Feature: Test, fix, and document updates

vdavid · vdavid · commit 10e43de7e1f3 · 2026-01-14T15:01:19.000+01:00
- Tested manually
- Added more builds that the app actually needs
- Wrote feature docs
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -34,18 +34,6 @@ jobs:
             - name: Install x86_64 target for universal binary
               run: rustup target add x86_64-apple-darwin
 
-            - name: Build sidecar binary for both architectures
-              working-directory: ./apps/desktop/src-tauri
-              run: |
-                  cargo build --release --bin cmdr-mcp-stdio --target aarch64-apple-darwin
-                  cargo build --release --bin cmdr-mcp-stdio --target x86_64-apple-darwin
-                  # Create universal binary
-                  mkdir -p target/universal-apple-darwin/release
-                  lipo -create \
-                      target/aarch64-apple-darwin/release/cmdr-mcp-stdio \
-                      target/x86_64-apple-darwin/release/cmdr-mcp-stdio \
-                      -output target/universal-apple-darwin/release/cmdr-mcp-stdio
-
             - name: Build and release
               uses: tauri-apps/tauri-action@v0
               env:
@@ -107,6 +95,7 @@ jobs:
                   NOTES=$(cat /tmp/notes.txt | jq -Rs .)
 
                   # Write to /tmp first (will copy to main branch later)
+                  # All platforms point to the same universal binary
                   cat > /tmp/latest.json << EOF
                   {
                       "version": "$VERSION",
@@ -116,6 +105,14 @@ jobs:
                           "darwin-universal": {
                               "signature": "${{ steps.artifacts.outputs.signature }}",
                               "url": "https://github.com/vdavid/cmdr/releases/download/${{ github.ref_name }}/${{ steps.artifacts.outputs.filename }}"
+                          },
+                          "darwin-aarch64": {
+                              "signature": "${{ steps.artifacts.outputs.signature }}",
+                              "url": "https://github.com/vdavid/cmdr/releases/download/${{ github.ref_name }}/${{ steps.artifacts.outputs.filename }}"
+                          },
+                          "darwin-x86_64": {
+                              "signature": "${{ steps.artifacts.outputs.signature }}",
+                              "url": "https://github.com/vdavid/cmdr/releases/download/${{ github.ref_name }}/${{ steps.artifacts.outputs.filename }}"
                           }
                       }
                   }
diff --git a/apps/desktop/scripts/tauri-wrapper.js b/apps/desktop/scripts/tauri-wrapper.js
@@ -5,17 +5,23 @@ import { spawn } from 'child_process'
 // Get arguments passed to the script
 const args = process.argv.slice(2)
 
-// Check if the command is 'dev'
+// Check if the command is 'dev' or 'build'
 const isDev = args.includes('dev')
+const isBuild = args.includes('build')
 
 // If dev, inject the dev configuration
 if (isDev) {
     // Add -c src-tauri/tauri.dev.json to merge config
     args.push('-c', 'src-tauri/tauri.dev.json')
 }
 
-// Spawn the tauri process via npx (avoids shell: true deprecation warning)
-const tauriProcess = spawn('npx', ['tauri', ...args], {
+// If build and no target specified, default to universal binary
+if (isBuild && !args.includes('--target') && !args.includes('-t')) {
+    args.push('--target', 'universal-apple-darwin')
+}
+
+// Spawn the tauri process via pnpm exec
+const tauriProcess = spawn('pnpm', ['exec', 'tauri', ...args], {
     stdio: 'inherit',
 })
 
diff --git a/apps/desktop/src-tauri/tauri.dev.json b/apps/desktop/src-tauri/tauri.dev.json
@@ -2,5 +2,10 @@
     "$schema": "https://schema.tauri.app/config/2",
     "app": {
         "withGlobalTauri": true
+    },
+    "plugins": {
+        "updater": {
+            "endpoints": ["http://localhost:4321/latest.json"]
+        }
     }
 }
diff --git a/apps/desktop/src/lib/updater.svelte.ts b/apps/desktop/src/lib/updater.svelte.ts
@@ -1,5 +1,7 @@
 import { check, type Update } from '@tauri-apps/plugin-updater'
 import { relaunch } from '@tauri-apps/plugin-process'
+import { getVersion } from '@tauri-apps/api/app'
+import { feLog } from './tauri-commands'
 
