Skip to content

[codex] fix desktop update packaging integrity#96

Open
wizzoapp[bot] wants to merge 3 commits into
mainfrom
wizzo/ada-55-desktop-update-integrity
Open

[codex] fix desktop update packaging integrity#96
wizzoapp[bot] wants to merge 3 commits into
mainfrom
wizzo/ada-55-desktop-update-integrity

Conversation

@wizzoapp

@wizzoapp wizzoapp Bot commented Jul 6, 2026

Copy link
Copy Markdown

Summary

Fixes the desktop update corruption path by shrinking the Windows unpacked payload, disabling differential updater downloads, adding a launch-time packaged integrity check, and adding CI coverage for a real install N-1 -> update -> relaunch path.

Root cause

The desktop package unpacked the entire production node_modules tree into app.asar.unpacked. Windows in-app updates then had to install thousands of loose files, making silent install slow and increasing the chance of a partial app.asar.unpacked payload after update.

Changes

  • Generate targeted ASAR unpack patterns from the staged pnpm runtime dependency closure, including pnpm linker paths needed by plain Node and WSL.
  • Write a packaged integrity manifest and bootstrap through a startup check before loading main.cjs.
  • Disable runtime differential downloads so updates install full verified payloads.
  • Surface an Installing update state in desktop update UI.
  • Add a Windows CI update smoke: build/install 0.0.900, serve 0.0.901 via mock update feed, drive check/download/install through the packaged app, and verify relaunch at the new version.

Validation

  • scripts/factory/precommit-gate.sh --prepare: PASS (vp run typecheck, vp check, Codex gpt-5.5 autoreview clean)
  • vp test run scripts/build-desktop-artifact.test.ts scripts/desktop-launch-smoke.test.mjs apps/desktop/src/app/PackagedIntegrity.test.ts apps/desktop/src/updates/DesktopUpdates.test.ts apps/desktop/src/updates/updateMachine.test.ts apps/web/src/components/desktopUpdate.logic.test.ts
  • node apps/desktop/scripts/desktop-update-smoke.mjs --help

Note: the true Windows update-path proof is the new CI job; this PR should not be considered fixed until that job passes on GitHub.

@wizzoapp wizzoapp Bot marked this pull request as ready for review July 6, 2026 19:23

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 763a748745

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

return new Promise((resolve, reject) => {
const request = NodeHttp.get(
{
hostname: "127.0.0.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Use the same loopback host as the mock update server

In environments where Node resolves localhost to IPv6 (for example Node 24 on this runner binds server.listen(..., "localhost") to ::1), this smoke test never reaches the mock update server: scripts/mock-update-server.ts listens on localhost, but the new readiness probe always dials 127.0.0.1, so waitForUpdateServer times out before the update flow starts. Please make the mock server and probe use the same explicit host, or probe localhost here.

Useful? React with 👍 / 👎.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b8cbcb3544

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment on lines +2350 to +2353
rootPackageNames: [
...Object.keys(resolvedServerDependencies),
...Object.keys(platformFffNativeDependencies),
...Object.keys(linuxWslFffNativeDependencies),

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Include desktop native files in integrity manifest

When packaging Windows/macOS builds, stageClerkPasskeyNativeBinaries copies Clerk passkey .node files into the desktop runtime package, but this manifest seed only walks server/fff dependencies. If an update leaves one of those smart-unpacked desktop native files missing from app.asar.unpacked, the new bootstrap integrity check still passes and the app can fail later while initializing createClerkBridge({ passkeys: true }), which defeats the incomplete-install diagnostic this change is adding. Please include the desktop native unpack roots (at least @clerk/electron-passkeys) in the required-file manifest.

Useful? React with 👍 / 👎.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 473ccf14d1

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

return {
...state,
status: "installing",
message: "Installing update. T3 Code will restart when installation is ready.",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Don’t mark successful install handoff as an error

When installUpdate() succeeds, DesktopUpdates.install returns the current state after setting this installing message, with { accepted: true, completed: false }. Both the sidebar and settings flows interpret any accepted/non-completed action with a non-empty state.message as an error toast, so a normal install handoff can briefly show “Could not install update” with this installing text before the app restarts. Please keep the installing status message out of the action-error path or special-case installing as non-error.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants