ota-run/ota](https:

v1.6.5 Feature

This release adds 5 notable features for engineering teams evaluating rollout.

Published 1mo Developer Productivity

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

cli configuration contracts developer-tools infrastructure ota

+5 more

productivity repo-readiness rust validation workspace

Summary

AI summary

Expanded prebuilt releases cover all mainstream OS/architectures and improved installer handling.

Full changelog

expanded prebuilt release publishing to the full mainstream target matrix: Linux x86_64-unknown-linux-gnu and aarch64-unknown-linux-gnu, macOS x86_64-apple-darwin and aarch64-apple-darwin, and Windows x86_64-pc-windows-msvc and aarch64-pc-windows-msvc
made release checksum manifests and installers agree on asset names, while keeping installers backward-compatible with older dist/<asset> checksum entries during the transition
improved shell and PowerShell installer fallback messaging so unsupported or unpublished prebuilt targets are reported explicitly before cargo fallback is attempted
added narrow monorepo cross-member service targets through tasks.<name>.targets.<target>.service.member: repo commands can now resolve another declared workspace.members producer through its fixed address_view: host endpoint, and also through address_view: topology / address_view: internal when consumer and producer share one declared backend binding on the active plane; the shipped cross-member slice stays explicit and honest by keeping address_view: host manual-only, allowing ensure_started / restart_ready / ensure_running / ensure_ready only for shared-backend topology / internal member targets, and recording member/task/listener evidence separately in receipts
broadened declared runtime env-source loading beyond dotenv: env.sources[].kind now supports curated properties and json loaders with strict parsing, deterministic key normalization, explicit failure on collisions/nulls/arrays/object leaves, and unchanged runtime precedence through ota run / env resolution
extended curated declared runtime env-source loading to yaml and toml, reusing the same structured-source flattening, normalization, collision, and fail-fast visibility model already used for json while keeping detect/init inference scoped to the earlier explicit standard file set
added operator visibility for declared env sources across ota env, ota doctor, and additive JSON output: source entries now report kind/path/label/status, resolved env values keep declared-source provenance where applicable, and doctor surfaces source-scoped missing/parse/structure/collision failures with deterministic next steps
taught ota detect and detector-led ota init to infer curated declared env sources from standard files only: .env.local, .env, src/main/resources/application.properties, appsettings.json, and appsettings.Development.json now participate in detect/init provenance, confidence, and merge/apply flows without weakening the runtime rule that source loading stays declaration-driven
added context-wide execution env defaults under execution.contexts.<name>.env, with execution-time precedence now resolved as context env, then tasks.<name>.env, then selected mode env, while keeping ota-derived cache env as fallback only
ota now injects OTA_WORKSPACE for task execution and derives fallback cache wiring automatically for known attachment pairs (.m2 -> MAVEN_OPTS, .npm -> NPM_CONFIG_CACHE, .pnpm-store -> PNPM_STORE_DIR, .gradle -> GRADLE_USER_HOME, .pip-cache -> PIP_CACHE_DIR, .pypoetry-cache -> POETRY_CACHE_DIR) when the task resolves through a compatible execution context
added cross-boundary depends_on advisories to ota validate and ota doctor, calling out context/backend/lifecycle drift and explaining that only durable external side effects survive across that dependency edge
made execution summaries and attachment guidance more explicit by surfacing effective in-container attachment paths such as /workspace/<path>, and added warnings when a declared attachment is likely unused because an explicit tool env points somewhere else
made ota env --task <name> inspect the effective execution env for the selected task instead of only the raw task-local env, including context env, ota-injected OTA_WORKSPACE, and derived cache env when they are part of the resolved task execution
broadened shared-remote activation.mode: ensure_ready for built-in remote providers (ssh, tsh, kubectl, daytona): shared-remote address_view: host now auto-starts against fixed project.host endpoints, and shared-remote runtime.readiness.kind: http can now probe the remote plane for address_view: topology / address_view: internal
added tasks.<name>.targets.<target>.activation.mode: ensure_started as the shallow producer auto-start mode: ota now starts a supported producer and returns as soon as startup is handed off, keeps ensure_running for listener reachability and ensure_ready for deeper declared runtime.readiness, records distinct started_started / reused_started activation evidence, and continues to reject unsupported producer ownership shapes instead of guessing orchestration
added tasks.<name>.targets.<target>.activation.mode: restart_ready as the explicit bounce-and-verify mode: ota now stops a currently reachable supported producer through its owned cleanup path, starts it again, waits for readiness, records distinct restarted_ready activation evidence, and keeps unsupported producer ownership shapes failing clearly instead of guessing orchestration
added tasks.<name>.targets.<target>.activation.mode: ensure_running as the narrower producer auto-start mode: ota now reuses or starts a producer until the declared target listener itself becomes reachable, keeps ensure_ready reserved for deeper declared runtime.readiness contracts, records distinct started_running / reused_running activation evidence, and validates non-manual activation shapes even when the producer omits runtime.readiness
completed backend-provider remote activation parity on the shared-remote slice: when caller and producer share one declared remote backend binding, address_view: host, address_view: topology, and address_view: internal now support ensure_started, restart_ready, ensure_running, and ensure_ready for backend-provider producer services when the matching backend_provider extension declares activation.provider_managed_cleanup: true; ota now sends provider command contexts (run, activation, activation_probe, activation_cleanup), waits honestly on the selected plane, and preserves provider-owned cleanup/restart semantics
made remote execution receipts and summaries more truthful by carrying remote provider and optional cwd alongside the existing remote target, so ota run, archived receipts, and receipt history no longer flatten remote backend identity into one generic target string
added first-class tasks.<name>.targets.<target>.url for explicit declared URL targets, keeping target precedence and OTA_TARGET_<TARGET> export intact without requiring fake service identity, while restricting activation to service targets only
broadened service target identity slightly: service.listener may now be omitted when the producer task exposes exactly one declared listener name, while multi-listener producers still require an explicit listener selector

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track ota-run/ota](https:

Get notified when new releases ship.

About ota-run/ota](https:

All releases →

Related context

Related tools

Earlier breaking changes

v1.6.16 Enforce `metadata.ota.minimum_version` at contract load time across all commands.