 const checkIntervalMs = 60 * 60 * 1000 // 60 minutes
 
@@ -20,9 +22,6 @@ export function getUpdateState(): UpdateState {
 }
 
 export async function checkForUpdates(): Promise<void> {
-    // eslint-disable-next-line no-console
-    console.log('[updater] checkForUpdates called, current status:', updateState.status)
-
     if (updateState.status === 'downloading' || updateState.status === 'ready') {
         return // Don't interrupt ongoing download or ready state
     }
@@ -31,25 +30,25 @@ export async function checkForUpdates(): Promise<void> {
     updateState.error = null
 
     try {
-        // eslint-disable-next-line no-console
-        console.log('[updater] Checking for updates...')
+        const currentVersion = await getVersion()
+        feLog(`[updater] Checking for updates (current: v${currentVersion})...`)
         const update = await check()
-        // eslint-disable-next-line no-console
-        console.log('[updater] Check result:', update)
 
         if (update !== null) {
+            feLog(`[updater] Update available: v${currentVersion} → v${update.version}`)
             updateState.status = 'downloading'
             await update.downloadAndInstall()
+            feLog(`[updater] v${update.version} downloaded, restart to apply`)
             updateState.status = 'ready'
             updateState.update = update
         } else {
+            feLog(`[updater] v${currentVersion} is up to date`)
             updateState.status = 'idle'
         }
     } catch (error) {
         updateState.status = 'idle'
         updateState.error = error instanceof Error ? error.message : String(error)
-        // eslint-disable-next-line no-console
-        console.error('Update check failed:', error)
+        feLog(`[updater] Check failed: ${updateState.error}`)
     }
 }
 
@@ -58,15 +57,8 @@ export async function restartToUpdate(): Promise<void> {
 }
 
 export function startUpdateChecker(): () => void {
-    // eslint-disable-next-line no-console
-    console.log('[updater] startUpdateChecker called, DEV mode:', import.meta.env.DEV)
-
-    // Skip update checks in dev mode to avoid hitting real endpoint
-    if (import.meta.env.DEV) {
-        // eslint-disable-next-line no-console
-        console.log('[updater] Skipping update check in dev mode')
-        return () => {}
-    }
+    const endpoint = import.meta.env.DEV ? 'localhost:4321' : 'getcmdr.com'
+    feLog(`[updater] Started (endpoint: ${endpoint})`)
 
