diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml
index 051123ae..ba7a054b 100644
--- a/.github/workflows/checks.yaml
+++ b/.github/workflows/checks.yaml
@@ -74,7 +74,7 @@ jobs:
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
           java-version: "17"
-          distribution: "adopt"
+          distribution: "temurin"
           server-id: github
       - name: Cache SonarCloud packages
         uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
@@ -102,7 +102,7 @@ jobs:
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
           java-version: "17"
-          distribution: "adopt"
+          distribution: "temurin"
           server-id: github
       - name: Build java SDK
         run: |
@@ -239,63 +239,17 @@ jobs:
           fi
         working-directory: cmdline
 
-      - name: Start additional kas
-        uses: opentdf/platform/test/start-additional-kas@main
-        with:
-          kas-port: 8282
-          kas-name: beta
-
-      - name: Make sure that the second platform is up
-        run: |
-          grpcurl -plaintext localhost:8282 kas.AccessService/PublicKey
-      - name: Validate multikas through the command line interface
-        run: |
-          printf 'here is some data to encrypt' > data
-
-          java -jar target/cmdline.jar \
-            --client-id=opentdf-sdk \
-            --client-secret=secret \
-            --platform-endpoint=http://localhost:8080 \
-            -h\
-            encrypt --kas-url=http://localhost:8080,http://localhost:8282 -f data -m 'here is some metadata' > test.tdf
-
-          java -jar target/cmdline.jar \
-            --client-id=opentdf-sdk \
-            --client-secret=secret \
-            --platform-endpoint=http://localhost:8080 \
-            -h\
-            decrypt -f test.tdf --kas-allowlist http://localhost:8080,http://localhost:8282  > decrypted
-
-          java -jar target/cmdline.jar \
-            --client-id=opentdf-sdk \
-            --client-secret=secret \
-            --platform-endpoint=http://localhost:8080 \
-            -h\
-            metadata -f test.tdf --kas-allowlist http://localhost:8080,http://localhost:8282 > metadata
-
-          if ! diff -q data decrypted; then
-            printf 'decrypted data is incorrect [%s]' "$(< decrypted)"
-            exit 1
-          fi
-
-          if [ "$(< metadata)" != 'here is some metadata' ]; then
-            printf 'metadata is incorrect [%s]\n' "$(< metadata)"
-            exit 1
-          fi
-        working-directory: cmdline
-
   platform-xtest:
     permissions:
       contents: read
       packages: read
       checks: write
       pull-requests: write
-    needs: platform-integration
     uses: opentdf/tests/.github/workflows/xtest.yml@main
     with:
       focus-sdk: java
       java-ref: ${{ github.ref }} latest
-      platform-ref: main lts
+      platform-ref: main latest
 
   ci:
     needs:
diff --git a/.github/workflows/dev-artifact.yaml b/.github/workflows/dev-artifact.yaml
new file mode 100644
index 00000000..eec7e292
--- /dev/null
+++ b/.github/workflows/dev-artifact.yaml
@@ -0,0 +1,55 @@
+name: Publish Dev Artifact
+
+on:
+  push:
+    branches: [main]
+
+permissions:
+  contents: write
+
+jobs:
+  publish-dev-artifact:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Setup Buf
+        uses: bufbuild/buf-setup-action@a47c93e0b1648d5651a065437926377d060baa99 # v1.50.0
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Cache Maven packages
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+
+      - name: Set up JDK
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        with:
+          java-version: "17"
+          distribution: "temurin"
+
+      - name: Build cmdline
+        run: mvn --batch-mode clean package -DskipTests
+        env:
+          BUF_INPUT_HTTPS_USERNAME: opentdf-bot
+          BUF_INPUT_HTTPS_PASSWORD: ${{ secrets.PERSONAL_ACCESS_TOKEN_OPENTDF }}
+
+      - name: Update dev tag
+        run: |
+          git tag -f dev
+          git push origin dev -f
+
+      - name: Publish dev release
+        uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
+        with:
+          tag_name: dev
+          name: "dev (${{ github.sha }})"
+          body: |
+            Development build from main branch.
+
+            **Commit:** [`${{ github.sha }}`](${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }})
+          prerelease: true
+          files: cmdline/target/cmdline.jar
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 17ef5750..6a7e5a4e 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -35,8 +35,8 @@ jobs:
         if: github.ref == 'refs/heads/main'
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
-          java-version: "11"
-          distribution: "adopt"
+          java-version: "17"
+          distribution: "temurin"
           # write settings.xml
           server-id: github-pkg
           server-username: GITHUB_ACTOR
@@ -57,8 +57,8 @@ jobs:
         if: startsWith(github.ref, 'refs/tags/')
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
-          java-version: "11"
-          distribution: "adopt"
+          java-version: "17"
+          distribution: "temurin"
           # write settings.xml
           server-id: central
           server-username: MAVEN_USERNAME