ota-run/ota](https: releases

improved ota run so a missing non-path token like ota run version:bump patch can be reinterpreted as a single declared task input instead of a fake repo path, while still preserving explicit path-like tokens such as ./repo or foo/ota.yaml.

extended that single-input shorthand to monorepo member runs, so ota run version:bump --member api patch now resolves patch as the declared task input instead of a missing repo path.

prevalidated requested-task inputs before dependency execution in ota run, so invalid top-level task input flags or values now fail before any depends_on work can mutate repo state.

clarified run receipt step details for hook reruns so follow-up executions now explain when a task reran via after_success / after_failure / after_always and when a dependency reran as part of that fresh hook subtree.

clarified ota run --help and ota workspace run --help so the operator rule is explicit: put Ota command flags before task inputs, with concrete examples for input-bearing task syntax.

breaking change: task input validation now rejects names that collide with reserved ota run / ota workspace run flags and aliases such as backend, jobs, json, lifecycle, member, mode, receipt, or stream; existing contracts must rename those inputs to task-specific names such as suite_mode, output_json, target_member, or execution_backend before upgrading.

fixed task outcome hooks so after_success, after_failure, and after_always can rerun a task together with its dependency subtree even when that work already ran earlier in the same top-level invocation through depends_on, which fixes flows like version:bump followed by a post-bump build that must rerun setup.

dogfooded task outcome hooks in the ota repo and the public examples repo so after_success, after_failure, and after_always now appear in real shipped contracts instead of docs-only examples

added first-class task outcome hooks with after_success, after_failure, and after_always, made the runner treat hook failures as part of the parent task result, and updated workspace task inventory plus contract docs so the new execution edges are visible in both runtime and machine-readable surfaces

CI wrapper scripts scripts/emit-ota-findings.sh and scripts/emit-ota-findings.ps1 now
delegate directly to ota annotations, including markdown summaries and receipt-diff, so
wrapper paths reuse the canonical CLI renderers instead of maintaining duplicate formatting;
they also resolve the current checkout binary before falling back to an ambient install

polished ota annotations for CI and PR consumption by suppressing duplicate primary-blocker finding lines and labeling additive Provenance: plus Next: segments when those fields exist in the input JSON.

added ota annotations --format markdown as the canonical compact summary renderer for doctor and workspace-doctor JSON, so step summaries and PR comments can reuse ota’s own status, blocker, provenance, and next-step wording instead of rebuilding it downstream.

extended ota annotations with --mode receipt-diff --format markdown, so baseline compare output now has the same canonical compact renderer for PR comments and step summaries instead of forcing wrappers to rebuild compare/gate wording from raw receipt diff JSON.

extended ota receipt --baseline --fail-on-new-blockers so the compare gate now carries the first blocking summary, next step, and provenance in both JSON and text output, making CI summaries and PR comments easier to render without scraping the full introduced-finding list.

added a compact additive receipt diff comparison summary so JSON and text output can surface baseline/current identity labels plus readiness drift in one small block instead of forcing wrappers to reconstruct that view from the full baseline/current sections.

refined explicit ota init --pack ... advisories so the text output now compares both sides of the mismatch more clearly with suggested signals, selected-pack incidental signals, and an explicit score gap while keeping the pack choice authoritative.

extended pack_advisory in ota init --json with additive comparison fields such as score_gap and selected_signal_details, making the advisory easier to explain in automation without scraping human text.

clarified the env-resolution docs so root contract env is explained as a repo-wide execution contract, not just a validation surface, including the injected-process boundary for ota run / ota up and when ota can functionally replace in-app dotenv loading.

made the env docs more explicit about what required, allowed, secret, and default mean in practice, including a concrete DISCORD_TOKEN plus RELEASE_CHANNEL example.

added stronger env docs for authoring and operations, including valid-versus-invalid env.vars examples, the remote-secret execution caveat, a workspace env precedence example, and a realistic ota env text/JSON example.