Update System

Overview

The AICO Update System enables secure, reliable updates for frontend (Flutter) and backend (Python) components. It supports both coupled and separated deployment configurations.

Status: Architecture design - implementation planned.

Core Principles

• Security: Cryptographically verified updates
• Reliability: Atomic updates with rollback capabilities
• User Control: Configurable update schedules
• Minimal Disruption: Background updates with graceful restarts
• Flexibility: Supports coupled/separated deployments

Architecture

The Update System is implemented as a dedicated module within AICO's Infrastructure Module:

Infrastructure Module
└── Update System
    ├── Component: Version Management
    └── Component: Atomic Updates

Version Management Component

The Version Management component is responsible for:

• Tracking current versions of all system components
• Checking for updates on a user-defined schedule
• Managing update policies (auto vs. manual, critical vs. optional)
• Handling update notifications to users
• Enforcing security policies for updates

Atomic Updates Component

The Atomic Updates component is responsible for:

• Executing the actual update process
• Ensuring data integrity during updates
• Managing graceful restarts of components
• Implementing rollback capabilities if updates fail
• Coordinating updates between frontend and backend

Communication Protocol

The Update System communicates via the ZeroMQ message bus using the following topics:

Topic	Description
update/check/request	Request to check for available updates
update/check/response	Response containing update availability information
update/available	Notification that updates are available
update/download/progress	Progress updates during download
update/download/complete	Notification that download is complete
update/install/request	Request to install downloaded updates
update/install/progress	Progress updates during installation
update/install/complete	Notification that installation is complete
update/restart/required	Notification that restart is required
update/restart/scheduled	Information about scheduled restart

Update Process Flow

Update Check Process

1. The Update System checks for updates on a user-defined schedule
2. For critical security updates, the system can force an update check regardless of schedule
3. The system contacts the update server using secure HTTPS connections
4. The server responds with available updates and their metadata (version, size, criticality)
5. Updates are verified using TUF's security mechanisms

Update Installation Process

Preparation Phase

• Download updates in the background with progress reporting
• Verify cryptographic signatures of downloaded packages
• Prepare update packages for installation

Coordination Phase

• Notify user about pending updates (UI notification)
• For non-critical updates: Allow user to schedule the update
• For critical updates: Notify that update will be applied at next opportunity

Installation Phase

• Backend creates a backup of critical data
• Signal all components to prepare for update
• Apply updates to inactive components first
• Use atomic file operations to ensure consistency

Restart Phase

• Graceful shutdown of components
• Start updated components
• Verify successful update
• If update fails, roll back to previous version

Handling Separated Frontend/Backend

The Update System supports configurations where frontend and backend may be on different devices:

Backend-only Updates

• Backend updates itself independently
• Notifies connected frontends about the update
• Coordinates graceful disconnection and reconnection

Frontend-only Updates

• Frontend updates itself independently
• Maintains compatibility with backend API versions

Coordinated Updates

• When both need updating, backend updates first
• Frontend updates only after backend update is confirmed successful

User Experience Considerations

To minimize user disruption, the Update System implements:

• Background downloads: Updates download in the background without affecting performance
• Scheduled updates: Users can schedule updates for convenient times
• Seamless restarts: State preservation so conversations can continue after updates
• Clear notifications: Non-intrusive update notifications
• Progress indicators: Update progress visibility when updates are being applied

Security Considerations

The Update System implements robust security measures:

• Cryptographic verification: All updates are signed and verified using TUF security mechanisms
• Secure transport: Updates are downloaded over HTTPS
• Integrity checking: Package integrity is verified before and after installation
• Rollback capability: System can revert to previous version if update fails
• Privilege separation: Update installation uses minimal required privileges

Technical Implementation

Backend (Python) Update System (Planned)

Will use TUFup framework providing:

• Strong security through The Update Framework (TUF)
• Delta updates for bandwidth efficiency
• Cryptographic verification
• Application bundle compatibility
• Multiple release channels (stable, beta, dev)

Note: TUFup integration is planned but not yet implemented.

Frontend (Flutter) Update System (Planned)

Hybrid approach:

• Mobile platforms:
• upgrader package for app store updates

• Custom logic for sideloaded apps

• Desktop platforms:

• Custom mechanism via backend service
• Platform-specific packaging (MSIX, DMG)

Note: Frontend update system is planned but not yet implemented.

Configuration Options

The Update System provides the following configuration options:

Option	Description	Default
update.check_interval	Interval between update checks (hours)	24
update.auto_download	Automatically download updates	true
update.auto_install	Automatically install non-critical updates	false
update.critical_install	Automatically install critical updates	true
update.notify_available	Notify when updates are available	true
update.preferred_time	Preferred time for updates (HH:MM)	03:00
update.channel	Update channel (stable, beta, dev)	stable