Changes to use Docker Desktop proxy

[karman-docker]

What I did
Changed the default http client transport to use Docker Desktop proxy.

• Use Sync.Once to initialize desktopProxyTransportInst which uses http.DefaultTransport if Docker Desktop is not running, otherwise creates a transport that forwards the http requests via Docker Desktop proxy.
• I had to move features.IsRunningInDockerDesktop() from features package to desktop package. Because I cannot access features package in desktop package as it results in a circular dependency between those two packages.

Fixes https://docker.atlassian.net/browse/DDB-378

Related issue
https://docker.atlassian.net/browse/DDB-378

(not mandatory) A picture of a cute animal, if possible in relation to what you did

[cmrigney]

Thanks for doing this! I think there are a couple things we need to handle first:

1. There are other places where we construct an http.Client where we'd also want to use this proxy. If you search them in the codebase you should find them.
2. We need a fallback for Docker CE and container contexts, since DD won't be available there. The solution is probably to make DesktopProxyTransport check features.IsRunningInDockerDesktop() and return the default transport if it's not running in DD, instead. All of this can be wrapped in a sync.Once so we don't redundantly check DD presence (e.g. check out pkg/validate/validate.go for an example).

[karman-docker]

Thanks for doing this! I think there are a couple things we need to handle first:

1. There are other places where we construct an `http.Client` where we'd also want to use this proxy. If you search them in the codebase you should find them.

2. We need a fallback for Docker CE and container contexts, since DD won't be available there. The solution is probably to make `DesktopProxyTransport` check `features.IsRunningInDockerDesktop()` and return the default transport if it's not running in DD, instead. All of this can be wrapped in a `sync.Once` so we don't redundantly check DD presence (e.g. check out `pkg/validate/validate.go` for an example).

I referred to your PR #118 to patch the http.Client usages. Yes there are few other source files that use http.Client

./pkg/oauth/notification_monitor.go
./pkg/catalog/catalog.go
./pkg/oci/import.go
./pkg/desktop/raw_client.go
./pkg/mcp/remote.go
./pkg/fetch/fetch.go
./pkg/registryapi/client.go
./pkg/integration_test.go
./pkg/gateway/findtools.go
./pkg/gateway/registry.go
./pkg/gateway/mcpadd.go
./pkg/gateway/auth_integration_test.go

I will update these files as well and use sync.Once().

I do not need to change the http.Client references in vendor folders correct ?

[karman-docker]

@cmrigney review when you get a chance.

In the latest commit. I have done the below changes:

1. Use Sync.Once to initialize desktopProxyTransportInst once.
2. I had to move features.IsRunningInDockerDesktop() from features package to desktop package. Because I cannot access features package in desktop package as it results in a circular dependency between those two packages.
3. Updated most of remaining source files under pkg folder to use desktopProxyTransportInst
4. I have not update ./pkg/mcp/remote.go ./pkg/integration_test.go and ./pkg/gateway/auth_integration_test.go as I was not quite sure if they to need desktopProxyTransportInst, can you have a look. I will update if needed in the next commit.

[karman-docker]

/share

[karman-docker]

Hi @cmrigney

I have incorporated the changes from your PR.

I have tested this and I can see that running the below command

date;/Applications/Docker.app/Contents/Resources/bin/docker mcp catalog update;date; 
Fri 23 Jan 2026 14:22:18 GMT
updated: docker-mcp
Fri 23 Jan 2026 14:22:19 GMT

creates a log entry in DD backend log httpproxy.log corresponding to that request.

[2026-01-23T14:22:18.865513000Z] req 256 HTTP CONNECT desktop.docker.com:443: host connecting via app settings HTTPS proxy http://USERINFO@172.211.16.3:3128
[2026-01-23T14:22:18.897148000Z] req 256 HTTP CONNECT desktop.docker.com:443: proxying to desktop.docker.com:443

which indicates the request is served through DD proxy (172.211.16.3)

Also for testing purpose, I had logged a message to a file (in ProxyTransport()) when MCP gateway created the TCP transport to indicate if it was using DD proxy transport. When the above update command was run, this message was logged to my log file:

[2026-01-23 14:22:18] Using Docker Desktop HTTP proxy socket for HTTP transport

So the changes look good to me.

I don't know if mcp gateway is intended to be used with Docker Engine (CE), as the README mentions Install prereq is Docker Desktop. Do let me know if any testing needs to be done against Docker Engine CE.

[cmrigney]

This is looking good! Just needs a little log cleanup I think.

I did smoke test this on my Mac and in a container (which works very similar to Docker CE mode) and it looked good from my side. I'll smoke test Windows as well.

[cmrigney]

@karman-docker To answer your question about Docker CE, we do support it, but I don't quite know the test flow for that. I do feel that container mode is roughly equivalent though (for testing DD's absence).

If you want to test container mode you can:

docker buildx build --target=mcp-gateway -t mcp-gateway --load .

docker run -it --rm --entrypoint "/bin/sh" mcp-gateway
/ # /docker-mcp version
/ # <any other commands you want to run>

[karman-docker]

Tested the fix:
On macOS:

#354 (comment)

On Windows:

With proxy server stopped:

C:\Users\azureuser>"C:\Program Files\Docker\Docker\resources\cli-plugins"\docker-mcp catalog-next pull mcp/docker-mcp-catalog
2026/01/23 17:49:57 readFileOrURL: docker-mcp.yaml
failed to read OCI catalog: failed to fetch image/artifact mcp/docker-mcp-catalog: Get "https://index.docker.io/v2/": writing response to index.docker.io:443: connecting to 172.211.16.3:3128: dial tcp 172.211.16.3:3128: connectex: No connection could be made because the target machine actively refused it.

that's expected, and it proves, mcp tried to use DD proxy.

With proxy server up:

C:\Users\azureuser>"C:\Program Files\Docker\Docker\resources\cli-plugins"\docker-mcp catalog-next pull mcp/docker-mcp-catalog
Catalog mcp/docker-mcp-catalog:latest pulled

[cmrigney]

lgtm! Smoke testing on Windows checked out for me.

[karman-docker]

Hi @cmrigney
Will you be merging this? Does this require any version increment? Do we need to do anything else to ship this with Docker Desktop?

[cmrigney]

DM'd you.