v0.0.74

NemoClaw v0.0.74 upgrades the OpenShell policy boundary, adds managed MCP and progressive tool disclosure, strengthens the experimental LangChain Deep Agents Code integration, and improves onboarding, local inference, messaging, recovery, and contributor workflows.

  • Stable installs pin OpenShell 0.0.72 release artifacts and the supervisor image, adding MCP Streamable HTTP and JSON-RPC request-policy enforcement. Policy mutations read the round-trippable base policy instead of the effective policy, which preserves existing MCP rules without sending provider-composed _provider_* entries back through policy set. For more information, refer to OpenShell 0.0.72 Compatibility Review and Customize the Network Policy.
  • Managed MCP commands use add, list, status, restart, and remove to manage authenticated HTTPS Streamable HTTP servers for OpenClaw, Hermes, and experimental LangChain Deep Agents Code through native OpenShell policy enforcement and provider-backed credential replacement. The LangChain Deep Agents Code rebuild path validates the recorded gateway, route, image, staged build context, and prepared replacement inputs before deleting the previous sandbox, then restores managed MCP state after the recreated runtime is ready. For more information, refer to About Managed MCP Servers, Quickstart with LangChain Deep Agents Code, and the accepted architecture decision.
  • New sandboxes default to progressive tool disclosure across OpenClaw, Hermes, and LangChain Deep Agents Code, while --tool-disclosure direct restores the full visible catalog. The selected mode persists through resume and transactional rebuilds, and model-specific compatibility safeguards can keep an incompatible model on direct disclosure. Sandbox-first inference get and inference set commands now provide the same route controls as their global forms. For more information, refer to Troubleshooting, Audit Model Capabilities, and NemoClaw CLI Commands Reference.
  • LangChain Deep Agents Code now provides managed status, whoami, and identity commands without launching the interactive UI, validates the installed agent version during onboarding, and keeps credential-shaped or tracing configuration out of persisted runtime metadata. Its rebuild path validates recreation before destructive handoff and preserves the managed proxy, tool-disclosure, and MCP boundaries. For more information, refer to Quickstart with LangChain Deep Agents Code, NemoClaw CLI Commands Reference, and Security Best Practices.
  • Onboarding uses BuildKit prebuilds with bounded progress heartbeats, reuses validated release and source-commit sandbox images, and rejects stale or incompatible image contracts before sandbox creation. Readiness handling tolerates a bounded run of transient OpenShell Error phases, while preflight output distinguishes an unreachable container DNS resolver from one that answers but rejects the query. On Windows on Arm N1X systems, automatic Local Ollama setup treats the integrated GPU as compute-constrained and selects qwen3.5:9b instead of the 30B and 35B starter models. For more information, refer to NemoClaw CLI Commands Reference, Install OpenClaw Plugins, Choose a Local Inference Server, Prepare Windows for NemoClaw, and Troubleshooting.
  • Messaging configuration now keeps channel policy ownership with the enabled channel, persists selected policy presets through onboarding and rebuilds, reports Telegram mention mode in channel status, and detects credential conflicts before a destructive rebuild starts. For more information, refer to Choose Messaging Channels, Customize the Network Policy, and NemoClaw CLI Commands Reference.
  • Day-two commands provide safer recovery and clearer automation behavior. update --fresh can reinstall the current version, and destroy --force can remove a local record when the OpenShell gateway is unavailable while warning that the sandbox and retained volume may still exist. Failed exec commands can surface recent policy-denial context, tunnel stop releases its gateway port, WSL keeps a usable loopback dashboard URL, and affected CLI user-error surfaces preserve a nonzero exit status. For more information, refer to NemoClaw CLI Commands Reference, Troubleshooting, and Choose an Inference Provider.
  • Contributor workflows now provide idempotent one-command setup, read-only readiness checks, diff-scoped local verification, and validated Git signing configuration while preserving development dependencies during installation. The new agent-runnable value benchmark emits machine-readable and Markdown reports for inference latency and trace-backed sandbox startup without turning advisory timings into a release gate. For more information, refer to the NemoClaw Contributor Guide and NemoClaw Value Benchmark.