Last updated: 2026-07-04

Changelog — July 4, 2026

A defaults day for Claude Code and a feature day for NemoClaw. Claude Code 2.1.200 renames the "default" permission mode to Manual across the CLI and both IDE extensions, stops AskUserQuestion dialogs from auto-continuing, and clears out a batch of background-agent daemon-handover and sleep/wake bugs; 2.1.201 is a one-line Sonnet 5 harness fix. Kilo Code v7.4.1 restores a missing sandbox worker that had broken file operations. NemoClaw's v0.0.74 train landed on main with two headline features — OpenShell-managed MCP servers and progressive tool disclosure — plus an upgrade to openclaw 2026.6.10. No new releases from Hermes, IronClaw, Claude Cowork, or ChatGPT.

2026-07-04 Claude Code v2.1.200 · v2.1.201

A defaults change worth knowing about, on top of another round of background-agent hardening. Two releases landed since yesterday. The headline in 2.1.200 is a rename that changes what you see, not what it does:

  • "Default" permission mode is now called "Manual": the mode is renamed across the CLI, --help, VS Code, and JetBrains. It behaves exactly as before — you approve each action — but the name now says so. --permission-mode manual and "defaultMode": "manual" are accepted, and the old default spelling still works, so nothing breaks.
  • AskUserQuestion dialogs no longer auto-continue: a question dialog now waits for you instead of picking a default answer on its own. If you want the old timeout behavior back, opt into an idle timeout via /config.
  • Startup crash fixed: a non-array disabledMcpServers or enabledMcpServers value in .claude.json no longer crashes Claude Code on launch.

The rest is background-agent reliability — useful if you run agents in the background or across sleep/wake:

  • Sessions survive sleep/wake: background sessions no longer silently stop mid-turn after a sleep/wake cycle or when you reopen a stalled session, and a turn you cancelled with Esc after a stall is no longer re-run on respawn.
  • Daemon handover hardened: agents restart again after a crash left a stale daemon.lock whose PID the OS had reused; and a reinstalled older build can no longer seize the daemon — build recency is now judged by the embedded build timestamp, not install order.
  • Roster robustness: transient corruption no longer permanently disables orphan cleanup, older binaries preserve fields written by newer versions, and socket auth tokens survive daemon restarts.
  • Cleaner failures: a subagent cut off by a rate limit before producing any text now returns an empty result instead of failing messily; control bytes no longer leak into the agent view; and screen-reader focus tracking on the /mcp server list is fixed.

2.1.201 is a single fix: Claude Sonnet 5 sessions no longer use the mid-conversation system role to deliver harness reminders.

Release notes → Affects: /openclaw/, /openclaw/configuration/, /openclaw/security/, /claude-cowork/, /claude-cowork/system-prompts/

2026-07-04 Kilo Code v7.4.1

A small patch, but one fix matters if you use sandboxed file operations. Three changes:

  • Broken sandbox worker fixed (#11926): kilo-sandbox-mutation-worker.js was missing from the VS Code extension bundle, so every sandboxed file operation failed with "Module not found." The worker is back in the bundle — upgrade if you rely on sandboxed edits.
  • Bidirectional text input (#11918): the prompt input now supports right-to-left and mixed-direction text.
  • New Worktree picker fixed (#11924): selecting a reasoning variant or mode in the New Worktree dialog now actually applies it — the dialog's modal overlay had been swallowing the click before the option handler ran.

Release notes → Affects: /kilocode/, /kilocode/setup/, /kilocode/security/, /kilocode/orchestrator/

2026-07-04 NemoClaw v0.0.74 (main)

The v0.0.74 train landed on main — the biggest NemoClaw batch in a while, with two genuine new features. NemoClaw ships from main (no version tags), so these are live for anyone tracking the branch:

  • OpenShell-managed MCP servers (#5876): native mcp add|list|status|restart|remove lifecycle for OpenClaw, Hermes, and LangChain Deep Agents Code. It accepts only authenticated HTTPS Streamable HTTP endpoints, keeps raw credentials out of sandbox files and registry state (only credential names are stored), and survives rebuild/destroy recovery. NemoClaw runs no MCP proxy or relay of its own — enforcement is native OpenShell protocol: mcp policy.
  • Progressive tool disclosure (#6251): a shared tool-disclosure mode across Deep Agents Code, Hermes, and OpenClaw. New sandboxes default to progressive (tools surfaced on demand via a bounded search_tools step); --tool-disclosure direct or NEMOCLAW_TOOL_DISCLOSURE=direct restores the fully visible catalog. The mode persists through resume and rebuilds.
  • Upgrade to openclaw 2026.6.10 (#5595): the pinned OpenClaw runtime moves one stable patch forward from 2026.6.9, with the packaging, credential-recovery, and runtime-proof boundaries re-audited against the new release.
  • Windows-ARM N1X model fix (#6234): on the Snapdragon X (N1X) iGPU, onboarding used to auto-select a 30B/35B model that can't return a token inside the agent-loop timeout, leaving the sandbox unusable. That hardware is now marked compute-constrained, so the bootstrap selector skips the too-heavy models. Discrete GPUs are unaffected.

Also on main: DCode rebuild handoff hardened to revalidate every input before the destructive delete boundary (#6260); warm onboard/rebuild reuse validated sandbox base images for faster starts (#6254); BuildKit prebuild context validation (#6265); a one-command contributor onboarding path npm run dev:setup (#6200); and an agent-runnable value benchmark npm run bench (#5604). The remaining commits were CI/E2E budget signals, a Makefile removal, and dependency bumps.

Commit log → Affects: /nemoclaw/, /nemoclaw/setup/, /nemoclaw/skills/, /nemoclaw/local-gpu/, /nemoclaw/switching-providers/

See all releases

Browse the full changelog index for the complete history across all platforms, or the daily one-liner for the most recent state of each agent.