Add update-detection watchdog (no auto-apply)#7
Merged
Conversation
Introduces an opt-in self-update watchdog (--update-check) that polls a version-manifest JSON URL on a configurable interval (default 1h, 5s HTTP timeout) and exposes the result as Prometheus gauges and an MCP tool. Detection-only by design: never downloads, restarts, or applies anything. Operators are notified via sigma_agent_update_available + sigma_agent_update_last_check_timestamp and the agent_check_update MCP tool, and consciously act on the signal. Network errors, non-2xx responses, and malformed JSON degrade gracefully — last_error is set, the gauge falls to 0 (unknown), the watchdog never panics or blocks the heartbeat loop. Version compare is component-wise u32 on '.' (no semver crate); any parse failure or component-count mismatch returns false to avoid ambiguous "update" claims. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
lai3d
force-pushed
the
claude/self-update-watchdog
branch
from
1c05b00 to
ae561a3
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds an opt-in watchdog that periodically checks a version-manifest URL for an available sigma-agent update and surfaces the signal via Prometheus + MCP. Detection only — never downloads, restarts, or applies anything. Operators act consciously.
What
New module
sigma-agent/src/watchdog.rs:watchdog_loop()GETs the configured manifest URL (5s timeout) every interval, parses{ "version": "...", "binary_url": "...", "sha256": "..." }compare_versions()does component-wise numeric comparison onx.y.zstrings (no semver dep)check_once()exposed for on-demand MCP calls (force=true)Arc<RwLock<UpdateInfo>>snapshotWire-up:
--update-check/AGENT_UPDATE_CHECK(default false)--update-manifest-url/AGENT_UPDATE_MANIFEST_URL(defaulthttps://lai3d.github.io/sigma/agent-version.json)--update-check-interval/AGENT_UPDATE_CHECK_INTERVAL(default 3600s)sigma_agent_update_available{current_version, latest_version}(1/0),sigma_agent_update_last_check_timestampagent_check_updatewith optionalforce: bool(immediate check vs cached snapshot)Design — detection only, deliberately
update_available: falsewithlast_errorpopulated. The agent's regular operation is never affected.Test plan
cargo check --no-default-features— cleancargo test --no-default-features— 33/33 pass (8 newcompare_versionstests covering the spec'd cases plus minor/major bump + garbage input)## Self-Update Watchdogsection (manifest schema, flags, metrics, MCP tool, detection-only contract)Part of the agent roadmap.