     // Check immediately on start
     void checkForUpdates()
diff --git a/apps/website/public/latest.json b/apps/website/public/latest.json
@@ -5,7 +5,15 @@
     "platforms": {
         "darwin-universal": {
             "signature": "dW50cnVzdGVkIGNvbW1lbnQ6IHNpZ25hdHVyZSBmcm9tIHRhdXJpIHNlY3JldCBrZXkKUlVRS2pCYTdOaDlnb3Y3ZHZteXQvK2ZITlVFbGY1SVdkQW9weVNsL2R3QWNTNW1zcmpvY2o5eUFQR2E0SE1NZm1Sd0NxSlRMR2RCeXFCUllJemlQejBaY01KcURiRzltMXdNPQp0cnVzdGVkIGNvbW1lbnQ6IHRpbWVzdGFtcDoxNzY4MzUyMDc5CWZpbGU6Q21kci5hcHAudGFyLmd6Ck0rbW9NVit0RjlPcWo3dnhhaTZTYVlwNVBrcXd1bnhZWmFiTTRYNDhWTUpzZXl0ejgxYUxSVSt6YmM4MDBTVW54NHptSjZkZGhLbnFwMDRBSUNmL0N3PT0K",
-            "url": "https://github.com/vdavid/cmdr/releases/download/v0.3.1/Cmdr.app.tar.gz"
+            "url": "https://github.com/vdavid/cmdr/releases/download/v0.3.1/Cmdr_universal.app.tar.gz"
+        },
+        "darwin-aarch64": {
+            "signature": "dW50cnVzdGVkIGNvbW1lbnQ6IHNpZ25hdHVyZSBmcm9tIHRhdXJpIHNlY3JldCBrZXkKUlVRS2pCYTdOaDlnb3Y3ZHZteXQvK2ZITlVFbGY1SVdkQW9weVNsL2R3QWNTNW1zcmpvY2o5eUFQR2E0SE1NZm1Sd0NxSlRMR2RCeXFCUllJemlQejBaY01KcURiRzltMXdNPQp0cnVzdGVkIGNvbW1lbnQ6IHRpbWVzdGFtcDoxNzY4MzUyMDc5CWZpbGU6Q21kci5hcHAudGFyLmd6Ck0rbW9NVit0RjlPcWo3dnhhaTZTYVlwNVBrcXd1bnhZWmFiTTRYNDhWTUpzZXl0ejgxYUxSVSt6YmM4MDBTVW54NHptSjZkZGhLbnFwMDRBSUNmL0N3PT0K",
+            "url": "https://github.com/vdavid/cmdr/releases/download/v0.3.1/Cmdr_universal.app.tar.gz"
+        },
+        "darwin-x86_64": {
+            "signature": "dW50cnVzdGVkIGNvbW1lbnQ6IHNpZ25hdHVyZSBmcm9tIHRhdXJpIHNlY3JldCBrZXkKUlVRS2pCYTdOaDlnb3Y3ZHZteXQvK2ZITlVFbGY1SVdkQW9weVNsL2R3QWNTNW1zcmpvY2o5eUFQR2E0SE1NZm1Sd0NxSlRMR2RCeXFCUllJemlQejBaY01KcURiRzltMXdNPQp0cnVzdGVkIGNvbW1lbnQ6IHRpbWVzdGFtcDoxNzY4MzUyMDc5CWZpbGU6Q21kci5hcHAudGFyLmd6Ck0rbW9NVit0RjlPcWo3dnhhaTZTYVlwNVBrcXd1bnhZWmFiTTRYNDhWTUpzZXl0ejgxYUxSVSt6YmM4MDBTVW54NHptSjZkZGhLbnFwMDRBSUNmL0N3PT0K",
+            "url": "https://github.com/vdavid/cmdr/releases/download/v0.3.1/Cmdr_universal.app.tar.gz"
         }
     }
 }
diff --git a/docs/features/automated-updates.md b/docs/features/automated-updates.md
@@ -0,0 +1,160 @@
+# Automated updates
+
+This document describes how Cmdr checks for and installs updates automatically.
+
+## Overview
+
+Cmdr uses Tauri's built-in updater plugin to deliver updates:
+
+1. App checks for updates on startup and every 60 minutes
+2. If an update is available, it downloads silently in the background
+3. User sees a "Restart to update" notification when ready
+4. Clicking restart applies the update and relaunches the app
+
+Updates are signed with Ed25519 to ensure authenticity. The app won't install anything that doesn't match the embedded public key.
+
+## Architecture
+
+```
+┌─────────────────────────────────────────────────────────────────────┐
+│                          Update flow                                │
+├─────────────────────────────────────────────────────────────────────┤
+│                                                                     │
+│  ┌─────────────────┐     ┌─────────────────┐     ┌───────────────┐  │
+│  │  GitHub Actions │────▶│  GitHub         │────▶│ getcmdr.com   │  │
+│  │  (build+sign)   │     │  Releases       │     │ /latest.json  │  │
+│  └─────────────────┘     └─────────────────┘     └───────┬───────┘  │
+│                                                          │          │
+│                                                          ▼          │
+│  ┌───────────────────────────────────────────────────────────────┐  │
+│  │  Cmdr app                                                     │  │
+│  │  1. Fetches latest.json                                       │  │
+│  │  2. Compares versions                                         │  │
+│  │  3. Downloads .tar.gz from GitHub Releases                    │  │
+│  │  4. Verifies Ed25519 signature                                │  │
+│  │  5. Shows "Restart to update" notification                    │  │
+│  └───────────────────────────────────────────────────────────────┘  │
+│                                                                     │
