Ota v1.6.18 Now available

v1.6.18 is a determinism release.

Pressure-testing across real repositories exposed a familiar pattern: contracts were becoming more expressive, but the real execution path still needed tighter guarantees. Runtime proof needed an explicit wait budget. Container runs needed cleaner file mounts, non-root behavior, and package-manager cache ownership. Corepack-backed package managers needed different activation behavior on native and container lanes. Task execution needed a first-class way to say: only run this task when these conditions are true.

That kind of uncertainty matters. A repo can look ready while a proof run waits forever. A container can pass once and still leave root-owned artifacts behind. A task can look runnable in preview and then miss the same precondition gate during the real run. Agents and CI systems need more than "try it and see"; they need bounded, inspectable, repeatable execution behavior.

The goal for this release was simple: bound runtime proof, make container execution cleaner, make bootstrap more declarative, and keep task execution conditions explicit.

v1.6.18 ships a focused set of execution-governance improvements:

1. Bounded runtime proof readiness: ota proof runtime --ready-timeout <DURATION> now gives CI and local automation an explicit wait budget, with timeout failures classified as TIMEOUT and failure_class: readiness_timeout.
2. Deterministic interruption handling: cancelled runtime-proof runs now emit INTERRUPTED in text and phase: interrupted / failure_class: interrupted in JSON instead of opaque cancellation output.
3. File-aware container isolation mounts: file-like attachments.isolated_paths entries now mount through managed bind files, while directory-like paths keep using managed dependency-isolation volumes.
4. Cleaner Corepack behavior across lanes: native tasks avoid unnecessary corepack enable when the task already invokes Corepack directly, while container tasks bootstrap Corepack shims inside the real task shell.
5. More reliable non-root container execution: Ota now defaults container task HOME to /tmp, prepares isolation volumes for the selected host UID/GID, and reduces root-owned workspace artifact drift.
6. Stronger real-run precondition gates: ota run now blocks before task startup on selected precondition failures, including missing container-image tools and runtime/tool version mismatches.
7. Clearer version-mismatch diagnostics: runtime and tool blockers now use a task-first layout with explicit Where, Field, Why, and ordered Next guidance.
8. Modern detector and starter ownership: Node, Rust, and Python init/detect paths now align with shipped toolchain contracts such as toolchains.node, toolchains.rust, and toolchains.python.
9. Expanded agent-safe effects advisories: network and external-state effects now propagate across the reachable task chain, giving agents a clearer view of the real automation blast radius.
10. Task inventory filters: ota tasks now supports --safe, --unsafe, and --via native|container, making task safety and backend-lane inspection easier.
11. First-class task execution conditions: tasks.<name>.when.checks lets Ota evaluate precondition, file, and changed-file checks before dependency or service startup and skip tasks deterministically when the condition lane does not pass.
12. Multi-step bootstrap orchestration: action.kind: ensure_bundle lets one task run ordered deterministic setup actions such as copy_if_missing, ensure_env_file, ensure_file, and ensure_directory without shell glue.
13. More resilient container dependency isolation: permission-denied install failures on isolated dependency paths can trigger one selected-volume reset and retry.
14. Cleaner proof teardown: detached Unix proof runs now use a dedicated process group and signal the full group on shutdown, reducing lingering listeners and late bind conflicts.

This release is about removing execution ambiguity. Proof runs are bounded. Setup is more declarative. Container behavior is less fragile. Task conditions are explicit. And Ota keeps moving repo execution away from hidden shell assumptions toward structured, verifiable execution governance.

If you want to adopt these capabilities directly, use the live docs:

• Get Started: Install Ota and run ota doctor first in your repo.
• Contract reference: Contract (requirements, any_of, effects, services, agent).
• Command reference: Commands (ota proof runtime, ota run, ota up, ota doctor, ota tasks).
• Workflow modeling: Workflows for readiness and execution intent.

v1.6.18 is live here: https://ota.run/releases/v1.6.18

If you already use Ota, upgrade and verify:

ota --versionota validateota doctorota run <task> --dry-run --json

If you are evaluating Ota for the first time, this is a strong version to start with: the execution path is clearer, bootstrap is more deterministic, and the agent boundary model is stricter where it matters most.