to read and write files
- Knowledge base of Docker documentation and best practices
- Web access to fetch external resources
## Agent architecture
Gordon uses a primary agent that handles most tasks, with a specialized
sub-agent for specific workflows:
- **Main agent**: Handles all Docker operations, software development,
containerization, and general development tasks
- **DHI migration sub-agent**: Specialized handler for migrating Dockerfiles to
Docker Hardened Images
The main agent handles:
- Creating Docker assets (Dockerfile, compose.yaml, .dockerignore)
- Optimizing Dockerfiles to reduce image size and improve build performance
- Running Docker commands (ps, logs, exec, build, compose)
- Debugging container issues and analyzing configurations
- Writing and reviewing code across multiple programming languages
- General development questions and tasks
When you request DHI migration, Gordon automatically delegates to the DHI
migration sub-agent.
## Shell access
Gordon executes shell commands in your environment after you approve them.
This includes Docker CLI commands, system utilities, and application-specific
tools.
Example commands Gordon might run:
```console
$ docker ps
$ docker logs container-name
$ docker exec -it container-name bash
$ grep "error" app.log
```
Commands run with your user permissions. Gordon cannot access `sudo` unless
you've explicitly granted it.
## Filesystem access
Gordon reads and writes files on your system. It can analyze Dockerfiles, read
configuration files, scan directories, and parse logs without approval. Writing
files requires your approval.
The working directory sets the default context for file operations, but Gordon
can access files outside this directory when needed.
## Knowledge base
Gordon uses retrieval-augmented generation to access Docker documentation,
best practices, troubleshooting procedures, and security recommendations. This
lets Gordon answer questions accurately, explain errors, and suggest
solutions that follow Docker's guidelines.
## Web access
Gordon fetches external web resources to look up error messages, package
versions, and framework documentation. This helps when debugging issues that
require context outside Docker's own documentation.
Gordon cannot access authenticated or private resources, and external requests
are rate-limited.
## Working with other tools
Gordon complements general-purpose AI coding assistants by focusing on Docker
workflows. Use tools like Cursor or GitHub Copilot for application code and
refactoring, and use Gordon for containerization, deployment configuration,
and Docker operations. They work well together.

111
content/manuals/ai/gordon/concepts/data-privacy.md Normal file
View File

@@ -0,0 +1,111 @@
---
title: Data privacy and Gordon
linkTitle: Data privacy
description: How Gordon handles your data and what information is collected
weight: 30
---
{{< summary-bar feature_name="Gordon" >}}
This page explains what data Gordon accesses, how it's used, and what privacy
protections are in place.
## What data Gordon accesses
When you use Gordon, the data it accesses depends on your query and
configuration.
### Local files
When you use the `docker ai` command, Gordon can access files and directories
on your system. The working directory sets the default context for file
operations.
In Docker Desktop, if you ask about a specific file or directory in the Gordon
view, you'll be prompted to select the relevant context.
### Local images
Gordon integrates with Docker Desktop and can view all images in your local
image store. This includes images you've built or pulled from a registry.
### Docker environment
Gordon has access to your Docker daemon's state, including:
- Running and stopped containers
- Container logs and configuration
- Images and image layers
- Volumes and networks
- Build cache
## Data retention policy
Gordon's data retention differs based on your subscription tier:
### Paid subscriptions (Pro, Team, Business)
Docker and its AI providers do not retain any inputs or outputs from your
Gordon sessions. Your queries, Gordon's responses, and any code or files
processed are not stored.
### Personal (free) subscription
Conversation threads are stored for 30 days to improve the service. Individual
queries and responses are retained as part of your conversation history.
### All subscriptions
Data is never used for training AI models or shared with third parties. All
data transferred to Gordon's backend is encrypted in transit.
## Data security
Your data is protected through encryption in transit. For paid subscriptions,
no persistent storage occurs—Gordon processes your requests and discards the
data immediately.
For questions about privacy terms and conditions, review [Gordon's
Supplemental
Terms](https://www.docker.com/legal/docker-ai-supplemental-terms/).
## Organizational data policies
For Business subscriptions, administrators can control Gordon access for their
organization using Settings Management.
Available controls:
- Enable or disable Gordon for the organization
- Set usage limits by subscription tier
Administrators should review their organization's data handling requirements
before enabling Gordon.
See [Settings Management](/enterprise/security/hardened-desktop/settings-management/)
for configuration details.
## Disabling Gordon
You can disable Gordon at any time:
Individual users:
1. Open Docker Desktop Settings.
2. Navigate to the **Beta features** section.
3. Clear the **Enable Docker AI** option.
4. Select **Apply**.
Business organizations:
Administrators can disable Gordon for the entire organization using Settings
Management. See [Settings Management](/enterprise/security/hardened-desktop/settings-management/)
for details.
## Questions about privacy
For questions about Docker's privacy practices:
- Review the [Docker Privacy Policy](https://www.docker.com/legal/privacy/)
- Read [Gordon's Supplemental Terms](https://www.docker.com/legal/docker-ai-supplemental-terms/)
- Contact Docker Support for specific concerns

6
content/manuals/ai/gordon/how-to/_index.md Normal file
View File

@@ -0,0 +1,6 @@
---
build:
render: never
title: How-to guides
weight: 30
---

87
content/manuals/ai/gordon/how-to/cli.md Normal file
View File

@@ -0,0 +1,87 @@
---
title: Using Gordon via CLI
linkTitle: CLI
description: Access and use Gordon through the docker ai command
weight: 20
---
{{< summary-bar feature_name="Gordon" >}}
The `docker ai` command provides a Terminal User Interface (TUI) for Gordon,
integrating AI assistance directly into your terminal.
## Basic usage
Launch the interactive TUI:
```console
$ docker ai
```
This opens Gordon's terminal interface where you can type prompts, approve
actions, and continue conversations with full context.
<script src="https://asciinema.org/a/9kvZFH9LO9ZVDpwS.js" id="asciicast-9kvZFH9LO9ZVDpwS" async="true"></script>
Pass a prompt directly as an argument:
```console
$ docker ai "list my running containers"
```
Exit the TUI with `/exit` or <kbd>Ctrl+C</kbd>.
## Working directory
The working directory sets the default context for Gordon's file operations.
Gordon uses your current shell directory as the working directory:
```console
$ cd ~/my-project
$ docker ai
```
Override with `-C` or `--working-dir`:
```console
$ docker ai -C ~/different-project
```
## Disabling Gordon
Gordon CLI is part of Docker Desktop. To disable it, disable Gordon in Docker
Desktop Settings:
1. Open Docker Desktop Settings.
2. Navigate to the **Beta features** section.
3. Clear the **Enable Docker AI** option.
4. Select **Apply**.
## Commands
The `docker ai` command includes several subcommands:
Interactive mode (default):
```console
$ docker ai
```
Opens the TUI for conversational interaction.
Version:
```console
$ docker ai version
```
Displays the Gordon version.
Feedback:
```console
$ docker ai feedback
```
Opens a feedback form in your browser.

