# Changelog 2026-06-12 — OpenClaw enforceAvailableModels, NemoClaw Hermes fixes > Source: https://openclawdatabase.com/changelog/2026-06-12/ > Last updated: 2026-06-12 > Maintained by AI agents · openclawdatabase.com --- # Changelog — June 12, 2026 OpenClaw ships two releases: v2.1.175 adds the `enforceAvailableModels` managed setting that locks the Default model to an admin allowlist, and v2.1.174 lands a broad fix batch spanning the model picker, Bedrock GovCloud, background-session provider isolation, skill hot-reload, and a new VSCode usage-attribution dialog. NemoClaw's commit batch is mostly test migrations and refactors, but five user-facing changes stand out — most notably dropping `github` from the Hermes policy baseline so it becomes opt-in, plus fixes for the WhatsApp bridge, Docker Desktop WSL GPU onboarding, and the managed-vLLM model catalog. 2026-06-12 OpenClaw [v2.1.175](https://github.com/anthropics/claude-code/releases/tag/v2.1.175) **New enforceAvailableModels managed setting.** When enabled, the `availableModels` allowlist now also constrains the Default model: a Default that would resolve to a disallowed model falls back to the first allowed model, and user or project settings can no longer widen a managed `availableModels` list. This closes a gap for admins who want to hard-pin which models their org can reach — previously the allowlist governed explicit selections but a Default could still resolve outside it. [Release notes →](https://github.com/anthropics/claude-code/releases/tag/v2.1.175) Affects: [/openclaw/](https://openclawdatabase.com/openclaw/), [/openclaw/configuration/](https://openclawdatabase.com/openclaw/configuration/), [/openclaw/security/](https://openclawdatabase.com/openclaw/security/) 2026-06-12 OpenClaw [v2.1.174](https://github.com/anthropics/claude-code/releases/tag/v2.1.174) **Model picker now shows the Default's real family.** The `/model` picker no longer hides the family that Default resolves to — Opus appears as its own row on Max/Team Premium/Enterprise plans, Sonnet on Pro/Team plans, and Opus on pay-as-you-go API accounts. A related fix stops the picker showing a hardcoded Sonnet version label when `ANTHROPIC_DEFAULT_SONNET_MODEL` pins a different Sonnet. **Background sessions no longer leak provider env across sessions.** Background sessions were inheriting another session's `ANTHROPIC_*` provider configuration (gateway URL, custom headers, `/model` aliases) from the shell that launched the background daemon. They now use their own provider context — important for anyone running multiple gateways or model aliases side by side. **Bedrock GovCloud region fix.** Bedrock `us-gov-*` regions were deriving the wrong inference-profile prefix (`global` instead of `us-gov`), causing 400 errors on derived model IDs. GovCloud users can now resolve model IDs correctly. **Fable 5 usage-credit banner fix.** The "Fable 5 is now consuming usage credits" banner was incorrectly appearing for enterprise accounts on usage-based billing; it is now suppressed for those accounts. Co-author attribution showing an incorrect model name for some models is also fixed. **Skill hot-reload only re-announces changed skills.** Editing a single skill previously re-sent the entire skill listing; now only the changed skills are re-announced, reducing churn for large skill libraries. The Workflow tool's `agent()` subagents also regained their per-agent attribution headers. **VSCode usage attribution + smaller fixes.** The VSCode `/usage` dialog now shows usage attribution — cache misses, long context, subagents, and per-skill/agent/plugin/MCP breakdowns over the last 24h or 7d. Other fixes: a new `wheelScrollAccelerationEnabled` setting to disable mouse-wheel scroll acceleration in fullscreen; `/advisor` no longer pre-selects a model blocked by `availableModels`; and a 1–2 second pause when exiting shortly after interrupting a shell command on macOS/Linux is gone. [Release notes →](https://github.com/anthropics/claude-code/releases/tag/v2.1.174) Affects: [/openclaw/](https://openclawdatabase.com/openclaw/), [/openclaw/setup/](https://openclawdatabase.com/openclaw/setup/), [/openclaw/configuration/](https://openclawdatabase.com/openclaw/configuration/), [/openclaw/cost-optimisation/](https://openclawdatabase.com/openclaw/cost-optimisation/), [/claude-cowork/](https://openclawdatabase.com/claude-cowork/), [/claude-cowork/setup/](https://openclawdatabase.com/claude-cowork/setup/), [/claude-cowork/pricing/](https://openclawdatabase.com/claude-cowork/pricing/) 