AI Agent Changelog

/simplify is renamed to /code-review with an optional effort level (e.g. /code-review high). The Windows PowerShell "command line is invalid" regression from v2.1.124 is fixed. MCP servers no longer drop paginated resources past page 1 on resources/list, resources/templates/list, and prompts/list. Background sessions stop re-prompting for tool permissions you already granted with "don't ask again," and CLAUDE_CODE_SUBAGENT_MODEL is now forwarded to child processes in multi-agent sessions. Windows Terminal full-screen strobing in attached background sessions is also resolved.

Release notes → Affects: /openclaw/, /openclaw/setup/, /openclaw/skills-guide/, /openclaw/configuration/, /openclaw/security/, /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/

Five pre-release patches shipped today (v7.3.2–v7.3.6). The headline: file @-mentions now render as styled chips with click-to-open in both the chat input and sent messages — atomic backspace removal and arrow-key skipping included. Session history search auto-focuses when the panel opens. VS Code local CLI reconnect flapping while the event stream is unavailable is fixed, and Agent Manager diff previews stuck on "Loading…" are resolved. Tree-sitter WASM resources are now resolved correctly in packaged CLI and VS Code builds.

Release notes → Affects: /kilocode/, /kilocode/setup/, /kilocode/models/, /kilocode/orchestrator/

Homebrew is now pre-installed in the sandbox base image — the brew policy preset finally works end-to-end without any manual bootstrap step (#3913). python now resolves to python3 in the sandbox, fixing bare python agent tool calls. Discord traffic is routed through a loopback proxy for correct Gateway/WebSocket handling. A new dashboard-url command prints the authenticated dashboard URL on demand. Managed vLLM is now shown by default on DGX Spark and DGX Station hardware. Hermes rc rewrites after capability drop are fixed.

Commit log → Affects: /nemoclaw/, /nemoclaw/setup/, /nemoclaw/local-gpu/, /nemoclaw/policy/, /nemoclaw/skills/

claude agents --json now lists all live sessions as JSON, making it scriptable for tmux-resurrect, status bars, and session pickers. The /plugin Discover and Browse screens show a plugin's full manifest — commands, agents, skills, hooks, MCP/LSP servers — before you install. Security fix: bare variable assignments to non-allowlisted env vars in Bash commands were being auto-approved; that bypass is now closed. Also fixed: spinner/timer freezing after terminal resize, cross-project resume hint on Windows PowerShell 5.1, voice push-to-talk in agent view, and task lists rendering in random order.

Release notes → Affects: /openclaw/, /openclaw/setup/, /openclaw/security/, /openclaw/configuration/, /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/

/resume now includes background sessions started via claude --bg or agent view, shown with a bg label. /model now applies to the current session only — press d in the picker to set a default for new sessions. Startup hang of up to 75s when api.anthropic.com is unreachable (captive portal, firewall, VPN) is fixed — side-channel API calls now time out after 15s. "Extra usage" has been renamed to "usage credits" everywhere; /usage-credits replaces /extra-usage (old slash command still works). The /plugin browse pane now shows when a plugin was last updated.

Release notes → Affects: /openclaw/, /openclaw/setup/, /openclaw/configuration/, /openclaw/cost-optimisation/, /claude-cowork/, /claude-cowork/setup/, /claude-cowork/pricing/

Model picker sections (Favorites, Recommended, and per-provider groups like Kilo Gateway) are now collapsible — click any section header to hide its models; state resets each time the picker opens. Speech-to-text voice input is now supported in Agent Manager inline review comments. You can now export full VS Code session transcripts as Markdown files via the new export action.

Release notes → Affects: /kilocode/, /kilocode/setup/, /kilocode/models/

Windows WSL express install now supported: the installer routes WSL users to Windows-host Ollama setup, matching the guided non-interactive path on DGX platforms. AWS Bedrock Runtime custom endpoints are now auto-detected through the existing "Anthropic-compatible endpoint" flow — no new provider selection needed. Network policy docs clarified: TUI approvals are session-only and do not persist across sandbox restarts; persistent policy guidance is now linked prominently. A new PR Review Advisor workflow was added for NemoClaw-aware code review signals.

Commit log → Affects: /nemoclaw/, /nemoclaw/setup/, /nemoclaw/local-gpu/, /nemoclaw/switching-providers/, /nemoclaw/policy/

The Foundation Release. pip install hermes-agent now works from PyPI — Hermes installs and runs anywhere. xAI Grok lands as a SuperGrok OAuth provider with grok-4.3 at a 1M context window. A new OpenAI-compatible local proxy lets Codex, Aider, Cline, and Continue hit any OAuth-authed Hermes provider (Claude Pro, ChatGPT Pro, SuperGrok) without API keys. X (Twitter) search is now a first-class tool. Microsoft Teams is wired end-to-end. Cold start cut by ~19 seconds; browser CDP calls are 180× faster. LINE and SimpleX Chat bring the total messaging platform count to 22. Cross-session 1-hour Claude prompt caching and native Windows beta also ship in this release.

Release notes → Affects: /hermes/, /hermes/setup/, /hermes/tasks/, /hermes/memory/, /hermes/mcp-tools/

A collapsible sidebar lands in Agent Manager — the toggle button sits left of the tab title, collapsed state persists across reloads, and starting a new session automatically reopens it. Auto-compaction threshold is now configurable as a percentage so long sessions compact before the context window fills. Shell command output now gets syntax highlighting via Shiki, with labeled Command/Output sections, per-section copy buttons, and "Open in Editor" for full untruncated output. Experimental speech-to-text voice input in VS Code prompt fields via Kilo Gateway also ships.

Release notes → Affects: /kilocode/, /kilocode/setup/, /kilocode/orchestrator/

Fixes a regression where chat-driven tool_install was double-invoking with an auto-approve footgun — the extension install flow is now restored to correct behavior. Provider-specific auth, model fetch, and embeddings config are now hidden behind clean facades, reducing surface area for misconfiguration. Two auth-matrix E2E tests are unxfailed now that the contract matches.

Release notes → Affects: /ironclaw/, /ironclaw/skill-allowlisting/, /ironclaw/configuration/

The Tenacity Release. Multi-agent Kanban ships: spin up a durable board, drop tasks on it, and let multiple Hermes workers pick them up with heartbeats, reclaim, zombie detection, retry budgets, and a hallucination gate. /goal keeps the agent locked on a target across turns (Ralph loop). Security wave closes 8 P0s: redaction is now ON by default, Discord role-allowlists are guild-scoped, WhatsApp rejects strangers by default, and TOCTOU windows close across auth.json and MCP OAuth. Google Chat becomes the 20th supported messaging platform. Seven i18n locales ship.

Release notes → Affects: /hermes/, /hermes/setup/, /hermes/tasks/, /hermes/memory/

The Reborn integration substrate lands on main — a major architectural overhaul introducing host foundation crates, a capability host, runtime dispatcher, process lifecycle management, and structured boundaries for filesystem, secrets, network, and extension manifest registry. A WIT-compatible WASM tool runtime is added. Host-controlled trust-class policy engine introduced. All extension and skill interactions now route through structured capability contracts, significantly hardening the security model.

Release notes → Affects: /ironclaw/, /ironclaw/setup/, /ironclaw/security/, /ironclaw/skill-allowlisting/, /ironclaw/vs-openclaw/

Plugin dependency enforcement gets smarter: claude plugin disable refuses if another enabled plugin depends on the target and shows a copy-pasteable disable-chain hint; claude plugin enable now auto-enables transitive dependencies. The /plugin marketplace browse pane adds projected context cost (per-turn and per-invocation token estimates). New worktree.bgIsolation: "none" setting lets background sessions edit the working copy directly without creating a worktree. PowerShell now passes -ExecutionPolicy Bypass by default — opt out with CLAUDE_CODE_POWERSHELL_RESPECT_EXECUTION_POLICY=1. Key fixes: stop hooks that blocked repeatedly no longer loop forever (capped at 8 blocks with a warning); right-click paste in claude agents on Windows Terminal and WSL restored; agent view no longer spawns repeated PowerShell processes on Windows; /goal evaluator no longer fires while background shells or subagents are still running.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/, /claude-cowork/pricing/

claude agents gains 8 new flags (--add-dir, --settings, --mcp-config, --plugin-dir, --permission-mode, --model, --effort, --dangerously-skip-permissions) so you can fully configure dispatched background sessions from the command line. Fast mode now defaults to Opus 4.7 (previously 4.6); set CLAUDE_CODE_OPUS_4_6_FAST_MODE_OVERRIDE=1 to pin back. Key fixes: MCP_TOOL_TIMEOUT now correctly raises the per-request fetch timeout (was hard-capped at 60 s regardless of config); background sessions can find pre-existing git worktrees again; daemon no longer crash-loops after macOS sleep/wake or after a binary upgrade.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/, /claude-cowork/pricing/