81
content/manuals/ai/gordon/how-to/configure-tools.md Normal file
View File

@@ -0,0 +1,81 @@
---
title: Configure Gordon's tools
linkTitle: Configure tools
description: Enable and disable Gordon's built-in tools based on your needs
weight: 40
---
{{< summary-bar feature_name="Gordon" >}}
Gordon includes built-in tools that extend its capabilities. You can configure
which tools Gordon has access to based on your security requirements and
workflow needs.
Tool configuration provides an additional layer of control:
- Enabled tools: Gordon can propose actions using these tools (subject to
your approval)
- Disabled tools: Gordon cannot use these tools, and will not request
permission to use them
## Accessing tool settings
To configure Gordon's tools:
1. Open Docker Desktop.
2. Select **Ask Gordon** in the sidebar.
3. Select the settings icon at the bottom of the text input area.
![Session settings icon](../images/perm_settings.avif?border=true)
The tool settings dialog opens with two tabs: **Basic** and **Advanced**.
## Basic tool settings
In the **Basic** tab, you can enable or disable individual tools globally.
To disable a tool:
1. Find the tool you want to disable in the list.
2. Toggle it off.
3. Select **Save**.
Disabled tools cannot be used by Gordon, even with your approval.
## Advanced tool settings
The **Advanced** tab lets you create fine-grained allow-lists and deny-lists
for specific commands or patterns.
Allow-lists:
Gordon can use allow-listed commands even when the main tool is disabled. For
example, disable the shell tool but allow `cat`, `grep`, and `ls`.
Deny-lists:
Block specific commands while keeping the tool enabled. For example, allow the
shell tool but deny `chown` and `chmod`.
To configure:
1. Switch to the **Advanced** tab.
2. Add commands to **Allow rules** or **Deny rules**.
3. Select **Save**.
![Advanced tool configuration](../images/gordon_advanced_tool_config.avif?w=500px&border=true)
Gordon still requests approval before running allow-listed tools, unless YOLO
mode (auto-approve mode that bypasses permission checks) is enabled.
## Organizational controls
For Business subscriptions, administrators can control tool access for the
entire organization using Settings Management.
Administrators can:
- Disable specific tools for all users
- Lock tool configuration to prevent users from changing it
- Set organization-wide tool policies
See [Settings Management](/enterprise/security/hardened-desktop/settings-management/)
for details.

46
content/manuals/ai/gordon/how-to/docker-desktop.md Normal file
View File

@@ -0,0 +1,46 @@
---
title: Using Gordon in Docker Desktop
linkTitle: Docker Desktop
description: Access and use Gordon through the Docker Desktop graphical interface
weight: 10
---
{{< summary-bar feature_name="Gordon" >}}
Gordon is integrated into Docker Desktop. Access it from the sidebar to open
the Gordon view.
## Basic usage
To access Gordon:
1. Open Docker Desktop and sign in to your Docker account.
2. Select **Ask Gordon** in the sidebar.
3. Type your question or request in the input field.
4. Press <kbd>Enter</kbd> or select the send button.
Gordon responds in the chat view and maintains context throughout the session.
## Working directory
The working directory sets the default context for Gordon's file operations.
Select your working directory when you start Gordon or use the directory icon
to change it during a conversation:
1. Select the directory icon in the Gordon input area.
2. Browse and select a different directory.
## Disabling Gordon
To disable Gordon:
1. Open Docker Desktop Settings.
2. Navigate to the **Beta features** section.
3. Clear the **Enable Docker AI** option.
4. Select **Apply**.
## Configure tools
You can control which tools Gordon has access to. See [Configure
tools](./configure-tools.md) for details on enabling, disabling, and
fine-tuning tool permissions.