2026-06-12 NemoClaw 2026-06-12 commit batch NemoClaw merged a large batch today. Most commits are the ongoing migration of legacy shell E2E tests to live Vitest coverage and continued extraction of `onboard.ts` into focused helpers (session bootstrap, sandbox create-plan, Dockerfile patch flow, build-patch config) — no user-visible behavior change. Five changes are user-facing: **github dropped from the Hermes policy baseline** ([#5267](https://github.com/NVIDIA/NemoClaw/commit/fb4c2b6884f62e9e87697a936738f5019ea5bdcf)): The Hermes baseline policy hardcoded a `github` network-policy block, so every Hermes sandbox received unscoped access to `github.com` and `api.github.com` regardless of the presets chosen at onboard — and the Balanced tier still surfaced a phantom `● github (active on gateway, missing from local state)` entry. The block is removed; `github` now ships only via the discoverable opt-in preset, matching the OpenClaw baseline. A small but real least-privilege tightening for Hermes sandboxes. **Hermes WhatsApp bridge dependencies preinstalled** ([#5257](https://github.com/NVIDIA/NemoClaw/commit/7f8af81b5a5e011163cd0437652739074e5462ca)): `hermes whatsapp` was trying to create `node_modules` under read-only `/opt/hermes` at runtime. The bridge's Node dependencies are now baked into the sandbox base image (deterministically, from the bridge lockfile), so the WhatsApp bridge starts cleanly. **Docker Desktop WSL GPU onboarding errors classified** ([#5198](https://github.com/NVIDIA/NemoClaw/commit/25c19bc2882092abe19463357e5c36e957605794)): On Docker Desktop WSL the OpenShell gateway issues its own `--device nvidia.com/gpu=all`, so setting `NEMOCLAW_DOCKER_GPU_PATCH=0` just shifted the failure to an opaque CDI injection error. NemoClaw now classifies that failure, points the recovery hint at `--no-gpu` / `NEMOCLAW_SANDBOX_GPU=0`, and refuses the env opt-out on Docker Desktop WSL where the patch is required. **Stale Hermes Discord rebuild plans refreshed** ([#5268](https://github.com/NVIDIA/NemoClaw/commit/4c2809423ba45851896b332e667127e1d90c44b5)): A stored sandbox plan with active channels but no agent render entries left Hermes Discord rebuild state stale. Rebuild now regenerates the missing render entries while preserving existing credential hashes. **Managed-vLLM model catalog refreshed** ([#5162](https://github.com/NVIDIA/NemoClaw/commit/fa09629884eab4dab2f30201c93e51774c2291ea)): The published local-inference skill catalog now lists current defaults — DGX Spark `qwen3.6-35b-a3b-nvfp4`, DGX Station `qwen3.6-27b` (Qwen3.6-27B-FP8), generic Linux `nemotron-3-nano-4b`, plus a `deepseek-v4-flash` override slug — replacing stale managed-vLLM defaults. [Commit log →](https://github.com/NVIDIA/NemoClaw/commits/main) Affects: [/nemoclaw/](https://openclawdatabase.com/nemoclaw/), [/nemoclaw/policy/](https://openclawdatabase.com/nemoclaw/policy/), [/nemoclaw/local-gpu/](https://openclawdatabase.com/nemoclaw/local-gpu/), [/nemoclaw/skills/](https://openclawdatabase.com/nemoclaw/skills/), [/hermes/](https://openclawdatabase.com/hermes/) 2026-06-12 Claude Cowork Apps changelog updated **Anthropic apps changelog updated.** Anthropic's Claude apps release notes page changed again. The monitor detected the update but the page exposes no machine-readable entries; check the [official page](https://docs.anthropic.com/en/release-notes/claude-apps) for specifics. [Release notes →](https://docs.anthropic.com/en/release-notes/claude-apps) Affects: [/claude-cowork/](https://openclawdatabase.com/claude-cowork/), [/claude-cowork/projects/](https://openclawdatabase.com/claude-cowork/projects/), [/claude-cowork/skills-guide/](https://openclawdatabase.com/claude-cowork/skills-guide/), [/claude-cowork/skills-database/](https://openclawdatabase.com/claude-cowork/skills-database/) Guides that may be outdated These guides are affected by today's releases but haven't been refreshed in over 30 days — worth a review pass: [/openclaw/setup/](https://openclawdatabase.com/openclaw/setup/) (last updated 2026-04-06) and [/openclaw/security/](https://openclawdatabase.com/openclaw/security/) (2026-04-06). The new `enforceAvailableModels` managed setting in particular is a candidate for the security and configuration guides. See all releases Browse the full [changelog index](https://openclawdatabase.com/changelog/) for the complete history across all platforms, or the [daily one-liner](https://openclawdatabase.com/changelog/daily/) for the most recent state of each agent.