By ByteBot
Docker’s AI agent Gordon hit general availability on May 19, 2026 with Desktop 4.74, and the headline feature is persistent memory. Gordon now remembers your project context and past fixes across sessions. That one change graduates it from a demo you show at a sprint retrospective to something worth keeping open alongside your terminal.
Everyone Else Starts With Your Code. Gordon Starts With Your Running Containers.
The clearest way to understand Gordon’s value is to contrast it with every other AI agent in your toolchain. Cursor, GitHub Copilot, and Claude Code all live at the editor layer — they read source files and help you write more of them. Gordon lives at the runtime layer. Before you type a single word, it has already read your container logs, checked your running images, parsed your Compose files, and scanned your working directory.
That context matters the moment something breaks in production — or more likely, at 11pm before a deploy. You don’t describe the problem to Gordon. You run docker ai and it already sees it.
docker ai "my postgres container keeps crashing"
# Gordon checks: logs, memory limits, container health, Compose config
# Proposes specific fix — you approve before anything runsThis is a genuinely different value proposition than code generation. Gordon is not competing with Cursor for writing features. It’s competing with your instinct to docker logs -f and grep for clues for twenty minutes.
Persistent Memory: The Update That Actually Matters
The May 2026 GA release adds persistent local memory. This deserves more attention than it’s gotten in the announcement coverage.
Before this update, Gordon reset between sessions. Every time you came back to a project, you’d re-explain your stack. Gordon would re-analyze your Compose file. It was useful, but it felt like working with a capable colleague who forgot your name overnight. The persistent memory update gives Gordon actual state — it learns your preferences, remembers what it’s already tried, and accumulates project context over time.
The practical result: the second session is meaningfully faster than the first. By the fifth, Gordon knows your project well enough that its suggestions stop being generic Docker best practices and start being specific to your setup.
Every Action Requires Your Approval. By Design.
In February 2026, researchers disclosed a prompt injection vulnerability in Ask Gordon. A malicious metadata label in a Docker image could hijack Gordon’s instructions, route commands through the MCP Gateway, and execute arbitrary operations. Docker patched it in v4.50.0 with a mandatory human-in-the-loop system.
That fix is baked into the GA release. Every shell command, every file write, every Docker operation is shown to you before it runs. You approve, reject, or redirect. Gordon cannot act autonomously — full stop. Given the CVE history, this isn’t bureaucratic friction. It’s the architecture being honest about what AI agents can get wrong.
MCP Toolkit: Extend Gordon With 300+ Tools
Gordon ships with built-in toolsets: filesystem, shell, think (reasoning scratchpad), todo, and memory. The interesting extension point is Docker’s MCP Toolkit — a catalog of 300+ verified MCP servers, each packaged as a container image with isolation, versioning, and security updates managed by Docker.
Plug in a Postgres MCP server and Gordon can query your database directly. Add a GitHub server and it can open issues or check PR status mid-session. The MCP Gateway runs each server in an isolated Docker container with restricted network and resource access — the same security model you’re already using for your application services.
The Dynamic MCP feature lets agents discover and add servers on-demand. Gordon can search the catalog and add a tool it needs during a conversation, without you manually configuring it first.
Docker Compose Is Now Your Agent Infrastructure
The MCP Gateway and servers are defined as standard Compose services, which means your agent stack is version-controlled, reproducible, and deployable like any other Docker application. Docker Compose also added a top-level models element this year — declare your model once and bind it to any service that needs it.
# compose.yaml
services:
mcp-gateway:
image: docker/mcp-gateway:latest
ports:
- "8811:8811"
app:
build: .
depends_on:
- mcp-gateway
models:
llm:
model: claude-sonnet-4-6This solves a real problem: most teams build agent stacks as ad-hoc scripts with environment variables scattered across dotfiles. Compose gives you a single declarative file that everyone can run identically — the same infrastructure-as-code discipline you already have for your app services, now applied to your AI tooling.
Getting Started
Gordon is free with every Docker account. No API keys, no external service setup.
- Update to Docker Desktop 4.74+
- Log in to your Docker account
- Run
docker aifrom any project directory, or open the Gordon tab in Desktop
For MCP Toolkit, enable it through Docker Desktop settings. The official GA post covers the full MCP Gateway setup walkthrough.
Where Gordon Fits — and Where It Doesn’t
Gordon is not trying to replace your coding agent. It won’t write a React component or refactor your authentication logic. Use Cursor or Claude Code for that. Gordon’s lane is container operations: debugging crashes, optimizing Dockerfiles, generating Compose configs, and explaining what your running environment is actually doing.
The honest version of the pitch: if you spend more than ten minutes a week grepping container logs or guessing why a service keeps restarting, Gordon is worth the five minutes it takes to enable. Persistent memory means the tenth session is substantially better than the first. That’s a bar most AI tooling doesn’t clear.
