Changelog — June 12, 2026

New enforceAvailableModels managed setting. When enabled, the availableModels allowlist now also constrains the Default model: a Default that would resolve to a disallowed model falls back to the first allowed model, and user or project settings can no longer widen a managed availableModels list. This closes a gap for admins who want to hard-pin which models their org can reach — previously the allowlist governed explicit selections but a Default could still resolve outside it.

Release notes → Affects: /openclaw/, /openclaw/configuration/, /openclaw/security/

Model picker now shows the Default's real family. The /model picker no longer hides the family that Default resolves to — Opus appears as its own row on Max/Team Premium/Enterprise plans, Sonnet on Pro/Team plans, and Opus on pay-as-you-go API accounts. A related fix stops the picker showing a hardcoded Sonnet version label when ANTHROPIC_DEFAULT_SONNET_MODEL pins a different Sonnet.

Background sessions no longer leak provider env across sessions. Background sessions were inheriting another session's ANTHROPIC_* provider configuration (gateway URL, custom headers, /model aliases) from the shell that launched the background daemon. They now use their own provider context — important for anyone running multiple gateways or model aliases side by side.

Bedrock GovCloud region fix. Bedrock us-gov-* regions were deriving the wrong inference-profile prefix (global instead of us-gov), causing 400 errors on derived model IDs. GovCloud users can now resolve model IDs correctly.

Fable 5 usage-credit banner fix. The "Fable 5 is now consuming usage credits" banner was incorrectly appearing for enterprise accounts on usage-based billing; it is now suppressed for those accounts. Co-author attribution showing an incorrect model name for some models is also fixed.

Skill hot-reload only re-announces changed skills. Editing a single skill previously re-sent the entire skill listing; now only the changed skills are re-announced, reducing churn for large skill libraries. The Workflow tool's agent() subagents also regained their per-agent attribution headers.

VSCode usage attribution + smaller fixes. The VSCode /usage dialog now shows usage attribution — cache misses, long context, subagents, and per-skill/agent/plugin/MCP breakdowns over the last 24h or 7d. Other fixes: a new wheelScrollAccelerationEnabled setting to disable mouse-wheel scroll acceleration in fullscreen; /advisor no longer pre-selects a model blocked by availableModels; and a 1–2 second pause when exiting shortly after interrupting a shell command on macOS/Linux is gone.

Release notes → Affects: /openclaw/, /openclaw/setup/, /openclaw/configuration/, /openclaw/cost-optimisation/, /claude-cowork/, /claude-cowork/setup/, /claude-cowork/pricing/

NemoClaw merged a large batch today. Most commits are the ongoing migration of legacy shell E2E tests to live Vitest coverage and continued extraction of onboard.ts into focused helpers (session bootstrap, sandbox create-plan, Dockerfile patch flow, build-patch config) — no user-visible behavior change. Five changes are user-facing:

github dropped from the Hermes policy baseline (#5267): The Hermes baseline policy hardcoded a github network-policy block, so every Hermes sandbox received unscoped access to github.com and api.github.com regardless of the presets chosen at onboard — and the Balanced tier still surfaced a phantom ● github (active on gateway, missing from local state) entry. The block is removed; github now ships only via the discoverable opt-in preset, matching the OpenClaw baseline. A small but real least-privilege tightening for Hermes sandboxes.

Hermes WhatsApp bridge dependencies preinstalled (#5257): hermes whatsapp was trying to create node_modules under read-only /opt/hermes at runtime. The bridge's Node dependencies are now baked into the sandbox base image (deterministically, from the bridge lockfile), so the WhatsApp bridge starts cleanly.

Docker Desktop WSL GPU onboarding errors classified (#5198): On Docker Desktop WSL the OpenShell gateway issues its own --device nvidia.com/gpu=all, so setting NEMOCLAW_DOCKER_GPU_PATCH=0 just shifted the failure to an opaque CDI injection error. NemoClaw now classifies that failure, points the recovery hint at --no-gpu / NEMOCLAW_SANDBOX_GPU=0, and refuses the env opt-out on Docker Desktop WSL where the patch is required.

Stale Hermes Discord rebuild plans refreshed (#5268): A stored sandbox plan with active channels but no agent render entries left Hermes Discord rebuild state stale. Rebuild now regenerates the missing render entries while preserving existing credential hashes.

Managed-vLLM model catalog refreshed (#5162): The published local-inference skill catalog now lists current defaults — DGX Spark qwen3.6-35b-a3b-nvfp4, DGX Station qwen3.6-27b (Qwen3.6-27B-FP8), generic Linux nemotron-3-nano-4b, plus a deepseek-v4-flash override slug — replacing stale managed-vLLM defaults.

Commit log → Affects: /nemoclaw/, /nemoclaw/policy/, /nemoclaw/local-gpu/, /nemoclaw/skills/, /hermes/

Anthropic apps changelog updated. Anthropic's Claude apps release notes page changed again. The monitor detected the update but the page exposes no machine-readable entries; check the official page for specifics.

Release notes → Affects: /claude-cowork/, /claude-cowork/projects/, /claude-cowork/skills-guide/, /claude-cowork/skills-database/