ota-run/ota](https:

v1.6.17 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 8d Developer Productivity

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

cli configuration contracts developer-tools infrastructure ota

+5 more

productivity repo-readiness rust validation workspace

Affected surfaces

rbac rce_ssrf

ReleasePort's take

Light signal

editorial:auto 8d

Release v1.6.17 introduces multiple first‑class actions (ensure_env_file, ensure_file, ensure_directory), a changed_files check, compose_health readiness gating, multi‑probe signal probes with internal address views, and enhanced OTA JSON validation in the Rust CLI.

Why it matters: These new capabilities enable deterministic bootstrapping, fine‑grained CI checks, robust service health monitoring, and streamlined OTA payload validation for developers and SREs managing complex workflows.

Summary

AI summary

Scoped tool requirement resolution prevents host-global fallback for non‑native paths and adds several new first‑class action, check, readiness, and validation capabilities.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Extended agent‑safe write‑boundary validation across transitive task chains, failing when any dependency writes a protected path or outside allowed bounds. Extended agent‑safe write‑boundary validation across transitive task chains, failing when any dependency writes a protected path or outside allowed bounds. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Security	Medium	Added `ota validate` warning coverage for unpinned `agent.bootstrap.ota.sh` / `agent.bootstrap.ota.powershell` commands to enforce explicit version pins. Added `ota validate` warning coverage for unpinned `agent.bootstrap.ota.sh` / `agent.bootstrap.ota.powershell` commands to enforce explicit version pins. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Feature
Feature	Low	Adds first-class action.kind: ensure_env_file for deterministic env file bootstrap. Adds first-class action.kind: ensure_env_file for deterministic env file bootstrap. Source: llm_adapter@2026-05-27 Confidence: high	—
Feature	Low	Adds first-class action.kind: ensure_file for deterministic single-file bootstrap. Adds first-class action.kind: ensure_file for deterministic single-file bootstrap. Source: llm_adapter@2026-05-27 Confidence: high	—
Feature	Low	Adds first-class action.kind: ensure_directory for deterministic directory bootstrap. Adds first-class action.kind: ensure_directory for deterministic directory bootstrap. Source: llm_adapter@2026-05-27 Confidence: high	—
Feature	Low	Adds first-class checks[].kind: changed_files for git-diff‑backed conditional checks. Adds first-class checks[].kind: changed_files for git-diff‑backed conditional checks. Source: llm_adapter@2026-05-27 Confidence: high	—
Feature	Low	Adds first-class services.<name>.readiness.kind: compose_health for compose‑managed service health gating. Adds first-class services.<name>.readiness.kind: compose_health for compose‑managed service health gating. Source: llm_adapter@2026-05-27 Confidence: high	—
Feature	Low	Adds tasks.<name>.runtime.readiness.signal_probes to allow multiple named listener probes for service readiness. Adds tasks.<name>.runtime.readiness.signal_probes to allow multiple named listener probes for service readiness. Source: llm_adapter@2026-05-27 Confidence: high	—
Feature	Low	Adds support for target.address_view: internal in native runtime signal probes. Adds support for target.address_view: internal in native runtime signal probes. Source: llm_adapter@2026-05-27 Confidence: high	—
Feature	Low	Adds first‑class ota json validate support in the Rust CLI for CI payload validation. Adds first‑class ota json validate support in the Rust CLI for CI payload validation. Source: llm_adapter@2026-05-27 Confidence: high	—
Feature	Low	Extends ota json validate with artifact‑first input mode (--input) for existing JSON payload validation. Extends ota json validate with artifact‑first input mode (--input) for existing JSON payload validation. Source: llm_adapter@2026-05-27 Confidence: high	—