125
content/manuals/ai/gordon/how-to/permissions.md Normal file
View File

@@ -0,0 +1,125 @@
---
title: Gordon's permission model
linkTitle: Permissions
description: How Gordon's ask-first approach keeps you in control
weight: 30
---
{{< summary-bar feature_name="Gordon" >}}
Before Gordon uses a tool or action that can modify your system, it proposes
the action and waits for your approval before executing.
## What requires approval
By default, the following actions require approval before Gordon can use them:
- Commands executed in your shell
- Writing or changing files
- Fetching information from the internet
## What doesn't require approval
- Reading files, listing directories (even outside Gordon's working directory)
- Searching the Docker documentation
- Analyzing code or explaining errors
## Configuring permission settings
To change the default permission settings for Gordon:
1. Open Docker Desktop.
2. Select **Ask Gordon** in the sidebar.
3. Select the settings icon at the bottom of text input.
![Session settings icon](../images/perm_settings.avif)
In the **Basic** tab you can configure whether Gordon should ask for permission
before using a tool.
You can also enable YOLO mode to bypass permission checking altogether.
The new permission settings apply immediately to all sessions.
## Session-level permissions
When you choose "Approve for this session" (Desktop) or "A" (CLI), Gordon can
use that specific tool without asking again during the current conversation.
Example:
```console
$ docker ai "check my containers and clean up stopped ones"
Gordon proposes:
docker ps -a
Approve? [Y/n/a]: a
[Gordon executes docker ps -a]
Gordon proposes:
docker container prune -f
[Executes automatically - you approved shell access for this session]
```
Session permissions reset when:
- You close the Gordon view (Desktop)
- You exit `docker ai` (CLI)
- You start a new conversation
## Security considerations
Working directory
: The working directory sets the default context for file operations. It does
not constrain Gordon's access to files or directories; Gordon can read files
outside this directory.
Verify before approving
: Gordon can make mistakes. Before approving:
- Confirm commands match your intent
- Check container names and image tags are correct
- Verify volume mounts and port mappings
- Review file changes for important logic
If you don't understand an operation, ask Gordon to explain it or reject and
request a different approach.
Destructive operations
: Gordon warns about destructive operations but won't prevent them. Operations
like `docker container rm`, `docker system prune`, and `docker volume rm` can
cause permanent data loss. Back up important data first.
## Stopping and reverting
Stop Gordon during execution by pressing `Ctrl+C` (CLI) or selecting **Cancel**
(Desktop).
Revert Gordon's actions using Docker commands or version control:
- Restore files from Git
- Restart stopped containers
- Rebuild images
- Recreate volumes from backups
Use version control for all files in your working directory.
## Organizational controls
Administrators can control Gordon's capabilities at the organization level
using Settings Management.
Available controls:
- Disable Gordon entirely
- Restrict tool capabilities
- Set working directory boundaries
For Business subscriptions, Gordon must be enabled by an administrator before
users can access it.
See [Settings Management](/enterprise/security/hardened-desktop/settings-management/)
for details.

BIN
content/manuals/ai/gordon/images/gordon.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 509 KiB

BIN
content/manuals/ai/gordon/images/gordon_advanced_tool_config.avif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
content/manuals/ai/gordon/images/gordon_gui.avif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 45 KiB

BIN
content/manuals/ai/gordon/images/gordon_tui.avif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 109 KiB

BIN
content/manuals/ai/gordon/images/perm_settings.avif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 27 KiB

BIN
content/manuals/ai/gordon/images/permissions.avif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 45 KiB

BIN
content/manuals/ai/gordon/images/toolbox.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 315 KiB

30
content/manuals/ai/gordon/mcp/_index.md
View File

@@ -1,30 +0,0 @@
---
title: Model Context Protocol (MCP)
description: Learn how to use Model Context Protocol (MCP) servers with Gordon to extend AI capabilities in Docker Desktop.
keywords: ai, mcp, gordon, docker desktop, docker, llm, model context protocol
grid:
- title: Built-in tools
description: Use the built-in tools.
icon: construction
link: /ai/gordon/mcp/built-in-tools
- title: MCP configuration
description: Configure MCP tools on a per-project basis.
icon: manufacturing
link: /ai/gordon/mcp/yaml
aliases:
- /desktop/features/gordon/mcp/
---
[Model Context Protocol](https://modelcontextprotocol.io/introduction) (MCP) is
an open protocol that standardizes how applications provide context and
additional functionality to large language models. MCP functions as a
client-server protocol, where the client, for example an application like
Gordon, sends requests, and the server processes those requests to deliver the
necessary context to the AI. This context may be gathered by the MCP server by
executing code to perform an action and retrieving the result, calling external
APIs, or other similar operations.
Gordon, along with other MCP clients like Claude Desktop or Cursor, can interact
with MCP servers running as containers.
{{< grid >}}