+└─────────────────────────────────────────────────────────────────────┘
+```
+
+## Update manifest
+
+The app fetches `https://getcmdr.com/latest.json` to check for updates:
+
+```json
+{
+    "version": "0.3.1",
+    "notes": "### Added\n- New feature...",
+    "pub_date": "2026-01-14T00:54:48Z",
+    "platforms": {
+        "darwin-universal": {
+            "signature": "base64-encoded-ed25519-signature",
+            "url": "https://github.com/vdavid/cmdr/releases/download/v0.3.1/Cmdr_universal.app.tar.gz"
+        },
+        "darwin-aarch64": { ... },
+        "darwin-x86_64": { ... }
+    }
+}
+```
+
+All three macOS platforms point to the same universal binary. This ensures both Apple Silicon and Intel Macs find a matching update.
+
+## Implementation
+
+### Frontend (`apps/desktop/src/lib/updater.svelte.ts`)
+
+The updater service manages the update lifecycle:
+
+| Export                 | Description                                                           |
+|------------------------|-----------------------------------------------------------------------|
+| `startUpdateChecker()` | Starts checking on launch and every 60 min. Returns cleanup function. |
+| `checkForUpdates()`    | Manually triggers an update check                                     |
+| `getUpdateState()`     | Returns current state: `idle`, `checking`, `downloading`, or `ready`  |
+| `restartToUpdate()`    | Relaunches the app to apply the downloaded update                     |
+
+### UI (`apps/desktop/src/lib/UpdateNotification.svelte`)
+
+A toast notification that appears in the bottom-right corner when an update is ready. Shows "Restart to update" with a button to trigger the restart.
+
+### Configuration
+
+**Production** (`tauri.conf.json`):
+```json
+"plugins": {
+    "updater": {
+        "endpoints": ["https://getcmdr.com/latest.json"],
+        "pubkey": "base64-encoded-public-key"
+    }
+}
+```
+
+**Development** (`tauri.dev.json`):
+```json
+"plugins": {
+    "updater": {
+        "endpoints": ["http://localhost:4321/latest.json"]
+    }
+}
+```
+
+### Capabilities
+
+The updater requires these permissions in `capabilities/default.json`:
+- `updater:default` — allows checking and downloading updates
+- `process:allow-restart` — allows relaunching the app
+
+## Release workflow
+
+When you push a version tag (for example, `v0.3.2`), the GitHub Actions release workflow:
+
+1. Builds a universal macOS binary (aarch64 + x86_64)
+2. Signs the `.app.tar.gz` with Ed25519 using `TAURI_SIGNING_PRIVATE_KEY`
+3. Uploads artifacts to GitHub Releases
+4. Updates `apps/website/public/latest.json` with the new version and signature
+5. Triggers a website deploy so the manifest is live
+
+See [Releasing guide](../guides/releasing.md) for step-by-step instructions.
+
+## Logging
+
+The updater logs to the backend via `feLog()`. Example output:
+
+```
+[updater] Started (endpoint: getcmdr.com)
+[updater] Checking for updates (current: v0.3.0)...
+[updater] Update available: v0.3.0 → v0.3.1
+[updater] v0.3.1 downloaded, restart to apply
+```
+
+On error:
+```
+[updater] Check failed: Download request failed with status: 404 Not Found
+```
+
+## Local testing
+
+To test updates locally without deploying:
+
+1. Start the website dev server (serves `latest.json`):
+   ```bash
+   cd apps/website && pnpm dev
+   ```
+
+2. Edit `apps/website/public/latest.json` — set a version higher than your local build
+
+3. Run the app in dev mode:
+   ```bash
+   cd apps/desktop && pnpm tauri dev
+   ```
+
+4. The app checks `localhost:4321/latest.json` and shows the update notification
+
+Note: The actual download will fail locally since there's no signed artifact. This flow is useful for testing the detection and UI.
+
+## Security
+
+- **Signature verification**: Every update is verified against the embedded Ed25519 public key before installation
+- **HTTPS**: Production endpoint uses HTTPS
+- **No downgrade**: Tauri won't install older versions by default
+- **Signed releases**: Only CI can sign releases (private key is a GitHub secret)

