Latest Docker 2025 features including AI Assistant, Enhanced Container Isolation, and Moby 25
/plugin marketplace add JosiahSiegel/claude-plugin-marketplace/plugin install docker-master@claude-plugin-marketplaceThis skill inherits all available tools. When active, it can use any tool Claude has access to.
MANDATORY: Always Use Backslashes on Windows for File Paths
When using Edit or Write tools on Windows, you MUST use backslashes (\) in file paths, NOT forward slashes (/).
Examples:
D:/repos/project/file.tsxD:\repos\project\file.tsxThis applies to:
NEVER create new documentation files unless explicitly requested by the user.
This skill covers the latest Docker features introduced in 2025, ensuring you leverage cutting-edge capabilities for security, performance, and developer experience.
What it is: Mount an image directory structure directly inside a container without extracting to a volume.
Key capabilities:
How to use:
# Mount entire image
docker run --rm \
--mount type=image,source=mydata:latest,target=/data \
alpine ls -la /data
# Mount specific path from image
docker run --rm \
--mount type=image,source=mydata:latest,image-subpath=/config,target=/app/config \
alpine cat /app/config/settings.json
Use cases:
What it is: Debug endpoints now accessible through standard versioned API paths.
Previously: Only available at root paths like /debug/vars
Now: Also accessible at /v1.48/debug/vars, /v1.48/debug/pprof/*
Available endpoints:
/v1.48/debug/vars - Runtime variables/v1.48/debug/pprof/ - Profiling index/v1.48/debug/pprof/cmdline - Command line/v1.48/debug/pprof/profile - CPU profile/v1.48/debug/pprof/trace - Execution trace/v1.48/debug/pprof/goroutine - Goroutine stacksHow to use:
# Access debug vars through versioned API
curl --unix-socket /var/run/docker.sock http://localhost/v1.48/debug/vars
# Get CPU profile
curl --unix-socket /var/run/docker.sock http://localhost/v1.48/debug/pprof/profile?seconds=30 > profile.out
Latest versions in Engine 28.3.3:
CVE-2025-54388: Fixed firewalld reload issue where published container ports could be accessed from local network even when bound to loopback.
Impact: Critical for containers binding to 127.0.0.1 expecting localhost-only access.
Raspberry Pi OS 32-bit (armhf):
What it is: Model Context Protocol (MCP) server catalog with 100+ verified, containerized tools.
Key capabilities:
How to access:
Use cases:
What's new:
docker model requests command for monitoringHow to use:
# List running models
docker model ls
# View model details (new: model cards)
docker model inspect llama2-7b
# Monitor requests and responses (NEW)
docker model requests llama2-7b
# Performance metrics
docker stats $(docker model ls -q)
What it is: Docker Desktop automatically updates internal components without requiring full application restart.
Benefits:
Configuration:
CVE-2025-10657 (v4.47): Fixed Enhanced Container Isolation Docker Socket command restrictions not working in 4.46.0.
CVE-2025-9074 (v4.46): Fixed malicious container escape allowing Docker Engine access without mounted socket.
What it is: AI-powered assistant integrated into Docker Desktop and CLI for intelligent container development.
Key capabilities:
How to use:
# Enable in Docker Desktop Settings > Features > Docker AI (Beta)
# Ask questions in natural language
"Optimize my Python Dockerfile"
"Why is my container restarting?"
"Suggest secure nginx configuration"
Local Model Runner:
What it is: Additional security layer that restricts Docker socket access and container escape vectors.
Security benefits:
How to enable:
# Docker Desktop Settings > Security > Enhanced Container Isolation
# Or via CLI:
docker desktop settings set enhancedContainerIsolation=true
Use cases:
Compatibility:
What it is: Built-in AI model execution engine allowing developers to run large language models locally.
Features:
How to use:
# Install via Docker Desktop Extensions
# Or use CLI:
docker model run llama2-7b
# View running models:
docker model ls
# Stop model:
docker model stop MODEL_ID
Benefits:
What it is: Test Kubernetes deployments with multi-node clusters directly in Docker Desktop.
Previously: Single-node only Now: 2-5 node clusters for realistic testing
How to enable:
# Docker Desktop Settings > Kubernetes > Enable multi-node
# Specify node count (2-5)
Use cases:
What it is: High-level build orchestration tool for complex multi-target builds.
Previously: Experimental Now: Generally available and production-ready
Features:
# docker-bake.hcl
target "app" {
context = "."
dockerfile = "Dockerfile"
tags = ["myapp:latest"]
platforms = ["linux/amd64", "linux/arm64"]
cache-from = ["type=registry,ref=myapp:cache"]
cache-to = ["type=registry,ref=myapp:cache,mode=max"]
}
target "test" {
inherits = ["app"]
target = "test"
output = ["type=local,dest=./coverage"]
}
# Build all targets
docker buildx bake
# Build specific target
docker buildx bake test
1. Faster Container Startup:
2. Better Resource Management:
3. Storage Driver Enhancements:
1. Enhanced Seccomp Profiles:
{
"defaultAction": "SCMP_ACT_ERRNO",
"architectures": ["SCMP_ARCH_X86_64", "SCMP_ARCH_AARCH64"],
"syscalls": [
{
"names": ["read", "write", "exit"],
"action": "SCMP_ACT_ALLOW"
}
]
}
2. Improved AppArmor Integration:
3. User Namespace Improvements:
What it is: Convert local compose.yaml files to Kubernetes manifests in a single command.
