feat(updater): Implement update system with API endpoints and service integration

- Added an updater service to check for and apply updates, integrating with GitHub releases.
- Introduced new API endpoints for checking available updates and triggering updates.
- Created a systemd service for monitoring update requests and managing container restarts.
- Enhanced the installation script to set up the update watcher service.
- Updated the web interface to display update availability and trigger updates from the UI.

Author: danielkosgei

deploy/compose.yaml

@@ -28,6 +28,8 @@ services:
     ports:
       - "${API_PORT:-8080}:8080"
       - "${GRPC_PORT:-9090}:9090"
+    volumes:
+      - /var/lib/narvana:/var/lib/narvana  # Shared volume for update flags
     environment:
       DATABASE_URL: postgres://narvana:${POSTGRES_PASSWORD}@postgres:5432/narvana?sslmode=disable
       JWT_SECRET: ${JWT_SECRET}

deploy/narvana-updater.service

@@ -0,0 +1,25 @@
+[Unit]
+Description=Narvana Update Watcher
+Documentation=https://github.com/narvanalabs/control-plane
+After=network.target
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/opt/narvana
+ExecStart=/opt/narvana/update-watcher.sh
+Restart=always
+RestartSec=10
+
+# Environment
+Environment=UPDATE_FLAG_FILE=/var/lib/narvana/.update-requested
+Environment=COMPOSE_FILE=/opt/narvana/compose.yaml
+Environment=ENV_FILE=/opt/narvana/.env
+
+# Security
+NoNewPrivileges=false
+PrivateTmp=yes
+
+[Install]
+WantedBy=multi-user.target
+

go.mod

@@ -22,6 +22,7 @@ require (
 
 require (
 	filippo.io/hpke v0.4.0 // indirect
+	github.com/Masterminds/semver/v3 v3.4.0 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect

go.sum

@@ -45,6 +45,8 @@ filippo.io/hpke v0.4.0 h1:p575VVQ6ted4pL+it6M00V/f2qTZITO0zgmdKCkd5+A=
 filippo.io/hpke v0.4.0/go.mod h1:EmAN849/P3qdeK+PCMkDpDm83vRHM5cDipBJ8xbQLVY=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
+github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/Oudwins/tailwind-merge-go v0.2.1 h1:jxRaEqGtwwwF48UuFIQ8g8XT7YSualNuGzCvQ89nPFE=
 github.com/Oudwins/tailwind-merge-go v0.2.1/go.mod h1:kkZodgOPvZQ8f7SIrlWkG/w1g9JTbtnptnePIh3V72U=
 github.com/a-h/templ v0.3.960 h1:trshEpGa8clF5cdI39iY4ZrZG8Z/QixyzEyUnA7feTM=

internal/api/handlers/updates.go

@@ -0,0 +1,80 @@
+// Package handlers provides HTTP handlers for the update system.
+package handlers
+
+import (
+	"encoding/json"
+	"log/slog"
+	"net/http"
+
+	"github.com/narvanalabs/control-plane/internal/updater"
+)
+
+// UpdatesHandler handles update-related requests.
+type UpdatesHandler struct {
+	updater *updater.Service
+	logger  *slog.Logger
+}
+
+// NewUpdatesHandler creates a new updates handler.
+func NewUpdatesHandler(updaterService *updater.Service, logger *slog.Logger) *UpdatesHandler {
+	return &UpdatesHandler{
+		updater: updaterService,
+		logger:  logger,
+	}
+}
+
+// CheckForUpdates handles GET /v1/updates/check
+func (h *UpdatesHandler) CheckForUpdates(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	
+	info, err := h.updater.CheckForUpdates(ctx)
+	if err != nil {
+		h.logger.Error("failed to check for updates", "error", err)
+		WriteJSON(w, http.StatusInternalServerError, map[string]string{
+			"error": "Failed to check for updates",
+		})
+		return
+	}
+
+	WriteJSON(w, http.StatusOK, info)
+}
+
+// TriggerUpdate handles POST /v1/updates/apply
+func (h *UpdatesHandler) TriggerUpdate(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	var req struct {
+		Version string `json:"version"`
+	}
+
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		WriteJSON(w, http.StatusBadRequest, map[string]string{
+			"error": "Invalid request body",
+		})
+		return
+	}
+
+	if req.Version == "" {
+		WriteJSON(w, http.StatusBadRequest, map[string]string{
+			"error": "Version is required",
+		})
+		return
+	}
+
+	// Start the update process
+	if err := h.updater.ApplyUpdate(ctx, req.Version); err != nil {
+		h.logger.Error("failed to apply update", "error", err, "version", req.Version)
+		WriteJSON(w, http.StatusInternalServerError, map[string]string{
+			"error": err.Error(),
+		})
+		return
+	}
+
+	h.logger.Info("update initiated successfully", "version", req.Version)
+	WriteJSON(w, http.StatusOK, map[string]interface{}{
+		"status":  "success",
+		"message": "Update initiated. Services will restart shortly.",
+		"version": req.Version,
+	})
+}
+

internal/api/server.go

@@ -19,6 +19,7 @@ import (
 	"github.com/narvanalabs/control-plane/internal/queue"
 	"github.com/narvanalabs/control-plane/internal/secrets"
 	"github.com/narvanalabs/control-plane/internal/store"
+	"github.com/narvanalabs/control-plane/internal/updater"
 	"github.com/narvanalabs/control-plane/pkg/config"
 )
 
