feat(agents-desktop): wire electron-updater for update notifications#4441
Merged
Conversation
Contributor
Contributor
Electric Agents Mobile BuildAndroid preview build for commit
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #4441 +/- ##
===========================================
- Coverage 85.41% 59.63% -25.79%
===========================================
Files 2 311 +309
Lines 48 32454 +32406
Branches 11 8921 +8910
===========================================
+ Hits 41 19353 +19312
- Misses 7 13083 +13076
- Partials 0 18 +18
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Phase 1 of autoupdate: integrates electron-updater with a "Check for Updates…" menu item, background check on launch, and a notify-only fallback on macOS until Developer ID signing lands. - Uses the `generic` publish provider pointed at the moving `agents-desktop-latest` tag, because the GitHub provider picks the repo's overall "latest" release (which today is a different package). - Canary builds pass `-c.channel=beta` and override the publish URL to `agents-desktop-canary` so stable users never auto-update to canaries. - On unsigned macOS, skips download entirely and prompts to open the releases page (Squirrel.Mac can't swap an unsigned bundle). - Surfaces a "Downloading…" confirmation and a dock progress bar on signed platforms so manual download clicks give immediate feedback. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
kevin-dp
force-pushed
the
feat/agents-desktop-autoupdate
branch
from
4818e03 to
5c12cfb
Compare
kevin-dp
requested review from
KyleAMathews,
alco,
balegas,
icehaunter,
magnetised,
msfstef,
paulharter,
robacourt and
thruflo
as code owners
msfstef
added a commit
that referenced
this pull request
Jun 3, 2026
…nfig (#4495) ## What Started as a fix for three CI failures observed on `main`; reviving the TS suite (the first fix) then surfaced pre-existing typecheck breakage that had been hidden while CI was dark, which this PR also cleans up. ### CI / build fixes | Job | Verdict | Fix | |-----|---------|-----| | **TS tests** | 🔴 Real — startup-failing on *every* run since #4450 | Job-scoped `packages: write` on the `ensure_sync_service_image` caller | | **Agents Desktop Canary** | 🔴 Real — fails every run since #4441 | `-c.channel` → `-c.publish.channel` | | **Changesets** | 🟡 Flake — intermittent `agents-runtime` dts race | Promote `skills/types` to a tsdown entry | ### Typecheck fixes (pre-existing breakage exposed by re-enabling TS CI) | File | Issue | Fix | |------|-------|-----| | `agents-runtime/src/pi-adapter.ts` | merged assistant `content` typed `unknown[]` (#4449) | annotate the block-array type | | `agents-runtime/src/webhook-signature.ts` | `node:crypto` no longer exports `JsonWebKey` | cast input to `JsonWebKeyInput` | | `agents-runtime/src/sandbox/docker.ts` | `isDockerAvailable` not on the subpath the tsconfig wildcard resolves | re-export it (cascade fix for `electric-ax` / conformance) | | `agents-server-ui/tsconfig.json` | UI typechecked agents-runtime's node-only sandbox source via `paths` | resolve the index via built `.d.ts`; keep only the browser-safe `client` source-mapped — UI stays node-free | ## Why (CI fixes) - **TS tests:** #4450 downgraded the workflow's top-level token to `packages: read`, but `ts_tests.yml` is the sole caller of the reusable `ensure_sync_service_image.yml`, whose job requests `packages: write` to push the sync-service image to GHCR. A called reusable workflow cannot elevate permissions above the caller's token, so GitHub failed the **entire run at startup** — meaning the TS test suite had not run on any commit (main or PR) since. Fixed by granting `packages: write` only on the caller job, keeping the top-level token at `read` per #4450's hardening. - **Agents Desktop Canary:** electron-builder 26.8.1 rejects the config with `unknown property 'channel'`. `channel` is not a valid root property — moved under the publish provider (`-c.publish.channel=beta`, alongside the existing `-c.publish.url`). - **Changesets:** `agents-runtime` dts build intermittently fails with `UNLOADABLE_DEPENDENCY: Could not load src/skills/types.d.ts` under CI's parallel build. Promoting `src/skills/types.ts` to a first-class tsdown entry makes its `.d.ts` a stable named output instead of a raced chunk. ## Validation - Workflow files parse as valid YAML. - All previously-failing typecheck packages (`agents-runtime`, `electric-ax`, `agents-server-ui`, `agents-server-conformance-tests`) verified green via CI-faithful isolated (`--frozen-lockfile`) install + build + typecheck. ## Not in scope (pre-existing, flagged separately) - `runtime-dsl.test.ts` (92 tests, `401 UNAUTHORIZED: Principal is not allowed to spawn`) — from #4475's permission enforcement (@icehaunter); test fixtures need spawn permission seeded. Not a build/type issue. - An `agents-mcp` dts-race flake in the conformance build (same class as the `skills/types` one). ## Note for reviewer The canary maps channel input `canary` → publish channel `beta`. Preserved the existing value, but flagging in case it should be `canary`. 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Phase 1 of desktop autoupdate — integrates
electron-updaterso users can be notified about new releases. Designed to be the first half of a two-phase rollout:MAC_AUTO_INSTALL_SUPPORTED = trueinupdater.tsand macOS upgrades become automatic too.What ships in this PR
electron-updaterintegration in a newsrc/app/updater.tsmodule.macOS notify-only fallback (until phase 2)
Squirrel.Mac requires a Developer ID signature to swap the bundle, so on unsigned macOS we behave as a notifier:
When phase 2 lands, signed macOS users get the same full flow as Windows/Linux without further code changes.
Update channel topology
githubtogenericpointed at the movingagents-desktop-latesttag. The GitHub provider was picking up the wrong release becauseelectric-sql/electricpublishes many packages to the same Releases page (changesets-style) and GitHub's "latest" marker tracks whichever package was published most recently — which is rarely the desktop app.-c.channel=betaand overrides-c.publish.url=…agents-desktop-canary. Canary builds emitbeta-*.ymlmetadata and ship apps that fetch from the canary tag, so stable users never accidentally upgrade to canaries.*.ymland blockmap metadata alongside the existing renamed predictable-name copies (the renames break what the updater metadata references, so we need both).Files touched
packages/agents-desktop/package.jsonelectron-updater@^6.3.9packages/agents-desktop/vite.config.tselectron-updaterpackages/agents-desktop/src/app/updater.ts(new)packages/agents-desktop/src/app/controller.tsinitializeUpdater+checkForUpdatespackages/agents-desktop/src/main.tsinitializeUpdater()after window is uppackages/agents-desktop/src/ui/application-menu.tspackages/agents-desktop/electron-builder.ymlgeneric.github/workflows/agents_desktop_build.ymlFollowups (not in this PR)
0.1.10because the workflow'sversion: canary-${{ github.run_number }}-${{ github.sha }}input isn't injected intopackage.json. Auto-update version compare won't trigger between canaries until we wire a real semver prerelease version like0.1.11-canary.Ninto the build.CSC_LINK,CSC_KEY_PASSWORD, plus notarization). Then flip theMAC_AUTO_INSTALL_SUPPORTEDconstant.Test plan
package.jsonversion to0.0.1and rebuilding: the app correctly fetchedlatest-mac.ymlfrom theagents-desktop-latesttag, detected0.1.10as available, showed the "Open releases page" dialog (notify-only path), and re-checking shows the dialog again as expectedelectron-updater(CI will exercise this)electron-updater(CI will exercise this)agents-desktop-latest/latest-mac.ymland a subsequent stable upgrade triggers the "update available" prompt for real users🤖 Generated with Claude Code