ota-run/ota](https:

added a first-class contract confirmation workflow for inferred agent boundaries: ota agents --review now inspects the current agent boundary and provenance directly from ota.yaml, ota agents --confirm --dry-run previews the exact reviewed-boundary contract mutation, and ota agents --confirm writes agent.inferred_boundary.reviewed: true before any downstream AGENTS.md sync

extended the execution-selector family onto ota doctor and ota receipt: both commands now accept backend shorthands (--native, --container, --remote), real lifecycle override via --lifecycle, and lifecycle shorthands (--persistent, --ephemeral), while preserving the selected lifecycle in receipt identity, doctor execution context reporting, and rerun guidance instead of silently collapsing container diagnosis back to ephemeral

evolved the starter agent contract surface beyond raw writable/protected path inference: starter init/detect now emit agent.inferred_boundary.reviewed: false plus provenance for inferred boundary entries, ota doctor warns when that inferred boundary has not been confirmed yet, and doctor’s agent summary now shows whether the current boundary is reviewed or still inferred

standardized implicit no-contract repo command failures around one blocked onboarding surface: commands like ota agents, ota tasks, ota run, ota up, ota env, ota explain, ota receipt, ota policy review, ota extensions, the assist commands, and related repo surfaces now report Contract missing, reuse the compare-first onboarding lane, and include Repo Signals instead of falling back to low-level contract-resolution errors

added ota run --skip-deps as an explicit local execution override: it skips only the requested task's declared depends_on chain, leaves required service acquisition and hooks intact, rejects tasks with no declared dependencies, and marks the override explicitly in run summaries, receipts, and follow-up guidance so it never masquerades as the canonical declared task flow

corrected the repo-owned bump:version next-step guidance so it now points at the canonical ota run ci verification task instead of bypassing the contract with a raw cargo test

made several command Next: lanes more helpful and consistent: init and detect write paths now explain why validate, tasks --use, doctor, and up --dry-run are the right follow-up sequence, detect preview/review lanes now describe the decision behind each next command, starter-pack catalog entries explain why the preview command is next, and shell-completion recovery guidance now explains when to use the explicit setup/remove/check commands

reshaped ota doctor execution environment output so execution facts stay compact, environment resolution gets its own section, required-missing counts are explicit, and env entries are grouped as policy-backed, process-backed, source-backed, defaulted, or missing instead of rendering as a flat repeated Env: list

normalized another public CLI output-coherence slice: workspace detect/init scaffold mutations now keep stable command headers with result status in-body, ota workspace tasks no longer fakes a readiness verdict, preview Contract sections now use the newer unpunctuated grammar, ota assist previews now use Next: instead of legacy Apply: tails, and ota receipt now groups archive metadata inside a proper Archive section

improved no-contract ota doctor signal formatting in rich mode so the detected values now stand out visually without changing the labels, plain output, or JSON behavior

redesigned ota agents when the repo contract lacks agent: preview mode now reports Agent contract missing as a blocked boundary-sync diagnosis with inferred repo signals and inferred starter agent boundaries, and ota agents --write now refuses until the contract declares a real agent boundary

improved no-contract ota doctor output so it now reports Contract missing, shows trustworthy repo signals under Repo Signals, and uses the compare-first onboarding lane with ota detect --dry-run, ota detect --contract, and ota init --dry-run

expanded no-contract ota doctor signal coverage for Node/package-manager repos so it now surfaces repo type, detected package manager, likely runnable tasks, and host tool availability from existing detector signals

expanded no-contract ota doctor signal coverage across the broader detected repo families too: Python, Go, Java, .NET, PHP, Ruby, Elixir, Scala, and Swift repos now surface repo-type, dependency/build-tool, and host-tool hints from the same detector truth instead of falling back to an empty signal section

finished the next contractless ota doctor coverage tier too: C/C++, Clojure, Haskell, Lua, OCaml, and F# repos now surface the same detector-backed repo-type, build/dependency-tool, and host-tool hints instead of falling through to the generic no-signal path

finished the long-tail contractless ota doctor tier too: Dart/Flutter, Julia, R, Nim, Erlang, Zig, D, Fortran, Crystal, Elm, Perl, Haxe, Gleam, V, Ada, Solidity/Foundry, Tcl, Racket, shell, PowerShell, and Deno repos now surface the same detector-backed repo-type, build/dependency-tool, and host-tool hints instead of falling through to the generic no-signal path

refined that broader no-contract doctor coverage so Kotlin-first Gradle repos now surface as Kotlin instead of being mislabeled as Java

starter contract previews and writes now keep derived agent guidance more consistently: detect preview, detect exact starter text, detect write, init preview, and init write all preserve the starter agent block, writable-path inference now covers common app directories such as app, components, lib, and public, and default agent verification now prefers verifier-style safe tasks such as typecheck when test is absent

starter agent.writable_paths inference is now broader and more durable: ota still includes common source/app directories explicitly, but it also performs a bounded source-root scan so custom code roots can surface in starter agent guidance without falling back to .