@@ -340,6 +341,12 @@ func (s *Server) setupRouter() {
 		r.Get("/server/stats", serverStatsHandler.Get)
 		r.Get("/server/stats/stream", serverStatsHandler.Stream)
 
+		// Update routes
+		updaterService := updater.NewService(Version, "narvanalabs/control-plane", s.logger)
+		updatesHandler := handlers.NewUpdatesHandler(updaterService, s.logger)
+		r.Get("/updates/check", updatesHandler.CheckForUpdates)
+		r.Post("/updates/apply", updatesHandler.TriggerUpdate)
+
 		// Admin cleanup routes
 		// Requirements: 19.1, 19.2, 19.3, 19.4, 25.4, 26.4
 		podmanClientForCleanup := podman.NewClient(s.config.Worker.PodmanSocket, s.logger)

internal/updater/updater.go

@@ -0,0 +1,214 @@
+// Package updater provides functionality to check for and apply updates.
+package updater
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"log/slog"
+	"net/http"
+	"os"
+	"os/exec"
+	"strings"
+	"time"
+
+	"github.com/Masterminds/semver/v3"
+)
+
+// Service handles version checking and updates.
+type Service struct {
+	currentVersion string
+	githubRepo     string
+	logger         *slog.Logger
+	httpClient     *http.Client
+}
+
+// NewService creates a new updater service.
+func NewService(currentVersion, githubRepo string, logger *slog.Logger) *Service {
+	return &Service{
+		currentVersion: currentVersion,
+		githubRepo:     githubRepo,
+		logger:         logger,
+		httpClient: &http.Client{
+			Timeout: 10 * time.Second,
+		},
+	}
+}
+
+// UpdateInfo contains information about available updates.
+type UpdateInfo struct {
+	CurrentVersion  string `json:"current_version"`
+	LatestVersion   string `json:"latest_version"`
+	UpdateAvailable bool   `json:"update_available"`
+	ReleaseURL      string `json:"release_url,omitempty"`
+	ReleaseNotes    string `json:"release_notes,omitempty"`
+	PublishedAt     string `json:"published_at,omitempty"`
+}
+
+// GitHubRelease represents a GitHub release from the API.
+type GitHubRelease struct {
+	TagName     string    `json:"tag_name"`
+	Name        string    `json:"name"`
+	Body        string    `json:"body"`
+	HTMLURL     string    `json:"html_url"`
+	PublishedAt time.Time `json:"published_at"`
+	Prerelease  bool      `json:"prerelease"`
+	Draft       bool      `json:"draft"`
+}
+
+// CheckForUpdates queries GitHub for the latest release and compares with current version.
+func (s *Service) CheckForUpdates(ctx context.Context) (*UpdateInfo, error) {
+	info := &UpdateInfo{
+		CurrentVersion: s.currentVersion,
+	}
+
+	// Skip check if version is "dev" or empty
+	if s.currentVersion == "" || s.currentVersion == "dev" {
+		s.logger.Debug("skipping update check for dev version")
+		return info, nil
+	}
+
+	// Fetch latest release from GitHub
+	url := fmt.Sprintf("https://api.github.com/repos/%s/releases/latest", s.githubRepo)
+	req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
+	if err != nil {
+		return info, fmt.Errorf("failed to create request: %w", err)
+	}
+
+	req.Header.Set("Accept", "application/vnd.github.v3+json")
+	req.Header.Set("User-Agent", "Narvana-Control-Plane")
+
+	resp, err := s.httpClient.Do(req)
+	if err != nil {
+		return info, fmt.Errorf("failed to fetch releases: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		body, _ := io.ReadAll(resp.Body)
+		return info, fmt.Errorf("GitHub API returned status %d: %s", resp.StatusCode, string(body))
+	}
+
+	var release GitHubRelease
+	if err := json.NewDecoder(resp.Body).Decode(&release); err != nil {
+		return info, fmt.Errorf("failed to decode release: %w", err)
+	}
+
+	// Skip drafts and prereleases for stable version checks
+	if release.Draft || release.Prerelease {
+		s.logger.Debug("latest release is draft or prerelease, skipping", "tag", release.TagName)
+		return info, nil
+	}
+
+	info.LatestVersion = release.TagName
+	info.ReleaseURL = release.HTMLURL
+	info.ReleaseNotes = release.Body
+	info.PublishedAt = release.PublishedAt.Format(time.RFC3339)
+
+	// Compare versions
+	updateAvailable, err := s.isNewerVersion(release.TagName)
+	if err != nil {
+		s.logger.Warn("failed to compare versions", "error", err)
+		return info, nil // Don't fail, just return what we have
+	}
+
+	info.UpdateAvailable = updateAvailable
+	return info, nil
+}
+