Feature	Low	Scoped task/workflow requirement resolution prevents non-native paths from inheriting host-global `tools` fallback. Scoped task/workflow requirement resolution prevents non-native paths from inheriting host-global `tools` fallback. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Feature	Low	`tasks.<name>.requirements.tools` and `requirements.any_of[].tools` become self-contained tool gates, removing need for duplicate top-level `tools.<name>` declarations. `tasks.<name>.requirements.tools` and `requirements.any_of[].tools` become self-contained tool gates, removing need for duplicate top-level `tools.<name>` declarations. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Feature	Low	Refined task network side‑effect semantics with optional `network_kind: dependency_hydration\|broad` to differentiate hydration from generic API calls. Refined task network side‑effect semantics with optional `network_kind: dependency_hydration\|broad` to differentiate hydration from generic API calls. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Feature	Low	Tightened `ota run --dry-run` context output to explicitly show `Task Context`, `Execution Context`, and add `requested_context`/`selected_context` fields in JSON. Tightened `ota run --dry-run` context output to explicitly show `Task Context`, `Execution Context`, and add `requested_context`/`selected_context` fields in JSON. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Feature	Low	Expanded disjunctive requirement branches with `tasks.<name>.requirements.any_of` to support scoped alternatives across runtimes, tools, toolchains, native, env, and checks. Expanded disjunctive requirement branches with `tasks.<name>.requirements.any_of` to support scoped alternatives across runtimes, tools, toolchains, native, env, and checks. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Feature	Low	Introduced `agent.exceptions.sensitive_writes` contract advisories to flag non‑sensitive or redundant write exceptions. Introduced `agent.exceptions.sensitive_writes` contract advisories to flag non‑sensitive or redundant write exceptions. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Feature	Low	Made smoke workflow preview checks schema‑driven by validating dry‑run JSON against published contract schemas. Made smoke workflow preview checks schema‑driven by validating dry‑run JSON against published contract schemas. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Feature	Low	Expanded published `tasks.json` item shape with optional `context` and `notes` fields for accurate run‑preview validation. Expanded published `tasks.json` item shape with optional `context` and `notes` fields for accurate run‑preview validation. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Feature	Low	Added workflow guard checks that fail CI if deprecated `RefResolver` usage reappears in GitHub Actions workflows. Added workflow guard checks that fail CI if deprecated `RefResolver` usage reappears in GitHub Actions workflows. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Feature	Low	Expanded workflow service summaries to include transitive task `requires_services`, showing full service footprint for workflows. Expanded workflow service summaries to include transitive task `requires_services`, showing full service footprint for workflows. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Performance	Low	Hardened smoke‑workflow run‑preview JSON assertions to validate verdict shape without hardcoding enums, reducing CI brittleness. Hardened smoke‑workflow run‑preview JSON assertions to validate verdict shape without hardcoding enums, reducing CI brittleness. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Performance	Low	Kept smoke schema validation fully local/offline by resolving `$ref` paths from the repository schema tree instead of remote fetches. Kept smoke schema validation fully local/offline by resolving `$ref` paths from the repository schema tree instead of remote fetches. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Deprecation	Medium	Removes deprecated RefResolver‑based schema validation paths from smoke CI. Removes deprecated RefResolver‑based schema validation paths from smoke CI. Source: llm_adapter@2026-05-27 Confidence: high	—

