feat: self-update checker with one-click update for WebUI + Agent

Shows a blue banner when the webui or hermes-agent git repos are behind their upstream branches. One-click 'Update Now' button does stash, pull --ff-only, stash pop, then reloads the page. Backend (api/updates.py): - _check_repo(): git fetch + rev-list count with 15s timeout - check_for_updates(): 30-min server-side cache, thread-safe, skips Docker (no .git dir) - apply_update(): stash (if dirty), pull --ff-only, pop, invalidate cache Routes: - GET /api/updates/check -- returns cached {webui, agent} with behind count - POST /api/updates/apply -- {target: 'webui'|'agent'} Frontend: - Blue banner (matches reconnect-banner pattern) with 'Later' / 'Update Now' - Non-blocking boot check via fire-and-forget .then(), once per tab session - sessionStorage guards prevent re-checking and re-showing after dismiss Settings: - 'Check for updates' checkbox (default: on) -- when off, no git operations - Removed 'Default Workspace' dropdown to keep settings panel compact Performance: - Server cache: git fetch at most 2x/hour regardless of client count - sessionStorage: one check per browser tab session - _check_in_progress flag prevents concurrent fetch storms - Fire-and-forget: does NOT block the boot sequence Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 09:11:44 -07:00
parent 257092d107
commit 8d1b7a1e01
8 changed files with 242 additions and 6 deletions
--- a/api/config.py
+++ b/api/config.py
@@ -674,6 +674,7 @@ _SETTINGS_DEFAULTS = {
    'show_token_usage': False,  # show input/output token badge below assistant messages
    'show_cli_sessions': False,  # merge CLI sessions from state.db into the sidebar
    'sync_to_insights': False,  # mirror WebUI token usage to state.db for /insights
+    'check_for_updates': True,  # check if webui/agent repos are behind upstream
    'theme': 'dark',  # active UI theme name (no enum gate -- allows custom themes)
    'password_hash': None,  # SHA-256 hash; None = auth disabled
 }
@@ -694,7 +695,7 @@ _SETTINGS_ALLOWED_KEYS = set(_SETTINGS_DEFAULTS.keys()) - {'password_hash'}
 _SETTINGS_ENUM_VALUES = {
    'send_key': {'enter', 'ctrl+enter'},
 }
-_SETTINGS_BOOL_KEYS = {'show_token_usage', 'show_cli_sessions', 'sync_to_insights'}
+_SETTINGS_BOOL_KEYS = {'show_token_usage', 'show_cli_sessions', 'sync_to_insights', 'check_for_updates'}

 def save_settings(settings: dict) -> dict:
    """Save settings to disk. Returns the merged settings. Ignores unknown keys."""
--- a/api/routes.py
+++ b/api/routes.py
@@ -227,6 +227,14 @@ def handle_get(handler, parsed) -> bool:
        info = git_info_for_workspace(Path(s.workspace))
        return j(handler, {'git': info})

+    if parsed.path == '/api/updates/check':
+        settings = load_settings()
+        if not settings.get('check_for_updates', True):
+            return j(handler, {'disabled': True})
+        force = parse_qs(parsed.query).get('force', ['0'])[0] == '1'
+        from api.updates import check_for_updates
+        return j(handler, check_for_updates(force=force))
+
    if parsed.path == '/api/chat/stream/status':
        stream_id = parse_qs(parsed.query).get('stream_id', [''])[0]
        return j(handler, {'active': stream_id in STREAMS, 'stream_id': stream_id})
@@ -600,6 +608,14 @@ def handle_post(handler, parsed) -> bool:
    if parsed.path == '/api/session/import':
        return _handle_session_import(handler, body)

+    # ── Self-update (POST) ──
+    if parsed.path == '/api/updates/apply':
+        target = body.get('target', '')
+        if target not in ('webui', 'agent'):
+            return bad(handler, 'target must be "webui" or "agent"')
+        from api.updates import apply_update
+        return j(handler, apply_update(target))
+
    # ── CLI session import (POST) ──
    if parsed.path == '/api/session/import_cli':
        return _handle_session_import_cli(handler, body)
--- a/api/updates.py
+++ b/api/updates.py
@@ -0,0 +1,153 @@
+"""
+Hermes Web UI -- Self-update checker.
+
+Checks if the webui and hermes-agent git repos are behind their upstream
+branches. Results are cached server-side (30-min TTL) so git fetch runs
+at most twice per hour regardless of client count.
+
+Skips repos that are not git checkouts (e.g. Docker baked images where
+.git does not exist).
