Changelog — June 19, 2026

Auto mode now blocks destructive commands you didn't ask for. Destructive git commands — git reset --hard, git checkout -- ., git clean -fd, git stash drop — are blocked when you didn't request to discard local work; git commit --amend is blocked when the commit wasn't made by the agent this session; and terraform destroy / pulumi destroy / cdk destroy are blocked unless you asked for that specific stack. A meaningful guardrail against an over-eager agent nuking uncommitted work or tearing down infrastructure in unattended runs.

Scheduled-task and webhook deliveries can no longer approve actions. Task and webhook trigger deliveries were being classified as keyboard input; they're now treated as task notifications and cannot approve a pending action or set the session title in auto mode. Paired with a fix that stops MCP servers requiring authentication from exposing auth-stub tools to the model in headless/SDK mode, this is a solid hardening pass for automated and remote setups.

New settings: attribution.sessionUrl, /config --help, deprecated-model warnings. attribution.sessionUrl omits the claude.ai session link from commits and PRs in web and Remote Control sessions; /config --help lists every shorthand key for the /config key=value syntax; /config toggles now save-and-close on Esc instead of reverting; and a warning fires (on stderr in -p mode, now also for models set in agent frontmatter) when the requested model is deprecated or auto-upgraded.

Fixes worth knowing. WebSearch returning empty results inside subagents is fixed; fullscreen TUI corruption (mid-screen statusline, duplicated spinner rows, merged text) in Windows Terminal under heavy nested-subagent load is repaired; turns that silently completed when the model returned only a thinking block now re-prompt once; thinking.disabled.display 400 errors on subagent spawns are fixed; background tasks started by a teammate are no longer killed when that teammate finishes a turn; and user-level skills no longer appear multiple times in slash-command autocomplete with multiple plugins enabled.

Release notes → Affects: /openclaw/, /openclaw/security/, /openclaw/configuration/, /openclaw/setup/

Claude Sonnet 4 and Claude Opus 4 are retired — requests now error. The Claude API has retired claude-sonnet-4-20250514 and claude-opus-4-20250514; all requests to these model IDs now return an error rather than silently routing elsewhere. If you pinned either snapshot in a SOUL.md, an agent frontmatter, an SDK call, or a CI script, it will break until you migrate. Anthropic recommends upgrading to Claude Sonnet 4.6 and Claude Opus 4.8 respectively; researchers can request continued access through the External Researcher Access Program. Cowork and Claude Code users on the latest defaults are unaffected — this only bites pinned -20250514 IDs.

Release notes → Affects: /claude-cowork/, /claude-cowork/vs-api/, /claude-cowork/pricing/

No new release (still v0.0.65). One documentation-only commit landed on main.

Contributor skill for onboarding new messaging channels (#5501): adds nemoclaw-contributor-onboard-messaging-channel — a guided workflow (progressive intake, upstream source analysis, implementation steps, quality gates, focused verification) for adding a new messaging channel through NemoClaw's manifest-first messaging architecture — plus a src/lib/messaging/AGENTS.md documenting package boundaries and channel extension points. Contributor-facing only; no user-visible behavior change, but a useful pointer if you're extending NemoClaw's Telegram/Discord/messaging layer.

Commit log → Affects: /nemoclaw/skills/