ota-run/ota](https:

v1.6.9 Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 26d Developer Productivity

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

cli configuration contracts developer-tools infrastructure ota

+5 more

productivity repo-readiness rust validation workspace

Affected surfaces

auth breaking_upgrade

Summary

AI summary

Removed the unadvertised ota studio CLI surface.

Full changelog

hardened repo status trust across ota doctor, ota check, and ota up --dry-run: single-repo check text now uses the shared verdict-driven readiness header, up --dry-run --json now carries the shared summary verdict block, and warning-only previews now surface the first actionable readiness finding instead of looking silently READY
hardened parser and workspace cache behavior so poisoned cache mutexes now clear the tainted cache and fall back to fresh parsing instead of panicking the CLI on the next contract or workspace load
removed the shipped ota studio CLI surface so the supported product stays aligned with the current doctor/init/detect/up/run adoption path instead of carrying an unadvertised local Studio export mode
fixed Windows release installs again so Git Bash/MSYS/MINGW and PowerShell now both use the published Windows .zip release path instead of a nonexistent .tar.gz, verify ota.exe correctly in shell-installer post-install checks, and make explicit release-mode installs/self-updates fail honestly instead of silently falling back to Cargo git builds when the prebuilt asset download fails
tightened ota detect --write to fail fast when project name/contract confidence is insufficient, so weak detections no longer produce an auto-written starter contract; this also applies detector-inferred agent boundaries (agent.writable_paths, agent.protected_paths, and provenance) before writing and keeps blocked JSON/text next steps explicit for the targeted repo path
fixed ota detect --write for high-confidence candidates whose lower-confidence setup task is excluded, so derived agent guidance is now based on the exact contract being written and no longer blocks valid Maven-style detections with stale agent task references
fixed the Windows bootstrap/self-update replacement path again so locked ota.exe updates no longer leak raw PowerShell Copy-Item file-in-use failures; the bootstrap script now routes wrapped locked-file errors through the deferred replacement scheduler consistently and reports the update as pending until verification
hardened the Git Bash/MSYS/MINGW shell installer path so Windows installs use ASCII-safe operator output, locked ota.exe replacements are staged as pending instead of leaking raw mv/file-in-use failures, and release install receipts verify the binary that was just installed before falling back to older PATH entries
fixed passive update notifications on Windows so first/stale checks wait long enough for the release lookup to complete, recent lookup failures are throttled instead of slowing every command, PowerShell fallback covers pwsh(.exe) and powershell(.exe), and interactive ota --version can surface cached/new-release notices without showing failure noise
redesigned ota agents --review around the real boundary states: reviewed boundaries now report Boundary sync as in sync or update needed, inferred boundaries report blocked until review, fully synced reviews end with Boundary is already synced. plus an inline Next: run \ota doctor` ..., and the older AUTHORED/explicit` wording is gone