Changelog — June 7, 2026

v2.1.166 is a focused security and reliability release with several features that matter for team deployments. A new fallbackModel setting lets you configure up to three fallback models tried in order when the primary is overloaded or unavailable — previously --fallback-model was CLI-only, but this setting and flag now apply equally to interactive sessions. Combined with the new auto-retry behavior (Claude Code retries a turn on the fallback model when the API returns an unexpected non-retryable error), this meaningfully improves uptime for agents running 24/7.

Security hardening for multi-agent setups: messages relayed via SendMessage from other Claude sessions no longer carry user authority. Receiver sessions refuse relayed permission requests, and auto mode blocks them entirely. This closes a privilege-escalation path where a compromised sub-agent could forward elevated requests through the messaging channel. Glob patterns are now supported in deny rule tool-name positions — "*" denies all tools, giving you a blanket-deny starting point for least-privilege policies. Allow rules reject non-MCP globs, and unknown tool names in deny rules warn at startup.

Thinking controls: MAX_THINKING_TOKENS=0, --thinking disabled, and the per-model thinking toggle now reliably disable thinking on models that think by default when called via the Claude API. Third-party provider behavior is unchanged.

Bug fixes: A recurring "image could not be processed" error that also inflated token counts on unprocessable images is fixed. Remote sessions that became permanently stuck when a brief backend disruption occurred during worker registration at startup will now recover. JetBrains IDE users on IntelliJ, PyCharm, WebStorm, and similar on 2026.1+ get a fix for terminal flickering via synchronized output. Kitty keyboard protocol users (WezTerm, Ghostty, kitty) get a fix for Shift+non-ASCII characters (e.g. Shift+ä → Ä) being silently dropped. Windows users see a fix for PowerShell command validation occasionally hanging far past its time budget.

v2.1.167 and v2.1.168, released the following day, are bug-fix-only updates with reliability improvements.

v2.1.166 release notes →  ·  v2.1.167 →  ·  v2.1.168 → Affects: /openclaw/, /openclaw/setup/, /openclaw/skills-guide/, /openclaw/configuration/, /openclaw/security/, /openclaw/cost-optimisation/, /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/, /claude-cowork/pricing/

Hermes v0.16.0 is the biggest release in the project's history by commit volume: 874 commits, 542 merged PRs, 205,216 insertions across 1,962 files, with 170 community contributors. The headline is Hermes Desktop — a real native Electron application for macOS, Linux, and Windows that installs like any other desktop app, updates itself from inside the app, and exposes a polished GUI for everything Hermes does. You get a streaming chat window, a session list, drag-and-drop files into chat, an inline model picker in the status bar, concurrent multi-profile sessions, a full Simplified Chinese translation, and the ability to connect to a remote Hermes gateway over OAuth or username/password — the desktop app is not just a terminal wrapper.

Web dashboard expanded: The existing localhost:9119 web dashboard gains a full browser-based administration panel covering MCP catalog management, messaging channels, credentials, webhooks, memory, and pluggable OIDC or username/password login — previously these required CLI or config-file editing.

Easier onboarding: A "Quick Setup via Nous Portal" path now gets you from fresh install to first message in seconds. The default skill set has been trimmed to what you actually use, NVIDIA/skills joins the trusted Skills Hub taps, and the model picker is now fuzzy-searchable everywhere — desktop, web, TUI, and CLI.

/undo command: You can now take back the last N turns in a session, which is useful when a tool call goes sideways and you want to rewind without starting a new session.

Security: CVE-2026-48710 (Starlette version pin), SSRF off-loop hardening, and subprocess credential stripping are included. Two P0 and 62 P1 issues are closed in this release.

Release notes → Affects: /hermes/, /hermes/setup/, /hermes/tasks/, /hermes/memory/, /hermes/mcp-tools/, /hermes/discord-gateway/, /hermes/vps-install/, /hermes/dashboard/

v7.3.39 (pre-release) and v7.3.40 (stable) deliver a trio of chat UX polish fixes. Auto-scroll now stays active when you interact with question answers and other in-chat controls, instead of disabling when the user touches the chat pane mid-stream. Layout movement is reduced when live output finishes and session-action buttons appear — the chat panel no longer jumps when streaming ends. The Explorer and other primary VS Code sidebar views now stay open when VS Code reloads while Kilo Code is hidden in the panel, preventing a session-restart UX regression. v7.3.40 promotes these fixes to stable with no additional changes.

v7.3.39 release notes →  ·  v7.3.40 → Affects: /kilocode/, /kilocode/setup/, /kilocode/models/, /kilocode/orchestrator/, /kilocode/security/, /kilocode/vs-claude-code/

Several user-facing fixes land via commits today. The NPM_CONFIG_OFFLINE bug is patched: a Dockerfile directive intended to isolate the build-time plugin-install step was accidentally persisting into the runtime image, causing every child npm/npx invocation — including the web dashboard's "Add MCP" button, skill installers, and ad-hoc npx -y calls — to fail with ENOTCACHED. The fix resets the flag immediately after the plugin-install RUN and also pins it from the container entrypoint as a backstop.

The vLLM inference container now launches with --restart unless-stopped, so it comes back automatically after a host reboot or Docker daemon restart. Previously the only recovery path after a reboot was re-running nemoclaw onboard --fresh --gpu, which wiped existing configuration. This matches the restart-policy handling already in place for the GPU-patched gateway container.

macOS + Colima HTTP proxy fix: users with an HTTP_PROXY configured were seeing streaming chat completions stall for up to 120 seconds before timing out. The root cause was that the forwarded NO_PROXY seed list didn't include inference.local or host.containers.internal, so the host proxy tried to route internal OpenShell hostnames through itself. Both hostnames are now excluded from proxy routing.

nemoclaw doctor can now accept a verified local openshell-gateway process when legacy container inspection fails, which covers the common case where the gateway is running but Docker inspection is unavailable. The command also now handles large sandbox state backup archives without buffer exhaustion.

Commit log → Affects: /nemoclaw/, /nemoclaw/setup/, /nemoclaw/policy/, /nemoclaw/local-gpu/, /nemoclaw/switching-providers/, /nemoclaw/skills/