Add self-update support with background checks

[axeldelafosse]

Summary

Implement dead-simple self-update support for loop with both automatic background checks and explicit manual update commands.

Motivation

The feature is based on the Auto-Update implementation plan to improve user safety and convenience:

• keep CLI startup responsive,
• deliver updates transparently in the background,
• provide deterministic manual update commands for environments where auto-update is unavailable or undesirable.

Changes

Core behavior

• add startup update hook flow in src/loop.ts:
  • applies any previously staged update before continuing,
  • routes update/upgrade commands through the manual update path,
  • starts a fire-and-forget background check for new releases.
• add dedicated update module src/loop/update.ts with:
  • applyStagedUpdateOnStartup()
  • handleManualUpdateCommand(argv)
  • startAutoUpdateCheck(argv)
  • release lookup, download, staging, and apply orchestration.
• add dependency helpers in src/loop/update-deps.ts and update module wiring in src/loop/constants.ts.

UX and docs

• update README and help text to document update/upgrade behavior and supported platforms.
• ensure manual commands report clear outcomes for:
  • already up to date,
  • staged update successfully,
  • actionable failures.

Tests

• add/extend tests to validate command routing and update flow in:
  • tests/loop.test.ts
  • tests/loop/update.test.ts

Files changed

• README.md
• src/loop.ts
• src/loop/constants.ts
• src/loop/update.ts (new)
• src/loop/update-deps.ts (new)
• tests/loop.test.ts
• tests/loop/update.test.ts (new)
• tsconfig.json

Acceptance checks

• startup remains non-blocking while update checks run in background,
• update metadata is staged and applied on subsequent startup,
• manual loop update and loop upgrade are supported and prioritized before normal task flow,
• existing review/task behavior is preserved.

Notes

• Source release metadata and assets are resolved against GitHub releases for axeldelafosse/loop, with best-effort behavior on network/proxy/platform edge cases.

[gemini-code-assist]

Summary of Changes

Hello @axeldelafosse, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a robust self-update mechanism for the loop CLI, enhancing user convenience and ensuring users always run the latest version. It integrates both transparent background updates, which apply on the next startup, and explicit manual commands for immediate checks. This design prioritizes a responsive CLI experience while providing flexibility for different operational environments.

Highlights

• Self-Update Mechanism: Implemented both automatic background update checks on startup and explicit manual loop update and loop upgrade commands.
• Core Update Logic: Introduced a new src/loop/update.ts module to encapsulate all update-related functionality, including release fetching, binary download, staging, and application.
• CLI Integration: Integrated update hooks into the main runCli function, ensuring staged updates are applied and background checks are initiated before the primary task flow.
• Documentation and UX: Updated README.md and CLI help text to clearly document the new auto-update behavior and manual commands, providing clear outcomes for various update scenarios.
• Testing: Added extensive unit and integration tests across tests/loop.test.ts and a new tests/loop/update.test.ts to validate the update flow, command routing, and core update logic.

Changelog

• README.md
  • Added a new "Auto-update" section explaining background checks and manual commands.
  • Included examples for loop update and loop upgrade.
  • Clarified that auto-update is disabled when running from source.
• src/loop.ts
  • Imported updateDeps from the new update-deps.ts module.
  • Integrated applyStagedUpdateOnStartup(), handleManualUpdateCommand(argv), and startAutoUpdateCheck() into the runCli function.
  • Ensured update logic runs before the main CLI task flow.
• src/loop/constants.ts
  • Updated the help text to include loop update and loop upgrade commands.
  • Added an "Auto-update" section to the help output.
• src/loop/update-deps.ts
  • Created a new module to re-export update-related functions from src/loop/update.ts, facilitating dependency injection for testing.
• src/loop/update.ts
  • Created a new module containing all core self-update logic.
  • Implemented functions for version comparison (isNewerVersion), asset name determination (getAssetName), and development mode detection (isDevMode).
  • Included logic for fetching latest releases from GitHub, downloading and staging binaries, and applying staged updates.
  • Defined applyStagedUpdateOnStartup, handleManualUpdateCommand, and startAutoUpdateCheck to manage the update lifecycle.
  • Incorporated caching and throttling for background update checks.
• tests/loop.test.ts
  • Modified loadRunCli to accept and mock UpdateModuleDeps.
  • Added new tests to verify the correct order of update hooks (applyStaged, handleManual, autoCheck) before the main task flow.
  • Added a test to confirm early exit when a manual update command is handled.
• tests/loop/update.test.ts
  • Created a new test file dedicated to the src/loop/update.ts module.
  • Included tests for version comparison, asset name generation, dev mode detection, manual command handling, staged update application, and auto-update throttling.
  • Verified successful application of staged binaries and proper cleanup.
  • Tested error logging for update failures.
  • Confirmed correct metadata staging during manual updates.
• tsconfig.json
  • Added "resolveJsonModule": true to compiler options to allow importing JSON modules, specifically package.json.

Activity

• The pull request was created by axeldelafosse.
• No other specific review comments or activities are provided in the context.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a robust self-update mechanism for the loop CLI, including automatic background checks and manual update commands. A critical security vulnerability has been identified: the lack of integrity verification for downloaded binaries, which poses a significant risk of Remote Code Execution (RCE) if the update source is compromised. While the implementation is well-structured with good test coverage and follows best practices for startup performance, consider addressing the security vulnerability as a priority. Additionally, I have a couple of suggestions for the new update.ts module to enhance maintainability and type safety.