Key capabilities:
How to use:
# Convert compose file to Kubernetes manifests
docker compose convert --format kubernetes > k8s-manifests.yaml
# Or use compose-bridge directly
docker compose-bridge convert docker-compose.yml
# Apply to Kubernetes cluster
kubectl apply -f k8s-manifests.yaml
Example conversion:
# docker-compose.yml
services:
web:
image: nginx:latest
ports:
- "80:80"
volumes:
- data:/usr/share/nginx/html
volumes:
data:
# Converts to Kubernetes:
# - Deployment for 'web' service
# - Service exposing port 80
# - PersistentVolumeClaim for 'data'
Use cases:
1. Version Field Obsolete:
# OLD (deprecated):
version: '3.8'
services:
app:
image: nginx
# NEW (2025):
services:
app:
image: nginx
The version field is now ignored and can be omitted.
1. Develop Watch with initial_sync:
services:
app:
build: .
develop:
watch:
- action: sync
path: ./src
target: /app/src
initial_sync: full # NEW: Sync all files on start
2. Volume Type: Image:
services:
app:
volumes:
- type: image
source: mydata:latest
target: /data
read_only: true
3. Build Print:
# Debug complex build configurations
docker compose build --print > build-config.json
4. Config No-Env-Resolution:
# View raw config without environment variable substitution
docker compose config --no-env-resolution
5. Watch with Prune:
# Automatically prune unused resources during watch
docker compose watch --prune
6. Run with Quiet:
# Reduce output noise
docker compose run --quiet app npm test
1. Git SHA-256 Support:
# Use SHA-256 based repositories
ADD https://github.com/user/repo#sha256:abc123... /src
2. Enhanced COPY/ADD --exclude:
# Now generally available (was labs-only)
COPY --exclude=*.test.js --exclude=*.md . /app
3. ADD --unpack with --chown:
# Extract and set ownership in one step
ADD --unpack=true --chown=appuser:appgroup archive.tar.gz /app
4. Git Query Parameters:
# Fine-grained Git clone control
ADD https://github.com/user/repo.git?depth=1&branch=main /src
5. Image Checksum Verification:
# Verify image integrity
FROM alpine:3.19@sha256:abc123...
# BuildKit verifies checksum automatically
1. Improved Frontend Verification:
# Always use official Docker frontends
# syntax=docker/dockerfile:1
# Pin with digest for maximum security
# syntax=docker/dockerfile:1@sha256:ac85f380a63b13dfcefa89046420e1781752bab202122f8f50032edf31be0021
2. Remote Cache Improvements:
DO:
DON'T:
DO:
DON'T:
DO:
DON'T:
1. Backup existing configurations:
# Export current settings
docker context export desktop-linux > backup.tar
2. Update Docker Desktop:
3. Enable new features:
# Enable AI Assistant (beta)
docker desktop settings set enableAI=true
# Enable Enhanced Container Isolation
docker desktop settings set enhancedContainerIsolation=true
4. Test existing containers:
# Verify containers work with ECI
docker compose up -d
docker compose ps
docker compose logs
Before:
version: '3.8'
services:
app:
image: nginx:latest
volumes:
- data:/data
volumes:
data:
After:
services:
app:
image: nginx:1.26.0 # Specific version
volumes:
- data:/data
develop:
watch:
- action: sync
path: ./config
target: /etc/nginx/conf.d
initial_sync: full
volumes:
data:
driver: local
Problem: AI Assistant not responding Solution:
# Check Docker Desktop version
docker version
# Ensure beta features enabled
docker desktop settings get enableAI
# Restart Docker Desktop
Problem: Model Runner slow Solution:
Problem: Container fails with socket permission error Solution:
# Identify socket dependencies
docker inspect CONTAINER | grep -i socket
# If truly needed, add socket access explicitly
# (Document why in docker-compose.yml comments)
docker run -v /var/run/docker.sock:/var/run/docker.sock ...
Problem: ECI breaks CI/CD pipeline Solution:
docker desktop settings set enhancedContainerIsolation=falseProblem: "version field is obsolete" warning Solution:
# Simply remove the version field
# OLD:
version: '3.8'
services: ...
# NEW:
services: ...
Problem: watch with initial_sync fails Solution:
# Check file permissions
ls -la ./src
# Ensure paths are correct
docker compose config | grep -A 5 watch
# Verify sync target exists in container
docker compose exec app ls -la /app/src
Immediate (Production-Ready):
Testing (Beta but Stable):
Evaluation (Security-Critical):
This skill ensures you stay current with Docker's 2025 evolution while maintaining stability, security, and production-readiness.
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.
Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply.
Create beautiful visual art in .png and .pdf documents using design philosophy. You should use this skill when the user asks to create a poster, piece of art, design, or other static piece. Create original visual designs, never copying existing artists' work to avoid copyright violations.