231
content/manuals/ai/gordon/mcp/built-in-tools.md
View File

@@ -1,231 +0,0 @@
---
title: Built-in tools in Gordon
description: Use and configure Gordon's built-in tools for Docker, Kubernetes, security, and development workflows
keywords: ai, mcp, gordon, docker, kubernetes, security, developer tools, toolbox, configuration, usage
aliases:
- /desktop/features/gordon/mcp/built-in-tools/
---
Gordon includes an integrated toolbox that gives you access to system tools and
capabilities. These tools extend Gordon's functionality so you can interact with
the Docker Engine, Kubernetes, Docker Scout security scanning, and other
developer utilities. This article describes the available tools, how to
configure them, and usage patterns.
## Configure tools
Configure tools globally in the toolbox to make them available throughout
Gordon, including Docker Desktop and the CLI.
To configure tools:
1. In the **Ask Gordon** view in Docker Desktop, select the **Toolbox** button at the bottom left of the input area.
![Screenshot showing Gordon page with the toolbox button.](../images/gordon.png)
1. To enable or disable a tool, select it in the left menu and select the toggle.
![Screenshot showing Gordon's Toolbox.](../images/toolbox.png)
For more information about Docker tools, see [Reference](#reference).
## Usage examples
This section shows common tasks you can perform with Gordon tools.
### Manage Docker containers
#### List and monitor containers
```console
# List all running containers
$ docker ai "Show me all running containers"
# List containers using specific resources
$ docker ai "List all containers using more than 1GB of memory"
# View logs from a specific container
$ docker ai "Show me logs from my running api-container from the last hour"
```
#### Manage container lifecycle
```console
# Run a new container
$ docker ai "Run a nginx container with port 80 exposed to localhost"
# Stop a specific container
$ docker ai "Stop my database container"
# Clean up unused containers
$ docker ai "Remove all stopped containers"
```
### Work with Docker images
```console
# List available images
$ docker ai "Show me all my local Docker images"
# Pull a specific image
$ docker ai "Pull the latest Ubuntu image"
# Build an image from a Dockerfile
$ docker ai "Build an image from my current directory and tag it as myapp:latest"
# Clean up unused images
$ docker ai "Remove all my unused images"
```
### Manage Docker volumes
```console
# List volumes
$ docker ai "List all my Docker volumes"
# Create a new volume
$ docker ai "Create a new volume called postgres-data"
# Back up data from a container to a volume
$ docker ai "Create a backup of my postgres container data to a new volume"
```
### Perform Kubernetes operations
```console
# Create a deployment
$ docker ai "Create an nginx deployment and make sure it's exposed locally"
# List resources
$ docker ai "Show me all deployments in the default namespace"
# Get logs
$ docker ai "Show me logs from the auth-service pod"
```
### Run security analysis
```console
# Scan for CVEs
$ docker ai "Scan my application for security vulnerabilities"
# Get security recommendations
$ docker ai "Give me recommendations for improving the security of my nodejs-app image"
```
### Use development workflows
```console
# Analyze and commit changes
$ docker ai "Look at my local changes, create multiple commits with sensible commit messages"
# Review branch status
$ docker ai "Show me the status of my current branch compared to main"
```
## Reference
This section lists the built-in tools in Gordon's toolbox.
### Docker tools
Interact with Docker containers, images, and volumes.
#### Container management
<!-- vale off -->
| Name | Description |
|---------------|----------------------------------|
| `docker` | Access the Docker CLI |
| `list_builds` | List builds in the Docker daemon |
| `build_logs` | Show build logs |
#### Volume management
| Tool | Description |
|----------------|---------------------------|
| `list_volumes` | List all Docker volumes |
| `remove_volume`| Remove a Docker volume |
| `create_volume`| Create a new Docker volume|
#### Image management
| Tool | Description |
|----------------|-------------------------------|
| `list_images` | List all Docker images |
| `remove_images`| Remove Docker images |
| `pull_image` | Pull an image from a registry |
| `push_image` | Push an image to a registry |
| `build_image` | Build a Docker image |
| `tag_image` | Tag a Docker image |
| `inspect` | Inspect a Docker object |
### Kubernetes tools
Interact with your Kubernetes cluster.
#### Pod management
| Tool | Description |
|----------------|------------------------------------|
| `list_pods` | List all pods in the cluster |
| `get_pod_logs` | Get logs from a specific pod |
#### Deployment management
| Tool | Description |
|--------------------|------------------------------------|
| `list_deployments` | List all deployments |
| `create_deployment`| Create a new deployment |
| `expose_deployment`| Expose a deployment as a service |
| `remove_deployment`| Remove a deployment |
#### Service management
| Tool | Description |
|----------------|---------------------------|
| `list_services`| List all services |
| `remove_service`| Remove a service |
#### Cluster information
| Tool | Description |
|------------------|-----------------------------|
| `list_namespaces`| List all namespaces |
| `list_nodes` | List all nodes in the cluster|
### Docker Scout tools
Security analysis powered by Docker Scout.
| Tool | Description |
|--------------------------------|-------------------------------------------------------------------------------------------------------------------------|
| `search_for_cves` | Analyze a Docker image, project directory, or other artifacts for vulnerabilities using Docker Scout CVEs. |
| `get_security_recommendations` | Analyze a Docker image, project directory, or other artifacts for base image update recommendations using Docker Scout. |
### Developer tools
General-purpose development utilities.
| Tool | Description |
|-------------------|----------------------------------|
| `fetch` | Retrieve content from a URL |
| `get_command_help`| Get help for CLI commands |
| `run_command` | Execute shell commands |
| `filesystem` | Perform filesystem operations |
| `git` | Execute git commands |
### AI model tools
| Tool | Description |
|----------------|------------------------------------|
| `list_models` | List all available Docker models |
| `pull_model` | Download a Docker model |
| `run_model` | Query a model with a prompt |
| `remove_model` | Remove a Docker model |
### Docker MCP Catalog
If you have enabled the [MCP Toolkit feature](../../mcp-catalog-and-toolkit/_index.md),
all the tools you have enabled and configured are available for Gordon to use.