Hooks gain a new terminalSequence field to emit desktop notifications, window titles, and bells even without a controlling terminal. CLAUDE_CODE_PLUGIN_PREFER_HTTPS env var added for HTTPS plugin cloning in environments without a GitHub SSH key. The Rewind menu adds "Summarize up to here" to compress earlier context while keeping recent turns. Background agents launched via /bg or ←← now preserve the current permission mode instead of reverting to default. /feedback can now include sessions from the last 24 h or 7 days for cross-session issues.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/, /claude-cowork/pricing/

Agent tool subagent_type matching is now case- and separator-insensitive — "Code Reviewer" resolves to code-reviewer automatically. /goal no longer silently hangs when hooks are restricted; it now shows a clear message instead of an unresolvable indicator. Fixes: symlinked settings files no longer cause spurious ConfigChange hooks; claude --bg no longer fails with "connection dropped mid-request" when the background service was about to idle-exit; Windows event-loop stall from missing executables (e.g. gh) resolved.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/, /claude-cowork/pricing/

Adds Agent View (claude agents) — a unified list of every Claude Code session across running, blocked, and done states. Introduces /goal for autonomous multi-turn execution until a condition is met, hook continueOnBlock so PostToolUse rejections feed back to the model instead of halting, and exec-form args: string[] for path-safe hook spawning without a shell. MCP stdio servers now receive CLAUDE_PROJECT_DIR matching hooks; /mcp Reconnect picks up .mcp.json edits without a restart.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/, /claude-cowork/pricing/

Internal fixes only — no user-facing changes. Safe to upgrade; nothing to review or reconfigure.

Release notes → Affects: /claude-cowork/

Hotfix — resolves the VS Code extension failing to activate on Windows. Upgrade immediately if you are on Windows and the extension stopped loading.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/

Large stability release with 15+ fixes. MCP servers no longer silently disappear after /clear in VS Code, JetBrains, and the Agent SDK. Concurrent OAuth token refresh is now race-safe, ending the daily re-authentication loop for users with multiple remote MCP servers. WSL2 users can now paste images from the Windows clipboard via a PowerShell fallback. New settings.autoMode.hard_deny lets admins set unconditional classifier blocks regardless of user intent, and CLAUDE_CODE_ENABLE_FEEDBACK_SURVEY_FOR_OTEL re-enables session quality surveys for enterprise OpenTelemetry setups.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/, /claude-cowork/pricing/

Adds worktree.baseRef (fresh | head) to control whether new worktrees branch from origin/<default> or local HEAD. Note: the default fresh reverts EnterWorktree behavior introduced in 2.1.128 — set worktree.baseRef: "head" to keep unpushed commits in new worktrees. Hooks now receive the active effort level via effort.level JSON and $CLAUDE_EFFORT. The new parentSettingsBehavior admin key (first-wins | merge) lets admins opt managed settings into the policy merge. Multiple credential race conditions and MCP proxy fixes included.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/

Adds CLAUDE_CODE_SESSION_ID to Bash tool subprocess environments (now matches the session_id passed to hooks) and CLAUDE_CODE_DISABLE_ALTERNATE_SCREEN=1 to opt out of the fullscreen renderer and keep output in the terminal's native scrollback. External SIGINT (IDE stop button, kill -INT) now triggers graceful shutdown — terminal modes are restored and --resume is printed instead of an abrupt exit. Fixes --permission-mode being ignored on -p --resume, blank fullscreen after sleep/wake, and --resume crashing on sessions containing split emoji.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/

Hotfix — resolves two regressions: VS Code extension failing to activate on Windows (hardcoded createRequire polyfill path in the bundled SDK), and Mantle endpoint authentication failing with a missing x-api-key header. Upgrade immediately if either issue affects you.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/

Adds --plugin-url <url> to fetch a plugin .zip archive from a URL for the current session. The Ctrl+R history picker returns to pre-2.1.124 behavior: searches all projects by default, with Ctrl+S to narrow to the current project. Gateway /v1/models discovery is now opt-in via CLAUDE_CODE_ENABLE_GATEWAY_MODEL_DISCOVERY=1. The skillOverrides setting is now active — off, user-invocable-only, and name-only modes work as documented. Third-party deployments (Bedrock, Vertex, Foundry) no longer see Anthropic-only spinner tips.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/

