ota-run/ota](https:

v1.6.1 Feature

This release adds 4 notable features for engineering teams evaluating rollout.

Published 1mo Developer Productivity

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

cli configuration contracts developer-tools infrastructure ota

+5 more

productivity repo-readiness rust validation workspace

Summary

AI summary

Added execution‑selection flags, explicit streaming interruption handling, durable log artifacts, internal task visibility controls, and container memory/resource support.

Full changelog

refreshed the README entry surface with a tighter brand hero, release/status badges, a reduced primary nav, and direct links to the live get-started, docs, reference, examples, governance, releases, Discord, and X surfaces
added execution-selection shortcut flags for quicker override ergonomics: ota run, ota up, ota execution plan, and ota workspace execution plan now support --native (--mode native), --container (--mode container), and --persistent (--lifecycle persistent) alongside --ephemeral, with updated help/completion boundary handling
made streaming run interruption semantics explicit: user Ctrl+C now classifies as interrupted across run summaries/receipts (including service workloads), interrupted service-termination classification now wins over generic post-readiness stop wording, receipt step/status metadata aligns with intentional interruption instead of generic failure text, and late post-exit interrupts no longer overwrite concrete non-zero task/container failure causes
added ota run --log durable run artifacts under .ota/state/logs/<run-id>/ (stdout.log and stderr.log) for native/container runs, including ephemeral container runs that clean up immediately after failure or interruption; run receipts/summaries now surface log paths, streamed runs now tee output into the same artifacts, and log-capture write failures are surfaced directly in run output notes instead of failing silently
fixed --stream --log durability gaps: stream-mode capture now honors capture toggles in runner streaming helpers, ephemeral container streaming now captures output when log persistence is enabled, and run summaries now render log-capture write failures as explicit warnings
fixed ota detect --merge --apply tasks.<name>.internal trust boundaries: projected/default internal fields are no longer auto-eligible, and merge/apply now remains strictly high-confidence inference-backed (including explicit tasks.<name>.internal inferences when emitted by detector provenance)
made ephemeral container ota run interruption-aware: Ctrl-C now still attempts to remove the repo-owned container created for that run, and the final run summary reports incomplete cleanup instead of silently leaving interrupted residue behind
reclaims repo-owned orphaned ephemeral containers on later runs before starting new ephemeral container execution, uses bounded conflict-recovery retries, and can reclaim legacy running ephemerals without dev.ota.owner_pid when they are the stale published-port holder blocking a new run
hardened ota clean cleanup integrity: drift rediscovery now keys off repo ownership labels plus .ota/state/managed-engines, falls back to best-effort local engine probing only when no repo engine evidence exists, and keeps ownership-ambiguous managed state visible without unsafe deletion
added tasks.<name>.internal: true as an orchestration visibility boundary: internal tasks still run normally in dependency/hook graphs and via direct ota run, while default ota tasks/ota tasks --use omit them unless --all is requested (with internal: true surfaced in JSON for included internal entries)
made generated setup tasks internal by default across starter-writing flows (ota init, ota init --bootstrap, ota init --pack ..., and ota detect --write), with dry-run/write parity so generated previews and written contracts agree on setup.internal: true
aligned task discovery surfaces with internal: true: ota run shell completion and ota workspace tasks now hide internal task nodes by default so operator-facing listings stay consistent
fixed ephemeral container ota run <task> --host-port <port> execution truth so the override now drives the actual engine -p publication args (not just projected metadata), with aligned runtime env/receipt/summary port reporting
added container-context memory resources plus ota run --memory <size>: container contexts can now declare resources.memory.minimum/default, runs now pass the resolved memory request to Docker/Podman for ephemeral and persistent containers, persistent reconciliation treats memory drift as shape drift, and receipts/summaries surface the resolved container memory for truthful operator visibility
hardened ephemeral container service failure reporting: ota now inspects container termination state before teardown, classifies post-readiness service stops as first-class run failures, and records structured service_termination metadata (including explicit oom_killed cause when reported by the engine) in receipts/JSON
hardened persistent container execution into a reconciled model: ota now reuses named containers when the resolved execution shape is equivalent, recreates them when image/publication/dependency-isolation shape drifts, and records that reuse/recreate truth in run summaries and receipts
persistent service-task failure semantics now match ephemeral truthfulness: post-readiness exits are classified as structured service-stop outcomes (including interrupts) while keeping persistent reuse/recreate reconciliation notes aligned in run summaries and receipts
fixed persistent reconciliation and cleanup tracking for legacy unlabeled containers: ota now detects repo-scoped legacy persistent containers during reconciliation to clear conflicting old host publications, and ota clean now retains .ota/state/managed-engines when repo-scoped ambiguous managed state still exists on an engine
fixed ota run <task> --host-port <port> with task dependencies so dependency containers no longer inherit the requested task’s published listener ports; this unblocks flows like dev -> setup where setup should run unpublished while dev uses the overridden host port
added ota run --host-port <port> as a one-run projected host/public port override for container workload listeners with project.host.port.mode: fixed, keeping internal bind ports unchanged while aligning runtime env (OTA_PUBLIC_URL/OTA_PUBLIC_PORT), summaries, and receipts to the overridden public URL
added task-level mode-aware execution branches under tasks.<name>.execution so one task can declare mode-specific context, lifecycle, env, run/script, and runtime, with execution.default_mode support, clear run-time errors for missing mode branches, and updated ota tasks JSON/text branch rendering
replaced the generic task-exit banner for container host-port bind conflicts with a specific Host publication failed error across both captured and interactive runs, pointing at the owning listener field and carrying the ingress-specific run-summary note
made ota explain and ota workspace explain show BLOCKED when the plan contains actionable remediation steps, instead of a misleading READY banner
made invalid task listener bindings render as field-specific contract errors with direct Next: guidance across ota validate, ota doctor, ota explain, and ota receipt instead of falling back to generic load or repair banners
made shell-based task execution forward Ctrl+C/termination to the task process group so long-running container and native dev commands stop cleanly instead of leaving orphaned listeners behind
turned malformed fixed host projections into a structured ota run contract error with an explicit Field: path instead of a validation panic
fixed auto-projected container endpoints so ota run resolves the published host port after the workload starts instead of failing before the engine has reported the mapping
fixed ephemeral container workload endpoints so successful ota run service tasks keep their prepared public URL/runtime metadata even if the container engine cannot report the published port after shutdown
relabeled the early stream-mode workload URL as 🦦Endpoint (planned) so pre-start reservation output stays visible without looking like an already-live service
fixed ota run --stream teardown for ephemeral container tasks so Ctrl+C removes the Ota-managed container and releases the published host port instead of leaving the app running behind the prompt
fixed workload-endpoint projection boundaries so ota up no longer advertises task endpoints before the workload actually ran, task-scoped host publications no longer leak into unrelated container tasks, and persistent container cleanup/reuse now follows the same seeded identity as execution
added task-scoped workload endpoint projection through tasks.<name>.runtime.kind: service, including named listeners with bind plus host projection settings, validation for impossible native/container projection plans, resolved runtime endpoints in ota run receipts/JSON, and workload endpoint reporting for tasks ota up actually executes during preparation
polished multi-listener ingress output and validation: projected listeners now require one explicit project.host.primary when more than one endpoint is published, run/up/receipt summaries render a clear primary endpoint plus secondary count, and runtime JSON now carries stable primary_listener, primary_endpoint, and exposed_endpoints fields
fixed JSON schema/runtime-ingress alignment by adding receipt.runtime + receipt.workloads schema coverage, making fixed-bind diagnostics accurately cover non-fixed modes, and rejecting projected listener name collisions that would overwrite OTA_PUBLIC_URL_<LISTENER>
added container dependency isolation for execution.contexts.<name>.attachments.isolated_paths using engine-managed named volumes, with deterministic mount naming and ota clean cleanup for both persistent and ephemeral container contexts
made container dependency-isolation volumes discoverable with Ota ownership labels plus a stable repo ownership token under .ota/state/ownership-id so ota clean can remove drifted isolation state even after the repo path, image, engine, or isolated-path declaration changes, and can safely distinguish volumes owned by different repos that share a project.name
hardened ota clean dependency-isolation rediscovery to avoid fragile volume ls --filter label=... behavior by listing candidate volumes broadly and validating ownership labels through per-volume inspect metadata before removal
updated the flagship adoption example and spec docs so containerized app ingress is modeled as task-owned workload topology instead of overloading services
expanded the contract reference so the workload listener section now explains fixed, discover, and auto mode semantics plus the current native/container support rules
fixed Windows-only test support utility compilation in provisioning command tests by centralizing shim executable setup, keeping executable behavior correct on Unix and avoiding brittle permission mutation on non-Unix platforms
stabilized release-gate behavior by ensuring the same fix ships with existing test fixtures and contract validations so release automation can complete without platform-specific failures

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track ota-run/ota](https:

Get notified when new releases ship.

About ota-run/ota](https:

All releases →

Related context

Related tools

Earlier breaking changes

v1.6.16 Enforce `metadata.ota.minimum_version` at contract load time across all commands.