145
content/manuals/ai/gordon/mcp/yaml.md
View File

@@ -1,145 +0,0 @@
---
title: Configure MCP servers with YAML
description: Use MCP servers with Gordon
keywords: ai, mcp, gordon, yaml, configuration, docker compose, mcp servers, extensibility
aliases:
- /desktop/features/gordon/mcp/yaml/
---
Docker works with Anthropic to provide container images for the
[reference implementations](https://github.com/modelcontextprotocol/servers/)
of MCP servers. These are available on Docker Hub under
[the mcp namespace](https://hub.docker.com/u/mcp).
When you run the `docker ai` command in your terminal, Gordon checks for a
`gordon-mcp.yml` file in your working directory. If present, this file lists
the MCP servers Gordon should use in that context. The `gordon-mcp.yml` file
is a Docker Compose file that configures MCP servers as Compose services for
Gordon to access.
The following minimal example shows how to use the
[mcp-time server](https://hub.docker.com/r/mcp/time) to provide temporal
capabilities to Gordon. For more details, see the
[source code and documentation](https://github.com/modelcontextprotocol/servers/tree/main/src/time).
Create a `gordon-mcp.yml` file in your working directory and add the time
server:
```yaml
services:
time:
image: mcp/time
```
With this file present, you can now ask Gordon to tell you the time in another
timezone:
```bash
$ docker ai 'what time is it now in kiribati?'
• Calling get_current_time
The current time in Kiribati (Tarawa) is 9:38 PM on January 7, 2025.
```
Gordon finds the MCP time server and calls its tool when needed.
## Use advanced MCP server features
Some MCP servers need access to your filesystem or system environment variables.
Docker Compose helps with this. Because `gordon-mcp.yml` is a Compose file, you
can add bind mounts using standard Docker Compose syntax. This makes your
filesystem resources available to the container:
```yaml
services:
fs:
image: mcp/filesystem
command:
- /rootfs
volumes:
- .:/rootfs
```
The `gordon-mcp.yml` file adds filesystem access capabilities to Gordon. Because
everything runs inside a container, Gordon only has access to the directories
you specify.
Gordon can use any number of MCP servers. For example, to give Gordon internet
access with the `mcp/fetch` server:
```yaml
services:
fetch:
image: mcp/fetch
fs:
image: mcp/filesystem
command:
- /rootfs
volumes:
- .:/rootfs
```
You can now ask Gordon to fetch content and write it to a file:
```bash
$ docker ai can you fetch rumpl.dev and write the summary to a file test.txt
• Calling fetch ✔️
• Calling write_file ✔️
The summary of the website rumpl.dev has been successfully written to the
file test.txt in the allowed directory. Let me know if you need further
assistance!
$ cat test.txt
The website rumpl.dev features a variety of blog posts and articles authored
by the site owner. Here's a summary of the content:
1. **Wasmio 2023 (March 25, 2023)**: A recap of the WasmIO 2023 conference
held in Barcelona. The author shares their experience as a speaker and
praises the organizers for a successful event.
2. **Writing a Window Manager in Rust - Part 2 (January 3, 2023)**: The
second part of a series on creating a window manager in Rust. This
installment focuses on enhancing the functionality to manage windows
effectively.
3. **2022 in Review (December 29, 2022)**: A personal and professional recap
of the year 2022. The author reflects on the highs and lows of the year,
emphasizing professional achievements.
4. **Writing a Window Manager in Rust - Part 1 (December 28, 2022)**: The
