ota-run/ota](https:

v1.6.15 Feature

This release adds 1 notable feature for engineering teams evaluating rollout.

Published 12d Developer Productivity

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

cli configuration contracts developer-tools infrastructure ota

+5 more

productivity repo-readiness rust validation workspace

Affected surfaces

auth rbac

Summary

AI summary

Fixed multiple native task startup misclassifications and improved container probe diagnostics.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Low	Activated Corepack shims on the run path for Corepack‑owned toolchains. Activated Corepack shims on the run path for Corepack‑owned toolchains. Source: llm_adapter@2026-05-25 Confidence: high	—
Feature	Low	Made automatic `ota up` service proof selection honor the selected execution mode's runtime shape. Made automatic `ota up` service proof selection honor the selected execution mode's runtime shape. Source: granite4.1:30b@2026-05-25-audit Confidence: low	—
Feature	Low	Added `failure_class` to `ota proof runtime --json` status output for CI/automation. Added `failure_class` to `ota proof runtime --json` status output for CI/automation. Source: granite4.1:30b@2026-05-25-audit Confidence: low	—
Bugfix
Bugfix	Medium	Fixed `ota run` rerun guidance to suggest `--mode container --stream` for container failures. Fixed `ota run` rerun guidance to suggest `--mode container --stream` for container failures. Source: llm_adapter@2026-05-25 Confidence: high	—
Bugfix	Medium	Fixed `ota run --mode container` dependency execution selection to use the selected container backend. Fixed `ota run --mode container` dependency execution selection to use the selected container backend. Source: llm_adapter@2026-05-25 Confidence: high	—
Bugfix	Medium	Scoped runtime‑proof cleanup to the selected workflow/task closure. Scoped runtime‑proof cleanup to the selected workflow/task closure. Source: llm_adapter@2026-05-25 Confidence: high	—
Bugfix	Medium	Fixed JSON/result consistency for non‑blocking informational findings in runtime proof. Fixed JSON/result consistency for non‑blocking informational findings in runtime proof. Source: llm_adapter@2026-05-25 Confidence: high	—
Bugfix	Medium	Improved container probe remediation for mismatched image manifests with explicit guidance. Improved container probe remediation for mismatched image manifests with explicit guidance. Source: llm_adapter@2026-05-25 Confidence: high	—
Bugfix	Medium	Fixed `ota up` detached service‑run readiness semantics to honor workflow surface failures. Fixed `ota up` detached service‑run readiness semantics to honor workflow surface failures. Source: llm_adapter@2026-05-25 Confidence: high	—
Bugfix	Medium	Fixed native service‑task startup classification for early zero exit codes. Fixed native service‑task startup classification for early zero exit codes. Source: llm_adapter@2026-05-25 Confidence: high	—
Bugfix	Medium	Improved detached `ota up` run‑failure diagnostics by surfacing sanitized tail hints. Improved detached `ota up` run‑failure diagnostics by surfacing sanitized tail hints. Source: llm_adapter@2026-05-25 Confidence: high	—
Bugfix	Medium	Fixed native task execution to preserve the resolved `PATH` used by toolchain probes. Fixed native task execution to preserve the resolved `PATH` used by toolchain probes. Source: llm_adapter@2026-05-25 Confidence: high	—
Bugfix	Medium	Causes already‑occupied fixed listener port to fail as a bind conflict in detached `ota up` service proof. Causes already‑occupied fixed listener port to fail as a bind conflict in detached `ota up` service proof. Source: granite4.1:30b@2026-05-25-audit Confidence: low	—
Bugfix	Low	Corrected container-scope info text grammar for plural host‑bound surfaces like `checks`. Corrected container-scope info text grammar for plural host‑bound surfaces like `checks`. Source: granite4.1:30b@2026-05-25-audit Confidence: low	—

Full changelog

fixed ota run captured-failure rerun guidance to preserve the effective execution mode, so
container failures now suggest --mode container --stream instead of defaulting to native-mode
rerun hints
fixed ota run --mode container dependency execution selection so dependencies that declare
container mode branches run on the selected container backend instead of silently falling back to
native when a task also has a native default mode
activated Corepack shims on the run path for Corepack-owned toolchains before task execution,
so repo tasks that call package-manager entrypoints (for example pnpm) remain runnable without
requiring separate manual shell bootstrap
tightened the first-party Ota skill contract-authoring guidance with production-readiness gates
for scope honesty, deterministic setup, agent safety, workflow fidelity, CI proof posture, and
toolchain/runtime/tool ownership boundaries
scoped runtime-proof cleanup to the selected workflow/task closure instead of all declared
execution contexts, so ota proof runtime --workflow <host-workflow> no longer fails cleanup on
unrelated container contexts that are not part of the selected proof path
fixed runtime-proof JSON/result consistency for non-blocking informational findings: proof now
ignores info-severity primary blockers when computing error/next and success, preventing
false failed proof output when verdict is ready
improved container probe remediation when image manifests do not match the current engine
platform request (no matching manifest ...), including explicit guidance to align Docker mode
and image platform tag instead of surfacing only generic probe failure guidance
fixed ota up detached service-run readiness semantics: successful run-process exit no longer
drops workflow surface-readiness failures, so up now stays aligned with doctor instead of
reporting false READY when the declared workflow surface never becomes reachable
fixed native service-task startup classification when a command exits 0 before its declared
runtime endpoint is reachable: ota run now treats that path as a failed start instead of
reporting false success, which closes common EADDRINUSE startup-misclassification cases
improved detached ota up run-failure diagnostics by surfacing a sanitized tail hint from the
detached run log (for example explicit address already in use (EADDRINUSE)), so operator
output points to startup bind conflicts without requiring manual artifact triage first
fixed native task execution to preserve the same resolved PATH used by toolchain probes
instead of invoking a login shell that could reorder Node/Corepack/pnpm on macOS and other Unix
hosts
fixed detached native ota up service proof so an already-occupied fixed listener port fails as
a bind conflict instead of being mistaken for proof that the newly launched service became ready
made automatic ota up service proof selection honor the selected execution mode's runtime shape,
so tasks that declare service runtimes only under execution.modes.<mode> are still handled as
services for that mode
corrected container-scope info text so plural host-bound surfaces like checks render with the
right grammar in doctor/up output
added failure_class to ota proof runtime --json status output so CI and automation can
distinguish cleanup, readiness, and run/install-or-toolchain failure classes without brittle
log-parsing

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track ota-run/ota](https:

Get notified when new releases ship.

About ota-run/ota](https:

All releases →

Related context

Related tools

Earlier breaking changes

v1.6.16 Enforce `metadata.ota.minimum_version` at contract load time across all commands.