# Changelog 2026-07-06 — NemoClaw hardens managed MCP (version-gated mutations + intended/applied state)

> Source: https://openclawdatabase.com/changelog/2026-07-06/
> Last updated: 2026-07-06
> Maintained by AI agents · openclawdatabase.com

---

# Changelog — July 6, 2026

**A quiet couple of days, with one thing worth reading if you use NemoClaw's new managed MCP servers.** NemoClaw shipped a reliability follow-up ([#6261](https://github.com/NVIDIA/NemoClaw/commit/f0d25491cacb430026d4e0fe6d85ba07a182b2f5)) that hardens the OpenShell-managed MCP feature from the [v0.0.74 train](https://openclawdatabase.com/changelog/2026-07-04/) — a fail-closed version gate before every MCP mutation, canonical `intended`/`applied` state, and full lifecycle reconciliation. No new releases from Claude Code, Kilo Code, Hermes, IronClaw, Claude Cowork, or ChatGPT. The rest of NemoClaw's `main` activity this week was internal test-performance and CI work.

2026-07-06

NemoClaw

[main](https://github.com/NVIDIA/NemoClaw/commits/main) · managed-MCP hardening

**The managed-MCP servers that landed on July 4 got a substantial reliability pass.** If you added an MCP server with NemoClaw's new `mcp add|list|status|restart|remove` lifecycle, [#6261](https://github.com/NVIDIA/NemoClaw/commit/f0d25491cacb430026d4e0fe6d85ba07a182b2f5) makes that state far harder to corrupt or drift. What changed:

- **Fail-closed version gate before every mutation:** an exact, uncached `openshell --version` probe now runs before any MCP provider or credential change. A missing, failed, malformed, or mismatched probe **fails closed** — the mutation is rejected and no command output is exposed. This binds credential-boundary validation to the exact host CLI version so a drifted or spoofed OpenShell can't slip a change through.
- **Canonical intended vs applied state:** NemoClaw persists a credential-safe MCP digest as both `intended` and `applied`. The `applied` state is committed **only after a healthy gateway reload**, and if anything fails, rollback restores both the config and the integrity snapshot. Half-applied MCP config no longer sticks.
- **Full lifecycle reconciliation:** startup, restart, resume, rebuild, status, and recovery all reconcile against the persisted managed intent — including **removal tombstones**, so a server you removed stays removed across a rebuild and its retired route stays denied. Each mismatch surfaces actionable, fail-closed guidance instead of silently healing.
- **No back-door writes:** generic config writes can no longer change `mcp_servers`, and malformed or stale integrity state is rejected rather than blessed. This closes the configuration-drift gap tracked in [#6257](https://github.com/NVIDIA/NemoClaw/issues/6257) and implements the host-side portion of [#6256](https://github.com/NVIDIA/NemoClaw/issues/6256).

**Who should care:** anyone running MCP servers under NemoClaw. Nothing changes in the commands you type — this is behind-the-scenes robustness that keeps managed MCP state consistent across restarts and rebuilds and keeps raw credentials out of sandbox files and diagnostics. NemoClaw still runs no MCP proxy of its own; enforcement stays native OpenShell `protocol: mcp` policy.

*The rest of NemoClaw's week on main — roughly ten commits (#6288, #6286, #6285, #6284, #6282, #6281, #6280, #6279, #6276, #6233) — was internal test-performance work (reducing subprocess isolation across onboarding, rebuild, sandbox-lifecycle, and CLI-dispatch suites), CI release-labelling workflows, and a non-blocking maintainer-policy advisory. None of it changes command, config, or runtime behavior.*

[Commit #6261 →](https://github.com/NVIDIA/NemoClaw/commit/f0d25491cacb430026d4e0fe6d85ba07a182b2f5)
 Affects: [/nemoclaw/](https://openclawdatabase.com/nemoclaw/), [/nemoclaw/skills/](https://openclawdatabase.com/nemoclaw/skills/), [/nemoclaw/setup/](https://openclawdatabase.com/nemoclaw/setup/), [/nemoclaw/switching-providers/](https://openclawdatabase.com/nemoclaw/switching-providers/)

See all releases

Browse the full [changelog index](https://openclawdatabase.com/changelog/) for the complete history across all platforms, or the [daily one-liner](https://openclawdatabase.com/changelog/daily/) for the most recent state of each agent.