+"""
+import subprocess
+import threading
+import time
+from pathlib import Path
+
+from api.config import REPO_ROOT
+
+# Lazy -- may be None if agent not found
+try:
+    from api.config import _AGENT_DIR
+except ImportError:
+    _AGENT_DIR = None
+
+_update_cache = {'webui': None, 'agent': None, 'checked_at': 0}
+_cache_lock = threading.Lock()
+_check_in_progress = False
+CACHE_TTL = 1800  # 30 minutes
+
+
+def _run_git(args, cwd, timeout=10):
+    """Run a git command and return (stdout, ok)."""
+    try:
+        r = subprocess.run(
+            ['git'] + args, cwd=str(cwd), capture_output=True,
+            text=True, timeout=timeout,
+        )
+        return r.stdout.strip(), r.returncode == 0
+    except (subprocess.TimeoutExpired, FileNotFoundError, OSError):
+        return '', False
+
+
+def _detect_default_branch(path):
+    """Detect the remote default branch (master or main)."""
+    out, ok = _run_git(['symbolic-ref', 'refs/remotes/origin/HEAD'], path)
+    if ok and out:
+        # refs/remotes/origin/master -> master
+        return out.split('/')[-1]
+    # Fallback: try master, then main
+    for branch in ('master', 'main'):
+        _, ok = _run_git(['rev-parse', '--verify', f'origin/{branch}'], path)
+        if ok:
+            return branch
+    return 'master'
+
+
+def _check_repo(path, name):
+    """Check if a git repo is behind its upstream. Returns dict or None."""
+    if path is None or not (path / '.git').exists():
+        return None
+
+    # Fetch latest from origin (network call, cached by TTL)
+    _, fetch_ok = _run_git(['fetch', 'origin', '--quiet'], path, timeout=15)
+    if not fetch_ok:
+        return {'name': name, 'behind': 0, 'error': 'fetch failed'}
+
+    branch = _detect_default_branch(path)
+
+    # Count commits behind
+    out, ok = _run_git(['rev-list', '--count', f'HEAD..origin/{branch}'], path)
+    behind = int(out) if ok and out.isdigit() else 0
+
+    # Get short SHAs for display
+    current, _ = _run_git(['rev-parse', '--short', 'HEAD'], path)
+    latest, _ = _run_git(['rev-parse', '--short', f'origin/{branch}'], path)
+
+    return {
+        'name': name,
+        'behind': behind,
+        'current_sha': current,
+        'latest_sha': latest,
+        'branch': branch,
+    }
+
+
+def check_for_updates(force=False):
+    """Return cached update status for webui and agent repos."""
+    global _check_in_progress
+    with _cache_lock:
+        if not force and time.time() - _update_cache['checked_at'] < CACHE_TTL:
+            return dict(_update_cache)
+        if _check_in_progress:
+            return dict(_update_cache)  # another thread is already checking
+        _check_in_progress = True
+
+    try:
+        # Run checks outside the lock (network I/O)
+        webui_info = _check_repo(REPO_ROOT, 'webui')
+        agent_info = _check_repo(_AGENT_DIR, 'agent')
+
+        with _cache_lock:
+            _update_cache['webui'] = webui_info
+            _update_cache['agent'] = agent_info
+            _update_cache['checked_at'] = time.time()
+            return dict(_update_cache)
+    finally:
+        _check_in_progress = False
+
+
+def apply_update(target):
+    """Stash, pull --ff-only, pop for the given target repo."""
+    if target == 'webui':
+        path = REPO_ROOT
+    elif target == 'agent':
+        path = _AGENT_DIR
+    else:
+        return {'ok': False, 'message': f'Unknown target: {target}'}
+
+    if path is None or not (path / '.git').exists():
+        return {'ok': False, 'message': 'Not a git repository'}
+
+    branch = _detect_default_branch(path)
+
+    # Check for dirty working tree
+    status_out, _ = _run_git(['status', '--porcelain'], path)
+    stashed = False
+    if status_out:
+        _, ok = _run_git(['stash'], path)
+        if not ok:
+            return {'ok': False, 'message': 'Failed to stash local changes'}
+        stashed = True
+
+    # Pull with ff-only (no merge commits)
+    pull_out, pull_ok = _run_git(['pull', '--ff-only', 'origin', branch], path, timeout=30)
+    if not pull_ok:
+        if stashed:
+            _run_git(['stash', 'pop'], path)
+        return {'ok': False, 'message': f'Pull failed: {pull_out[:200]}'}
+
+    # Pop stash if we stashed
+    if stashed:
+        _, pop_ok = _run_git(['stash', 'pop'], path)
+        if not pop_ok:
+            return {
+                'ok': False,
+                'message': 'Updated but stash pop failed -- manual merge needed',