+// isNewerVersion compares the latest version with current version.
+func (s *Service) isNewerVersion(latestVersion string) (bool, error) {
+	// Normalize version strings (remove 'v' prefix if present)
+	current := strings.TrimPrefix(s.currentVersion, "v")
+	latest := strings.TrimPrefix(latestVersion, "v")
+
+	currentVer, err := semver.NewVersion(current)
+	if err != nil {
+		return false, fmt.Errorf("invalid current version %q: %w", current, err)
+	}
+
+	latestVer, err := semver.NewVersion(latest)
+	if err != nil {
+		return false, fmt.Errorf("invalid latest version %q: %w", latest, err)
+	}
+
+	return latestVer.GreaterThan(currentVer), nil
+}
+
+// ApplyUpdate performs the update by pulling new container images and restarting services.
+// This is designed to work in containerized deployments using Podman/Docker Compose.
+func (s *Service) ApplyUpdate(ctx context.Context, version string) error {
+	s.logger.Info("applying update", "version", version)
+
+	// Determine deployment method
+	deployMethod := s.detectDeploymentMethod()
+	s.logger.Info("detected deployment method", "method", deployMethod)
+
+	switch deployMethod {
+	case "compose":
+		return s.updateCompose(ctx, version)
+	case "systemd":
+		return s.updateSystemd(ctx, version)
+	default:
+		return fmt.Errorf("unsupported deployment method: %s", deployMethod)
+	}
+}
+
+// detectDeploymentMethod checks how Narvana is deployed.
+func (s *Service) detectDeploymentMethod() string {
+	// Check if running in a container (presence of /.dockerenv or /run/.containerenv)
+	if _, err := os.Stat("/.dockerenv"); err == nil {
+		return "compose"
+	}
+	if _, err := os.Stat("/run/.containerenv"); err == nil {
+		return "compose"
+	}
+
+	// Check for systemd service
+	if _, err := exec.LookPath("systemctl"); err == nil {
+		cmd := exec.Command("systemctl", "is-active", "narvana-api")
+		if err := cmd.Run(); err == nil {
+			return "systemd"
+		}
+	}
+
+	return "unknown"
+}
+
+// updateCompose updates a Docker/Podman Compose deployment.
+func (s *Service) updateCompose(ctx context.Context, version string) error {
+	// In a containerized environment, we need to trigger an external update script
+	// or communicate with the host system to restart the compose stack.
+	
+	// Set the desired version in the environment
+	composeFile := os.Getenv("COMPOSE_FILE")
+	if composeFile == "" {
+		composeFile = "/app/compose.yaml" // Default location in container
+	}
+
+	// Write a flag file that the host can monitor to trigger updates
+	updateFlagFile := "/var/lib/narvana/.update-requested"
+	content := fmt.Sprintf("version=%s\ntimestamp=%s\n", version, time.Now().Format(time.RFC3339))
+	
+	if err := os.WriteFile(updateFlagFile, []byte(content), 0644); err != nil {
+		return fmt.Errorf("failed to write update flag: %w", err)
+	}
+
+	s.logger.Info("update flag written, waiting for external updater", "file", updateFlagFile, "version", version)
+	
+	// Note: The actual container restart must be done externally (by systemd, cron, or a watcher)
+	// because the API can't restart its own container from inside.
+	return nil
+}
+
+// updateSystemd updates a systemd-based deployment.
+func (s *Service) updateSystemd(ctx context.Context, version string) error {
+	// For systemd deployments, we would:
+	// 1. Download new binaries
+	// 2. Restart services
+	// This is more complex and depends on the installation method
+	
+	return fmt.Errorf("systemd-based updates not yet implemented")
+}
+

scripts/install.sh

@@ -279,6 +279,19 @@ main() {
     run_migrations
     wait_for_healthy
 
+    # Install update watcher (optional, requires systemd)
+    if command -v systemctl &>/dev/null; then
+        info "Installing update watcher service..."
+        curl -fsSL "$GITHUB_RAW/scripts/update-watcher.sh" -o update-watcher.sh
+        chmod +x update-watcher.sh
+        curl -fsSL "$GITHUB_RAW/deploy/narvana-updater.service" -o /etc/systemd/system/narvana-updater.service
+        sed -i "s|/opt/narvana|$INSTALL_DIR|g" /etc/systemd/system/narvana-updater.service
+        systemctl daemon-reload
+        systemctl enable narvana-updater
+        systemctl start narvana-updater
+        success "Update watcher service installed"
+    fi
+
     print_success
 }