Original file line number	Diff line number	Diff line change
`@@ -2,5 +2,10 @@`
`2`	`2`	`"$schema": "https://schema.tauri.app/config/2",`
`3`	`3`	`"app": {`
`4`	`4`	`"withGlobalTauri": true`
	`5`	`+ },`
	`6`	`+ "plugins": {`
	`7`	`+ "updater": {`
	`8`	`+ "endpoints": ["http://localhost:4321/latest.json"]`
	`9`	`+ }`
`5`	`10`	`}`
`6`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,15 @@`
`5`	`5`	`"platforms": {`
`6`	`6`	`"darwin-universal": {`
`7`	`7`	`"signature": "dW50cnVzdGVkIGNvbW1lbnQ6IHNpZ25hdHVyZSBmcm9tIHRhdXJpIHNlY3JldCBrZXkKUlVRS2pCYTdOaDlnb3Y3ZHZteXQvK2ZITlVFbGY1SVdkQW9weVNsL2R3QWNTNW1zcmpvY2o5eUFQR2E0SE1NZm1Sd0NxSlRMR2RCeXFCUllJemlQejBaY01KcURiRzltMXdNPQp0cnVzdGVkIGNvbW1lbnQ6IHRpbWVzdGFtcDoxNzY4MzUyMDc5CWZpbGU6Q21kci5hcHAudGFyLmd6Ck0rbW9NVit0RjlPcWo3dnhhaTZTYVlwNVBrcXd1bnhZWmFiTTRYNDhWTUpzZXl0ejgxYUxSVSt6YmM4MDBTVW54NHptSjZkZGhLbnFwMDRBSUNmL0N3PT0K",`
`8`		`- "url": "https://github.com/vdavid/cmdr/releases/download/v0.3.1/Cmdr.app.tar.gz"`
	`8`	`+ "url": "https://github.com/vdavid/cmdr/releases/download/v0.3.1/Cmdr_universal.app.tar.gz"`
	`9`	`+ },`
	`10`	`+ "darwin-aarch64": {`
	`11`	`+ "signature": "dW50cnVzdGVkIGNvbW1lbnQ6IHNpZ25hdHVyZSBmcm9tIHRhdXJpIHNlY3JldCBrZXkKUlVRS2pCYTdOaDlnb3Y3ZHZteXQvK2ZITlVFbGY1SVdkQW9weVNsL2R3QWNTNW1zcmpvY2o5eUFQR2E0SE1NZm1Sd0NxSlRMR2RCeXFCUllJemlQejBaY01KcURiRzltMXdNPQp0cnVzdGVkIGNvbW1lbnQ6IHRpbWVzdGFtcDoxNzY4MzUyMDc5CWZpbGU6Q21kci5hcHAudGFyLmd6Ck0rbW9NVit0RjlPcWo3dnhhaTZTYVlwNVBrcXd1bnhZWmFiTTRYNDhWTUpzZXl0ejgxYUxSVSt6YmM4MDBTVW54NHptSjZkZGhLbnFwMDRBSUNmL0N3PT0K",`
	`12`	`+ "url": "https://github.com/vdavid/cmdr/releases/download/v0.3.1/Cmdr_universal.app.tar.gz"`
	`13`	`+ },`
	`14`	`+ "darwin-x86_64": {`
	`15`	`+ "signature": "dW50cnVzdGVkIGNvbW1lbnQ6IHNpZ25hdHVyZSBmcm9tIHRhdXJpIHNlY3JldCBrZXkKUlVRS2pCYTdOaDlnb3Y3ZHZteXQvK2ZITlVFbGY1SVdkQW9weVNsL2R3QWNTNW1zcmpvY2o5eUFQR2E0SE1NZm1Sd0NxSlRMR2RCeXFCUllJemlQejBaY01KcURiRzltMXdNPQp0cnVzdGVkIGNvbW1lbnQ6IHRpbWVzdGFtcDoxNzY4MzUyMDc5CWZpbGU6Q21kci5hcHAudGFyLmd6Ck0rbW9NVit0RjlPcWo3dnhhaTZTYVlwNVBrcXd1bnhZWmFiTTRYNDhWTUpzZXl0ejgxYUxSVSt6YmM4MDBTVW54NHptSjZkZGhLbnFwMDRBSUNmL0N3PT0K",`
	`16`	`+ "url": "https://github.com/vdavid/cmdr/releases/download/v0.3.1/Cmdr_universal.app.tar.gz"`
`9`	`17`	`}`
`10`	`18`	`}`
`11`	`19`	`}`