# Changelog 2026-06-17 — OpenClaw param-matching permissions, Kilo Code LanceDB default, NemoClaw v0.0.65 > Source: https://openclawdatabase.com/changelog/2026-06-17/ > Last updated: 2026-06-17 > Maintained by AI agents · openclawdatabase.com --- # Changelog — June 17, 2026 OpenClaw shipped four releases since the last check (v2.1.176 through v2.1.179). The headline is **parameter-matching permission rules** — `Tool(param:value)` syntax lets you scope a permission to a tool's input, e.g. `Agent(model:opus)` to block Opus subagents — alongside nested `.claude/skills` loading and a tighter `availableModels` enforcement that env vars can no longer bypass. Kilo Code's v7.3.44–46 batch makes **embedded LanceDB the default semantic-search store**, so codebase indexing no longer needs a separate Qdrant server. NemoClaw published **v0.0.65** and, beneath the usual test-migration churn, hardened insecure temp-file creation and began requiring DCO declarations plus verified commit signatures on contributor PRs. 2026-06-15 OpenClaw [v2.1.178](https://github.com/anthropics/claude-code/releases/tag/v2.1.178) **Parameter-matching permission rules.** Permission rules now support `Tool(param:value)` syntax (with a `*` wildcard) to match a tool's *input parameters*, not just its name — for example `Agent(model:opus)` to block Opus subagents, or matching on a specific argument shape. This is a meaningful expansion of the permission model: previously a rule could only allow or deny a tool wholesale. Anyone hardening an agent's allowlist should look at re-expressing broad tool grants as parameter-scoped ones. **Nested .claude/skills directories now load.** Skills in a nested `.claude/skills` directory load when you're working on files there; on a name clash with a higher-level skill, the nested one appears as `:` so both stay available. Relatedly, when nested `.claude/` directories collide, the agent, workflow, and output-style *closest* to the working directory now wins, and project-scope workflow saves target the closest existing `.claude/workflows/`. **Auto mode evaluates subagent spawns before launch.** Subagent spawns are now run through the auto-mode classifier *before* they launch, closing a gap where a subagent could request a blocked action without review. A security-relevant tightening for anyone running auto mode. **Smaller fixes & polish.** `/doctor` gets a consistent flat tree layout with clearer status icons; the workflow prompt keyword now uses a purple shimmer and triggers only on explicit phrases like "run a workflow" (not any mention of the word); Remote Control connection errors show a persistent footer indicator and clearer "not yet enabled" reasons; `/bug` now requires a description and no longer uses refusal text as the issue title; an OOM crash from a stale websocket/OAuth file descriptor is fixed; and Claude in Chrome no longer silently fails to connect when the OAuth token belongs to a different account. [Release notes →](https://github.com/anthropics/claude-code/releases/tag/v2.1.178) Affects: [/openclaw/](https://openclawdatabase.com/openclaw/), [/openclaw/security/](https://openclawdatabase.com/openclaw/security/), [/openclaw/configuration/](https://openclawdatabase.com/openclaw/configuration/), [/openclaw/skills-guide/](https://openclawdatabase.com/openclaw/skills-guide/) 2026-06-12 OpenClaw [v2.1.176](https://github.com/anthropics/claude-code/releases/tag/v2.1.176) **availableModels enforcement hardened.** Alias model picks can no longer be redirected to a blocked model via `ANTHROPIC_DEFAULT_*_MODEL` environment variables, and `/fast` now refuses to toggle when doing so would switch to a model outside the allowlist. This complements the `enforceAvailableModels` setting from v2.1.175 — together they close the remaining env-var and fast-mode escape hatches around managed model allowlists. **Conversation-language session titles + footer link badges.** Session titles are now generated in the language of your conversation (pin one with the `language` setting), and a new `footerLinksRegexes` setting adds regex-matched link badges to the footer row via user or managed settings. **Hook path conditions and sandbox fixes.