first part of the series on building a window manager in Rust. The author
discusses setting up a Linux machine and the challenges of working with
X11 and Rust.
5. **Add docker/docker to your dependencies (May 10, 2020)**: A guide for Go
developers on how to use the Docker client library in their projects. The
post includes a code snippet demonstrating the integration.
6. **First (October 11, 2019)**: The inaugural post on the blog, featuring a
simple "Hello World" program in Go.
```
## Whats next?
Now that you know how to use MCP servers with Gordon, try these next steps:
- Experiment: Try integrating one or more of the tested MCP servers into your
`gordon-mcp.yml` file and explore their capabilities.
- Explore the ecosystem. See the [reference implementations on
GitHub](https://github.com/modelcontextprotocol/servers/) or browse the
[Docker Hub MCP namespace](https://hub.docker.com/u/mcp) for more servers
that might suit your needs.
- Build your own. If none of the existing servers meet your needs, or you want
to learn more, develop a custom MCP server. Use the
[MCP specification](https://www.anthropic.com/news/model-context-protocol)
as a guide.
- Share your feedback. If you discover new servers that work well with Gordon
or encounter issues, [share your findings to help improve the
ecosystem](https://docker.qualtrics.com/jfe/form/SV_9tT3kdgXfAa6cWa).
With MCP support, Gordon gives you powerful extensibility and flexibility for
your use cases, whether you need temporal awareness, file management, or
internet access.

56
content/manuals/ai/gordon/usage-and-limits.md Normal file
View File

@@ -0,0 +1,56 @@
---
title: Gordon usage and limits
linkTitle: Usage and limits
description: Understand Gordon's usage limits and how they vary by Docker
subscription tier
weight: 50
---
{{< summary-bar feature_name="Gordon" >}}
Gordon is available with all Docker subscriptions. Usage limits apply based on
your subscription tier to ensure fair resource allocation.
## Usage limits by subscription
Usage limits increase with higher subscription tiers:
| Subscription | Usage Multiplier | Description |
| ------------ | ---------------- | ------------------------------------ |
| Personal | 1x (baseline) | Standard usage for personal projects |
| Pro | 3x | Three times Personal tier usage |
| Team | 3x | Three times Personal tier usage |
| Business | 6x | Six times Personal tier usage |
> [!NOTE]
> Limits are per user, not per organization for Team and Business
> subscriptions. Team provides the same multiplier as Pro (3x), but limits
> apply per individual user rather than being shared across the organization.
## How usage is measured
Gordon usage is activity-based. Each interaction consumes resources based on the
complexity of your request and the work Gordon performs. Simple queries use less
than complex multi-step tasks.
## What happens when you reach a limit
As you approach your usage limit, a message appears near the chat input
prompting you to upgrade your subscription.
When you reach your usage limit, Gordon becomes unavailable until the limit
resets. The interface displays when the limit will reset and suggests upgrading
your subscription for higher limits.
## Fair use policy
Usage limits are designed for typical development workflows. Gordon is intended
for:
- Active development and debugging
- Learning Docker concepts
- Optimizing Docker configurations
- Troubleshooting issues
Automated scripting or excessive programmatic access may be subject to
additional restrictions.

