feat(update): reconcile a missing core binary into a complete install#448
Merged
Conversation
…stall `uffs --update` was a version reconciler, not a reinstaller: `acquire` only re-fetched binaries the install already had, so a deleted core binary stayed gone. Close that gap so `uffs --update` brings the install to a *complete* latest core set regardless of starting state (outdated, skewed, or missing a core binary). CLI (uffs-cli): - `assess()` now also flags an update when an unmanaged root is missing a core binary (the canonical set in `binaries::KNOWN_BINARIES`). - The apply snapshot is completed to the full core set: a missing core stem is appended with a null on-disk version so `acquire` downloads it and `apply` adds it. Doctor/non-apply snapshots report the install exactly as found. Crash-safe core (uffs-update): - `apply::backup_and_swap` now handles an absent target — the "add" path: no `.bak`, just place the new image (returns `None`); a replace still backs up and returns `Some(bak)`. - New `apply::remove_added` + `BinaryEntry::added`: `rollback_all` deletes an added binary (no `.bak` to restore) and restores a replaced one. Both primitives are idempotent on untouched targets, preserving INV-2/INV-3. The core set is the single source of truth from the prior commit (incl. uffs-mft; uffs-broker Windows-only), so every flow honours the same list. Host clippy (strict) clean; uffs-cli + uffs-update tests pass, incl. new add/rollback + snapshot-completion coverage. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
githubrobbi
added a commit
that referenced
this pull request
Jun 17, 2026
… doc Dev-facing docs to match the user manual: - cli-grammar.md: add `repair` + `bins` to the `--update` action surface; note repair = doctor --repair alias, the doctor→update redirect, and that bare update reconciles the whole core set (adds a missing core binary). - UFFS-Self-Update-Feasibility-and-Design.md: add a §4.1 as-built addendum (action-based grammar) covering completeness (#447/#448), the repair verb + doctor redirect (#446/#449), and the journal to_version fix (#446). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
githubrobbi
added a commit
that referenced
this pull request
Jun 17, 2026
… issues (#449) * feat(update): doctor redirects to the update flow to fix update-class issues `uffs --update doctor` already diagnoses; now, when it finds an issue the update flow fixes — out of date, version-skewed, or **missing a core binary** — it redirects there instead of teaching the health-check helper the core set: - piped / non-TTY: prints a `→ run \`uffs --update\`` hint; - interactive TTY: asks "Run `uffs --update` now to fix this? [y/N]"; - `--repair` / `repair`: runs the update flow automatically (after the helper's local self-heal — resume/rollback, sweep backups, restart services). Keeps the architecture clean: the helper stays a dumb snapshot processor; the CLI (which owns the core set) decides what "incomplete" means and how to fix it. `--offline` skips the redirect (assess needs the release feed). The prompt never blocks a non-TTY caller — it returns "no" and falls back to the hint. Host clippy (strict) clean; uffs-cli tests pass. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * docs: note repair/bins actions + completeness in cli-grammar & design doc Dev-facing docs to match the user manual: - cli-grammar.md: add `repair` + `bins` to the `--update` action surface; note repair = doctor --repair alias, the doctor→update redirect, and that bare update reconciles the whole core set (adds a missing core binary). - UFFS-Self-Update-Feasibility-and-Design.md: add a §4.1 as-built addendum (action-based grammar) covering completeness (#447/#448), the repair verb + doctor redirect (#446/#449), and the journal to_version fix (#446). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-up to #447 (centralized core-binary set).
uffs --updatewas a versionreconciler, not a reinstaller —
acquireonly re-fetched binaries the installalready had, so a deleted core binary stayed gone. This closes the gap:
uffs --updatenow brings the install to a complete latest core setregardless of starting state (outdated, skewed, or missing a core binary).
CLI (
uffs-cli)assess()flags an update when an unmanaged root is missing a core binary(canonical set =
binaries::KNOWN_BINARIES, incl.uffs-mft; broker Windows-only).appended with a null on-disk version so
acquiredownloads it andapplyadds it. Doctor/non-apply snapshots report the install exactly as found.
Crash-safe core (
uffs-update)apply::backup_and_swapnow handles an absent target (the add path): no.bak, just place → returnsNone; a replace still backs up →Some(bak).apply::remove_added+BinaryEntry::added:rollback_alldeletes anadded binary and restores a replaced one. Both idempotent on untouched
targets — INV-2/INV-3 preserved.
Validation
Host clippy (strict) clean; uffs-cli + uffs-update tests pass, incl. new
add_then_rollback_deletes_the_added_binary+ snapshot-completion probes.Windows apply paths covered by CI + on-device verification.