No actionable comments were generated in the recent review. 🎉

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
cmux	Ready	Preview, Comment	Mar 25, 2026 10:18pm

Greptile Summary

This PR fixes a timing race where attemptUpdate() would trigger the UI pill refresh (showing the check-for-updates spinner) without actually completing the install, by moving the auto-confirm decision into UpdateDriver at the Sparkle callback level rather than relying on a Combine subscriber race against a 2-second minimum-display delay.

Key changes:

• Adds autoInstallOnNextUpdate: Bool flag on UpdateDriver; when set, showUpdateFound immediately calls reply(.install) and returns, bypassing setStateAfterMinimumCheckDelay entirely
• Clears the flag on every terminal path: showUpdateNotFoundWithError, showUpdaterError, dismissUpdateInstallation, and stopAttemptUpdateMonitoring
• Prevents the attemptInstallCancellable subscriber from tearing down prematurely on a transient .idle while the flag is still active
• Retains the existing state.confirm() subscriber path as a fallback for the race where dismissUpdateInstallation fires while still in .checking (where it is ignored), clearing the flag before showUpdateFound fires
• One style-level concern: autoInstallOnNextUpdate is accessed in SPUUserDriver callbacks before any runOnMain dispatch, while the same callbacks use runOnMain for all viewModel.state mutations — suggesting a threading assumption that could benefit from an explicit @MainActor annotation or inline comment

Confidence Score: 4/5

• Safe to merge; the logic is sound and all terminal paths clear the flag — one non-blocking thread-safety annotation is worth considering as a follow-up.
• The fast path (flag set → immediate reply) correctly prevents double-confirm since state never reaches .updateAvailable. The fallback path (flag cleared by a dismiss during .checking) is handled by the pre-existing subscriber. All failure paths clear the flag. The only open item is that autoInstallOnNextUpdate is a plain var Bool read/written in SPUUserDriver callbacks that defensively use runOnMain for everything else, leaving an implicit threading assumption undocumented — a P2 style concern, not a blocking bug.
• No files require special attention; UpdateDriver.swift line 17 has the one P2 threading note worth reviewing.

Important Files Changed

Sequence Diagram

sequenceDiagram
    participant C as UpdateController
    participant D as UpdateDriver
    participant S as Sparkle

    C->>C: attemptUpdate()
    C->>C: stopAttemptUpdateMonitoring()
    C->>D: autoInstallOnNextUpdate = true
    C->>C: subscribe to viewModel.$state
    C->>S: checkForUpdates()

    alt Fast path - flag still set when update found
        S-->>D: showUpdateFound(appcastItem, reply)
        D->>D: autoInstallOnNextUpdate = false
        D->>S: reply(.install) bypasses minimum-check delay
        S-->>D: showDownloadInitiated / extracting / ready
        D-->>C: subscriber sees progress states then idle, tears down
    else Race - dismissUpdateInstallation fires before showUpdateFound
        S-->>D: dismissUpdateInstallation()
        D->>D: autoInstallOnNextUpdate = false
        Note over D: state is .checking, dismiss is ignored
        S-->>D: showUpdateFound(appcastItem, reply)
        D->>D: setStateAfterMinimumCheckDelay(.updateAvailable)
        D-->>C: state -> .updateAvailable after delay
        C->>C: fallback subscriber calls state.confirm()
    else Failure path
        S-->>D: showUpdateNotFoundWithError or showUpdaterError
        D->>D: autoInstallOnNextUpdate = false
        D-->>C: subscriber tears down on terminal state
    end

_{Reviews (1): Last reviewed commit: "Fix update attempt refreshing pill witho..." | Re-trigger Greptile}