Bare /color now picks a random session color; /mcp shows per-server tool counts and flags servers that connected with 0 tools. --plugin-dir now accepts .zip archives. Breaking: workspace is now a reserved MCP server name — rename any existing server that uses it. EnterWorktree is fixed to branch from local HEAD as documented (unpushed commits no longer dropped). OTEL_* env vars no longer leak into Bash, hook, MCP, or LSP subprocesses.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/, /claude-cowork/pricing/

Substantial release with major Windows and auth improvements. /model picker now lists models from a gateway's /v1/models endpoint when using ANTHROPIC_BASE_URL. New claude project purge [path] deletes all project state (transcripts, tasks, file history) with --dry-run, -y, and --all flags. claude auth login now accepts an OAuth code pasted directly in the terminal — key fix for WSL2, SSH, and container environments. Windows: PowerShell 7 is now detected from MS Store, MSI, and .NET tool installs, and is treated as the primary shell when the PowerShell tool is enabled. Auto mode spinner turns red when a permission check stalls. Security: allowManagedDomainsOnly bypass fixed.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/, /claude-cowork/pricing/

Hotfix — resolves OAuth authentication failing with a 401 retry loop when CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 is set. Patch-only; safe to upgrade immediately.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/

Bedrock users gain a new ANTHROPIC_BEDROCK_SERVICE_TIER env var (default, flex, or priority) to control service tier. /resume now finds the session that created a PR when you paste a GitHub, GitLab, or Bitbucket PR URL into the search box. /mcp surfaces claude.ai connectors previously hidden by a manually-added server with the same URL. Key bug fixes: /branch fork failures from rewound timelines, /model Effort option missing for Bedrock ARNs, Vertex AI 400 errors on count_tokens behind proxy gateways, and ToolSearch missing MCP tools that connected after session start.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/

New alwaysLoad option on MCP server config bypasses tool-search deferral so all tools from that server are always available without a ToolSearch call. claude plugin prune removes orphaned auto-installed plugin dependencies. /skills gains a type-to-filter search box. PostToolUse hooks can now replace tool output for any tool (previously MCP-only). Fullscreen scroll no longer jumps to the bottom when typing after scrolling up; overflow dialogs are now keyboard-scrollable. MCP servers that error on startup auto-retry up to 3 times. /terminal-setup now enables iTerm2 clipboard access so /copy works from tmux.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/

Maintenance patch — changelog housekeeping only, no user-facing changes. Safe to upgrade; no action required.

Release notes → Affects: /claude-cowork/

Major release. /config settings (theme, editor mode, verbose, etc.) now persist to ~/.claude/settings.json and participate in project/local/policy override precedence — a behavioral shift for anyone relying on ephemeral config. --from-pr now accepts GitLab MRs, Bitbucket PRs, and GitHub Enterprise URLs. PostToolUse hooks now include duration_ms, PowerShell commands can be auto-approved like Bash, and --print mode now honors agent frontmatter tools:/disallowedTools:. Slash command UI improved: descriptions wrap instead of truncating, matched characters highlight.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/, /claude-cowork/pricing/

Vim visual mode (v/V) lands with full selection, operators, and visual feedback. /cost and /stats are merged into /usage (both still work as shortcuts). Custom themes are now editable JSON files in ~/.claude/themes/, createable via /theme; plugins can ship themes too. Hooks gain the ability to invoke MCP tools directly via type: "mcp_tool". New DISABLE_UPDATES env var blocks all update paths — stricter than the existing DISABLE_AUTOUPDATER. WSL users can inherit Windows-side managed settings via wslInheritsWindowsSettings.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/

/resume now offers to summarize large stale sessions before reloading — saves context on bloated histories. Concurrent MCP server connect is now the default (was opt-in). Plugin installs now auto-resolve missing dependencies from configured marketplaces, and managed-settings blockedMarketplaces/strictKnownMarketplaces are enforced across install, update, refresh, and autoupdate. Agent frontmatter mcpServers now loads for main-thread --agent sessions.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/