tightened that starter writable-path inference again so operational directories such as config, database, migrations, manifests, deploy, and infra no longer enter the default starter allowlist just because they exist

tightened that starter writable-path scan further so custom roots are now stack-aware instead of purely structural, which keeps repo-local source trees in agent.writable_paths while leaving unrelated non-source directories out by default

tightened starter writable-path precision further for detected repos: ota now prefers detector-backed nested project roots such as src/Ota.App over broad container paths such as src when the repo shape provides that stronger ownership signal

made detected starter boundaries more explicit too: detect/init now seed agent.protected_paths with detector-backed control files such as manifests, lockfiles, and nested project descriptors so starter agent boundaries say both what may be edited and what must stay out of bounds

made that stronger boundary visible in the generated starter notes too: detect/init now explicitly tell authors to review agent.writable_paths and agent.protected_paths before trusting automation

hardened workspace drift semantics for automation: ota workspace diff --json and ota workspace status --json now expose additive per-repo drift_kind so local dirtiness, commit divergence, missing repo, missing contract, target ambiguity, and unresolved comparison are machine-readable directly

refined workspace drift semantics further: ota workspace diff --json and ota workspace status --json now also expose additive per-repo target_source so automation can tell whether the comparison target came from declared source.ref or from the repo's upstream branch

clarified workspace drift text too: ota workspace diff and ota workspace status now make each Target: line explicit about declared-source-ref versus upstream-branch comparison provenance

refined workspace drift roll-ups too: workspace diff/status summaries now break the previously collapsed Missing and Unresolved buckets into explicit missing-contract and target-unavailable subcounts when those cases are present

clarified workspace source governance further: when drift is being compared against upstream-branch fallback instead of declared source.ref, repo-level follow-up now says that explicitly and suggests declaring source.ref when the workspace should own the target

pinned the workspace refresh machine surface explicitly with a dedicated workspace-refresh.json schema so preview/apply refresh output is no longer documented only by shared prose

hardened workspace source-target trust for ota workspace refresh: refresh now resolves targets in the explicit order --ref → declared source.ref → repo upstream branch, and refuses before preview or apply when none exists instead of falling through to a vague git pull failure

refined workspace refresh failure routing further: wrong remote target (source.ref / --ref) now stays distinct from source-access failures and generic local git-state failures so the follow-up lane stays specific

hardened the workspace lifecycle lane so ota workspace diff and ota workspace status now carry additive top-level and per-repo next / next_steps follow-up guidance, and successful ota workspace refresh previews now point back into the apply-and-recheck loop more explicitly

hardened execution failure routing for ota run: backend-configuration failures now point through ota execution plan before contract edits or retries, and declared env-source failures now point through ota env --task <name> before file repair and rerun

hardened execution failure routing for ota up: execution-plane precondition failures, backend startup failures, and provisioning failures now point through ota execution plan before execution-setting edits or retries

kept repo-level ota up execution receipts aligned across text and JSON by appending shared receipt follow-up guidance after the final UP SUMMARY block and carrying the same execution-plan-first lane onto repo-target receipt.next

refined the execution receipt JSON contract with additive receipt.next_steps, so receipt-bearing up, workspace up, workspace run, and receipt outputs expose ordered follow-up steps without forcing agents to split the human next string

polished the compact human execution summaries so RUN SUMMARY and UP SUMMARY lead with Status, making success, failure, blocked, and interrupted outcomes easier to scan before the longer execution details

hardened the workspace readiness and execution surfaces too: ota workspace doctor / ota workspace check now expose per-repo additive primary_blocker, ota workspace explain --json now exposes one top-level ordered workspace actions lane before the repo drill-in, and ota workspace up / ota workspace run now carry repo-owned additive next / next_steps alongside the shared workspace receipt follow-up lane

hardened workspace onboarding too: first workspace creation is now compare-first between ota workspace detect --dry-run and ota workspace init --dry-run, workspace doctor/validate/list/status/receipt missing-contract guidance now points through that preview lane, and successful workspace writes now hand directly into ota workspace validate, ota workspace up --dry-run, and ota workspace up

restored ota detect --contract as the minimal exact starter preview and removed the brittle explain JSON command-lane surface so ota explain --json / ota workspace explain --json expose only structured actions and steps instead of scraping machine commands back out of prose

tightened the detect merge success lane so remaining diff now stays on detect-owned review (ota detect --merge --dry-run / ota detect --rewrite --dry-run) instead of incorrectly handing users to ota explain, and clarified the review/write/preparation wording in README and public onboarding examples

aligned the remaining onboarding-facing docs and help surfaces with the stronger first-contract lane: repo README, command reference, and root help now teach ota doctor, ota detect --dry-run, ota detect --contract, ota init --dry-run, then the explicit write/preparation path instead of skipping the exact starter comparison step

completed the detect mutation onboarding lane: successful ota detect --write now hands users directly to ota validate and ota up --dry-run, successful merge writes now route to ota validate plus detect-owned review when drift still remains or ota up --dry-run when the contract is execution-ready, and successful rewrites now point straight to ota validate and ota up --dry-run