+                'stash_conflict': True,
+            }
+
+    # Invalidate cache
+    with _cache_lock:
+        _update_cache['checked_at'] = 0
+
+    return {'ok': True, 'message': f'{target} updated successfully', 'target': target}
--- a/static/boot.js
+++ b/static/boot.js
@@ -308,7 +308,12 @@ document.querySelectorAll('.suggestion').forEach(btn=>{

 (async()=>{
  // Load send key preference
-  try{const s=await api('/api/settings');window._sendKey=s.send_key||'enter';window._showTokenUsage=!!s.show_token_usage;window._showCliSessions=!!s.show_cli_sessions;const _theme=s.theme||'dark';document.documentElement.dataset.theme=_theme;localStorage.setItem('hermes-theme',_theme);}catch(e){window._sendKey='enter';window._showTokenUsage=false;window._showCliSessions=false;}
+  let _bootSettings={};
+  try{const s=await api('/api/settings');_bootSettings=s;window._sendKey=s.send_key||'enter';window._showTokenUsage=!!s.show_token_usage;window._showCliSessions=!!s.show_cli_sessions;const _theme=s.theme||'dark';document.documentElement.dataset.theme=_theme;localStorage.setItem('hermes-theme',_theme);}catch(e){window._sendKey='enter';window._showTokenUsage=false;window._showCliSessions=false;}
+  // Non-blocking update check (fire-and-forget, once per tab session)
+  if(_bootSettings.check_for_updates!==false&&!sessionStorage.getItem('hermes-update-checked')&&!sessionStorage.getItem('hermes-update-dismissed')){
+    api('/api/updates/check').then(d=>{sessionStorage.setItem('hermes-update-checked','1');if((d.webui&&d.webui.behind>0)||(d.agent&&d.agent.behind>0))_showUpdateBanner(d);}).catch(()=>{});
+  }
  // Fetch active profile
  try{const p=await api('/api/profile/active');S.activeProfile=p.name||'default';}catch(e){S.activeProfile='default';}
  // Update profile chip label immediately
--- a/static/index.html
+++ b/static/index.html
@@ -203,6 +203,13 @@
      <div class="messages-inner" id="msgInner"></div>
      <div id="liveToolCards" style="display:none;max-width:800px;margin:0 auto;width:100%;padding:0 24px;"></div>
    </div>
+    <div class="update-banner" id="updateBanner">
+      <span id="updateMsg"></span>
+      <div style="display:flex;gap:8px;flex-shrink:0">
+        <button class="update-btn" onclick="dismissUpdate()">Later</button>
+        <button class="update-btn update-primary" id="btnApplyUpdate" onclick="applyUpdates()">Update Now</button>
+      </div>
+    </div>
    <div class="reconnect-banner" id="reconnectBanner">
      <span id="reconnectMsg">&#9888; A response may have been in progress when you last left. Reload messages?</span>
      <div style="display:flex;gap:8px;flex-shrink:0">
@@ -319,10 +326,6 @@
        <label for="settingsModel">Default Model</label>
        <select id="settingsModel" style="width:100%;padding:8px;background:var(--code-bg);color:var(--text);border:1px solid var(--border2);border-radius:6px"></select>
      </div>
-      <div class="settings-field">
-        <label for="settingsWorkspace">Default Workspace</label>
-        <select id="settingsWorkspace" style="width:100%;padding:8px;background:var(--code-bg);color:var(--text);border:1px solid var(--border2);border-radius:6px"></select>
-      </div>
      <div class="settings-field">
        <label for="settingsSendKey">Send Key</label>
        <select id="settingsSendKey" style="width:100%;padding:8px;background:var(--code-bg);color:var(--text);border:1px solid var(--border2);border-radius:6px">
@@ -362,6 +365,13 @@
        </label>
        <div style="font-size:11px;color:var(--muted);margin-top:4px">Mirrors WebUI token usage to state.db so <code>hermes /insights</code> includes browser session data. Off by default.</div>
      </div>
+      <div class="settings-field">
+        <label style="display:flex;align-items:center;gap:8px;cursor:pointer">
+          <input type="checkbox" id="settingsCheckUpdates" style="width:15px;height:15px;accent-color:var(--accent)">
+          Check for updates
+        </label>
+        <div style="font-size:11px;color:var(--muted);margin-top:4px">Show a banner when newer versions of the WebUI or Agent are available. Runs a background git fetch periodically.</div>
+      </div>
      <div class="settings-field" style="border-top:1px solid var(--border);padding-top:12px;margin-top:8px">
        <label for="settingsPassword">Access Password</label>
        <div style="font-size:11px;color:var(--muted);margin-bottom:6px">Enter a new password to set or change it. Leave blank to keep current setting.</div>