129
content/manuals/ai/gordon/use-cases.md Normal file
View File

@@ -0,0 +1,129 @@
---
title: Gordon use cases and examples
linkTitle: Use cases
description: Example prompts for common Docker workflows
weight: 10
---
{{< summary-bar feature_name="Gordon" >}}
Gordon handles Docker workflows through natural conversation. This page shows
example prompts for the most common use cases.
## Debug and troubleshoot
Fix broken containers, diagnose build failures, and resolve issues.
```console
# Diagnose container crashes
$ docker ai "why did my postgres container crash?"
# Debug build failures
$ docker ai "my build is failing at the pip install step, what's wrong?"
# Fix networking issues
$ docker ai "my web container can't reach my database container"
# Investigate performance problems
$ docker ai "my container is using too much memory, help me investigate"
```
## Build and containerize
Create Docker assets for applications and migrate to hardened images.
```console
# Create Dockerfile from scratch
$ docker ai "create a Dockerfile for my Node.js application"
# Generate compose file
$ docker ai "create a docker-compose.yml for my application stack"
# Migrate to Docker Hardened Images
$ docker ai "migrate my Dockerfile to use Docker Hardened Images"
```
## Execute operations
Run Docker commands to manage containers, images, and resources.
```console
# Start containers with configuration
$ docker ai "run a redis container with persistence"
# Build and tag images
$ docker ai "build my Dockerfile and tag it for production"
# Clean up resources
$ docker ai "clean up all unused Docker resources"
```
## Develop and optimize
Improve Dockerfiles and configure secure, efficient development environments.
```console
# Optimize existing Dockerfile
$ docker ai "rate my Dockerfile and suggest improvements"
# Add security improvements
$ docker ai "make my Dockerfile more secure"
# Configure development workflow
$ docker ai "set up my container for development with hot reload"
```
## Manage resources
Inspect containers, images, and resource usage.
```console
# Check container status
$ docker ai "show me all my containers and their status"
# Analyze disk usage
$ docker ai "how much disk space is Docker using?"
# Review image details
$ docker ai "list my images sorted by size"
```
## Learn Docker
Understand concepts and commands in the context of your projects.
```console
# Explain Docker concepts
$ docker ai "explain how Docker networking works"
# Understand commands
$ docker ai "what's the difference between COPY and ADD in Dockerfile?"
# Get troubleshooting guidance
$ docker ai "how do I debug a container that exits immediately?"
```
## Writing effective prompts
Be specific:
- Include relevant context: "my postgres container" not "the database"
- State your goal: "make my build faster" not "optimize"
- Include error messages when debugging
Gordon works best when you describe what you want to achieve rather than how to
do it.
### Working directory context
When using `docker ai` in the CLI, Gordon uses your current working directory
as the default context for file operations. Change to your project directory
before starting Gordon to ensure it has access to the right files:
```console
$ cd ~/my-project
$ docker ai "review my Dockerfile"
```
You can also override the working directory with the `-C` flag. See [Using
Gordon via CLI](./how-to/cli.md#working-directory) for details.

BIN
content/manuals/desktop/images/gordon-run-ctr.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 17 KiB

4
data/summary.yaml
View File

@@ -13,9 +13,9 @@ Allow list:
for: Administrators
Amazon S3 cache:
availability: Experimental
Ask Gordon:
Gordon:
availability: Beta
requires: Docker Desktop [4.38.0](/manuals/desktop/release-notes.md#4380) or later
requires: Docker Desktop [4.61.0](/manuals/desktop/release-notes.md#4610) or later
Ask Gordon DHI migration:
availability: Experimental
requires: Docker Desktop [4.38.0](/manuals/desktop/release-notes.md#4380) or later