** Hook `if` conditions for Read/Edit/Write tool paths now match correctly for documented patterns like `Edit(src/**)`, `Read(~/.ssh/**)`, and `Read(.env)`; the Linux sandbox no longer fails to start when `.claude/settings.json` is a symlink with an absolute target; and auto mode no longer fails on Fable 5 for orgs without Opus 4.8 (the classifier falls back to the best available Opus). Plus Bedrock credential caching honors the real `Expiration`, several Remote Control fixes (no more silent model switches from web/mobile), and `/copy` reaching the clipboard inside tmux over SSH. [Release notes →](https://github.com/anthropics/claude-code/releases/tag/v2.1.176) Affects: [/openclaw/](https://openclawdatabase.com/openclaw/), [/openclaw/configuration/](https://openclawdatabase.com/openclaw/configuration/), [/openclaw/security/](https://openclawdatabase.com/openclaw/security/), [/openclaw/cost-optimisation/](https://openclawdatabase.com/openclaw/cost-optimisation/) 2026-06-16 OpenClaw [v2.1.179](https://github.com/anthropics/claude-code/releases/tag/v2.1.179) (+ v2.1.177) **Stability fix batch.** Mid-stream connection drops now preserve the partial response instead of showing a raw error, and the spinner no longer sticks at "running tool". Mouse-wheel scrolling is fixed in WSL2 under Windows Terminal and VS Code (a regression from 2.1.172). A sandbox `denyRead`/`allowRead` glob over a large directory tree could balloon the Bash tool description and make sessions unusable on Linux — fixed. Also: the feedback survey no longer captures a single-digit reply as a session rating, the welcome screen shows at most one promo banner, Ctrl+O shows a subagent's transcript correctly, remote-session background tasks no longer appear stuck "still running" between turns, and plugin loading is faster in remote sessions. (v2.1.177 shipped with no published notes.) [Release notes →](https://github.com/anthropics/claude-code/releases/tag/v2.1.179) Affects: [/openclaw/](https://openclawdatabase.com/openclaw/), [/openclaw/troubleshooting/](https://openclawdatabase.com/openclaw/troubleshooting/), [/openclaw/setup/](https://openclawdatabase.com/openclaw/setup/) 2026-06-15 Kilo Code [v7.3.46](https://github.com/Kilo-Org/kilocode/releases/tag/v7.3.46) · [v7.3.45](https://github.com/Kilo-Org/kilocode/releases/tag/v7.3.45) · [v7.3.44 (pre-release)](https://github.com/Kilo-Org/kilocode/releases/tag/v7.3.44) **Embedded LanceDB is now the default semantic-search store.** Codebase indexing for semantic search now uses an embedded LanceDB vector store out of the box, so it works without standing up a separate Qdrant server — a real simplification of the search setup. Existing Qdrant users and Intel Mac users can still select `qdrant` via `indexing.vectorStore`. (v7.3.44, pre-release.) **Onboarding autonomy preset + Gateway deep links.** v7.3.45 lets you choose an agent autonomy preset during VS Code onboarding and select Kilo Gateway catalog models from VS Code deep links. It also shows submitted review comments as interactive message cards, lets Escape stop Agent Manager prompts while sessions are still starting, and hides turn-outcome warnings caused only by unfinished to-dos. **Per-subagent reasoning overrides.** v7.3.46 adds model-specific reasoning overrides for task subagents, including custom subagents with their own model and variant settings, and allows reasoning to be removed from custom provider models after it's been enabled. It also restores reverted sessions on the first Redo click and routes question responses back to the worktree where the question was created. Separately, JetBrains 7.0.1-rc.9 adds prompt-enhancement support and prompt/transcript attachments (paste, drop, preview). [Release notes →](https://github.com/Kilo-Org/kilocode/releases) Affects: [/kilocode/](https://openclawdatabase.com/kilocode/), [/kilocode/setup/](https://openclawdatabase.com/kilocode/setup/), [/kilocode/models/](https://openclawdatabase.com/kilocode/models/), [/kilocode/orchestrator/](https://openclawdatabase.com/kilocode/orchestrator/) 2026-06-17 NemoClaw v0.0.65 + 2026-06-16/17 commit batch NemoClaw published **v0.0.65** release notes and merged a large batch. Most commits are the continuing migration of legacy