tightened the first-contract apply lane too: successful detector-led ota init now points to ota up --dry-run after validation so the onboarding path flows from review into preparation instead of bouncing back into generic diagnosis

tightened the first-contract onboarding lane again so no-contract ota detect --dry-run now points operators to compare ota detect --contract with ota init --dry-run before any write, and detector-led ota init --dry-run now renders that same compare-first review path explicitly instead of jumping straight to ota init

ota explain now orders grouped remediation actions deliberately instead of inheriting raw finding order, so preview-first and contract-authoring fixes surface ahead of later runtime follow-ups when several blockers exist at once

aligned ota explain --json and ota workspace explain --json with the ordered remediation story shown in text by adding grouped actions alongside detailed finding-level steps, so machine consumers get the same stable first-action plan without losing per-finding detail

expanded the safe doctor --fix repo-hygiene surface so the same .gitignore fix path now protects both .ota/state/ and .ota/receipts/ as Ota-owned local artifacts, with matching init/detect write behavior and updated doctor messaging

hardened the doctor-first onboarding lane: ota doctor now renders the repo state as READY, READY WITH WARNINGS, or BLOCKED, warning-only reports still single out one highest-priority primary finding, ready repos no longer get told to rerun ota up, contractless guidance is preview-first (ota detect --dry-run / ota init --dry-run), and deterministic next steps now point into ota assist where Ota can safely author the missing contract surface

tightened doctor's service guidance further: unverifiable required services now route into ota assist declare-readiness when only the probe is missing, or ota assist declare-service when the managed service declaration still lacks a start path and wider service shape

tightened doctor's setup guidance too: missing-file precondition failures now point to ota up / ota run setup when tasks.setup already exists, or to ota assist wire-setup when the contract still lacks a setup path Ota can own

kept the no-task doctor lane preview-first as well: taskless contracts now point to ota detect --dry-run before any detect write, while still offering ota assist add-task when the right fix is one explicit runnable task

added the first shipped ota assist operation with ota assist declare-readiness: it previews or applies deterministic readiness declarations for existing task runtime services and top-level managed services, supports monorepo --member targeting, emits a stable proposal/apply JSON shape, and validates writes through the same contract rules as the rest of Ota

added docs/spec/assist-operations.md to formalize the long-term ota assist direction as a deterministic contract-operation surface with a stable command catalog, stable preview/apply proposal model, explicit AI boundary, and canonical first implementation order

added docs/spec/assist-workflow.md and tightened the command and JSON references so the shipped ota assist declare-readiness slice now has a complete operator guide, concrete task/service/member examples, explicit refusal rules, and replacement visibility guidance alongside the long-term assist spec

added the second shipped ota assist slice with ota assist declare-service: it previews or applies deterministic managed-service declarations, creates or refines one services.<name> block at a time, supports explicit manager and endpoint inputs plus optional structured readiness, honors monorepo --member writes, and now has matching command, workflow, and JSON reference coverage

added the fourth shipped ota assist slice with ota assist bind-task: it previews or applies deterministic tasks.<consumer>.targets.<name> mutations, binds one consumer task to one producer runtime listener through the current target contract, supports monorepo --member and --producer-member edges, refuses ambiguous listener selection instead of guessing, and now has matching command, workflow, JSON schema, and public-site coverage

added the fifth shipped ota assist slice with ota assist declare-env: it previews or applies deterministic env contract mutations for one root env.vars requirement, one curated env.sources[] entry, or one explicit task-local tasks.<name>.env value, preserves current env precedence rules, supports monorepo --member writes, and now has matching command, workflow, JSON schema, and public-site coverage

added the sixth shipped ota assist slice with ota assist add-task: it previews or applies deterministic new-task declarations, creates one tasks.<name> entry at a time, supports explicit command, service, setup, check, and sandbox starter kinds, requires explicit service listener inputs instead of guessing runtime shape, supports monorepo --member writes, and now has matching command, workflow, JSON schema, and public-site coverage

added the seventh shipped ota assist slice with ota assist normalize: it previews or applies one deterministic normalization intent that moves an existing setup-like task into the canonical tasks.setup slot, forces the canonical setup task back to internal: true, refuses inherited member-overlay sources it cannot safely delete, and now has matching command, workflow, JSON schema, and public-site coverage

added the third shipped ota assist slice with ota assist wire-setup: it previews or applies deterministic tasks.setup mutations, can create or refine setup bodies with explicit --run or --script, owns the phased setup.requires_services boundary for ota up, supports monorepo --member writes, and now has matching command, workflow, JSON schema, and public-site coverage

expanded the maintainer version bump scripts so one bump now updates Cargo.toml, rolls CHANGELOG.md from Unreleased into the requested version heading, and repins the readiness workflow's ota-version consistently

tightened the adoption path around Ota's own dogfood and first-run UX: the readiness workflow now pins 1.6.7, root help now emphasizes doctor -> detect/init -> explain -> up -> run, doctor --fix explicitly presents its current repo-hygiene-only scope, and the repo's own contract now avoids warning-producing install drift and execution-only ephemeral lifecycle advice during self-hosted readiness checks