Last updated: 2026-07-11

Changelog — July 11, 2026

Enterprise-provider defaults shift and a formal NemoClaw tag. Claude Code v2.1.207 makes auto mode generally available (no opt-in) on Bedrock, Vertex AI, and Foundry, defaults those providers to Claude Opus 4.8, and closes a plugin ${user_config.*} shell-injection hole. Claude Cowork adds a Monthly Recap at Settings › Reflect. NemoClaw tags v0.0.80, packaging the Hermes v0.18 + OpenRouter work reported yesterday, and lands new fixes — WhatsApp pair-login on stock installs and token-shaped URL redaction among them. No new IronClaw, Kilo Code, or ChatGPT/OpenAI release.

2026-07-11 Claude Code v2.1.207

Auto mode goes GA on the enterprise providers, the default model shifts to Opus 4.8, and a plugin shell-injection path is closed. The notable changes:

  • Auto mode without opt-in on Bedrock, Vertex AI, and Foundry: auto mode no longer requires the CLAUDE_CODE_ENABLE_AUTO_MODE environment flag on those platforms — set disableAutoMode in settings to turn it off.
  • Opus 4.8 default on AWS/Vertex: Bedrock, Vertex, and Claude Platform on AWS now default to Claude Opus 4.8.
  • Plugin shell-injection fix: ${user_config.*} in shell-form plugin hook/monitor/MCP headersHelper commands is now rejected. Use exec form (args array) or $CLAUDE_PLUGIN_OPTION_<KEY> for hooks; read the value inside the script for monitors and headersHelper. Plugin option values (pluginConfigs) are also no longer read from project-level .claude/settings.json — only user, --settings, and managed settings are honored.
  • Auto mode config scope: auto mode no longer reads autoMode from repo-resident .claude/settings.local.json; use ~/.claude/settings.json instead.

The fixes:

  • Streaming performance: fixed the terminal freezing and keystrokes lagging while streaming responses with very long lists, tables, paragraphs, or code blocks.
  • Agent-teams crash loop: a malformed teammate mailbox message no longer triggers repeated per-second errors until the mailbox file is manually deleted.
  • Security consent: remote managed settings from a non-interactive run (claude -p, the SDK) are no longer permanently recorded as consented without ever showing the security consent dialog; and spurious prompt-injection warnings on benign system-generated conversation updates are fixed.
  • Auto-updater & launcher: the updater no longer overwrites a custom launcher script or symlink at ~/.local/bin/claude on every release — /doctor now reports an externally managed launcher.
  • Windows AWS hang: an indefinite hang when AWS credential resolution stalls (e.g. a stuck credential_process) now trips the 60-second stall guard; Bedrock also stops re-requesting fresh AWS SSO credentials on every API request.
  • Also: compound cd commands redirecting only to /dev/null no longer prompt for permission; malformed bracket patterns in globs/skill paths/.ignore no longer break file reads and worktree creation; Deep research Fetch-phase chips now show the source hostname instead of "unknown"; and background worktree sessions no longer resume blank after a cold reopen.

Who should care: teams on Bedrock, Vertex, or Foundry — auto mode is now on by default and the model default moved to Opus 4.8, so review both if you pin models or budgets. Plugin authors must migrate any ${user_config.*} shell-form commands to exec form. No breaking changes for standard api.anthropic.com users; an incremental release on the 2.1 line.

Release notes → Affects: /openclaw/, /openclaw/setup/, /openclaw/configuration/, /openclaw/security/, /claude-cowork/

2026-07-09 Claude Cowork Monthly Recap

Claude added a Monthly Recap. A new beta feature at Settings › Reflect surfaces the topics you spent time on, your most active day, and your peak hour of the month. It's available on Free, Pro, and Max across web and Claude Desktop, and requires memory enabled. This follows the July 7 rollout that brought Cowork to web and mobile (with sessions running remotely and syncing across devices) alongside write access for the Microsoft 365 connector.

Who should care: anyone using Claude with memory on who wants a lightweight usage retrospective — purely additive, nothing to configure beyond having memory turned on. If memory is off, the recap won't populate.

Claude release notes → Affects: /claude-cowork/, /claude-cowork/projects/, /claude-cowork/skills-guide/

2026-07-11 NemoClaw main · v0.0.80 · WhatsApp login · token-URL redaction

v0.0.80 is now formally tagged (#6668), packaging the Hermes v0.18 + Slack Block Kit, OpenRouter runtime attribution adapter, corporate-proxy CA import, and release-matched base images we covered yesterday. Since then, main landed a batch of new user-facing fixes:

  • WhatsApp pairing now works on a stock install (#6645): fixes two stacked failures where pairing succeeded but the channel never started — a private-IP origin was stripping operator scopes (denying channels.start with missing scope: operator.admin), and channel plugins are now installed via the npm-pack: spec so OpenClaw records npm provenance for the trusted-install check that gates keyed stores on OpenClaw ≥ 2026.6.10.
  • Token-shaped URL redaction (#6650): a security fix — token-shaped URL query values are now redacted in persisted diagnostics even when the parameter name looks benign, with new coverage for JWT-shaped tokens, encoded values, and repeated params.
  • Local endpoints route through the gateway (#6649): local compatible-endpoint inference URLs (loopback hosts on bundled policy ports 11434/11435/8000) now register through host.openshell.internal while host validation stays on the user-entered URL — with documented 0.0.0.0-bind exposure mitigations.
  • Faster onboarding (#6661): provider-validation probes now reuse DNS resolution and keepalive HTTP(S) connections across related checks, falling back to curl for proxies, IP literals, and local/sandbox endpoints.
  • Also: the custom Streamable-HTTP MCP network-policy recipe now documents a scoped DELETE /mcp for session termination (#6638); onboarding phase heartbeats pause while an interactive prompt owns the terminal (#6664); and backup failure messages now name the per-directory cause — permission denied vs absent after extraction (#6631).

Who should care: NemoClaw users pairing WhatsApp (it works on a clean install now), operators running local/self-hosted inference endpoints (the gateway-routing change), and anyone reviewing diagnostics for leaked credentials (the URL-redaction fix). The custom MCP-policy recipe change matters if you scope Streamable-HTTP MCP access by method. These are commit-level changes on main; v0.0.80 is the release label NVIDIA has now attached to them.

NemoClaw commits → Affects: /nemoclaw/, /nemoclaw/setup/, /nemoclaw/switching-providers/, /nemoclaw/policy/, /nemoclaw/skills/

Guides that may be outdated

Pages touched by today's releases that haven't been refreshed in over 30 days and are queued for review: /openclaw/setup/ and /openclaw/security/ (Apr 6) predate auto mode's provider GA and the Opus 4.8 default; the Claude Cowork guides — /claude-cowork/, /claude-cowork/projects/, /claude-cowork/skills-guide/ (May 30) — predate the web/mobile Cowork rollout and Monthly Recap; and the NemoClaw guides — /nemoclaw/, /nemoclaw/switching-providers/, /nemoclaw/policy/ (May 30) — predate v0.0.80. Content is still broadly accurate; version numbers, model defaults, and a few command details lag.

See all releases

Browse the full changelog index for the complete history across all platforms, or the daily one-liner for the most recent state of each agent.