Large session /resume is up to 67% faster on 40 MB+ histories. MCP startup time reduced — resources/templates/list is now deferred to the first @-mention. /terminal-setup now configures scroll sensitivity for VS Code, Cursor, and Windsurf for smoother fullscreen scrolling. The thinking spinner shows inline progress ("still thinking", "thinking more", "almost done"). Security fix: sandbox auto-allow no longer bypasses dangerous-path checks for rm/rmdir targeting /, $HOME, or other critical system directories.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/, /claude-cowork/pricing/

Patch release targeting multi-agent team setups. Fixes a crash in the permission dialog triggered when a teammate agent requested tool permission — affects anyone running agent teams with shared tool grants. Safe to upgrade immediately.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/

Substantial release. The CLI now launches a native per-platform binary instead of bundled JavaScript, improving startup performance. Security hardening: new sandbox.network.deniedDomains setting blocks specific domains even under wildcard allowlists; macOS /private/{etc,var,tmp,home} paths are now protected from wildcard rm rules; bash deny rules now catch commands wrapped in env/sudo/watch. Also: /loop Esc cancels pending wakeups, /extra-usage and @-file autocomplete now work from Remote Control clients, and subagents that stall mid-stream timeout cleanly after 10 minutes.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/, /claude-cowork/pricing/

Hotfix — resolves the "claude-opus-4-7 is temporarily unavailable" error that blocked auto-mode users on Opus 4.7. Patch-only release, no behavioral changes.

Release notes → Affects: /claude-cowork/

Feature-heavy release. Opus 4.7 gains an xhigh effort level (between high and max), and /effort now opens an interactive slider instead of requiring arguments. Auto mode is available to Max subscribers on Opus 4.7 without any flag. New /ultrareview command runs parallel multi-agent code review in the cloud — invoke with no args for the current branch or /ultrareview <PR#> for a specific PR. New /less-permission-prompts skill audits transcripts and proposes settings.json allowlist entries. Windows users get a progressive PowerShell tool rollout. Read-only bash commands and cd <project-dir> && prefixes no longer trigger permission prompts.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/, /claude-cowork/pricing/

Claude Code v2.1.110 ships a new /tui command for flicker-free fullscreen rendering and splits the Ctrl+O keybinding — focus view is now a separate /focus command. A push notification tool is added for Remote Control users, letting Claude send mobile alerts when configured. Quality-of-life improvements include better plugin management sorting, MCP multi-scope conflict detection in /doctor, and --resume/--continue now resurrecting unexpired scheduled tasks.

Release notes → Affects: /claude-cowork/, /claude-cowork/setup/, /claude-cowork/skills-guide/, /claude-cowork/system-prompts/, /claude-cowork/pricing/

Claude Code v2.1.109 introduces updates to the Claude Code CLI for AI agent development workflows. Review the official release notes for specific feature additions, bug fixes, and breaking changes. Developers using Claude Code should check compatibility requirements for their current projects before upgrading.

Release notes → Affects: /claude-cowork/

Claude Code 2.1.108 ships with improved hook reliability, faster skill loading, and a fix for long-running background tasks. Incremental release — safe upgrade.

Release notes → Affects: /claude-cowork/, /setup/, /skills-guide/

GPT-5.1 lands in the ChatGPT platform with expanded context window, tool-use improvements, and a new Structured Outputs mode. Pricing unchanged.

Changelog → Affects: /chatgpt/, /pricing/, /custom-gpts/

OpenClaw 2.3 introduces native MCP tool passthrough, an overhauled skill sandboxing model, and first-class Windows support without WSL. Major release — review setup and security guides.

Release notes → Affects: /openclaw/, /setup/, /skills-guide/, /security/, /configuration/

Hermes 1.2 adds persistent memory backends (SQLite, Postgres, Redis) and a revamped task scheduler. Existing memory migrations are handled automatically on first start.

Release notes → Affects: /hermes/, /memory/, /tasks/

IronClaw 0.9 lands the Rust-based TEE runtime in beta and tightens the skill allowlist model. Breaking config change for anyone on 0.8 — see migration notes.

Release notes → Affects: /ironclaw/, /setup/, /security/, /skill-allowlisting/

NemoClaw 1.8 adds one-click provider switching, improved local GPU detection, and an expanded policy DSL. Breaking change to the policy file schema — upgrade guide linked below.

Release notes → Affects: /nemoclaw/, /policy/, /switching-providers/, /local-gpu/