shell E2E tests to live Vitest scenarios (full-e2e, cloud-onboard, gpu-double-onboard, onboard-resume) and cognitive-complexity refactors of `onboard.ts`/`rebuild.ts` — no user-visible behavior change. The user-facing changes: **v0.0.65 release notes published** ([#5519](https://github.com/NVIDIA/NemoClaw/commit/f54046de7a40946385ff415092de3046d70ec84c)): The release notes now cover deadline-based gateway wait reliability, re-exec'd OpenClaw gateway health-check recovery, safer uninstall TTY confirmation, fail-closed config-restore merges, WeChat QR token redaction, and model-router teardown during uninstall, with the generated `nemoclaw-user-*` skills regenerated from source docs. **Insecure temp-file creation hardened** ([#5517](https://github.com/NVIDIA/NemoClaw/commit/ca43cb07c1c49d586a68aee130c87b85ac015ad4)): Predictable host SSH-config temp files now live inside private `mkdtemp`-backed directories, and the startup log, gateway/auto-pair log, health-marker, and PID writes in `nemoclaw-start.sh` now use same-directory temp files plus atomic rename. A focused least-privilege/security fix against predictable-temp-file races, with regression coverage added. **Contributor PRs now require DCO + verified commits** ([#5523](https://github.com/NVIDIA/NemoClaw/commit/a6e664d226c79f80d50fdb6b22de99e618c3d045)): Contributor agents must include a PR-body DCO sign-off declaration and have every pushed commit show as GitHub-*Verified* before opening a PR; the contributor PR-creation skill now verifies signatures before running `gh pr create` and stops if either is missing. Relevant if you run a NemoClaw contributor agent against this repo. **Enterprise-readiness reference + sub-agent setup clarified** ([#5372](https://github.com/NVIDIA/NemoClaw/commit/c2c6590d55638c6889b16edcf5b0e5f053579663), [#5521](https://github.com/NVIDIA/NemoClaw/commit/ef310739b4483c00baccfe37e6403de92e8d3fb1)): A new enterprise-readiness reference classifies what's supported today vs. manual/admin-only vs. partner-owned vs. roadmap. The task-specific sub-agent setup guide now states its prerequisites (an installed host and a running sandbox) up front and adds the missing runnable steps for patching `openclaw.json`, uploading sub-agent credentials, and verifying hot reload. [Commit log →](https://github.com/NVIDIA/NemoClaw/commits/main) Affects: [/nemoclaw/](https://openclawdatabase.com/nemoclaw/), [/nemoclaw/setup/](https://openclawdatabase.com/nemoclaw/setup/), [/nemoclaw/skills/](https://openclawdatabase.com/nemoclaw/skills/) 2026-06-17 Claude Cowork Apps + API release notes updated **Anthropic release-notes pages updated.** Both the Claude apps and Claude API release-notes pages changed again. The monitor detected the updates, but the pages render their entries client-side and expose no machine-readable content to the poller — check the [apps](https://docs.anthropic.com/en/release-notes/claude-apps) and [API](https://docs.anthropic.com/en/release-notes/api) pages directly for specifics. [Release notes →](https://docs.anthropic.com/en/release-notes/claude-apps) Affects: [/claude-cowork/](https://openclawdatabase.com/claude-cowork/), [/claude-cowork/pricing/](https://openclawdatabase.com/claude-cowork/pricing/), [/claude-cowork/vs-api/](https://openclawdatabase.com/claude-cowork/vs-api/) Guides that may be outdated These guides are touched by today's releases but haven't been refreshed in over 30 days — worth a review pass: [/openclaw/security/](https://openclawdatabase.com/openclaw/security/) (last updated 2026-04-06) and [/openclaw/setup/](https://openclawdatabase.com/openclaw/setup/) (2026-04-06), plus [/openclaw/configuration/](https://openclawdatabase.com/openclaw/configuration/) and [/openclaw/skills-guide/](https://openclawdatabase.com/openclaw/skills-guide/) (both 2026-05-16). The new `Tool(param:value)` permission syntax and nested `.claude/skills` loading are strong candidates for the security, configuration, and skills guides. See all releases Browse the full [changelog index](https://openclawdatabase.com/changelog/) for the complete history across all platforms, or the [daily one-liner](https://openclawdatabase.com/changelog/daily/) for the most recent state of each agent.