--- a/static/panels.js
+++ b/static/panels.js
@@ -1022,6 +1022,8 @@ async function loadSettingsPanel(){
    if(showCliCb){showCliCb.checked=!!settings.show_cli_sessions;showCliCb.addEventListener('change',_markSettingsDirty,{once:false});}
    const syncCb=$('settingsSyncInsights');
    if(syncCb){syncCb.checked=!!settings.sync_to_insights;syncCb.addEventListener('change',_markSettingsDirty,{once:false});}
+    const updateCb=$('settingsCheckUpdates');
+    if(updateCb){updateCb.checked=settings.check_for_updates!==false;updateCb.addEventListener('change',_markSettingsDirty,{once:false});}
    // Password field: always blank (we don't send hash back)
    const pwField=$('settingsPassword');
    if(pwField){pwField.value='';pwField.addEventListener('input',_markSettingsDirty,{once:false});}
@@ -1055,6 +1057,7 @@ async function saveSettings(andClose){
  body.show_token_usage=showTokenUsage;
  body.show_cli_sessions=showCliSessions;
  body.sync_to_insights=!!($('settingsSyncInsights')||{}).checked;
+  body.check_for_updates=!!($('settingsCheckUpdates')||{}).checked;
  // Password: only act if the field has content; blank = leave auth unchanged
  if(pw && pw.trim()){
    try{
--- a/static/style.css
+++ b/static/style.css
@@ -145,6 +145,13 @@
  .reconnect-banner.visible{display:flex;}
  .reconnect-btn{padding:5px 12px;border-radius:7px;font-size:12px;font-weight:600;background:rgba(201,168,76,0.15);border:1px solid rgba(201,168,76,0.4);color:var(--gold);cursor:pointer;}
  .reconnect-btn:hover{background:rgba(201,168,76,0.25);}
+  /* ── Update banner ── */
+  .update-banner{display:none;background:var(--surface);border:1px solid rgba(124,185,255,0.4);border-radius:10px;padding:10px 16px;margin:10px auto;max-width:780px;font-size:13px;color:var(--blue);align-items:center;justify-content:space-between;gap:12px;}
+  .update-banner.visible{display:flex;}
+  .update-btn{padding:5px 12px;border-radius:7px;font-size:12px;font-weight:600;background:rgba(124,185,255,0.1);border:1px solid rgba(124,185,255,0.3);color:var(--blue);cursor:pointer;transition:background .15s;}
+  .update-btn:hover{background:rgba(124,185,255,0.2);}
+  .update-primary{background:rgba(124,185,255,0.2);border-color:rgba(124,185,255,0.5);}
+  .update-btn:disabled{opacity:0.5;cursor:not-allowed;}
  /* ── Approval card ── */
  .approval-card{display:none;max-width:780px;margin:0 auto 0;padding:0 20px 12px;}
  .approval-card.visible{display:block;}
--- a/static/ui.js
+++ b/static/ui.js
@@ -334,6 +334,47 @@ async function refreshSession() {
    showToast('Conversation refreshed');
  } catch(e) { setStatus('Refresh failed: ' + e.message); }
 }
+// ── Update banner ──
+function _showUpdateBanner(data){
+  const parts=[];
+  if(data.webui&&data.webui.behind>0) parts.push(`WebUI: ${data.webui.behind} update${data.webui.behind>1?'s':''}`);
+  if(data.agent&&data.agent.behind>0) parts.push(`Agent: ${data.agent.behind} update${data.agent.behind>1?'s':''}`);
+  if(!parts.length)return;
+  const msg=$('updateMsg');
+  if(msg) msg.textContent='\u2B06 '+parts.join(', ')+' available';
+  const banner=$('updateBanner');
+  if(banner) banner.classList.add('visible');
+  window._updateData=data;
+}
+function dismissUpdate(){
+  const b=$('updateBanner');if(b)b.classList.remove('visible');
+  sessionStorage.setItem('hermes-update-dismissed','1');
+}
+async function applyUpdates(){
+  const btn=$('btnApplyUpdate');
+  if(btn){btn.disabled=true;btn.textContent='Updating\u2026';}
+  const targets=[];
+  if(window._updateData?.webui?.behind>0) targets.push('webui');
+  if(window._updateData?.agent?.behind>0) targets.push('agent');
+  try{
+    for(const target of targets){
+      const res=await api('/api/updates/apply',{method:'POST',body:JSON.stringify({target})});
+      if(!res.ok){
+        showToast('Update failed ('+target+'): '+(res.message||'unknown error'));
+        if(btn){btn.disabled=false;btn.textContent='Update Now';}
+        return;
+      }
+    }
+    showToast('Updated! Reloading\u2026');
+    sessionStorage.removeItem('hermes-update-checked');
+    sessionStorage.removeItem('hermes-update-dismissed');
+    setTimeout(()=>location.reload(),1500);
+  }catch(e){
+    showToast('Update failed: '+e.message);
+    if(btn){btn.disabled=false;btn.textContent='Update Now';}
+  }
+}
+
 async function checkInflightOnBoot(sid) {
  const raw = localStorage.getItem(INFLIGHT_KEY);
  if (!raw) return;