Full changelog

scoped selected task/workflow requirement resolution so non-native paths (container/remote) no
longer inherit host-global tools fallback when no scoped tool requirements are declared; global
tool fallback remains for native selected paths, preventing host-only tools from leaking into
unrelated container/remote readiness surfaces
made tasks.<name>.requirements.tools and requirements.any_of[].tools self-contained tool
gates: task-path tool names no longer require duplicate top-level tools.<name> declarations
just to validate, while toolchain-owned names still require explicit
tasks.<name>.requirements.toolchains scoping to keep ownership deterministic
refined task network side-effect semantics with optional
tasks.<name>.effects.network_kind: dependency_hydration|broad: lockfile-backed package-manager
hydration can now be declared as a narrower network lane than generic API/remote-call execution,
validator now requires effects.network: true when network_kind is declared, doctor/agent
advisories now render that distinction explicitly, and task/workspace JSON schemas now include
network_kind
tightened ota run --dry-run context semantics so preview text now shows both
Task Context and Execution Context explicitly (with Contract -> Resolved Context), and
JSON now includes additive requested_context and selected_context fields for machine-stable
context interpretation
extended agent-safe write-boundary validation across transitive task chains so a safe task now
fails validation when any reachable dependency/follow-on task writes a protected path or writes
outside agent.writable_paths
expanded first-class task disjunctive requirement branches with
tasks.<name>.requirements.any_of to support context/backend-scoped alternatives across
runtimes, tools, toolchains, native, env, and checks, and wired selected-path
resolution into doctor/up/run requirement surfaces so mixed paths (for example local-host vs
docker-host) do not force both lanes at once
added first-class action.kind: ensure_env_file for deterministic env bootstrap without shell
glue: Ota can now create/seed env files and append only missing keys (literal or generated random
values) while preserving existing user-edited entries; version capability reporting and minimum
version gating now include tasks.action.ensure_env_file
added first-class action.kind: ensure_file for deterministic single-file bootstrap without
shell glue: Ota can now create one repo-relative file from exactly one source (template,
literal value, or generated random) while leaving existing files untouched on repeat runs;
version capability reporting and minimum-version gating now include
tasks.action.ensure_file
added first-class action.kind: ensure_directory for deterministic directory bootstrap without
shell glue: Ota can now create a repo-relative directory when missing, no-op when it already
exists as a directory, and fail clearly when the path exists as a non-directory; version
capability reporting and minimum-version gating now include tasks.action.ensure_directory
added first-class checks[].kind: changed_files for git-diff-backed conditional checks using
explicit path matchers and optional base_ref / head_ref range control; selected-path
diagnosis now treats these checks as precondition-style gates where requested, and version
capability reporting and minimum-version gating now include checks.changed_files
added first-class services.<name>.readiness.kind: compose_health for compose-managed service
health-state readiness without host-port probing: Ota now supports direct compose container
health gating (healthy), validates compose-only readiness shape (manager.kind: compose with
no endpoint-probe fields), surfaces the capability in minimum-version gating, and extends
ota assist declare-readiness --service ... --style compose-health plus
ota assist declare-service --style compose-health for service-side proposal generation
added agent.exceptions.sensitive_writes contract advisories that flag non-sensitive or
posture-redundant exceptions so intentional boundary exceptions stay narrow and meaningful
added first-class tasks.<name>.runtime.readiness.signal_probes so one service runtime can gate
readiness on multiple named listener probes (for example API + worker liveness) instead of only
one aggregate endpoint check; version capability reporting includes
tasks.runtime.readiness.signal_probes
expanded tasks.<name>.runtime.readiness.signal_probes for native service runtimes so named
same-task listener probes may use target.address_view: internal with fixed listener bind
endpoints; this lets worker/internal listeners participate in runtime readiness without forcing
host endpoint projection
hardened smoke-workflow run-preview JSON assertions to validate verdict shape without
hardcoding a fixed verdict enum, reducing CI brittleness as verdict taxonomy evolves
made smoke-workflow preview checks schema-driven by validating ota run --dry-run --json and
ota up --dry-run --json payloads against the published contract schemas
(docs/spec/json-schemas/run-preview.json, docs/spec/json-schemas/up.json) across repo and
example lanes, keeping only minimal semantic assertions on top
kept smoke schema validation fully local/offline by resolving published schema $ref paths
from the repository schema tree instead of fetching remote schema IDs during CI
expanded published tasks.json task item shape with optional context and notes fields so
run-preview.json validation for requested_task remains schema-accurate on real contracts
added first-class ota json validate support in the Rust CLI so CI can run command
execution, payload capture, published-schema validation, and optional assertion checks without
Python-side validator scripts
extended ota json validate with artifact-first input mode (--input <file|->) so CI can
validate existing JSON payloads without rerunning producer commands; input mode keeps assertion
parity (including exit-map checks via synthetic exit code 0) and makes --write-payload
optional
removed deprecated RefResolver-based schema validation paths from smoke CI by switching to
the new core ota json validate command surface
added workflow guard checks that fail CI if deprecated RefResolver usage reappears in
.github/workflows
added ota validate warning coverage for unpinned agent.bootstrap.ota.sh /
agent.bootstrap.ota.powershell commands so agent bootstrap install paths keep explicit ota
version pins instead of drifting with latest installer releases
expanded workflow service summaries to include transitive task requires_services in addition to
workflows.<name>.services.required, so ota tasks --workflow ... reports the full service
footprint used by prepare/setup/run task closures

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track ota-run/ota](https:

Get notified when new releases ship.

About ota-run/ota](https:

All releases →

Related context

Related tools

Earlier breaking changes

v1.6.16 Enforce `metadata.ota.minimum_version` at contract load time across all commands.